Exchange Edge Default Settings

Inhaltsverzeichnis

Edge: Get-TransportConfig
Edge: Get-TransportService
Edge: Receive Connector
Edge: SendConnector zum Internet
Edge: SendConnector nach Intern
Edge: Get-TransportAgent
Edge: Get-RecipientFilterConfig
Edge: Get-ContentFilterConfig
Get-SenderFilterConfig
Get-AttachmentFilterEntry
Weitere Links

Ich installiere in der Regel keinen Edge Server, da aus meiner Sicht die AntiSpam und AntiVirus-Funktion nicht zeitgemäß sind. Es gibt hier viele leistungsfähigere Produkte, von denen NoSpamProxy eine Lösung darstellen kann. Microsoft positioniert den Edge Server anscheinend auch nicht mehr als Lösung sondern fördert eher den Einsatz von Exchange Online Protection (Cloud/Office 365) in Verbindung mit Exchange Online oder auch Exchange OnPrem. Wer hier dann den Exchange Server nicht "aus dem Internet" erreichbar machen will, kann den Exchange Edge-Server als Relay einbauen. Ich habe hier einmal die "Default Einstellungen eines Exchange 2016 Edge Server als Referenz dokumentiert. Ich nutze Sie gerne zum Nachschlagen, wenn Einstellungen bei Kunden unterschiedlich und die Defaults nicht bekannt sind.

Achtung: Auf den Edge-Servern sind die verschiedenen Transport-Agenten zur Filterung von Mails (SenderID, SPF, Content, Attachment etc.) per Deffault aktiv.

Edge: Get-TransportConfig

Folgende Einstellungen sind auf dem Edge Server Transporteinstellungen als Standard konfiguriert.

[PS] C:\>Get-TransportConfig

AddressBookPolicyRoutingEnabled                             : False
AnonymousSenderToRecipientRatePerHour                       : 1800
ClearCategories                                             : True
ConvertDisclaimerWrapperToEml                               : False
DSNConversionMode                                           : PreserveDSNBody
JournalArchivingEnabled                                     : False
ExternalDelayDsnEnabled                                     : True
ExternalDsnDefaultLanguage                                  :
ExternalDsnLanguageDetectionEnabled                         : True
ExternalDsnMaxMessageAttachSize                             : 10 MB (10,485,760 bytes)
ExternalDsnReportingAuthority                               :
ExternalDsnSendHtml                                         : True
ExternalPostmasterAddress                                   :
GenerateCopyOfDSNFor                                        : {}
HygieneSuite                                                : Standard
InternalDelayDsnEnabled                                     : True
InternalDsnDefaultLanguage                                  :
InternalDsnLanguageDetectionEnabled                         : True
InternalDsnMaxMessageAttachSize                             : 10 MB (10,485,760 bytes)
InternalDsnReportingAuthority                               :
InternalDsnSendHtml                                         : True
InternalSMTPServers                                         : {}
JournalingReportNdrTo                                       : <>
LegacyJournalingMigrationEnabled                            : False
LegacyArchiveJournalingEnabled                              : False
LegacyArchiveLiveJournalingEnabled                          : False
RedirectUnprovisionedUserMessagesForLegacyArchiveJournaling : False
RedirectDLMessagesForLegacyArchiveJournaling                : False
MaxDumpsterSizePerDatabase                                  : 18 MB (18,874,368 bytes)
MaxDumpsterTime                                             : 7.00:00:00
MaxReceiveSize                                              : Unlimited
MaxRecipientEnvelopeLimit                                   : Unlimited
MaxRetriesForLocalSiteShadow                                : 2
MaxRetriesForRemoteSiteShadow                               : 4
MaxSendSize                                                 : 10 MB (10,485,760 bytes)
MigrationEnabled                                            : False
OpenDomainRoutingEnabled                                    : False
RejectMessageOnShadowFailure                                : False
Rfc2231EncodingEnabled                                      : False
SafetyNetHoldTime                                           : 00:10:00
ShadowHeartbeatFrequency                                    : 00:02:00
ShadowMessageAutoDiscardInterval                            : 2.00:00:00
ShadowMessagePreferenceSetting                              : PreferRemote
ShadowRedundancyEnabled                                     : True
ShadowResubmitTimeSpan                                      : 03:00:00
SupervisionTags                                             :
TLSReceiveDomainSecureList                                  : {}
TLSSendDomainSecureList                                     : {}
VerifySecureSubmitEnabled                                   : False
VoicemailJournalingEnabled                                  : True
HeaderPromotionModeSetting                                  : NoCreate
Xexch50Enabled                                              : True

Edge: Get-TransportService

Der Transport Service selbst hat folgende Einstellungen:

[PS] C:\>Get-TransportService

Name                                               : edge01
AntispamAgentsEnabled                              : True
ConnectivityLogEnabled                             : True
ConnectivityLogMaxAge                              : 30.00:00:00
ConnectivityLogMaxDirectorySize                    : 1000 MB (1,048,576,000 bytes)
ConnectivityLogMaxFileSize                         : 10 MB (10,485,760 bytes)
ConnectivityLogPath                                : C:\Program Files\Microsoft\Exchange Server\V15\TransportRoles\Logs\Edge\Connectivity
DelayNotificationTimeout                           : 04:00:00
ExternalDNSAdapterEnabled                          : True
ExternalDNSAdapterGuid                             : 00000000-0000-0000-0000-000000000000
ExternalDNSProtocolOption                          : Any
ExternalDNSServers                                 : {}
ExternalIPAddress                                  :
InternalDNSAdapterEnabled                          : True
InternalDNSAdapterGuid                             : 00000000-0000-0000-0000-000000000000
InternalDNSProtocolOption                          : Any
InternalDNSServers                                 : {}
MaxConcurrentMailboxDeliveries                     : 20
MaxConcurrentMailboxSubmissions                    : 20
MaxConnectionRatePerMinute                         : 1200
MaxOutboundConnections                             : 1000
MaxPerDomainOutboundConnections                    : 20
MessageExpirationTimeout                           : 2.00:00:00
MessageRetryInterval                               : 00:15:00
MessageTrackingLogEnabled                          : True
MessageTrackingLogMaxAge                           : 30.00:00:00
MessageTrackingLogMaxDirectorySize                 : 1000 MB (1,048,576,000 bytes)
MessageTrackingLogMaxFileSize                      : 10 MB (10,485,760 bytes)
MessageTrackingLogPath                             : C:\Program Files\Microsoft\Exchange Server\V15\TransportRoles\Logs\MessageTracking
IrmLogEnabled                                      : True
IrmLogMaxAge                                       : 30.00:00:00
IrmLogMaxDirectorySize                             : 250 MB (262,144,000 bytes)
IrmLogMaxFileSize                                  : 10 MB (10,485,760 bytes)
IrmLogPath                                         : C:\Program Files\Microsoft\Exchange Server\V15\Logging\IRMLogs
ActiveUserStatisticsLogMaxAge                      : 30.00:00:00
ActiveUserStatisticsLogMaxDirectorySize            : 250 MB (262,144,000 bytes)
ActiveUserStatisticsLogMaxFileSize                 : 10 MB (10,485,760 bytes)
ActiveUserStatisticsLogPath                        : C:\Program Files\Microsoft\Exchange
                                                     Server\V15\TransportRoles\Logs\Edge\ActiveUsersStats
ServerStatisticsLogMaxAge                          : 30.00:00:00
ServerStatisticsLogMaxDirectorySize                : 250 MB (262,144,000 bytes)
ServerStatisticsLogMaxFileSize                     : 10 MB (10,485,760 bytes)
ServerStatisticsLogPath                            : C:\Program Files\Microsoft\Exchange
                                                     Server\V15\TransportRoles\Logs\Edge\ServerStats
MessageTrackingLogSubjectLoggingEnabled            : True
OutboundConnectionFailureRetryInterval             : 00:30:00
IntraOrgConnectorProtocolLoggingLevel              : None
PickupDirectoryMaxHeaderSize                       : 64 KB (65,536 bytes)
PickupDirectoryMaxMessagesPerMinute                : 100
PickupDirectoryMaxRecipientsPerMessage             : 100
PickupDirectoryPath                                : C:\Program Files\Microsoft\Exchange
                                                     Server\V15\TransportRoles\Pickup
PipelineTracingEnabled                             : False
ContentConversionTracingEnabled                    : False
PipelineTracingPath                                : C:\Program Files\Microsoft\Exchange
                                                     Server\V15\TransportRoles\Logs\Edge\PipelineTracing
PipelineTracingSenderAddress                       :
PoisonMessageDetectionEnabled                      : True
PoisonThreshold                                    : 2
QueueMaxIdleTime                                   : 00:03:00
ReceiveProtocolLogMaxAge                           : 30.00:00:00
ReceiveProtocolLogMaxDirectorySize                 : 250 MB (262,144,000 bytes)
ReceiveProtocolLogMaxFileSize                      : 10 MB (10,485,760 bytes)
ReceiveProtocolLogPath                             : C:\Program Files\Microsoft\Exchange
                                                     Server\V15\TransportRoles\Logs\Edge\ProtocolLog\SmtpReceive
RecipientValidationCacheEnabled                    : True
ReplayDirectoryPath                                : C:\Program Files\Microsoft\Exchange
                                                     Server\V15\TransportRoles\Replay
RootDropDirectoryPath                              :
RoutingTableLogMaxAge                              : 7.00:00:00
RoutingTableLogMaxDirectorySize                    : 50 MB (52,428,800 bytes)
RoutingTableLogPath                                : C:\Program Files\Microsoft\Exchange
                                                     Server\V15\TransportRoles\Logs\Edge\Routing
SendProtocolLogMaxAge                              : 30.00:00:00
SendProtocolLogMaxDirectorySize                    : 250 MB (262,144,000 bytes)
SendProtocolLogMaxFileSize                         : 10 MB (10,485,760 bytes)
SendProtocolLogPath                                : C:\Program Files\Microsoft\Exchange
                                                     Server\V15\TransportRoles\Logs\Edge\ProtocolLog\SmtpSend
TransientFailureRetryCount                         : 6
TransientFailureRetryInterval                      : 00:10:00
AntispamUpdatesEnabled                             : False
InternalTransportCertificateThumbprint             : xxxxxxxx
TransportSyncEnabled                               : False
TransportSyncPopEnabled                            : False
WindowsLiveHotmailTransportSyncEnabled             : False
TransportSyncExchangeEnabled                       : False
TransportSyncImapEnabled                           : False
MaxNumberOfTransportSyncAttempts                   : 3
MaxActiveTransportSyncJobsPerProcessor             : 16
HttpTransportSyncProxyServer                       :
HttpProtocolLogEnabled                             : False
HttpProtocolLogFilePath                            :
HttpProtocolLogMaxAge                              : 7.00:00:00
HttpProtocolLogMaxDirectorySize                    : 250 MB (262,144,000 bytes)
HttpProtocolLogMaxFileSize                         : 10 MB (10,485,760 bytes)
HttpProtocolLogLoggingLevel                        : None
TransportSyncLogEnabled                            : False
TransportSyncLogFilePath                           :
TransportSyncLogLoggingLevel                       : None
TransportSyncLogMaxAge                             : 30.00:00:00
TransportSyncLogMaxDirectorySize                   : 10 GB (10,737,418,240 bytes)
TransportSyncLogMaxFileSize                        : 10 MB (10,485,760 bytes)
TransportSyncHubHealthLogEnabled                   : False
TransportSyncHubHealthLogFilePath                  :
TransportSyncHubHealthLogMaxAge                    : 30.00:00:00
TransportSyncHubHealthLogMaxDirectorySize          : 10 GB (10,737,418,240 bytes)
TransportSyncHubHealthLogMaxFileSize               : 10 MB (10,485,760 bytes)
TransportSyncAccountsPoisonDetectionEnabled        : False
TransportSyncAccountsPoisonAccountThreshold        : 2
TransportSyncAccountsPoisonItemThreshold           : 2
TransportSyncAccountsSuccessivePoisonItemThreshold : 3
TransportSyncRemoteConnectionTimeout               : 00:01:40
TransportSyncMaxDownloadSizePerItem                : 36 MB (37,748,736 bytes)
TransportSyncMaxDownloadSizePerConnection          : 50 MB (52,428,800 bytes)
TransportSyncMaxDownloadItemsPerConnection         : 1000
UseDowngradedExchangeServerAuth                    : False
IntraOrgConnectorSmtpMaxMessagesPerConnection      : 20
TransportSyncLinkedInEnabled                       : False
TransportSyncFacebookEnabled                       : False
QueueLogMaxAge                                     : 7.00:00:00
LatencyLogMaxAge                                   : 7.00:00:00
GeneralLogMaxAge                                   : 7.00:00:00
QueueLogMaxDirectorySize                           : 200 MB (209,715,200 bytes)
LatencyLogMaxDirectorySize                         : 200 MB (209,715,200 bytes)
GeneralLogMaxDirectorySize                         : 200 MB (209,715,200 bytes)
QueueLogMaxFileSize                                : 10 MB (10,485,760 bytes)
LatencyLogMaxFileSize                              : 10 MB (10,485,760 bytes)
GeneralLogMaxFileSize                              : 10 MB (10,485,760 bytes)
QueueLogPath                                       :
LatencyLogPath                                     :
GeneralLogPath                                     :
WlmLogMaxAge                                       : 7.00:00:00
WlmLogMaxDirectorySize                             : 250 MB (262,144,000 bytes)
WlmLogMaxFileSize                                  : 10 MB (10,485,760 bytes)
WlmLogPath                                         : C:\Program Files\Microsoft\Exchange
                                                     Server\V15\TransportRoles\Logs\Edge\WLM
AgentLogMaxAge                                     : 7.00:00:00
AgentLogMaxDirectorySize                           : 250 MB (262,144,000 bytes)
AgentLogMaxFileSize                                : 10 MB (10,485,760 bytes)
AgentLogPath                                       : C:\Program Files\Microsoft\Exchange
                                                     Server\V15\TransportRoles\Logs\Edge\AgentLog
AgentLogEnabled                                    : True
FlowControlLogMaxAge                               : 7.00:00:00
FlowControlLogMaxDirectorySize                     : 200 MB (209,715,200 bytes)
FlowControlLogMaxFileSize                          : 10 MB (10,485,760 bytes)
FlowControlLogPath                                 :
FlowControlLogEnabled                              : True
ProcessingSchedulerLogMaxAge                       : 7.00:00:00
ProcessingSchedulerLogMaxDirectorySize             : 200 MB (209,715,200 bytes)
ProcessingSchedulerLogMaxFileSize                  : 10 MB (10,485,760 bytes)
ProcessingSchedulerLogPath                         :
ProcessingSchedulerLogEnabled                      : True
ResourceLogMaxAge                                  : 7.00:00:00
ResourceLogMaxDirectorySize                        : 200 MB (209,715,200 bytes)
ResourceLogMaxFileSize                             : 10 MB (10,485,760 bytes)
ResourceLogPath                                    :
ResourceLogEnabled                                 : True
DnsLogMaxAge                                       : 7.00:00:00
DnsLogMaxDirectorySize                             : 100 MB (104,857,600 bytes)
DnsLogMaxFileSize                                  : 10 MB (10,485,760 bytes)
DnsLogPath                                         :
DnsLogEnabled                                      : False
JournalLogMaxAge                                   : 7.00:00:00
JournalLogMaxDirectorySize                         : 200 MB (209,715,200 bytes)
JournalLogMaxFileSize                              : 10 MB (10,485,760 bytes)
JournalLogPath                                     :
JournalLogEnabled                                  : True
TransportMaintenanceLogMaxAge                      : 7.00:00:00
TransportMaintenanceLogMaxDirectorySize            : 200 MB (209,715,200 bytes)
TransportMaintenanceLogMaxFileSize                 : 10 MB (10,485,760 bytes)
TransportMaintenanceLogPath                        :
TransportMaintenanceLogEnabled                     : True
TransportHttpLogMaxAge                             : 7.00:00:00
TransportHttpLogMaxDirectorySize                   : 250 MB (262,144,000 bytes)
TransportHttpLogMaxFileSize                        : 10 MB (10,485,760 bytes)
TransportHttpLogPath                               : C:\Program Files\Microsoft\Exchange
                                                     Server\V15\TransportRoles\Logs\Edge\TransportHttp
TransportHttpLogEnabled                            : True
RequestBrokerLogMaxAge                             : 7.00:00:00
RequestBrokerLogMaxDirectorySize                   : 200 MB (209,715,200 bytes)
RequestBrokerLogMaxFileSize                        : 10 MB (10,485,760 bytes)
RequestBrokerLogPath                               :
RequestBrokerLogEnabled                            : True
StorageRESTLogMaxAge                               : 7.00:00:00
StorageRESTLogMaxDirectorySize                     : 200 MB (209,715,200 bytes)
StorageRESTLogMaxFileSize                          : 10 MB (10,485,760 bytes)
StorageRESTLogPath                                 :
StorageRESTLogEnabled                              : True
AgentGrayExceptionLogEnabled                       : True
AgentGrayExceptionLogMaxAge                        : 7.00:00:00
AgentGrayExceptionLogMaxDirectorySize              : 200 MB (209,715,200 bytes)
AgentGrayExceptionLogMaxFileSize                   : 10 MB (10,485,760 bytes)
AgentGrayExceptionLogPath                          :
Identity                                           : comgtexedge01
IsValid                                            : True
ExchangeVersion                                    : 0.1 (8.0.535.0)
DistinguishedName                                  : CN=comgtexedge01,CN=Servers,CN=Exchange Administrative Group
                                                     (FYDIBOHF23SPDLT),CN=Administrative Groups,CN=First
                                                     Organization,CN=Microsoft Exchange,CN=Services,CN=Configuration,CN={GUID}
Guid                                               : 09156182-cd2e-4556-924f-3c97cea15967
ObjectCategory                                     : CN=ms-Exch-Exchange-Server,CN=Schema,CN=Configuration,CN={GUID}
ObjectClass                                        : {top, server, msExchExchangeServer}
OrganizationId                                     :
Id                                                 : comgtexedge01
OriginatingServer                                  : localhost
ObjectState                                        : Unchanged

Edge: Receive Connector

Für den Empfang aus dem Internet sind folgende Einstellungen hinterlegt:

[PS] C:\Windows\system32>Get-ReceiveConnector | fl


AuthMechanism                             : Tls, ExchangeServer
Banner                                    :
BinaryMimeEnabled                         : True
Bindings                                  : {0.0.0.0:25}
ChunkingEnabled                           : True
DefaultDomain                             :
DeliveryStatusNotificationEnabled         : True
EightBitMimeEnabled                       : True
SmtpUtf8Enabled                           : True
BareLinefeedRejectionEnabled              : False
DomainSecureEnabled                       : True
EnhancedStatusCodesEnabled                : True
LongAddressesEnabled                      : False
OrarEnabled                               : False
SuppressXAnonymousTls                     : False
ProxyEnabled                              : False
AdvertiseClientSettings                   : False
Fqdn                                      : edge01.msxfaq.net
ServiceDiscoveryFqdn                      :
TlsCertificateName                        :
Comment                                   :
Enabled                                   : True
ConnectionTimeout                         : 00:05:00
ConnectionInactivityTimeout               : 00:01:00
MessageRateLimit                          : 600
MessageRateSource                         : IPAddress
MaxInboundConnection                      : 5000
MaxInboundConnectionPerSource             : 20
MaxInboundConnectionPercentagePerSource   : 2
MaxHeaderSize                             : 256 KB (262,144 bytes)
MaxHopCount                               : 60
MaxLocalHopCount                          : 5
MaxLogonFailures                          : 3
MaxMessageSize                            : 36 MB (37,748,736 bytes)
MaxProtocolErrors                         : 5
MaxRecipientsPerMessage                   : 200
PermissionGroups                          : AnonymousUsers, ExchangeServers, Partners
PipeliningEnabled                         : True
ProtocolLoggingLevel                      : None
RemoteIPRanges                            : {0.0.0.0-255.255.255.255}
RequireEHLODomain                         : False
RequireTLS                                : False
EnableAuthGSSAPI                          : False
ExtendedProtectionPolicy                  : None
LiveCredentialEnabled                     : False
TlsDomainCapabilities                     : {}
Server                                    : edge01
TransportRole                             : HubTransport
RejectReservedTopLevelRecipientDomains    : False
RejectReservedSecondLevelRecipientDomains : False
RejectSingleLabelRecipientDomains         : False
AcceptConsumerMail                        : False
SizeEnabled                               : Enabled
TarpitInterval                            : 00:00:05
AuthTarpitInterval                        : 00:00:05
MaxAcknowledgementDelay                   : 00:00:30
AdminDisplayName                          :
ExchangeVersion                           : 0.1 (8.0.535.0)
Name                                      : Default internal receive connector edge01
DistinguishedName                         : CN=Default internal receive connector edge01,CN=SMTP Receive 
                                            Connectors,CN=Protocols,CN=edge01,CN=Servers,CN=Exchange
                                            Administrative Group (FYDIBOHF23SPDLT),CN=Administrative Groups,CN=First
                                            Organization,CN=Microsoft Exchange,CN=Services,CN=Configuration,CN={}
Identity                                  : edge01\Default internal receive connector edge01
Guid                                      : GUID
ObjectCategory                            : CN=ms-Exch-Smtp-Receive-Connector,CN=Schema,CN=Configuration,CN={GUID}
ObjectClass                               : {top, msExchSmtpReceiveConnector}
OrganizationId                            :
Id                                        : edge01\Default internal receive connector edge01
OriginatingServer                         : localhost
IsValid                                   : True
ObjectState                               : Unchanged

Interessant ist hierbei, dass die Werte für folgende Parameter nicht auf einen Hybrid-Mode optimiert sind.

   -MessageRateLimit 600 `
   -MaxInboundConnection                      5000 `
   -MaxInboundConnectionPerSource             20 `
   -MaxInboundConnectionPercentagePerSource   2

Gerade wenn der Edge-Server nicht über MX-Record von ganz vielen Systemen entsprechende Mails bekommen sondern von einem einzigen vorgelagerten Smarthost oder Service, dann würde ich die Werte wie folgt hochsetzen

get-receiveconnector | set-receiveconnector `
   -MessageRateLimit unlimited `
   -MaxInboundConnection                      5000 `
   -MaxInboundConnectionPerSource             unlimited `
   -MaxInboundConnectionPercentagePerSource    100

Ansonsten könnte es sein, dass im Eventlog folgendes zu finden ist:

Log Name:      Application
Source:        MSExchangeTransport
Date:          11/11/2016 11:37:52 AM
Event ID:      1021
Task Category: SmtpReceive
Level:         Warning
Keywords:      Classic User:          N/A
Computer:      edge01.msxfaq.de
Description:
Receive connector Default internal receive connector edge01 rejected an incoming connection 
from IP address x.x.x.x. The maximum number of connections per source (20) for this 
connector has been reached by this source IP address.

Edge: SendConnector zum Internet

Zum Versand gibt es auf einem Edge Server in der Regel zwei Connectoren. der erste geht zum Internet. In dem Beispiel sendet der Connector die Mails über zwei unkenntlich gemachte Smarthosts

[PS] C:\>(Get-SendConnector[0])

AddressSpaces                : {smtp:*;50}
AuthenticationCredential     :
CloudServicesMailEnabled     : False
Comment                      :
ConnectedDomains             : {}
ConnectionInactivityTimeOut  : 00:10:00
ConnectorType                : Default
DNSRoutingEnabled            : False
DomainSecureEnabled          : False
Enabled                      : True
ErrorPolicies                : Default
ForceHELO                    : False
Fqdn                         :
FrontendProxyEnabled         : False
HomeMTA                      :
HomeMtaServerId              :
Identity                     : EdgeSync - MSXFAQ to Internet
IgnoreSTARTTLS               : False
IsScopedConnector            : False
IsSmtpConnector              : True
MaxMessageSize               : 35 MB (36,700,160 bytes)
Name                         : EdgeSync - MSXFAQ to Internet
Port                         : 25
ProtocolLoggingLevel         : None
Region                       : NotSpecified
RequireOorg                  : False
RequireTLS                   : False
SmartHostAuthMechanism       : None
SmartHosts                   : {[x.x.x.x], [x.x.x.x]}
SmartHostsString             : [x.x.x.x],[x.x.x.x]
SmtpMaxMessagesPerConnection : 20
SourceIPAddress              : 0.0.0.0
SourceRoutingGroup           : Exchange Routing Group (DWBGZMFD01QNBJR)
SourceTransportServers       : {}
TlsAuthLevel                 :
TlsCertificateName           :
TlsDomain                    :
UseExternalDNSServersEnabled : False

Per Default ist keine Quelladresse vorgegeben und es werden maximal 20 Connections pro Zielhost geöffnet. Das sollte auch in Verbindung mit einem Smarthost eigentlich genug sein, da Exchange durchaus mehrere Nachrichten über die gleiche TCP-Connection sendet.

Edge: SendConnector nach Intern

Der zweite Connector leitet alle Mails an die interne Organisation weiter. Der Addressraum "--" ist dafür reserviert

[PS] C:\>(Get-SendConnector)[1]


AddressSpaces                : {smtp:--;100}
AuthenticationCredential     :
CloudServicesMailEnabled     : False
Comment                      :
ConnectedDomains             : {}
ConnectionInactivityTimeOut  : 00:10:00
ConnectorType                : Default
DNSRoutingEnabled            : False
DomainSecureEnabled          : False
Enabled                      : True
ErrorPolicies                : Default
ForceHELO                    : False
Fqdn                         :
FrontendProxyEnabled         : False
HomeMTA                      :
HomeMtaServerId              :
Identity                     : EdgeSync - Inbound to MSXFAQ
IgnoreSTARTTLS               : False
IsScopedConnector            : False
IsSmtpConnector              : True
MaxMessageSize               : Unlimited
Name                         : EdgeSync - Inbound to MSXFAQ
Port                         : 25
ProtocolLoggingLevel         : None
Region                       : NotSpecified
RequireOorg                  : False
RequireTLS                   : False
SmartHostAuthMechanism       : ExchangeServer
SmartHosts                   : {--}
SmartHostsString             : --
SmtpMaxMessagesPerConnection : 20
SourceIPAddress              : 0.0.0.0
SourceRoutingGroup           : Exchange Routing Group (DWBGZMFD01QNBJR)
SourceTransportServers       : {}
TlsAuthLevel                 :
TlsCertificateName           :
TlsDomain                    :
UseExternalDNSServersEnabled : False

Die Grenzwerte sind hier wie beim externen Connector gesetzt.

Edge: Get-TransportAgent

Ein einfach installierter Edge hat natürlich auch Filter aktiv

[PS] C:\>Get-TransportAgent

Identity                                           Enabled         Priority
--------                                           -------         --------
Connection Filtering Agent                         False           1
Address Rewriting Inbound Agent                    True            2
Edge Rule Agent                                    True            3
Content Filter Agent                               False           4
Sender Id Agent                                    True            5
Sender Filter Agent                                False           6
Recipient Filter Agent                             False           7
Protocol Analysis Agent                            True            8
Attachment Filtering Agent                         False           9
Address Rewriting Outbound Agent                   True            10

Für die meisten Agenten gibt es ein eigenes Commandlet zur Konfiguration.

Es macht einen Unterschied, ob Sie den TransportAgent deaktivieren oder in der Konfiguration die Funktion deaktivieren.

Edge: Get-RecipientFilterConfig

[PS] C:\>Get-RecipientFilterConfig


Name                       : RecipientFilterConfig
BlockedRecipients          : {}
RecipientValidationEnabled : False
BlockListEnabled           : False
Enabled                    : True
ExternalMailEnabled        : True
InternalMailEnabled        : False
AdminDisplayName           :
ExchangeVersion            : 0.1 (8.0.535.0)
DistinguishedName          : CN=RecipientFilterConfig,CN=Message Hygiene,CN=Transport Settings,CN=First
                             Organization,CN=Microsoft
                             Exchange,CN=Services,CN=Configuration,CN={GUID}
Identity                   : RecipientFilterConfig
Guid                       : 69382f4c-fbe0-4792-aa2b-def0b766e042
ObjectCategory             : CN=ms-Exch-Message-Hygiene-Recipient-Filter-Config,CN=Schema,CN=Configuration,CN={GUID}
ObjectClass                : {top, msExchAgent, msExchMessageHygieneRecipientFilterConfig}
OrganizationId             :
Id                         : RecipientFilterConfig
OriginatingServer          : localhost
IsValid                    : True
ObjectState                : Unchanged

Edge: Get-ContentFilterConfig

[PS] C:\>Get-ContentFilterConfig

Name                                  : ContentFilterConfig
RejectionResponse                     : Message rejected as spam by Content Filtering.
OutlookEmailPostmarkValidationEnabled : True
BypassedRecipients                    : {}
QuarantineMailbox                     :
SCLRejectThreshold                    : 7
SCLRejectEnabled                      : True
SCLDeleteThreshold                    : 9
SCLDeleteEnabled                      : False
SCLQuarantineThreshold                : 9
SCLQuarantineEnabled                  : False
BypassedSenders                       : {}
BypassedSenderDomains                 : {}
Enabled                               : True
ExternalMailEnabled                   : True
InternalMailEnabled                   : False
AdminDisplayName                      :
ExchangeVersion                       : 0.1 (8.0.535.0)
DistinguishedName                     : CN=ContentFilterConfig,CN=Message Hygiene,CN=Transport Settings,CN=First
                                        Organization,CN=Microsoft
                                        Exchange,CN=Services,CN=Configuration,CN={24A8D45B-BA42-4019-8C52-2D5942D91DB9}
Identity                              : ContentFilterConfig
Guid                                  : 08897d91-84fd-4042-842b-784ce920786d
ObjectCategory                        : CN=ms-Exch-Message-Hygiene-Content-Filter-Config,CN=Schema,CN=Configuration,CN=
                                        {24A8D45B-BA42-4019-8C52-2D5942D91DB9}
ObjectClass                           : {top, msExchAgent, msExchMessageHygieneContentFilterConfig}
WhenChanged                           : 12/21/2017 3:27:12 PM
WhenCreated                           : 11/2/2017 8:40:40 AM
WhenChangedUTC                        : 12/21/2017 2:27:12 PM
WhenCreatedUTC                        : 11/2/2017 7:40:40 AM
OrganizationId                        :
Id                                    : ContentFilterConfig
OriginatingServer                     : localhost
IsValid                               : True
ObjectState                           : Unchanged

Get-SenderFilterConfig

[PS] C:\>Get-SenderFilterConfig


Name                         : SenderFilterConfig
BlockedSenders               : {}
BlockedDomains               : {}
BlockedDomainsAndSubdomains  : {}
Action                       : Reject
BlankSenderBlockingEnabled   : False
RecipientBlockedSenderAction : Reject
Enabled                      : True
ExternalMailEnabled          : True
InternalMailEnabled          : False
AdminDisplayName             :
ExchangeVersion              : 0.1 (8.0.535.0)
DistinguishedName            : CN=SenderFilterConfig,CN=Message Hygiene,CN=Transport Settings,CN=First
                               Organization,CN=Microsoft
                               Exchange,CN=Services,CN=Configuration,CN={24A8D45B-BA42-4019-8C52-2D5942D91DB9}
Identity                     : SenderFilterConfig
Guid                         : 21f0b1e0-3c62-488d-af8c-8a7fd1bf2cfc
ObjectCategory               : CN=ms-Exch-Message-Hygiene-Sender-Filter-Config,CN=Schema,CN=Configuration,CN={24A8D45B-
                               BA42-4019-8C52-2D5942D91DB9}
ObjectClass                  : {top, msExchAgent, msExchMessageHygieneSenderFilterConfig}
WhenChanged                  : 11/2/2017 8:40:40 AM
WhenCreated                  : 11/2/2017 8:40:40 AM
WhenChangedUTC               : 11/2/2017 7:40:40 AM
WhenCreatedUTC               : 11/2/2017 7:40:40 AM
OrganizationId               :
Id                           : SenderFilterConfig
OriginatingServer            : localhost
IsValid                      : True
ObjectState                  : Unchanged



[PS] C:\Windows\system32>

Get-AttachmentFilterEntry

[PS] C:\>Get-AttachmentFilterEntry |FT -AutoSize

       Type Name                     Identity                             IsValid ObjectState
       ---- ----                     --------                             ------- -----------
ContentType application/x-msdownload ContentType:application/x-msdownload    True   Unchanged
ContentType message/partial          ContentType:message/partial             True   Unchanged
ContentType text/scriptlet           ContentType:text/scriptlet              True   Unchanged
ContentType application/prg          ContentType:application/prg             True   Unchanged
ContentType application/msaccess     ContentType:application/msaccess        True   Unchanged
ContentType text/javascript          ContentType:text/javascript             True   Unchanged
ContentType application/x-javascript ContentType:application/x-javascript    True   Unchanged
ContentType application/javascript   ContentType:application/javascript      True   Unchanged
ContentType x-internet-signup        ContentType:x-internet-signup           True   Unchanged
ContentType application/hta          ContentType:application/hta             True   Unchanged
   FileName *.xnk                    FileName:*.xnk                          True   Unchanged
   FileName *.wsh                    FileName:*.wsh                          True   Unchanged
   FileName *.wsf                    FileName:*.wsf                          True   Unchanged
   FileName *.wsc                    FileName:*.wsc                          True   Unchanged
   FileName *.vbs                    FileName:*.vbs                          True   Unchanged
   FileName *.vbe                    FileName:*.vbe                          True   Unchanged
   FileName *.vb                     FileName:*.vb                           True   Unchanged
   FileName *.url                    FileName:*.url                          True   Unchanged
   FileName *.shs                    FileName:*.shs                          True   Unchanged
   FileName *.shb                    FileName:*.shb                          True   Unchanged
   FileName *.sct                    FileName:*.sct                          True   Unchanged
   FileName *.scr                    FileName:*.scr                          True   Unchanged
   FileName *.scf                    FileName:*.scf                          True   Unchanged
   FileName *.reg                    FileName:*.reg                          True   Unchanged
   FileName *.prg                    FileName:*.prg                          True   Unchanged
   FileName *.prf                    FileName:*.prf                          True   Unchanged
   FileName *.pif                    FileName:*.pif                          True   Unchanged
   FileName *.pcd                    FileName:*.pcd                          True   Unchanged
   FileName *.ops                    FileName:*.ops                          True   Unchanged
   FileName *.mst                    FileName:*.mst                          True   Unchanged
   FileName *.msp                    FileName:*.msp                          True   Unchanged
   FileName *.msi                    FileName:*.msi                          True   Unchanged
   FileName *.psc2                   FileName:*.psc2                         True   Unchanged
   FileName *.psc1                   FileName:*.psc1                         True   Unchanged
   FileName *.ps2xml                 FileName:*.ps2xml                       True   Unchanged
   FileName *.ps2                    FileName:*.ps2                          True   Unchanged
   FileName *.ps11xml                FileName:*.ps11xml                      True   Unchanged
   FileName *.ps11                   FileName:*.ps11                         True   Unchanged
   FileName *.ps1xml                 FileName:*.ps1xml                       True   Unchanged
   FileName *.ps1                    FileName:*.ps1                          True   Unchanged
   FileName *.msc                    FileName:*.msc                          True   Unchanged
   FileName *.mdz                    FileName:*.mdz                          True   Unchanged
   FileName *.mdw                    FileName:*.mdw                          True   Unchanged
   FileName *.mdt                    FileName:*.mdt                          True   Unchanged
   FileName *.mde                    FileName:*.mde                          True   Unchanged
   FileName *.mdb                    FileName:*.mdb                          True   Unchanged
   FileName *.mda                    FileName:*.mda                          True   Unchanged
   FileName *.lnk                    FileName:*.lnk                          True   Unchanged
   FileName *.ksh                    FileName:*.ksh                          True   Unchanged
   FileName *.jse                    FileName:*.jse                          True   Unchanged
   FileName *.js                     FileName:*.js                           True   Unchanged
   FileName *.isp                    FileName:*.isp                          True   Unchanged
   FileName *.ins                    FileName:*.ins                          True   Unchanged
   FileName *.inf                    FileName:*.inf                          True   Unchanged
   FileName *.hta                    FileName:*.hta                          True   Unchanged
   FileName *.hlp                    FileName:*.hlp                          True   Unchanged
   FileName *.fxp                    FileName:*.fxp                          True   Unchanged
   FileName *.exe                    FileName:*.exe                          True   Unchanged
   FileName *.csh                    FileName:*.csh                          True   Unchanged
   FileName *.crt                    FileName:*.crt                          True   Unchanged
   FileName *.cpl                    FileName:*.cpl                          True   Unchanged
   FileName *.com                    FileName:*.com                          True   Unchanged
   FileName *.cmd                    FileName:*.cmd                          True   Unchanged
   FileName *.chm                    FileName:*.chm                          True   Unchanged
   FileName *.bat                    FileName:*.bat                          True   Unchanged
   FileName *.bas                    FileName:*.bas                          True   Unchanged
   FileName *.asx                    FileName:*.asx                          True   Unchanged
   FileName *.app                    FileName:*.app                          True   Unchanged
   FileName *.adp                    FileName:*.adp                          True   Unchanged
   FileName *.ade                    FileName:*.ade                          True   Unchanged

Weitere Links

Exchange Edge Rolle
Exchange Edge zurückbauen - Rückbau von Exchange Edge Servern mit Hybridbesonderheiten
Grundlegendes zu Nachrichteneinschränkungen und Grenzwerten für die Nachrichtenrate
https://technet.microsoft.com/de-de/library/bb232205(v=exchg.160).aspx
Antispam- und Antischadsoftwareschutz in Exchange 2016
https://technet.microsoft.com/de-de/library/jj150481(v=exchg.160).aspx
Verfahren zur Absenderfilterung
https://technet.microsoft.com/de-de/library/bb124087(v=exchg.160).aspx