The scenario when there is no Edge server (Internet-facing Hub Transport server) requires one of the following actions: 1. Modify the default Receive connector to allow anonymous connections http://technet.microsoft.com/en-us/library/bb738138.aspx 2. Configure Receive connector (to receive messages from all remote IP addresses through port 25) http://technet.microsoft.com/en-us/library/bb125159.aspx Modifying the Default Receive connector to allow anonymous access (item 1, above) seems to be the recommended approach. The downsides of this approach are: 1. The usage of the default Receive connector is internal - this connector only accepts mail from other Exchange servers that are part of the same Exchange organization. By default, this connector doesn't accept anonymous submissions. Mixing internal traffic with external one doesn’t seem a good idea. 2. You cannot modify the FQDN (it is using by default the internal Exchange server name) of the Default Exchange Receive connector. 3. The external DNS records (forward and reverse) are using the Exchange Server public name – ex. “mail.yourexternaldomain.com”. External mail servers are establishing a session to “mail.yourexternaldomain.com”, and are getting a response from “exchange.internalADdomain.com”?!? 4. Finally, it is not a good idea to expose your AD and Exchange internal name to the Internet. This leads us to the second approach – Configuring a default Internet Receive connector. This seems like a better option, from a design and security point of view. However, there are a couple of considerations, which I would like to put for a discussion here: 1. You have to modify first, the Default Receive connector, and change its remote IP address ranges. Otherwise you will get an error, when creating the Default Internet Receive connector = “A receive connector must have a unique combination of a local IP address, port bindings, and remote IP address ranges”. The easy way to do this is to change the scope to the local subnet(s), and set the default connector to all IPs. The more difficult approach is the way this is done in SBS 2008, which is a weird approach according to me. I would be happy to hear your opinion here. 2. Should we keep the local IP address of the connector to: · All Available IPv4 (which again seems the recommended approach): http://technet.microsoft.com/en-us/library/bb125159.aspx · or specify a single IP

I believe that you are overthinking this. If you want to create a new connector (and I wouldn't call it "Default" anything since it's not a default) you can simply give it a different IP address. -- Ed Crowley MVP"There are seldom good technological solutions to behavioral problems.". "3demo" wrote in message news:75c9f5f8-46d3-4bed-bdf2-79c0c6bcf0d1... The scenario when there is no Edge server (Internet-facing Hub Transport server) requires one of the following actions: 1. Modify the default Receive connector to allow anonymous connections http://technet.microsoft.com/en-us/library/bb738138.aspx 2. Configure Receive connector (to receive messages from all remote IP addresses through port 25) http://technet.microsoft.com/en-us/library/bb125159.aspx Modifying the Default Receive connector to allow anonymous access (item 1, above) seems to be the recommended approach. The downsides of this approach are: 1. The usage of the default Receive connector is internal - this connector only accepts mail from other Exchange servers that are part of the same Exchange organization. By default, this connector doesn't accept anonymous submissions. Mixing internal traffic with external one doesnt seem a good idea. 2. You cannot modify the FQDN (it is using by default the internal Exchange server name) of the Default Exchange Receive connector. 3. The external DNS records (forward and reverse) are using the Exchange Server public name ex. mail.yourexternaldomain.com. External mail servers are establishing a session to mail.yourexternaldomain.com, and are getting a response from exchange.internalADdomain.com?!? 4. Finally, it is not a good idea to expose your AD and Exchange internal name to the Internet. This leads us to the second approach Configuring a default Internet Receive connector. This seems like a better option, from a design and security point of view. However, there are a couple of considerations, which I would like to put for a discussion here: 1. You have to modify first, the Default Receive connector, and change its remote IP address ranges. Otherwise you will get an error, when creating the Default Internet Receive connector = A receive connector must have a unique combination of a local IP address, port bindings, and remote IP address ranges. The easy way to do this is to change the scope to the local subnet(s), and set the default connector to all IPs. The more difficult approach is the way this is done in SBS 2008, which is a weird approach according to me. I would be happy to hear your opinion here. 2. Should we keep the local IP address of the connector to: All Available IPv4 (which again seems the recommended approach): http://technet.microsoft.com/en-us/library/bb125159.aspx or specify a single IP Ed Crowley MVP "There are seldom good technological solutions to behavioral problems."

Hi My opinion is to keep the local IP address of the connector to all available. Thanks Amit Haridas