As part of upgrading to Exchange 2013 from Exchange 2007/2010, we need to make sure that Exchange 2013 is the point of communication for sending and receiving email from the Internet.


In addition to installing, configuring, and testing Exchange 2013 Server, migration also consists of configuring and testing mail flow between Exchange 2013 and Exchange 2007/2010. Let’s continue with the preparation and configuration of mail flow between the Exchange 2013 server and internet.

Prepare a smart host to send and receive email

The smart host is generally a Sendmail, IronPort, or third-party appliance in the DMZ that protects (by way of content filtering, spam filtering, etc.) the Exchange server and connects internal Exchange organizations with the Internet. These appliances need to be configured in place to send and receive email via Exchange 2013.

Configuring a Receive connector to accept email

During installation of every Client Access Server (CAS) role, a “Default frontend <server name>” Receive connector is created to accept emails on port 25. By default, the Receive connector is configured to accept anonymous connections. Emails received from the Internet with an anonymous connection through this Receive connector are considered to be risky.

It would be ideal to secure the connector by restricting email from a specific IP address or by some authentication, as shown in in the screenshot below. If you have multiple CAS servers to accept incoming email, a “Default frontend <server name>” Receive connector must be configured on each server

Adding a smart host IP address to a Receive connector to accept email

Adding a smart host IP address to a Receive connector to accept email

Configuring a Send connector to send Internet email

In the existing Exchange 2007/2010 organization, a Send connector is created in place to send email to Internet domains (*). This Send connector uses an Exchange 2007/2010 as a source server, and you will need to replace this with an Exchange 2013 Mailbox Server.

Adding Exchange 2013 servers to a Send connector

Adding Exchange 2013 servers to a Send connector

You can also add an Exchange 2013 CAS system to a Send connector, but you must configure this with the “Proxy through client access server” option as shown below. With this option enabled, we will not be able to send all the outbound email through the Exchange 2013 Mailbox Server; rather, outbound mail will be proxied through the CAS server. This setting is useful for large organizations.

Enabling a Send connector to proxy through a client access server

Enabling a Send connector to proxy through a client access server

Configuring a smart host to send and receive email

Once the Send/Receive connector is configured for an Exchange 2013 server, it is time to cut the email flow over from legacy Exchange 2007/2010 servers to the Exchange 2013 server. Final cutover is done on the smart host to send/receive emails via Exchange 2013 and stop delivering any new incoming email to Exchange 2007/2010 servers. Once the cutover is complete, the Exchange 2013 server will start accepting, processing, and delivering emails to mailboxes. Henceforth, all email will be sent through the Exchange 2013 servers.

Having a smart host is not mandatory and many smaller organizations may not have one. Although directly configuring Exchange to send/receive email from the Internet is not a recommended practice, it is still possible. In order to deliver email via the Internet, Exchange 2013 CAS servers should be configured with an Internet DNS server, and the Send connector should be configured to use MX records. Similarly, to accept email without a smart host, configure the Internet firewall to send email directly and to receive a connector running on the CAS server. A firewall with load balancing ability can balance the incoming email to multiple Internet-facing CAS servers.

1 Comment
  1. Avatar
    george 8 years ago

    Can i have the powershell script for configuring mail flow and client access in Exchange 2013 on Windows 2008 R2 platform

Leave a reply

Please enclose code in pre tags: <pre></pre>

Your email address will not be published. Required fields are marked *


© 4sysops 2006 - 2023


Please ask IT administration questions in the forums. Any other messages are welcome.


Log in with your credentials


Forgot your details?

Create Account