How to Install and Configure Exchange 2013 Edge Transport Server
================================================================

1. Configure the Edge server IP address, Computer name, and DNS suffix

2. Add Roles and Features

Install-WindowsFeature ADLDS, Telnet-client

3. Install Exchange 2013 Edge Transport Server role.

4. Configure name resolution on the internal Exchange 2013 (CAS + MBX) and on the Edge Server 

5. Open required ports between the LAN and DMZ and check the result

6. Create a new Edge Subscription XML file (on the EDGE server)

New-EdgeSubscription -FileName "C:\EDGE-13.xml"

7. Copy and import the created XML file (on the internal MBX server)

# Replace the file path and name according to your configuration
# Replace the name of the Active Directory Site
# You can check the name of the AD site with the following command:
Get-ExchangeServer | FL Name, *Site

New-EdgeSubscription -FileData ([byte[]]$(Get-Content -Path "c:\EDGE-13.xml" -Encoding Byte -ReadCount 0)) -Site "Default-First-Site-Name"

8. Specify the Internal SMTP server(s) that should be ignored by Sender ID and Connection Filtering:
# Must be performed on the internal MBX Server!!!
# Replace the IP of the internal server(s)
# You can specify multiple IP, separated by comma - ex. 192.168.1.11,192.168.1.12

Set-TransportConfig –InternalSMTPServers 192.168.1.12

# Check the result

Get-TransportConfig | select InternalSMTPServers

Start-EdgeSynchronization -ForceFullSync

9. Configure IP Block List Providers

9.1 Confirm that you are getting correct DNSBL responses from the DNS server(s) in the IP setting sof the EDGE server

# It is important to check both 'listed' and 'not listed' results
# Targets known to be
# a) listed:	127.0.0.2
# b) not listed	127.0.0.1

# If you are using a different public IP for the test, double check it with:
# http://whatismyipaddress.com/blacklist-check

# Don't forget that you are perfromg a Reverse DNS Lookup - 
# you need to use reverse ordering of the numbers/octets in the IP address - ex:

2.0.0.127.zen.spamhaus.org

1.0.0.127.zen.spamhaus.org

2.0.0.127.b.barracudacentral.org

1.0.0.127.b.barracudacentral.org

# A real public IP of a compromised mail server sending SPAM:

188.158.10.130

130.10.158.188.zen.spamhaus.org

130.10.158.188.b.barracudacentral.org

# Add IP Block List Providers

Add-IPBlockListProvider -Name SpamHaus -LookupDomain zen.spamhaus.org

Add-IPBlockListProvider -Name Cuda -LookupDomain b.barracudacentral.org