Monday, 25 January 2016

Which receive connector? | Exchange 2013, 2016

Introduction


In this post, I’ll show you how to work out which receive connector is being used for a particular client SMTP connection in Exchange 2013 and 2016.

Which receive connector is a client SMTP connection using?


To figure this out, we will use receive connector logging. To view the receive connector logs, we first need to enable verbose logging as it's not enabled by default. This is enabled per receive connector so enable logging on each receive connector that you think may be in use.

Enable receive connector logging


To enable receive connector logging for a single receive connector, e.g. Relay 1 on server LITEX01:

Set-ReceiveConnector “LITEX01\Relay 1” -ProtocolLogging Verbose

image

To enable receive connector logging for all receive connector on a particular server, e.g. server LITEX01:

Get-ReceiveConnector -Server LITEX01 | Set-ReceiveConnector -ProtocolLogging Verbose

image

Once enabled, you will start to see log files created in this path for the Front End Transport Service (runs on Exchange 2013 CAS and multi-role servers and also on Exchange 2016 servers): 

"C:\Program Files\Microsoft\Exchange Server\V15\TransportRoles\Logs\FrontEnd\ProtocolLog\SmtpReceive"

And this path for the Transport Service logs (runs on Exchange 2013 MBX and multi-role servers and also on Exchange 2016 servers):

"C:\Program Files\Microsoft\Exchange Server\V15\TransportRoles\Logs\Hub\ProtocolLog\SmtpReceive"

Below is an example of an email sent from mark@domain.com to administrator@litwareinc.com:

2016-01-24T23:36:56.545Z,LITEX01\Relay 3,08D311385B77F991,0,10.2.0.21:25,10.2.0.10:64590,+,,
2016-01-24T23:36:56.545Z,LITEX01\Relay 3,08D311385B77F991,1,10.2.0.21:25,10.2.0.10:64590,>,"220 litex01.litwareinc.com Microsoft ESMTP MAIL Service ready at Sun, 24 Jan 2016 23:36:55 +0000",
2016-01-24T23:36:56.545Z,LITEX01\Relay 3,08D311385B77F991,2,10.2.0.21:25,10.2.0.10:64590,<,EHLO litdc01,
2016-01-24T23:36:56.545Z,LITEX01\Relay 3,08D311385B77F991,3,10.2.0.21:25,10.2.0.10:64590,>,250  litex01.litwareinc.com Hello [10.2.0.10] SIZE 36700160 PIPELINING DSN ENHANCEDSTATUSCODES STARTTLS 8BITMIME BINARYMIME CHUNKING,
2016-01-24T23:36:56.545Z,LITEX01\Relay 3,08D311385B77F991,4,10.2.0.21:25,10.2.0.10:64590,<,MAIL FROM:<mark@domain.com>,
2016-01-24T23:36:56.545Z,LITEX01\Relay 3,08D311385B77F991,5,10.2.0.21:25,10.2.0.10:64590,*,08D311385B77F991;2016-01-24T23:36:56.545Z;1,receiving message
2016-01-24T23:36:56.545Z,LITEX01\Relay 3,08D311385B77F991,6,10.2.0.21:25,10.2.0.10:64590,>,250 2.1.0 Sender OK,
2016-01-24T23:36:56.545Z,LITEX01\Relay 3,08D311385B77F991,7,10.2.0.21:25,10.2.0.10:64590,<,RCPT TO:<administrator@litwareinc.com>,
2016-01-24T23:36:56.545Z,LITEX01\Relay 3,08D311385B77F991,8,10.2.0.21:25,10.2.0.10:64590,>,250 2.1.5 Recipient OK,
2016-01-24T23:36:56.545Z,LITEX01\Relay 3,08D311385B77F991,9,10.2.0.21:25,10.2.0.10:64590,<,DATA,
2016-01-24T23:36:56.545Z,LITEX01\Relay 3,08D311385B77F991,10,10.2.0.21:25,10.2.0.10:64590,>,354 Start mail input; end with <CRLF>.<CRLF>,
2016-01-24T23:36:56.560Z,LITEX01\Relay 3,08D311385B77F991,11,10.2.0.21:25,10.2.0.10:64590,*,,Proxy destination(s) obtained from OnProxyInboundMessage event


You can see from the above output that the receive connector in use is called LITEX01\Relay 3 (well, you should be able to because it’s highlighted enough times!).

Conclusion


In this post, I’ve demonstrated how you can work out which receive connector is in use by enabling receive connector logging.

No comments:

Post a Comment