Introduction to Edge Transport Servers
Exchange Server 2016 provides two types of roles, namely the Mailbox server and Edge Transport servers. Mailbox servers contain mailbox databases that process, render, and store data, the transport services that are used to route mail, the client access services that accept client connections for all protocols, and the Unified Messaging (UM) services that provide voice mail and other telephony features to mailboxes.
Edge Transport servers handle all external mail flow for the Exchange organization including antispam and mail flow rules as mail enters and leaves your organization. Edge Transport servers handle all inbound and outbound Internet mail flow by providing mail relay and smart host services for your Exchange organization. Agents running on the Edge Transport server provide additional layers of message protection and security. These agents provide protection against viruses and spam and apply transport rules to control mail flow. All of these features work together to help minimize the exposure of your internal Exchange to threats on the Internet.
The deployment of Edge Transport servers is not required. But when used, Edge Transport servers are installed in the perimeter network and subscribed to the internal Exchange organization. Because the Edge Transport server is installed in the perimeter network, it should never be a member of your organization’s internal Active Directory forest and would therefore not have access to Active Directory information. However, the Edge Transport server requires data about Exchange that resides in Active Directory. This data is synchronized to the Edge Transport server by the Microsoft Exchange EdgeSync service (EdgeSync). EdgeSync is a collection of processes run on an Exchange 2016 Mailbox server to establish one-way replication of recipient and configuration information from Active Directory to the Active Directory Lightweight Directory Services (AD LDS) instance on the Edge Transport server. EdgeSync copies only the information that is required for the Edge Transport server to perform anti-spam configuration tasks and to enable end-to-end mail flow. EdgeSync performs scheduled updates so the information in AD LDS remains current. EdgeSync and Edge Subscriptions are discussed in more detail later in this lesson.
The primary features of the Edge Transport servers are:
connectors to partners
using Domain Validation
using Domain Secure, which shows green tick in Outlook when a message has been
received via such a secured connector
with Office 365
Acknowledge for incoming messages to support Shadow Redundancy
The Edge Transport server role lets you manage the following message-processing scenarios:
Internet Mail Flow
Edge Transport servers accept messages coming into the Exchange organization from the Internet. After the messages are processed by the Edge Transport server, the mail is routed to an internal Exchange 2016 Mailbox server; first to the Front End Transport service, and then to the Transport service.
All messages sent to the Internet from inside the organization are routed to Edge Transport servers after the messages are processed by the Transport service on the Exchange 2016 Mailbox server. You can configure the Edge Transport server to use DNS to resolve MX resource records for external SMTP domains, or you can configure the Edge Transport server to forward messages to a smart host for DNS resolution.
Anti-spam and Antivirus Protection
In Exchange 2016, anti-spam and antivirus features provide services to block viruses and unsolicited commercial email (spam) at the network perimeter. Most viruses use spam-like tactics to gain access to your organization and to entice users to open an email message. If you can filter out most of your spam, you’ll also be more likely to quarantine viruses before they enter your organization.
Spammers use a variety of techniques to send spam into your organization. Edge Transport servers help prevent users from ever receiving spam by providing a collection of agents that work together to provide different layers of spam filtering and protection. Establishing tar pitting intervals on connectors makes email harvesting attempts ineffective.
Edge Transport Rules
Edge Transport rules are used to control the flow of messages sent to or received from the Internet. Edge Transport rules are configured on each Edge Transport server to help protect corporate network resources and data by applying an action to messages meeting specified conditions. Edge Transport rule conditions are based on data, such as specific words or text patterns in the message subject, body, header, or from address; the spam confidence level (SCL); or the attachment type. Actions determine how the message is processed when a specified condition is true. Possible actions include quarantining a message, dropping or rejecting a message, appending additional recipients, or logging an event. Optional exceptions exempt particular messages from having an action applied.
Address rewriting presents a consistent email address appearance to external recipients. You configure address rewriting on Edge Transport servers to modify the SMTP addresses on inbound and outbound messages. Address rewriting is especially useful for newly merged organizations that want to present a consistent email address appearance.