Receive connectors in hybrid deployment

I'm about to deploy Exchange 2013 in an existing 2007 environment.  I've already done most of the migration (right patch level, installed both 2013 CAS and MB server).

I haven't done the change over yet though (internal and external DNS, SCP's etc)

We have a primary preexisting receive connector which uses the IP address list to control who relays through the hub transport.  Since our environment it NAT.. split DNS.  We have a spam/virus FW that the MX records point to, then it sends mail to the 2007 hub transport, and it's ip is in the primary receive connector.

So I'm looking through the configuration just to make sure I've thought everything through and I notice for the new CAS server, which when I pull the trigger will become the primary receiver, routing communication to the legacy infrastructure when the time comes, and I notice new receive connectors.

Client Frontend

Default Frontend

Outbound Proxy Frontend

So i have two questions.

1. I'm watching a training video and I notice in this guys lab he also has two more connectors, client Proxy (HubTransport) and Default (HubTransport).  I assume I don't have those yet because my 2007 server is my hub transport, and i haven't moved the hub transport role over to the new cas server yet.  That will come in a later migration phase.  Am I corrent?

2. In the existing Default Frontend receive connector, in the scope section, it's ip range is wide open which I imagine happens by default during installation.  Should I restrict that to match my 2007 receive connector?  

When I do the migration, I don't want to leave a gaping security hole allowing external users to relay off my new server, but i'm not exactly sure how this new receive connector works since the hub transport role isn't changed.  When I do this first phase of my migration, I will be changing my spam/virus FW to route mail to the new CAS along with other changes like DNS for Outlookanywhere etc..

Any help is greatly appreciated!

April 11th, 2014 2:51pm

NVM on the 2013 hub transport thing.  I just read that the mailbox server houses what was the old hub transport role, and I switched the display to my MB server and I see those.

I'm still worried about my default front end receive connector having an open ip range.


Free Windows Admin Tool Kit Click here and download it now
April 11th, 2014 3:51pm

Hi,

Do you have any Edge Role deployed?

Yes, please configure the same settings as the ones on your Exchange 2007 receive connector.

Thanks,

Please remember to mark the replies as answers if they help and unmark them if they provide no help. If you have feedback for TechNet Subscriber Support, contact tnmff@microsoft.com

April 14th, 2014 4:43am

This topic is archived. No further replies will be accepted.

Other recent topics Other recent topics