Application Mail Relay through Exchange

It is pretty inevitable that if you administer an Exchange system you will eventually get a question like “How can I relay mail from my application through your servers”? These emails could like come from systems like SCOM, SQL, Helpdesk Software, etc… This seems pretty simple let’s just create a new receive connector and allow these systems to relay through it. Then 2days, 2weeks, 2 months down the road we start getting tickets or calls stating “we are getting error messages when we try to relay through this server”. So before we rush into creating our receive connector I want to discuss some settings that we must keep in mind. In this article I am not going to discuss how to actually setup the connector and configure basic settings like Authentication, Permissions, etc… You can find information on how to configure these settings here or just about anywhere on the web.

Let’s dive in…If we run Get-ReceiveConnector | fl this will show us all the settings that can be configured for our receive connector. I want to discuss the following setting and how they can affect your implementation. Also if you look there is a difference in these settings on the Default Receive Connector and any new Receive Connector that you create.  
 

If you notice that we are limited to 5000 Inbound Connections on our AppRelay RC instead of unlimited like on our Default RC. Also the MaxInboundPerSource and MaxInboundPercentagePerSource are now 20 and 2% respectively. These limitations can be a problem especially if you have a high volume of messages coming though this connector. Unfortunately there isn’t a one size fit all for these setting as all environments are different. Problems that are caused by these limits will usually present themselves in the form of a SMTP 4.X error messages on the sender side. In order for you to actually see what limitation you are hitting you will  need to turn up Diagnostic Logging on the Hub Transport Server. If you open EMC and navigate to Server Configuration\Hub Transport and right click the server your receive connector is located on and select “Manage Diagnostic Logging properties”. Navigate to MSExchangeTransport\SmtpReceive and turn this up to Expert.

Once Diagnostic Logging is turned on we can check out theevent viewer for errors relating to these limits. In the Application log you should see events like EventID 1021, Source MSExchange Transport stating “Receive connector AppRelay rejected an incoming connection from IP address 192.168.2.55. The maximum number of connections per source (20) for this connector has been reached by this source IP address”. Now we know what type of limitation we are hitting and we can adjust appropriately. Below are some explanations of the settings mentioned above. Next time you create receive connectors for this purpose just remember to check out these setting so it doesn’t come back to be a problem later.

Settings Explained

MaxInboundConnection – maximum number of inbound connections the receive connector can handle at the same time. If you don’t want a limit set this to unlimited.

MaxInboundConnectionPerSource – maximum number of inbound connections from a single source IP.

MaxInboundConnectionPercentagePerSource – maximum amount (in percentage) of connections remaining that can get used by a single source IP.

MessageRateLimit – maximum number of messages sent by a single IP per minute.

TarpitInterval – amount of time to delay SMTP response to a remote server that Exchange determines may be abusing the connection.MaxAcknowledgementDelay – maximum period the transport server delays ack until it verifies that the messages was delivered successfully to all recipients.