Exchange 2013 Mail Flow Demystified…Hopefully!

  • Article

After installing Exchange 2013 for the first time I noticed some new changes in the architecture that made it confusing in regards to mail flow. One of the bigger changes in Exchange 2013 is the changes of Exchange server roles. In Exchange 2013 we now have just Mailbox and the CAS server role. There is no longer a standalone hub server role. The transport components that where traditionally on the hub role are now spread out on both the Exchange 2013 mailbox and CAS server roles. Let us first go ahead and talk about different transport services in Exchange 2013.         

  • FrontEnd Transport service - This service runs on all Client Access servers and acts as a stateless proxy for all inbound and outbound external SMTP traffic for the Exchange 2013 organization. The Front End Transport service doesn't inspect message content, only communicates with the Transport service on a Mailbox server, and doesn't queue any messages locally.
  • Transport service - This service runs on all Mailbox servers and is virtually identical to the Hub Transport server role in previous versions of Exchange. The Transport service handles all SMTP mail flow for the organization, performs message categorization, and performs message content inspection. Unlike previous versions of Exchange, the Transport service never communicates directly with mailbox databases. That task is now handled by the Mailbox Transport service. The Transport service routes messages between the Mailbox Transport service, the Transport service, and the Front End Transport service.
  • Mailbox Transport - This service runs on all Mailbox servers and consists of two separate services: the Mailbox Transport Submission service and Mailbox Transport Delivery service. The Mailbox Transport Delivery service receives SMTP messages from the Transport service on the local Mailbox server or on other Mailbox servers, and connects to the local mailbox database using an Exchange remote procedure call (RPC) to deliver the message. The Mailbox Transport Submission service connects to the local mailbox database using RPC to retrieve messages, and submits the messages over SMTP to the Transport service on the local Mailbox server, or on other Mailbox servers. The Mailbox Transport Submission service has access to the same routing topology information as the Transport service. Like the Front End Transport service, the Mailbox Transport service also doesn't queue any messages locally.

Next let’s talk about each of the ports mentioned above. Then finally we will discuss the flow of mail through this pipeline.

  • Port 25 – This port just like in previous versions of Exchange is used for SMTP. Used by both External SMTP into the Front End Transport Service (FET), SMTP with Exchange 2007\2010 hub servers, between MBX servers, and also from the FET to the Transport Service. There is a receive connector named Default Frontend <servername> that listens on this port.
  • Port 587 – This port just like previous versions of Exchange is used for Client Connections (POP\IMAP). The CAS Server has a receive connection listening on this port name Client Frontend <servername>.
  • Port 717 – used for outbound proxy connections from the Transport service to the FET Service. When you create a Send connection you have the option to send mail destined for the Internet directly from the Transport Service to the Internet\Smart Host or relay that mail through the Front End Transport Service. There is a receive connector named Outbound Proxy Frontend <servername> that listens on this port.
  • Port 465 – used to accept proxied connections that were received on port 587 by the FET service for client connections. There is a receive connector named Client Proxy <servername> that listens on this port.
  • Port 475 – the Mailbox Transport Delivery Service listens on this ports for connections either from the transport service SMTP Send connector or SMTP from the Transport Service on other Mailbox Servers that need to send mail to users on this server.
  • Port 2525 – if the CAS and MBX servers are collocated on the same server the SMTP Receive connection for the Transport service will listen on 2525 instead of 25. This is because two services (FET and Transport Service) can’t listen on the same port.

 

Here is a diagram that I put together to help me understand these 3 services and also what each of these ports are used for. Next we will discuss now mail flows through these services.

 

Now let’s talk about Exchange 2013 Mail Flow.

Sending Mail to both Internal\External recipients

Step 1: Mailbox Transport - This process starts with the user typing a message in Outlook\OWA and clicking the send button. In Exchange 2007\2010 it was the responsibility of the Store Driver in the Transport Service on the HT Server to send the message to the next hop. Now the Store Drive has been relocated to Mailbox Transport and split into two services (Submission and Delivery Services). The Mailbox Transport Submission service will pick up the message from the users Outbox, Run the Hub Selector process (in order to select the best Transport service which could be local or another server), and forward the message to the Default Receive connector in the Transport service (SMTP 25 or 2525).

Step 2: Transport Service - After the message has been accepted by the Transport service it will get put into the submissions queue. The submission queue will process the message and hand it off to the Categorizer which will do recipient resolution (expansion and bifurcation) and routing resolution. Next it will be place into the correct delivery queues. If the message is going to an external recipient it will use the correct send connector and either send directly to internet or proxy through the FET Service (Set-SendConnector <name> -FrontEndProxyEnabled $true). If the message targets an internal user the message will be send from the Transport Service to the Mailbox Transport Delivery service on the destination mailbox server. Once the Mailbox Transport Delivery service receives this message it will use local RPC to place the message in the users Inbox.

Receiving mail happens in the reverse order of Sending mail. Note that bifurcation always happens at the Transport Service level on the Mailbox Server. After bifurcation the message is sent via SMTP directly to the Mailbox Transport Delivery service over port 475 on the Mailbox Server where the mailbox of the recipient is currently mounted.

I hope this has been helpful in understanding how mail flow now happens in Exchange 2013. If you have any questions please feel free to contact me to discuss further.