Confused About Exchange Server 2013 Mail Flow?

As people learn about the new features of Exchange Server 2013 one of the first surprises is often the reduction in server roles to just two; the Client Access server and the Mailbox server.

The questions that follow are usually along the lines of:

  • How does the mail flow work without a Hub Transport server?
  • Where did the Edge Transport server go?

Exchange Server 2013 Transport Services

The Hub Transport server role from Exchange 2007 and 2010 has been replaced with a series of services running on the remaining server roles.

The Client Access server role hosts the Front End Transport service, which provides filtering of email traffic (eg antispam agents), and routing of email between the internal Exchange servers and the outside world

The Mailbox server role hosts two additional services:

  • Transport service – performs email routing within the organization, and between the Front End transport service and the Mailbox Transport service
  • Mailbox Transport service – passes email messages between the Transport service and the mailbox database

There are some additional scenarios for the Mailbox server’s Transport services when Database Availability Groups are deployed, but for the moment we’ll just consider non-DAG scenarios.

Microsoft has published this diagram that gives a good visual representation of how these components all fit together. But if you find it a little confusing simply read on for a few practical examples.

exchange-2013-transport-architecture

Internal Mail Flow Example

Let’s take a look at an internal mail flow example for Exchange Server 2013. In this case the sender and recipient are both on the same mailbox database on the same server, MB2.exchange2013demo.com.

The message headers look like this (I’ve truncated the data that is not relevant to this topic):

Received: from MB2.exchange2013demo.com (192.168.0.188) by
 MB2.exchange2013demo.com (192.168.0.188) with Microsoft SMTP Server (TLS) id
 15.0.466.13; Tue, 31 Jul 2012 21:52:45 +1000

Received: from MB2.exchange2013demo.com (192.168.0.188) by
 MB2.exchange2013demo.com (192.168.0.188) with Microsoft SMTP Server (TLS) id
 15.0.466.13; Tue, 31 Jul 2012 21:52:43 +1000

Received: from MB2.exchange2013demo.com ([fe80::9ca9:e0d9:ec3a:996b]) by
 MB2.exchange2013demo.com ([fe80::9ca9:e0d9:ec3a:996b%12]) with mapi id
 15.00.0466.010; Tue, 31 Jul 2012 21:52:42 +1000

Running the header through the MX Toolbox header analyzer gives us this visual representation.

Exchange Server 2013 Internal Mail Flow Example

What we see are three hops all on the same Mailbox server MB2.exchange2013demo.com, as the message travels through each of the services involved.

Exchange 2013 Internal Mail Flow Hops

Now compare that to an email sent between two Exchange Server 2010 recipients on the same mailbox database.

Received: from HO-EX2010-MB2.exchangeserverpro.net (10.1.1.22) by
 HO-EX2010-MB1.exchangeserverpro.net (10.1.1.21) with Microsoft SMTP Server
 (TLS) id 14.2.309.2; Tue, 31 Jul 2012 22:22:07 +1000

Received: from HO-EX2010-MB1.exchangeserverpro.net
 ([fe80::d957:3403:56cf:a8cb]) by HO-EX2010-MB2.exchangeserverpro.net
 ([fe80::f148:390:568f:38dc%16]) with mapi id 14.02.0309.002; Tue, 31 Jul 2012
 22:22:03 +1000

Exchange Server 2010 Internal Mail Flow Example

This time we only see two hops in the message headers.

Exchange Server 2010 Internal Mail Flow Hops

The best way I can think to describe this difference is that instead of message submission occurring directly via RPC/MAPI between the mailbox database and a Hub Transport server in Exchange 2010, it now traverses the intermediary Mailbox Transport service adding at the very least one additional SMTP hop in the message headers.

You will also note that the example for Exchange Server 2013 demonstrated that the Client Access server’s Front End Transport service was not involved for internal mail flow.

External Mail Flow Example

Now let’s take a look at an external mail flow example, specifically an email from the internet to a mailbox on an Exchange Server 2013 server.

Exchange Server 2013 External Mail Flow Example

The first three hops relate belong to Google, and the two that are obscured are another SMTP service involved in this particular mail flow path but not relevant to the Exchange behaviour.

The first Exchange server is an Exchange 2010 Edge Transport, which is configured to route the email to the Exchange 2013 Client Access server CA1.exchange2013demo.com, which then routes it on to the Mailbox server MB1.exchange2013demo.com.

Exchange Server 2013 External Mail Flow Hops

As you can see the Client Access server role in Exchange 2013 performs mail routing for external emails, but not internal emails. And once again we can see in the final hop MB1 -> MB1 as the message is passed between the Hub Transport service and the Mailbox Transport service on that server.

Default Receive Connector for Incoming Internet Email

Unlike Exchange 2007 and 2010 Hub Transport servers which were not configured by default to accept incoming email from the internet, when an Exchange 2013 Client Access server is installed it is pre-configured with a Receive Connector named “Default Frontend <servername>” that allows “Anonymous Users” to connect.

Exchange Server 2013 Frontend Receive Connector

So where Exchange 2007/2010 were secured by default and required the administrator to either deploy Edge Transport servers, or reconfigure the Hub Transport to perform the internet-facing role, Exchange Server 2013 Client Access servers are configured by default for the internet-facing role.

Exchange Server 2013 Message Queues

One of the interesting things about the three transport services in Exchange Server 2013 is that only one of them will actually queue messages locally.

  • Front End Transport service – no local queuing
  • Transport service – local queuing
  • Mailbox Transport service – no local queuing

To test this out I simply stopped the Hub Transport service on my Exchange 2013 server, and then used Telnet to send a test email message via the Front End Transport service.

After completing my commands in the Telnet session I received this error:

451 4.7.0 Temporary server error. Please try again later. PRX3

If another email server was sending the email message it would likely queue on that server until it was able to retry and successfully submit the message. However I would anticipate that some mail-enabled devices and applications will not handle this situation very well and it may lead to message failure.

I suspect the solution to this is to continue pointing to the Mailbox server’s Hub Transport service for device/application SMTP requirements, not the Client Access server as you might assume from its default Receive Connector configuration.

Exchange Server 2013 Edge Transport Server?

So if the Exchange 2013 Client Access server is pre-configured for the internet-facing transport role, where does that leave the Edge Transport role?

For starters, there is no Edge Transport role in the Exchange 2013 Preview, and Microsoft has stated that Edge Transport will not ship with Exchange 2013 RTM.

Whether it will ship with a later service pack or not at all is still an unknown, but there has been speculation that the Edge Transport server role will not exist in future.

In the meantime you can use Exchange Server 2013 with Exchange 2007/2010 Edge Transport servers.

Interestingly the guidance from Microsoft if not using EdgeSync is to establish SMTP connectivity between the Edge Transport server and the Exchange 2013 Mailbox server, which means that I’m currently doing it “wrong” in my own lab by routing the email from Edge Transport to Exchange 2013 Client Access.

Summary

As you can see the mail flow for Exchange Server 2013 is not that different to that in previous versions of Exchange once you shift your mindset from the server roles in previous versions to the specific services involved in Exchange Server 2013 mail flow.

About Paul Cunningham

Paul is a Microsoft Exchange Server MVP and publisher of Exchange Server Pro. He also holds several Microsoft certifications including for Exchange Server 2007, 2010 and 2013. Connect with Paul on Twitter and Google+.

Comments

  1. Thanks Paul for bringing up these ones & its been really informative :)

  2. How did you manage to get Exchange 2010 SP3 as its a pre-requisite to coexist with Exchange 2013…I didn’t test with edge but I guess so…?

    I believe its not out from MS…?

  3. HI Paul,

    any update from your side related to the transport queues issue ? Got the same on two different system I installed. http://exchange.microsoftgroups.org/?p=809

    Thanks

    Thierry

  4. (bypassed the error message with http://technet.microsoft.com/en-us/library/bb232021.aspx) but the messages are not delivered using TELNET

  5. Hello Paul,

    About error : 451 4.7.0 Temporary server error. Please try again later. PRX3
    Can you try my idea : http://social.technet.microsoft.com/Forums/en-US/exchangeserverpreview/thread/48331a35-fd58-4bb7-957d-08814905149b ?

    It’s work for me.

  6. Hi Exchange Experts, I want to establish our exchange server but I have a question about exchange, and the question is….
    (How can I find details about companies targeted earlier or not)

    If we have 250 outlook users, and they are mailing to companies a.com, b.com and so on. you@mydomain.com target to both companies but I@mydomain.com don’t know that you@domain.com already target to both or not.

    I want to know that how can I set or get details that someone targeted those companies or not ?

  7. thanks Paul for solving my confusion regarding the other roles

  8. Hi Paul.!
    Help me.
    My computer setup new system Exchange 2013 yet.
    There are two system setup windows server 2012.. / 1 setup DC, AD, CAS / 1 setup Exchange 2013
    EX Joined domain with AD and setup successful.! and I not add config.
    . Then I created 2 user on ex user domain Local.
    But I test by send 1 mail user1 to user2.
    I see mail user1 can’t send to user2 and else. It Move to Tab “Drafts”. I am very Crazy with them
    .
    Can you .Help me !
    Thank so much.!

  9. hey,
    it means CAS server is receiving mail from internet so we have to open port 25 on our firewall/router towards CAS server because it receive mail from anonymous users right ?
    and mailbox server is just sending and receiving mail inside the orginization ?
    just say yes or no or small explanation if require.
    Regards

  10. Vishal Kayangude says:

    Hey Paul,

    I am currently having CAS and MBX servers on two different servers. I configure my Mailfilerting (ThirdParty) for incoming and outgoing. My outgoing is working fine, but while incoming getting below error :

    Delivery of the test email message failed.

    Additional Details
    The server returned status code 550 – Mailbox unavailable. The server response was: no mailbox by that name is currently available
    Exception details:
    Message: Mailbox unavailable. The server response was: no mailbox by that name is currently available
    Type: System.Net.Mail.SmtpFailedRecipientException
    Stack trace:
    at System.Net.Mail.SmtpTransport.SendMail(MailAddress sender, MailAddressCollection recipients, String deliveryNotify, Boolean allowUnicode, SmtpFailedRecipientException& exception)
    at System.Net.Mail.SmtpClient.Send(MailMessage message)
    at Microsoft.Exchange.Tools.ExRca.Tests.SmtpMessageTest.PerformTestReally()

  11. Vishal Kayangude says:

    This Is an Exchange 2013 configuration

  12. Any Idea on the below event.

    In Exchange 2010 HT internet facing server

    Receive connector *** requires Transport Layer Security (TLS) before the MailFrom command can be run, but the server can’t achieve it. Check this connector’s authentication setting.

  13. Excellent article Paul. Very clear and concise, makes it easy to undertand.

  14. Jack Cristi says:

    Hi Sir Paul,

    Remember me?
    my domain is now registered. i already configure A host, Mail exchanger and CNAME… i already received emails from yahoo, gmail and other domain but when i’m trying to send a reply or even a new message it goes to drafts and it is stuck there… and my role DNS server says x (error). where should be the problem? please help me out…

    thank you sir paul.

  15. For email filtering appliances to work with Exchange 2013, do you need to configure them to accept mail from the Exchange Mailbox server or the CAS servers? I have a single Send Connector that is sending mail to a smart host. In my mind I’d think the CAS since they are proxying all incoming/outgoing mail traffic but not sure if it would bypass CAS and go straight to smart host or not. Can you clarify?

    • Unless you tick the box to proxy through the front end, then the Mailbox server is the role that sends the outbound mail via the Send Connector. If the servers are multi-role then it doesn’t matter either way.

  16. Fellow Exchange 2013 admins. Let me make all of you confussed :)
    I’ve got a problem that I cannot find anything about.
    In the logfile (Hub/Protocollog/smtprecieve) I can see email come in that is send to a bunch of users in our organisation. That email WON’T be delivered to any mailbox if one or more e-mailadresses are wrong.
    You’ll get a Delivery Status Notification that delivery to the following recipients failed and then you’ll see the list of all the recipients! Even the correct ones. How is this possible? If all addresses are correct then it will be delivered to all without problems. We use Exchange 2013 SP1 and we do not use 3th party anti spamm solutions. If some ones to see a piece a log, just ask.
    Many thanks.

    • Oke weird… it’s my old Exchangeserver again with his recipient filter. Clearly that does not work well together.
      I find it weird that the Exchange 2003 server still does this much when it actually does not do anything. Would this kind of problems be gone when I uninstall Exchange 2003?

Leave a Comment

*

We are an Authorized DigiCert™ SSL Partner.