locked
Why are connections from port 25 proxied to the Client Proxy connector? RRS feed

  • Question

  • Information all over the internet (Technet, etc) explains that the Client Proxy (Hub Transport) connector "accepts proxied connections received on port 587 by the Client Frontend <Servername> FET connector" or "POP/IMAP connections received by the Client <Servername> FET connector", etc.

    So why is it when I send email from a client over port 25 (received by the Default Frontend <Servername> connector) is the connection sometimes proxied to the Client Proxy <Servername> connector (for instance, if I authenticate the connection with user credentials)? 

    I know this article on mail flow is for Exchange 2013:
    https://blogs.technet.microsoft.com/rischwen/2013/03/13/exchange-2013-mail-flow-demystifiedhopefully/

    ...but it's my understanding that the transport architecture hasn't changed (much) between 2013 and 2016, so I would think this information is still relevant. The behavior I'm seeing would seem to conflict with everything else I'm reading on the topic. Is this normal behavior/by design, or is there something potentially wrong? I haven't changed the default connectors (other than disabling anonymous users on the default FET connector).

     
    • Edited by NESL Admin Thursday, May 31, 2018 2:02 PM
    Thursday, May 31, 2018 2:01 PM

All replies

  • Hi NESL,

    How did you send an email from a client over port 25?

    I also recommend you enable protocol logging on client <ServerName> FET connector, and then check protocol logging both on default and client FET connectors, to confirm which connector receives the message you send. 

    Details see: Protocol logging


    Best Regards,
    Niko Cheng


    Please remember to mark the replies as answers if they helped. If you have feedback for TechNet Subscriber Support, contact tnsf@microsoft.com.


    Click here to learn more. Visit the dedicated forum to share, explore and talk to experts about Microsoft Teams.

    Friday, June 1, 2018 9:24 AM
  • Niko - 

    I have logging turned on; that's how I know which FET and HT connectors are being utilized. I'm also using the SMTP Daig Tool for testing, which is configured as follows:

    SMTP Server: [Exchange Mailbox FQDN]
    Port: 25
    Sever requires authentication: Checked
    Username/password: [Entered]
    Authentication: NTLM
    From: donotreply@domain.local
    To: jsmith@domain.local

    The FET and HT protocol logs report the following relative to the SMTP session:

    Frontend Receive Logs:

    2018-06-01T13:26:41.315Z,exchange\Default Frontend exchange,08D5C72D489C3252,0,192.168.40.141:25,192.168.42.118:52495,+,,
    2018-06-01T13:26:41.317Z,exchange\Default Frontend exchange,08D5C72D489C3252,1,192.168.40.141:25,192.168.42.118:52495,>,"220 exchange.domain.local Microsoft ESMTP MAIL Service ready at Fri, 1 Jun 2018 09:26:40 -0400",
    2018-06-01T13:26:41.351Z,exchange\Default Frontend exchange,08D5C72D489C3252,2,192.168.40.141:25,192.168.42.118:52495,<,EHLO WINPCW7009,
    2018-06-01T13:26:41.351Z,exchange\Default Frontend exchange,08D5C72D489C3252,3,192.168.40.141:25,192.168.42.118:52495,>,250  exchange.domain.local Hello [192.168.42.118] SIZE 37748736 PIPELINING DSN ENHANCEDSTATUSCODES STARTTLS X-ANONYMOUSTLS AUTH NTLM
     X-EXPS GSSAPI NTLM 8BITMIME BINARYMIME CHUNKING XRDST,
    2018-06-01T13:26:41.430Z,exchange\Default Frontend exchange,08D5C72D489C3252,4,192.168.40.141:25,192.168.42.118:52495,<,AUTH NTLM,
    2018-06-01T13:26:41.431Z,exchange\Default Frontend exchange,08D5C72D489C3252,5,192.168.40.141:25,192.168.42.118:52495,>,334 <authentication response>,
    2018-06-01T13:26:41.522Z,exchange\Default Frontend exchange,08D5C72D489C3252,6,192.168.40.141:25,192.168.42.118:52495,*,SMTPSubmit SMTPAcceptAnyRecipient BypassAntiSpam AcceptRoutingHeaders,Set Session Permissions
    2018-06-01T13:26:41.523Z,exchange\Default Frontend exchange,08D5C72D489C3252,7,192.168.40.141:25,192.168.42.118:52495,*,DOMAIN\relayservice,authenticated
    2018-06-01T13:26:41.523Z,exchange\Default Frontend exchange,08D5C72D489C3252,8,192.168.40.141:25,192.168.42.118:52495,*,,ASyncBackendLocator.BeginGetDatabaseToServerMappingInfo.
    2018-06-01T13:26:41.870Z,exchange\Default Frontend exchange,08D5C72D489C3252,9,192.168.40.141:25,192.168.42.118:52495,*,,AsyncBackendLocator.EndGetDatabaseToServerMappingInfo
    2018-06-01T13:26:41.871Z,exchange\Default Frontend exchange,08D5C72D489C3252,10,192.168.40.141:25,192.168.42.118:52495,*,,Setting up client proxy session to destination(s): exchange.domain.local
    2018-06-01T13:26:42.020Z,exchange\Default Frontend exchange,08D5C72D489C3252,11,192.168.40.141:25,192.168.42.118:52495,*,,Proxy session was successfully set up. Outbound session will now be proxied
    2018-06-01T13:26:42.021Z,exchange\Default Frontend exchange,08D5C72D489C3252,12,192.168.40.141:25,192.168.42.118:52495,>,235 2.7.0 Authentication successful,
    2018-06-01T13:26:42.459Z,exchange\Default Frontend exchange,08D5C72D489C3252,13,192.168.40.141:25,192.168.42.118:52495,-,,Local


    Frontend Send Logs:

    2018-06-01T13:26:41.897Z,Client Proxy Send Connector,08D5C72D489C3253,0,,192.168.40.141:465,*,,attempting to connect. Client proxy session for . Proxied session id 08D5C72D489C3252
    2018-06-01T13:26:41.900Z,Client Proxy Send Connector,08D5C72D489C3253,1,192.168.40.141:44017,192.168.40.141:465,+,,
    2018-06-01T13:26:41.901Z,Client Proxy Send Connector,08D5C72D489C3253,2,192.168.40.141:44017,192.168.40.141:465,<,"220 exchange.domain.local Microsoft ESMTP MAIL Service ready at Fri, 1 Jun 2018 09:26:41 -0400",
    2018-06-01T13:26:41.901Z,Client Proxy Send Connector,08D5C72D489C3253,3,192.168.40.141:44017,192.168.40.141:465,>,EHLO exchange.domain.local,
    2018-06-01T13:26:41.901Z,Client Proxy Send Connector,08D5C72D489C3253,4,192.168.40.141:44017,192.168.40.141:465,<,250  exchange.domain.local Hello [192.168.40.141] SIZE 37748736 PIPELINING DSN ENHANCEDSTATUSCODES STARTTLS X-ANONYMOUSTLS AUTH GSSAPI
     NTLM X-EXPS GSSAPI NTLM 8BITMIME BINARYMIME CHUNKING XEXCH50 XRDST XSHADOWREQUEST,
    2018-06-01T13:26:41.938Z,Client Proxy Send Connector,08D5C72D489C3253,5,192.168.40.141:44017,192.168.40.141:465,>,X-ANONYMOUSTLS,
    2018-06-01T13:26:41.939Z,Client Proxy Send Connector,08D5C72D489C3253,6,192.168.40.141:44017,192.168.40.141:465,<,220 2.0.0 SMTP server ready,
    2018-06-01T13:26:41.942Z,Client Proxy Send Connector,08D5C72D489C3253,7,192.168.40.141:44017,192.168.40.141:465,*," CN=mail.domain.local, OU=[NA], O=[NA], L=[NA], S=[NA] C=US CN=DigiCert SHA2 High Assurance Server CA, OU=www.digicert.com, O=DigiCert Inc,
     C=US 0A5171D0441C94F1526958A2218D0880 122D87BD2CBAC9D34A0D2A74B27266D95015C6DD 2018-05-14T20:00:00.000Z 2020-05-19T08:00:00.000Z mail.domain.local;autodiscover.domain.local;webmail.domain.local;domain.local",Remote certificate Subject Issuer name Serial
     number Thumbprint Not before Not after Subject alternate names
    2018-06-01T13:26:41.942Z,Client Proxy Send Connector,08D5C72D489C3253,8,192.168.40.141:44017,192.168.40.141:465,*,,"TLS protocol SP_PROT_TLS1_2_CLIENT negotiation succeeded using bulk encryption algorithm CALG_AES_128 with strength 128 bits, MAC hash algorithm
     CALG_SHA_256 with strength 0 bits and key exchange algorithm CALG_ECDH_EPHEM with strength 256 bits"
    2018-06-01T13:26:41.942Z,Client Proxy Send Connector,08D5C72D489C3253,9,192.168.40.141:44017,192.168.40.141:465,*,122D87BD2CBAC9D34A0D2A74B27266D95015C6DD,Received certificate Thumbprint
    2018-06-01T13:26:41.942Z,Client Proxy Send Connector,08D5C72D489C3253,10,192.168.40.141:44017,192.168.40.141:465,*," CN=mail.domain.local, OU=[NA], O=[NA], L=[NA], S=[NA], C=US CN=DigiCert SHA2 High Assurance Server CA, OU=www.digicert.com, O=DigiCert
     Inc, C=US 0A5171D0441C94F1526958A2218D0880 122D87BD2CBAC9D34A0D2A74B27266D95015C6DD 2018-05-14T20:00:00.000Z 2020-05-19T08:00:00.000Z mail.domain.local;autodiscover.domain.local;webmail.domain.local;domain.local",Proxy target certificate Subject Issuer
     name Serial number Thumbprint Not before Not after Subject alternate names
    2018-06-01T13:26:41.942Z,Client Proxy Send Connector,08D5C72D489C3253,11,192.168.40.141:44017,192.168.40.141:465,>,EHLO exchange.domain.local,
    2018-06-01T13:26:41.943Z,Client Proxy Send Connector,08D5C72D489C3253,12,192.168.40.141:44017,192.168.40.141:465,<,250  exchange.domain.local Hello [192.168.40.141] SIZE 37748736 PIPELINING DSN ENHANCEDSTATUSCODES AUTH GSSAPI NTLM LOGIN X-EXPS EXCHANGEAUTH
     GSSAPI NTLM X-EXCHANGEAUTH SHA256 8BITMIME BINARYMIME CHUNKING XEXCH50 XRDST XSHADOWREQUEST XPROXY XPROXYFROM X-MESSAGECONTEXT ADRC-2.1.0.0 EPROP-1.2.0.0 XSYSPROBE XORIGFROM XMESSAGEVALUE,
    2018-06-01T13:26:41.966Z,Client Proxy Send Connector,08D5C72D489C3253,13,192.168.40.141:44017,192.168.40.141:465,>,X-EXPS EXCHANGEAUTH SHA256 ,
    2018-06-01T13:26:41.966Z,Client Proxy Send Connector,08D5C72D489C3253,14,192.168.40.141:44017,192.168.40.141:465,>,<Binary Data>,
    2018-06-01T13:26:41.972Z,Client Proxy Send Connector,08D5C72D489C3253,15,192.168.40.141:44017,192.168.40.141:465,<,235 <authentication information>,
    2018-06-01T13:26:41.983Z,Client Proxy Send Connector,08D5C72D489C3253,16,192.168.40.141:44017,192.168.40.141:465,>,XPROXY SID=08D5C72D489C3252 IP=192.168.42.118 PORT=52495 DOMAIN=WINPCW7009 CAPABILITIES=0 SECID=Uy0xLTUtMjEtMzU2NzM0NTYzNi0xNDcyNzcyMTE5LTIzODQ3NzAzMzMtMTY5Njk+3D,
    2018-06-01T13:26:42.018Z,Client Proxy Send Connector,08D5C72D489C3253,17,192.168.40.141:44017,192.168.40.141:465,<,250 XProxy accepted and authenticated,
    2018-06-01T13:26:42.018Z,Client Proxy Send Connector,08D5C72D489C3253,18,192.168.40.141:44017,192.168.40.141:465,*,,Proxy session successfully set up for . Inbound session will now be blindly proxied
    2018-06-01T13:26:42.460Z,Client Proxy Send Connector,08D5C72D489C3253,19,192.168.40.141:44017,192.168.40.141:465,-,,Remote


    Hub Receive Logs:

    2018-06-01T13:26:41.899Z,exchange\Client Proxy exchange,08D5C72D4B56E687,0,192.168.40.141:465,192.168.40.141:44017,+,,
    2018-06-01T13:26:41.900Z,exchange\Client Proxy exchange,08D5C72D4B56E687,1,192.168.40.141:465,192.168.40.141:44017,>,"220 exchange.domain.local Microsoft ESMTP MAIL Service ready at Fri, 1 Jun 2018 09:26:41 -0400",
    2018-06-01T13:26:41.901Z,exchange\Client Proxy exchange,08D5C72D4B56E687,2,192.168.40.141:465,192.168.40.141:44017,<,EHLO exchange.domain.local,
    2018-06-01T13:26:41.901Z,exchange\Client Proxy exchange,08D5C72D4B56E687,3,192.168.40.141:465,192.168.40.141:44017,>,250  exchange.domain.local Hello [192.168.40.141] SIZE 37748736 PIPELINING DSN ENHANCEDSTATUSCODES STARTTLS X-ANONYMOUSTLS AUTH GSSAPI
     NTLM X-EXPS GSSAPI NTLM 8BITMIME BINARYMIME CHUNKING XEXCH50 XRDST XSHADOWREQUEST,
    2018-06-01T13:26:41.938Z,exchange\Client Proxy exchange,08D5C72D4B56E687,4,192.168.40.141:465,192.168.40.141:44017,<,X-ANONYMOUSTLS,
    2018-06-01T13:26:41.939Z,exchange\Client Proxy exchange,08D5C72D4B56E687,5,192.168.40.141:465,192.168.40.141:44017,>,220 2.0.0 SMTP server ready,
    2018-06-01T13:26:41.939Z,exchange\Client Proxy exchange,08D5C72D4B56E687,6,192.168.40.141:465,192.168.40.141:44017,*," CN=mail.domain.local, OU=[NA], O=[NA], L=[NA], S=[NA], C=US CN=DigiCert SHA2 High Assurance Server CA, OU=www.digicert.com, O=DigiCert
     Inc, C=US 0A5171D0441C94F1526958A2218D0880 122D87BD2CBAC9D34A0D2A74B27266D95015C6DD 2018-05-14T20:00:00.000Z 2020-05-19T08:00:00.000Z mail.domain.local;autodiscover.domain.local;webmail.domain.local;domain.local",Sending certificate Subject Issuer name
     Serial number Thumbprint Not before Not after Subject alternate names
    2018-06-01T13:26:41.941Z,exchange\Client Proxy exchange,08D5C72D4B56E687,7,192.168.40.141:465,192.168.40.141:44017,*,,"TLS protocol SP_PROT_TLS1_2_SERVER negotiation succeeded using bulk encryption algorithm CALG_AES_128 with strength 128 bits, MAC hash
     algorithm CALG_SHA_256 with strength 0 bits and key exchange algorithm CALG_ECDH_EPHEM with strength 256 bits"
    2018-06-01T13:26:41.943Z,exchange\Client Proxy exchange,08D5C72D4B56E687,8,192.168.40.141:465,192.168.40.141:44017,<,EHLO exchange.domain.local,
    2018-06-01T13:26:41.943Z,exchange\Client Proxy exchange,08D5C72D4B56E687,9,192.168.40.141:465,192.168.40.141:44017,>,250  exchange.domain.local Hello [192.168.40.141] SIZE 37748736 PIPELINING DSN ENHANCEDSTATUSCODES AUTH GSSAPI NTLM LOGIN X-EXPS EXCHANGEAUTH
     GSSAPI NTLM X-EXCHANGEAUTH SHA256 8BITMIME BINARYMIME CHUNKING XEXCH50 XRDST XSHADOWREQUEST XPROXY XPROXYFROM X-MESSAGECONTEXT ADRC-2.1.0.0 EPROP-1.2.0.0 XSYSPROBE XORIGFROM XMESSAGEVALUE,
    2018-06-01T13:26:41.966Z,exchange\Client Proxy exchange,08D5C72D4B56E687,10,192.168.40.141:465,192.168.40.141:44017,<,X-EXPS EXCHANGEAUTH,
    2018-06-01T13:26:41.971Z,exchange\Client Proxy exchange,08D5C72D4B56E687,11,192.168.40.141:465,192.168.40.141:44017,*,SMTPSubmit SMTPSubmitForMLS SMTPAcceptAnyRecipient SMTPAcceptAuthenticationFlag SMTPAcceptAnySender SMTPAcceptAuthoritativeDomainSender BypassAntiSpam
     BypassMessageSizeLimit SMTPSendEXCH50 SMTPAcceptEXCH50 AcceptRoutingHeaders AcceptForestHeaders AcceptOrganizationHeaders SendRoutingHeaders SendForestHeaders SendOrganizationHeaders SendAs SMTPSendXShadow SMTPAcceptXShadow SMTPAcceptXProxyFrom SMTPAcceptXSessionParams
     SMTPAcceptXMessageContextADRecipientCache SMTPAcceptXMessageContextExtendedProperties SMTPAcceptXMessageContextFastIndex SMTPAcceptXAttr SMTPAcceptXSysProbe,Set Session Permissions
    2018-06-01T13:26:41.971Z,exchange\Client Proxy exchange,08D5C72D4B56E687,12,192.168.40.141:465,192.168.40.141:44017,*,NT AUTHORITY\SYSTEM,authenticated
    2018-06-01T13:26:41.971Z,exchange\Client Proxy exchange,08D5C72D4B56E687,13,192.168.40.141:465,192.168.40.141:44017,>,235 <authentication response>,
    2018-06-01T13:26:41.984Z,exchange\Client Proxy exchange,08D5C72D4B56E687,14,192.168.40.141:465,192.168.40.141:44017,<,XPROXY SID=08D5C72D489C3252 IP=192.168.42.118 PORT=52495 DOMAIN=WINPCW7009 CAPABILITIES=0 SECID=Uy0xLTUtMjEtMzU2NzM0NTYzNi0xNDcyNzcyMTE5LTIzODQ3NzAzMzMtMTY5Njk+3D,
    2018-06-01T13:26:42.017Z,exchange\Client Proxy exchange,08D5C72D4B56E687,15,192.168.40.141:465,192.168.40.141:44017,*,None,Set Session Permissions
    2018-06-01T13:26:42.017Z,exchange\Client Proxy exchange,08D5C72D4B56E687,16,192.168.40.141:465,192.168.40.141:44017,*,SMTPSubmit SMTPAcceptAnyRecipient SMTPAcceptAnySender SMTPAcceptAuthoritativeDomainSender BypassAntiSpam AcceptRoutingHeaders,Set Session Permissions
    2018-06-01T13:26:42.018Z,exchange\Client Proxy exchange,08D5C72D4B56E687,17,192.168.40.141:465,192.168.40.141:44017,>,250 XProxy accepted and authenticated,
    2018-06-01T13:26:42.136Z,exchange\Client Proxy exchange,08D5C72D4B56E687,18,192.168.40.141:465,192.168.40.141:44017,<,RSET,
    2018-06-01T13:26:42.139Z,exchange\Client Proxy exchange,08D5C72D4B56E687,19,192.168.40.141:465,192.168.40.141:44017,>,250 2.0.0 Resetting,
    2018-06-01T13:26:42.144Z,exchange\Client Proxy exchange,08D5C72D4B56E687,20,192.168.40.141:465,192.168.40.141:44017,<,MAIL FROM: <donotreply@domain.local>,
    2018-06-01T13:26:42.151Z,exchange\Client Proxy exchange,08D5C72D4B56E687,21,192.168.40.141:465,192.168.40.141:44017,*,08D5C72D4B56E687;2018-06-01T13:26:41.899Z;1,receiving message
    2018-06-01T13:26:42.151Z,exchange\Client Proxy exchange,08D5C72D4B56E687,22,192.168.40.141:465,192.168.40.141:44017,>,250 2.1.0 Sender OK,
    2018-06-01T13:26:42.158Z,exchange\Client Proxy exchange,08D5C72D4B56E687,23,192.168.40.141:465,192.168.40.141:44017,<,RCPT TO: <jsmith@domain.local>,
    2018-06-01T13:26:42.158Z,exchange\Client Proxy exchange,08D5C72D4B56E687,24,192.168.40.141:465,192.168.40.141:44017,>,250 2.1.5 Recipient OK,
    2018-06-01T13:26:42.165Z,exchange\Client Proxy exchange,08D5C72D4B56E687,25,192.168.40.141:465,192.168.40.141:44017,<,DATA,
    2018-06-01T13:26:42.168Z,exchange\Client Proxy exchange,08D5C72D4B56E687,26,192.168.40.141:465,192.168.40.141:44017,>,354 Start mail input; end with <CRLF>.<CRLF>,
    2018-06-01T13:26:42.173Z,exchange\Client Proxy exchange,08D5C72D4B56E687,27,192.168.40.141:465,192.168.40.141:44017,*,,receiving message with InternetMessageId <123c536f228f0cf295390e51bc484810@domain.local>
    2018-06-01T13:26:42.332Z,exchange\Client Proxy exchange,08D5C72D4B56E687,28,192.168.40.141:465,192.168.40.141:44017,>,"250 2.6.0 <123c536f228f0cf295390e51bc484810@domain.local> [InternalId=2465311227937, Hostname=exchange.domain.local] 1561 bytes
     in 0.161, 9.416 KB/sec Queued mail for delivery",
    2018-06-01T13:26:42.345Z,exchange\Client Proxy exchange,08D5C72D4B56E687,29,192.168.40.141:465,192.168.40.141:44017,<,QUIT,
    2018-06-01T13:26:42.345Z,exchange\Client Proxy exchange,08D5C72D4B56E687,30,192.168.40.141:465,192.168.40.141:44017,>,221 2.0.0 Service closing transmission channel,
    2018-06-01T13:26:42.345Z,exchange\Client Proxy exchange,08D5C72D4B56E687,31,192.168.40.141:465,192.168.40.141:44017,-,,Local



    • Edited by NESL Admin Friday, June 1, 2018 1:43 PM
    Friday, June 1, 2018 1:41 PM
  • Can anyone offer any insight to this?
    Monday, June 4, 2018 1:26 PM
  • I've face the same situation.

    Some of our internal application relay with auth (not anonymous) from "Custom open relay connector - accept both auth & anonymous" then  proxy to "Client Proxy Connector" and bounced by "message rate limit". So I go a deep search on it. 

    The "smart" connector has already defined how mailflow goes on Exchange 2016. 


    Client Proxy <ServerName>
    Accepts authenticated client connections that are proxied from the Front End Transport service. 
    Default <ServerName>

    Accepts authenticated connections from: 
    • The Front End Transport service on the local or remote Mailbox servers 
    • The Transport service on remote Mailbox servers 
    • The Mailbox Transport service on the local or remote Mailbox servers 
    • Edge Transport servers 
    • The connections are encrypted with the Exchange server's self-signed certificate. 


    Johnny_Yao


    • Edited by Johnny_Yao Thursday, March 14, 2019 2:10 AM
    Thursday, March 14, 2019 2:00 AM
  • @Johnny_Yao

    Were you able to fix this issue? If so, what was the fix? I am experiencing exactly the same issue with connector and message rate limit after proxy and would appreciate if you can let us know if you ever figured out a fix for it?

    Mahesh

    Monday, January 13, 2020 4:22 AM