Exchange 2013 Mail Flow Demystified…Hopefully!


After installing Exchange 2013 for the first time I noticed some new changes in the architecture that made it confusing in regards to mail flow. One of the bigger changes in Exchange 2013 is the changes of Exchange server roles. In Exchange 2013 we now have just Mailbox and the CAS server role. There is no longer a standalone hub server role. The transport components that where traditionally on the hub role are now spread out on both the Exchange 2013 mailbox and CAS server roles. Let us first go ahead and talk about different transport services in Exchange 2013.         

  • FrontEnd Transport service - This service runs on all Client Access servers and acts as a stateless proxy for all inbound and outbound external SMTP traffic for the Exchange 2013 organization. The Front End Transport service doesn't inspect message content, only communicates with the Transport service on a Mailbox server, and doesn't queue any messages locally.
  • Transport service - This service runs on all Mailbox servers and is virtually identical to the Hub Transport server role in previous versions of Exchange. The Transport service handles all SMTP mail flow for the organization, performs message categorization, and performs message content inspection. Unlike previous versions of Exchange, the Transport service never communicates directly with mailbox databases. That task is now handled by the Mailbox Transport service. The Transport service routes messages between the Mailbox Transport service, the Transport service, and the Front End Transport service.
  • Mailbox Transport - This service runs on all Mailbox servers and consists of two separate services: the Mailbox Transport Submission service and Mailbox Transport Delivery service. The Mailbox Transport Delivery service receives SMTP messages from the Transport service on the local Mailbox server or on other Mailbox servers, and connects to the local mailbox database using an Exchange remote procedure call (RPC) to deliver the message. The Mailbox Transport Submission service connects to the local mailbox database using RPC to retrieve messages, and submits the messages over SMTP to the Transport service on the local Mailbox server, or on other Mailbox servers. The Mailbox Transport Submission service has access to the same routing topology information as the Transport service. Like the Front End Transport service, the Mailbox Transport service also doesn't queue any messages locally.

Next let’s talk about each of the ports mentioned above. Then finally we will discuss the flow of mail through this pipeline.

  • Port 25 – This port just like in previous versions of Exchange is used for SMTP. Used by both External SMTP into the Front End Transport Service (FET), SMTP with Exchange 2007\2010 hub servers, between MBX servers, and also from the FET to the Transport Service. There is a receive connector named Default Frontend <servername> that listens on this port.
  • Port 587 – This port just like previous versions of Exchange is used for Client Connections (POP\IMAP). The CAS Server has a receive connection listening on this port name Client Frontend <servername>.
  • Port 717 – used for outbound proxy connections from the Transport service to the FET Service. When you create a Send connection you have the option to send mail destined for the Internet directly from the Transport Service to the Internet\Smart Host or relay that mail through the Front End Transport Service. There is a receive connector named Outbound Proxy Frontend <servername> that listens on this port.
  • Port 465 – used to accept proxied connections that were received on port 587 by the FET service for client connections. There is a receive connector named Client Proxy <servername> that listens on this port.
  • Port 475 – the Mailbox Transport Delivery Service listens on this ports for connections either from the transport service SMTP Send connector or SMTP from the Transport Service on other Mailbox Servers that need to send mail to users on this server.
  • Port 2525 – if the CAS and MBX servers are collocated on the same server the SMTP Receive connection for the Transport service will listen on 2525 instead of 25. This is because two services (FET and Transport Service) can’t listen on the same port.

 

Here is a diagram that I put together to help me understand these 3 services and also what each of these ports are used for. Next we will discuss now mail flows through these services.

 

Now let’s talk about Exchange 2013 Mail Flow.

Sending Mail to both Internal\External recipients

Step 1: Mailbox Transport - This process starts with the user typing a message in Outlook\OWA and clicking the send button. In Exchange 2007\2010 it was the responsibility of the Store Driver in the Transport Service on the HT Server to send the message to the next hop. Now the Store Drive has been relocated to Mailbox Transport and split into two services (Submission and Delivery Services). The Mailbox Transport Submission service will pick up the message from the users Outbox, Run the Hub Selector process (in order to select the best Transport service which could be local or another server), and forward the message to the Default Receive connector in the Transport service (SMTP 25 or 2525).

Step 2: Transport Service - After the message has been accepted by the Transport service it will get put into the submissions queue. The submission queue will process the message and hand it off to the Categorizer which will do recipient resolution (expansion and bifurcation) and routing resolution. Next it will be place into the correct delivery queues. If the message is going to an external recipient it will use the correct send connector and either send directly to internet or proxy through the FET Service (Set-SendConnector <name> -FrontEndProxyEnabled $true). If the message targets an internal user the message will be send from the Transport Service to the Mailbox Transport Delivery service on the destination mailbox server. Once the Mailbox Transport Delivery service receives this message it will use local RPC to place the message in the users Inbox.

Receiving mail happens in the reverse order of Sending mail. Note that bifurcation always happens at the Transport Service level on the Mailbox Server. After bifurcation the message is sent via SMTP directly to the Mailbox Transport Delivery service over port 475 on the Mailbox Server where the mailbox of the recipient is currently mounted.

I hope this has been helpful in understanding how mail flow now happens in Exchange 2013. If you have any questions please feel free to contact me to discuss further.

Comments (48)
  1. Anonymous says:

    No clues ?

  2. Great post! Thanks Richard!

  3. @mray – when the hub selector runs it will determine the optimal transport server (actually it will select primary and secondary) and send it to the transport service on the primary server. This could be local or a remote server.There are a couple of reasons it will send it to a remote server but here is probably the most important. If for some reason the local transport service is having problems it can send it to another server so that mail flow doesn't halt on the local server.

  4. Vishal C. Kalal says:

    Hi Richard,

    I have a question on exchange 2013 mail flow, we have 2 cas in NLB & 2 MBX in DAG. Most of mails are going out from one mailbox server and hardly few mails will go out from other mailbox server. Due to this the mail queue is increasing on first mail server
    which causes mail flow delay. Any suggestion.

    Thanks.

  5. MSA786 says:

    I have a question – I have created a receive connector to receive emails from applications on my server and pass on the email to Exchange to be relayed to Internet (External emails, Internal Works perfect) and after reading all the post possible for “Error 550 5.7.1 Unable to relay” I am looking for any one who can assist.

  6. @Yogesh – thanks 🙂

  7. Suriya25 says:

    I have a question in article you mentioned that:

    "When you create a Send connection you have the option to send mail destined for the Internet directly from the Transport Service to the InternetSmart Host or relay that mail through the Front End Transport Service. There is a receive connector named Outbound
    Proxy Frontend that listens on this port."

    T route the email to internet directly from Transport services is a similiar what we did in Exchang2007/2010. But how about relay that mail through the Front End Transport Service, does in Send Connector we do specified the CAS IP address as smarthost instead
    InternetSmart Host relay

    Thank you

  8. @Chicko

    Your mail will not be lost if you point incoming SMTP to CAS and I will explain why. Although the FET service on CAS doesn't queue mail it does smart proxy the connection to the transport service on the best mailbox server (optimal). The sending SMTP Server will not get a 250OK response until after the message gets processed by a MBX server and that message also gets shadowed to another server (shadow redundancy). If you pointed your external SMTP directly to the Transport service (receive connector) on MBX server you would not get this smart proxy that FET provides. Therefore you wouldn't have optimal message routing at all times. If you need any further explanation let me know.

    I don't get what you mean by "also if you have issues with mailbox(ruleslimits or who knows what other errors/delivery problems".

  9. @Zoltan – all external mail should be routed through the FET service whether its on a standalone CAS server or collocated on the MBX Server. External traffic should never be routed directly to the MBX server.

  10. Anonymous says:

    Wasn’t 587 the port traditionally used for client mail submission ? IMAP/IMAPS is by default using 143/993, while POP3/secure uses 110/995. Articles at
    https://technet.microsoft.com/en-us/library/bb124489(v=exchg.150).aspx and
    https://technet.microsoft.com/en-us/library/bb124934(v=exchg.150).aspx.

  11. @Albert – 587 is used by clients outgoing mail…110/995 and 143/993 are incoming.

  12. Anonymous says:

    Richard, the article currently states "Port 587 – This port just like previous versions of Exchange is used for Client Connections (POPIMAP)". But there’s no POP or IMAP connection being done over 587, at least by default.

  13. zoltan says:

    Thanks Richard, nicely explained.

    One question: From your description I understand that if I have two servers, 1xCAS and 1xMB, technically I'll end up having two transport services capable of handling incoming SMTP traffic, one on each server. Therefore I should be able to NAT/route incoming external SMTP traffic straight into the MB server, bypassing the frontend transport proxy on CAS. Am I correct?

    Thanks.

  14. zoltan says:

    Thanks Richard.

  15. chicko says:

    not so sure about that

    the front end on cas cant queue email so….

    also if you have issues with mailbox(ruleslimits or who knows what other errors/delivery problems)

    your mail could be lost if u point incoming into CAS

  16. Hi

    I am in the middle of Exchange 2013 Migration from 2010. i setup Exchange 2013 server and i moved one mailbox from 2010 to 2013. unfortunately i mails are going only one direction ( From 2013 to 2010). more over i dont see any article that telling to create any send or receive connector between these two Exchange servers.

    i got Delivery delay mail

    "

    This message hasn't been delivered yet. Delivery will continue to be attempted.

    The server will keep trying to deliver this message for the next 1 days, 19 hours and 57 minutes. You'll be notified if the message can't be delivered by that time."

    could you please tell me how i can fix this issue.?

    should i add my Exchange 2010 server inside 2013 any receive connector?

  17. Mray2 says:

    In what cases will the mailbox transport submission service talk directly to the mailbox transport delivery service on another server rather than to the local transport service?

  18. HT says:

    Hello,

    Thanks for sharing!

    I've got a question about port! In multirole server what's happeing if I change the Defaut port from 2525 to another?

    Does the FE knows that the port is changed or I need to change something more in my configuration?

    Regards

  19. Glenn says:

    My prior comment should have been directed to "Unni", more coffee.

  20. Yogesh S says:

    Hope this article gets published as technet article

  21. MJL says:

    Great article!  Is it safe to say that the mailbox server role will always connect to TCP port 717 when sending messages to client access servers (the outbound proxy frontend service)?  

    The reason I ask is in the past I've created receive connectors that are configured to allow private relaying.  If the subnet that the Exchange servers are on is specified in the 'relay' receive connector, the Exchange servers would start using that connector instead of the Default connector.  This would work for a while, but would eventually stop working causing messages between Exchange hub transport servers to build-up in the queue.  

    Seems to me that if the transport services on the mailbox servers use a different port to send mail to the CAS servers the scenario above wouldn't be an issue.  

    As an aside, to get around the issue in 2010, I modified the default receive connector to only accept email from other Exchange servers by entering in their IP addresses.  I then created another receive connector that was identical to the Default one, but included all subnets and allowed anonymous connections.  

    Thanks!  

  22. jumrat says:

    The FET  is concept like Quest Software Mail Connector in Coexisting Manager for Lotus Notes?.

    Front End Transport service   This service runs on all Client Access servers and acts as a stateless proxy for all inbound and outbound external SMTP traffic for the Exchange 2013 organization.

  23. Maxime77 says:

    Hi Richard and thanks for your article. I still have one question :

    What's happening when we're using only 1 Exchange 2013 server and that CAS & MBX are on the same server ? Does it still use Frontend / Proxy receive connectors ? Can we desactivate it ?

    Thanks.

  24. @maxime – Yes if the roles are collocated then the only thing that changes is the Transport Server port changes from 25 to 2525. You can not deactivate this.

  25. Maxime77 says:

    In a default Exchange 2013 environment with default receive connectors, it means that everybody in internal network can use Exchange SMTP gateway to send e-mail in the internal network perimeter ? Can i desactivate default connectors and create my own receive connector in order to deny that fact ?

    Thanks in advance 😉

  26. Rob Derbyshire says:

    Hello Richard, thanks for the detailed article. One question. We have E2013 installed, and all Internet mail flows into our Org Via 2013 CAS and onto 2013 Mailbox Server. At this point the 2013 Transport Service send the message to our recipients on E2007
    to our E2007 HT Servers. What Port is used here? is it 587 or 25? We are having some strange issues with our E2007 HT Receive connectors and wanted to clarify. Thank you.

  27. Laxjoey says:

    Hello Richard, I just upgraded my CAS server to 2013 connecting to a 2010 MB. I starting to have issues on not being able to send internet mails. I got a message saying that “your message wasn’t delivered due to a permission or a security issue……….”

  28. Anonymous says:

      Hey,   Just taking Richard Schwendiman’s awesome Mail Flow schema and put the corresponding

  29. Dan R. says:

    Richard, Excellent post. I have a quick question. We use a cuda for outbound and inbound as a smarthost. For inbound, will I deliver mail from the cuda to a FET in this scenario or do I go straight to a MBX Server? I think the answer is still go to FET
    so it can do its smart routing but just wanted to double check. Thanks and keep up the great work, we need such knowledgebase articles…this should be in TechNet.

  30. Nithyanandham says:

    Hi Richard ,

    Excellent article . I am looking forward for your upcoming articles .

    During inbound and outbound mail flow in exchange 2013 , will Microsoft exchange transport service in one mailbox server does connect directly to Microsoft exchange transport service in another mailbox server or not ?

    Thanks
    S.Nithyanandham

  31. Soklim says:

    I got issued with send/receive internal message after configured DAG already. Please help me about this.

  32. Mohammed says:

    Hi
    I am facing a issue in exchange 2013, whenever sending an external mail, getting a delivery delay message

    "This message hasn’t been delivered yet. Delivery will continue to be attempted.

    The server will keep trying to deliver this message for the next 1 days, 19 hours and 57 minutes. You’ll be notified if the message can’t be delivered by that time."

    could you please tell me how i can fix this issue.?

  33. Sameer says:

    Hi Richard, excellent article. I just installed exchange 2013 in my exchange 2007 environment. I can receive email into my mailbox on exchange 2013 from outside my organization but I am not able to receive email to my mailbox on my exchange 2007. I have
    separate mailbox and CAS for exchange 2013. I am getting two errors in my events

    Routing failed to select any Mailbox servers to proxy a mail item to in routing tables with timestamp 11/12/2014 11:16:01 PM. Transport process role: FrontEnd. Recipient databases: Exch07Storage Group BStorage Group B.

    SMTP could not find any destinations to proxy to. SMTP session details: [SmtpInSession: SessionId=635513807591116234 ConnectionId=591]

    Thanks for your help
    Sameer

  34. shashidhar says:

    clients not able to send mails… mails are stored in Draft folder

  35. Greg Lambert says:

    Hey Richard, excellent thanks. Quick question would the way mail flows mean I might see multiple hops in an email header to the Exchange 2013 SERVER or is there something wrong with config.
    Below is part of a header from email I received.

    1 second CAS.me.com 17x.x1.1xx.51 New2013Exchange.otherme.com x7x.xx.xx4.80 Microsoft SMTP Server (TLS) x/8/x0x5 x0:4x:34 PM

    0 seconds New2013Exchange.otherme.com x7x.xx.xx4.80 New2013Exchange.otherme.com x7x.xx.xx4.80 Microsoft SMTP Server (TLS) x/8/x0x5 x0:4x:34 PM

    1 Second New2013Exchange.otherme.com x7x.xx.xx4.80 New2013Exchange.otherme.com x7x.xx.xx4.80 Microsoft SMTP Server (TLS) x/8/x0x5 x0:4x:35

    Cheers Greg

  36. Basavaraj says:

    Dear Richard,
    If we have multiple database and mailbox, in background process hub transport how identify the recipient inbox is in which database. How it will take decision to send mail from hub transport to mailbox.

  37. Rich says:

    I have 2007 and 2013 servers co-existing at the moment, we’re in the process of migrating all the mailboxes, but in the meantime, we have some mail routing issues in that outbound mail sent from 2013 is randomly choosing whether it goes out via 2013 or
    via 2007. If you send 10 messages to the same recipient one after the other, 5 will go out via 2013 and 5 will go via 2007

    I assume this is down to the "Hub Selector Process" is there any way to stop this happening and force mail out of just the 2013 server?

  38. Alain NGATCHOU says:

    This is a great post. But i think it will be more complete with a post on how to troubleshoot each step.

  39. Pocket Rocket says:

    @Rich: "If you send 10 messages to the same recipient one after the other, 5 will go out via 2013 and 5 will go via 2007" Set on the 2013 "set-receiveconnector -MessageRateLimit 100

  40. Ashley Waugh says:

    We’re running into some issues with mail flow between Exchange 2013 DAGs. All the servers are in the same site, on the same subnet and we’re seeing the following error: There is currently no route to the mailbox database. This is causing us to be unable
    to expand our Exchange 2013 environment as messages are failing to deliver between recipients on the two DAGs. Any thoughts?

  41. Nopporn says:

    Great post. I have some question. If we have 2xCAS which CAS is specific in DNS for MX record? Both with round robin or just selected one.

  42. Francis says:

    Hi, great article. So in a 2010>2013 Migration, if you had a receive connector on the 2010 HC server that does SMTP relay for multiple IPs, I want to add a new connector to the 2013 side and add the adapter binding IPs and remote network IPs to the new
    server to ensure mail delivery continues.

    Does it matter if the new SMTP relay connector goes on the CA or the MB servers? The concept of having multiple mailbox servers (x3) confuses the subject a little.

    Thanks

  43. Rustam says:

    Why we need "Delivery groups" to send incoming mail in "Mailbox Transport service" if "Front End Transport service" choose and send incoming mail to best "Mailbox Transport service" of one of the mailbox servers itself ?

  44. Anonymous says:

    This is link throw down for items that we discussed in a Exchange 2013 workshop which I delivered in

  45. Roopapawar says:

    Amazing article Richard Schwendiman:):) Thnak you for the explanation:)

  46. Shubham Sharma says:

    Nice 🙂

Comments are closed.

Skip to main content