How to Install and Configure Exchange 2013 Edge Transport Server ================================================================ 1. Configure the Edge server IP address, Computer name, and DNS suffix 2. Add Roles and Features Install-WindowsFeature ADLDS, Telnet-client 3. Install Exchange 2013 Edge Transport Server role. 4. Configure name resolution on the internal Exchange 2013 (CAS + MBX) and on the Edge Server 5. Open required ports between the LAN and DMZ and check the result 6. Create a new Edge Subscription XML file (on the EDGE server) New-EdgeSubscription -FileName "C:\EDGE-13.xml" 7. Copy and import the created XML file (on the internal MBX server) # Replace the file path and name according to your configuration # Replace the name of the Active Directory Site # You can check the name of the AD site with the following command: Get-ExchangeServer | FL Name, *Site New-EdgeSubscription -FileData ([byte[]]$(Get-Content -Path "c:\EDGE-13.xml" -Encoding Byte -ReadCount 0)) -Site "Default-First-Site-Name" 8. Specify the Internal SMTP server(s) that should be ignored by Sender ID and Connection Filtering: # Must be performed on the internal MBX Server!!! # Replace the IP of the internal server(s) # You can specify multiple IP, separated by comma - ex. 192.168.1.11,192.168.1.12 Set-TransportConfig –InternalSMTPServers 192.168.1.12 # Check the result Get-TransportConfig | select InternalSMTPServers Start-EdgeSynchronization -ForceFullSync 9. Configure IP Block List Providers 9.1 Confirm that you are getting correct DNSBL responses from the DNS server(s) in the IP setting sof the EDGE server # It is important to check both 'listed' and 'not listed' results # Targets known to be # a) listed: 127.0.0.2 # b) not listed 127.0.0.1 # If you are using a different public IP for the test, double check it with: # http://whatismyipaddress.com/blacklist-check # Don't forget that you are perfromg a Reverse DNS Lookup - # you need to use reverse ordering of the numbers/octets in the IP address - ex: 2.0.0.127.zen.spamhaus.org 1.0.0.127.zen.spamhaus.org 2.0.0.127.b.barracudacentral.org 1.0.0.127.b.barracudacentral.org # A real public IP of a compromised mail server sending SPAM: 188.158.10.130 130.10.158.188.zen.spamhaus.org 130.10.158.188.b.barracudacentral.org # Add IP Block List Providers Add-IPBlockListProvider -Name SpamHaus -LookupDomain zen.spamhaus.org Add-IPBlockListProvider -Name Cuda -LookupDomain b.barracudacentral.org