MS-203 Microsoft 365 Messaging – Managing Mail Flow Topology

1. Understanding the Exchange Transport Architecture

So let’s take some time now and talk about the Exchange transport architecture. So what exactly is happening behind the scenes whenever we are sending mail in and out, when mail is flowing from the inside to the outside? And how is Exchange actually managing and moving that mail through the different components? Now, we’ve talked about how in earlier versions of Exchange, Exchange, we had a bunch of different roles and all that. And then as time has gone on, microsoft has sort of condensed all that or centralized all that mainly into the mailbox role, right, mailbox server role. So there is some behind the scenes. There’s actually what they call the transport service pipeline in which mail is flowing in. And there’s different components that are stored up in memory on your Exchange server that are going to play a role in moving that mail to where it needs to be.

Okay? Now one of the things that’s important to understand here is that when a lot of people, they look at this diagram from Microsoft and they think, oh well, doesn’t that seem a little redundant? You’ve got things that are double checking other things and actually there’s a lot of logic in this because you got to remember that. And this is some things we haven’t even gotten into yet. But you got to remember that you have things like compliance rules that get implemented, mail flow rules that get implemented. You’ve got different databases that can occur on different servers. You got Dags, you got a lot of things that are happening in Exchange.

And so Microsoft has built this system that is checking things and then double checking things to stop certain issues from arising, especially compliance related issues. Okay, so let’s take a look at what we’ve got here. And we’ll sort of look in terms of mail flowing in and then mail flowing out. So if you look here, the first thing you have is the external SMTP. So then this would be something that might be received from an external SMTP server on the outside coming in here. All right, so email is flowing in on this SMTP connection here. And you have a component here underneath the front end transport service. So the front end transport service, this is what’s receiving your email coming in. And you have an SMTP receive component that’s got protocol agents running on it. And it’s got a hub selector. All right, so the protocol agents, the hub selector itself, this has got to make a decision, where is this email going to go? It may have to flow back out to be relayed somewhere else. So this is why you’ll notice there’s an arrow going here to this SMTP send.

Okay? So from there, the SMTP send connector may send it back out, may go off to another SMTP server if there’s a rule on where it’s supposed to go. If you remember we’ve talked about how you can have a male user who may not even have an email in our organization, right? So it could relay that out to that person. From there. The SMTP send. This goes into the SMTP receive, all right? And there’s protocol agents running on that to receive that SMTP connection. I also want to point out this here. It says SMTP from other mailbox servers, transport servers, front end transport servers service or mailbox transport. So this is also going to be a pipeline in which comes directly into, from another exchange server, another email server. So it’s received here, this SMTP receive, then it goes into a submission queue. Okay, submission queue. There’s a pickup directory and a replay directory. The pickup directory is obviously where email can be picked up from on this pipeline. But the replay directory is used in a situation where we’ve had maybe something was to stop or something was to go down. It can stay in the replay directory until it can be submitted.

So the submission queue then goes to the categorizer. The categorizer is part of the heart of the pipeline. This has got all these different routing agents on it. And the routing agents have the different rules in exchange that are applied. So you start getting into transport rules and all of that. The routing agents got to make a decision on what to do with this email, okay, where it’s going to be routing the email, if it meets compliance standards, all of that. All those different rules are part of your categorizer. So from there, categorizer puts it in delivery queues. Remember that all this is up in memory. So you’re seeing all these different queues and things like that.

This is all stored up in Ram on the machine. Okay, so then it goes to SMTP send and it may go back out. Now from there to an external SMTP or over here. Notice it says external SMTP or SMTP to other mailbox server. Okay? All right. And then from there, if we look down here, the SMTP send may send it to SMTP Receive. Now notice we just transitioned from the transport service from the front end to the transport service and now to the mailbox transport service. Okay. So that’s coming into the SMTP receive here because apparently the categorizer has decided, well, this email is going to be residing here on this server. So it comes down here to SMTP receive. Then you have the store delivery driver, driver deliver. And this is where the mailbox deliver agent is, which is going to get our email into our local mailbox store, our mailbox database.

That’s what you’re seeing right here on our local mailbox database. Okay. Now one thing I did want to point out here, notice that it says RPC. This is remote procedure Call and this is just the internal relaying of the information, the internal objects that are happening. You may know that Microsoft has used RPCs for decades as relaying objects, relaying items, and they don’t use RPCs to relay objects between Exchange servers, but within the pipeline they do. So now that our email has made it to our local mailbox database, let’s think now in terms of an email that’s being sent out. So that was sort of looking at receiving. Let’s look at it sending out. So an email is being sent out. You have the store driver submit now as opposed to the store driver receive. Okay? It’s got mailbox assistance and submission agents on it to help make decisions, and then it’s going to be delivered over to the SMTP send. Now from here it could, if you’ll notice it says SMTP to the transport service on other mailbox servers. It may be relayed to a transport service on another mailbox server.

This is a really good thing because it doesn’t need to go back up the entire pipeline just to be relayed over to another server. Okay? So from there it goes in here to submit receive. If it’s not being relayed to another Exchange server, it’s going to go up here to SMTP receive protocol agent. And then depending upon the SMTP received protocol agent, it may have to go back through this pipeline again. And this is if the email is being delivered somewhere else on that mailbox server. So what if you had another mailbox database on the same mailbox server? It’s going to go back through all of this. And again, this is where I was talking earlier about how things can seem a little redundant, but the reason that’s so important is because the email needs to go back through the categorizer.

And this is going to check compliance rules and all that to make sure that there’s no issues there. In Exchange, we have to think in terms of things like DLP, data loss prevention, which gets into things like sensitivity labels, maybe somebody’s trying to email somebody outside our organization or something like that with some sensitive information. And Exchange has got to make a decision on whether or not it should relay that out or not. So things have to go through this categorizer to make sure things are safe. So it does seem a little redundant now if you look back down here to this SMTP send and how it’s going to be sending to this transport server on another server, you got to remember that transport service on that other Exchange server is going to run it through a categorizer as well. So either way, the fate of that email is going to have to go back through a categorizer to make sure that it meets all the compliance rules.

Okay? So from there it could go back through and then it could hit this right here, which would be external SMTP or going out to another mailbox server of some kind. All right. And so it kind of seems like it’s going in circles. And again, I know it kind of seems a little redundant, but ultimately this is to make sure that nothing slips through the cracks, something that could break our compliance rules. Okay, so as you can see, there’s a lot going on there as far as the exam and stuff like that goes. You’re not going to be tested on all the different components and all of that here, but it does help to have a little bit of a foundation of that behind the scenes those behind the scenes items just to sort of help you think in regards to the mail flowing itself, because we’re moving into talking about flow and it’s important to understand there’s a bunch of different components that are taking part in all of this in order to make decisions in our exchange architecture.

2. Mail Flow Transport Rules in On-Premise Exchange

We’re going to go to the Mail Flow area. So let me zoom in on that for you. We’re going to go to Mail Flow, and before we do that, we’re going to have basically jan Williams is going to email Joan Manson. That’s going to be our two little contestants here. Jan Williams is going to email Joan Manson. Jan Williams is going to basically try to say something about budget. Send it to Joan Manson. We’re going to set a rule that’s going to try to catch that email and make it where our administrator has to approve it before it can go through. Okay? So to do this, we’re going to click on Mail Flow and then you can see that we’ve got our rules here. And right now we have no rules. So we’re going to drop this down and we’re going to say create a new rule.

You’ll see, there’s already some custom ones here you can go with, but I’m going to say create a new rule because it’ll let me customize as much as I want, all right? And we’re just going to call this rule Budget keyword Moderate. All right, so budget keyword moderate. This is just going to be looking for that keyword. So apply this rule and here are some of your options, some of your possible conditions. It’s going to look for the sender is recipient is the sender is located. The recipient is located. So this is where you get into things like inside the organization, outside the organization. The recipient is inside the organization, outside the organization. Could be an external partner, non partner of the organization. That’s where you start getting into connectors. The recipient is a member of send is a member of that’s where you get into groups.

The subject or body includes that’s the one I’m actually going to go with. But the sender address includes the recipient address includes specific address. And then you can have any attachments content includes. So I can put keywords and phrases in the attachments. Exchange will actually analyze the attachments as well. Okay. If you want, you could append a disclaimer if you wanted after that, which is kind of cool. So if somebody did have an attachment, you could have a disclaimer that appears in their inbox saying, hey, are you sure you want to do this? This gets into mail tips and all that as well. But what I’m going to do, I’m going to go here to the subject or body includes. And we’re going to put the keyword budget in there and we’ll hit the plus sign and we’re going to click OK. All right, so we’ve got our keyword set up. Then it says do the following.

So this is where it says forward the message for approval. That’s the one I’m going to go with. But I could have it redirect the message to reject the message with explanation, delete the message without notifying anyone. I could have it blind carbon copy message to or append the disclaimer I was mentioning. So I’m going to say forward the message for approval and we’re going to have this forwarded over to the administrator. Keep in mind that this might be one of those things where it goes to like a finance manager or something if you have the word budget in there. In my case, I’m going to do it to the administrator, but if I had somebody that was like our financial manager or something or a company, I might have that person be the one that has to approve it. Okay? So I’m going to click OK, and I’ve now added what I want it to do. Now right here you got properties of the rule. It says Audit this rule with the severity level. Now this doesn’t really do anything in terms of restricting the email or anything like that. This allows you to mark this action as either a low, medium or high severity level.

So that when you go and do your auditing, when you can actually view your audit logs, you can sort by low, medium, high. So I’m going to mark this as medium, which basically means that in the audit log it would show up under medium severity level. And I could sort by that if I wanted to. Again, this is not really going to do any restriction. It’s just for auditing. Then it says choose the mode for this rule. Do you want to enforce it? Do you want to test it with policy tips? Which basically means that once you test it, it’s going to pop a little message up on their screen. Or you could say test without policy tips. Okay, so the other thing I can do is drop this down more options and it says apply this rule. I’ve got that condition if I wanted, I could add another condition.

Now keep in mind, if you add multiple conditions, all the conditions would have to be met for this rule to apply. Okay? So if I was to go in here and I was to add another condition and I said maybe I want to do the recipient as a specific person or something like that, or any certain attachment, then that is another condition that would have to be met for this to work. So I’m not going to add another condition in this case. But just keep in mind that if you add multiple conditions, the multiple conditions have to be met. You can also add other actions. And then here’s where you can add an exception. Now, exceptions will of course override things. So I could add an exception and I could say, well, if the sender is a particular person, then it’s okay for them to forward this email.

Or if it’s going to a certain domain name, it’s okay for this email to be sent if they’re a member of a certain group. So that’s how you could set up an exception. If you want. Okay. All right. So another thing I can do is I can activate this rule during a particular date. This is really nice. In a situation where maybe you’re the Admin, you’re going on vacation and you want to implement a rule that’s going to do certain things or send a certain message to somebody during a certain time period, you can okay. This is not really unlike the kinds of rules you can set up in just native outlook where you have the mail flowing into your inbox and you put it in certain folders. It’s really not too different than that. Okay? And then at that point I can say stop processing rules. So you can have multiple rules, multiple transport rules. And those multiple transport rules can be put in a priority.

You’ll see that there’s a priority number that’ll be associated with this. So if you wanted, you could have, if this rule is discovered, if an email matches this rule, all the conditions of it, then at that point you could say don’t process any more rules, just stick to this. Okay? And then I’ve got another one that says defer this message if rule processing doesn’t complete. So in other words, if rule processing doesn’t complete, if something doesn’t match or whatever, it’s just going to defer that message entirely. Okay? Match sender address in message. So that gets into headers envelopes and all that. I’m not getting into that concept just yet, but look down here towards the bottom, it says rights Management Services is a premium feature that requires an enterprise client access license for each user mailbox.

So what they’re talking about here is if you start getting into some of the rules where we are going through the concept of checking things like classification levels, secret, top secret, things like that, we’re going to enforce encryption and all that, that’s going to involve this thing called rights management. This is something that gets discussed later, but it isn’t something we spend a lot of time on right now. They’re just basically saying you have to have that client access license in order to implement the more advanced stuff like dealing with classifications and all that. So I’m going to go ahead now and I’m going to click save and our rule should officially now be created. Okay? So what I’ve done is I have got the administrator’s email account logged on right here. This is the administrator. You can see administrator@examlabpractice. com up here in the header. And then I’ve also logged on using a different web browser. I’ve logged on as Jan Williams.

Okay? So now what we’re going to do is we’re going to email our other user, which is going to be Joan Manson. Okay? So I’m going to come here and we’re going to click to create a new email. Okay? So we’re now going to send to Joan Matson. So Joan Manson, we’ll just tell it to search the directory to find that user’s email address. And it’s, of course, searched the global address list and found it. I’m just going to say budget in the subject. And I’m going to say, here is the latest budget, okay? And then I’m going to hit send. All right? It says, have you forgotten attachment? Now, I haven’t forgotten the attachment. I’m just doing a keyword test. So I’m going to tell it to send. Okay. And it’s trying to send it to Joan Manson. Okay, so what I want to show you now, I’m going to jump over to Joan Manson, and I’ve got Joan Manson logged on on a different virtual machine.

So I just jumped over to Joan Manson here. And if you look, this is Joan Manson who’s logged on, and currently we don’t have the email coming through here. So I want to jump back over now and look at the administrators email account, all right? And look what we got here. It says that your decision is required. So Jan Williams is trying to email Joan Manson with his budget keyword, right? So I’m going to click on that and notice that it says, the decision is requested. It says Jan Williams has asked you to approve the attached message for delivery to Joan Manson. So at that point, I could approve it or I could reject it. Okay? So I’m going to go ahead and approve it, all right? And now what we’re going to do is jump back over to her email address, her email account.

So here we are over on Joan Manson. I’m going to refresh my browser. Okay? So after refreshing my browser, you can see that Jan Williams budget email has officially gone through after it’s been approved. Hopefully that gives you a decent understanding now of mail transport rules, or also known as mail flow rules. And I encourage you to jump in exchange and just look through some of the different options you’ve got. There’s actually quite a bit of flexibility here when you set your conditions and your exceptions on what actually is going to happen in exchange when your mail goes through that transport pipeline.

• Category: Uncategorized