Exchange 2013 Receive Connector Settings

Hello, I have migrated my old Exchange 2010 server to a new Exchange 2013 without any issues and gracefully removed the Exchange 2010 server off of the network.  Everything is working correctly and I have installed my 3rd party UCC certificate for mail.mydomain.com.  My internal mail server address is exchange.mydomain.local and obviously my external address is mail.mydomain.com. I then went through and changed all of my Exchange 2013 internal and external URLs settings along with Outlook Anywhere and Autodiscover to reflect my SSL cert name mail.mydomain.com.  When I look at the scoping options for all of the receive and send connectors do I want to configure all of the FQDN for mail.mydomain.com?  Currently I have the default receive connectors that get installed with Exchange 2013 and I have created the send connector. The next question is that I have a 3rd party spam filter and I'm noticing that it is logging Whitelisted authenticated session, type:organization.. When I emailed the spam filter support they tell me that:

This indicates issues with Exchange trusts. The log indicates that the email was whitelisted, because it was authenticated with organization type authentication. This typically indicates that the internet-facing Exchange connector is misconfigured and treats all emails as coming from trusted servers.

You should have one Receive connector through which external emails are received, it should not be trusted http://technet.microsoft.com/en-us/library/jj657447(v=exchg.150).aspx  Use a separate connector for internal emails (that could be trusted) http://technet.microsoft.com/en-us/library/jj657448(v=exchg.150).aspx

When I look through all of the settings they look correct but I must be missing something because my Exchange 2010 server never logged these messages.  What setting should I change to fix this?

My Questions:
1. When I look at the scoping options for all of the receive and send connectors do I want to configure all of the FQDN for mail.mydomain.com if not which ones should be changed?
2. What settings should I change on the receive connectors to make sure that I fix the trust issues that they saying I'm having?

Thanks Ryan.



  • Edited by Ryan Laurie Tuesday, February 24, 2015 5:56 AM
February 24th, 2015 6:27am

Hi Ryan,

According to your description, I notice that 3rd party spam filter logged a strange record after migrate Exchange 2010 to Exchange 2013.
If I misunderstand your concern, please do not hesitate to let me know.

I want to double confirm whether it works fine for internal and external mail flow. Do you deploy cross-forest migration and create any trust when implementing migration?
Please open Active Directory Domains and Trusts to double confirm.
We dont need to change all FQDN for mail.mydomain.com, the Fqdn parameter specifies the FQDN used as the destination server for connected messaging servers that use the Receive connector to send incoming messages. After an SMTP session is established, an SMTP protocol conversation starts between a sending e-mail server and a receiving e-mail server. The sending e-mail server or client sends the EHLO or HELO SMTP command and its FQDN to the receiving server. In response, the receiving server sends a success code and provides its own FQDN.

If everything works fine, I recommend to check the setting of this 3rd party spam filter.
 
Best Regards,
Allen Wang

Free Windows Admin Tool Kit Click here and download it now
February 24th, 2015 10:15pm

This topic is archived. No further replies will be accepted.

Other recent topics Other recent topics