Transport Services Flashcards

Question 1

Q

What Transport Services exist on an Exchange 2016 service?

Answer

A

Front End Transport Service
Transport Service

• Mailbox Transport Service
which consists of:
○ Mailbox Transport Submission Service
○ Mailbox Transport Delivery Service

Question 2

Q

What is the Front End Transport service?

Answer

A

Stateless proxy for inbound, external, SMTP traffic

* Optionally, a stateless proxy for outbound traffic

Question 3

Q

What is the Transport Service?

Answer

A

handles all SMTP mail flow for the organization
it performs categorization (determining how to route an e-mail message)
performs content inspection
can queue messages

Question 4

Q

What are the Mailbox Transport services?

Answer

A

• Consists of:
○ Mailbox Transport Submission Service
○ Mailbox Transport Delivery Service

• The services that communicate directly with mailbox databases for both inbound and outbound email

Question 5

Q

Which transport services can queue messages?

Answer

A

Only the Transport Service.

The Front End Transport and Mailbox Transport services cannot.

Question 6

Q

Which transport services can perform content inspection?

Answer

A

Only the Transport Service

The Front End Transport and Mailbox Transport services cannot.

Question 7

Q

What can the Front End Transport service communicate with?

Answer

A

Only the Transport Service, on either the same mailbox server or on another mailbox server.

Question 8

Q

What can the Transport service communicate with?

Answer

A

Front End Transport Service (on same or other Mailbox servers)
Transport Service (on other Mailbox servers)
Mailbox Transport services (on same or other Mailbox servers)
Edge Transport servers or external SMTP servers for outbound mail

Question 9

Q

What can the Mailbox Transport services communicate with?

Answer

A

Mailbox databases

* the Transport Service (on same or other Mailbox servers)

Question 10

Q

What is the Transport Pipeline?

Answer

A

A collection of services, connections, components, and queues that work together to route all messages to the categorizer in the Transport service on an Exchange 2016 Mailbox server inside the organization.

Question 11

Q

What is a Routing Destination?

Answer

A

The final destination that Exchange has determined for a message, based on the recipient information.

Question 12

Q

What are possible Routing Destinations?

Answer

A

a Mailbox database (for internal recipients)
a Connector (for external recipients)

• a Distribution group expansion server
– if one has been specified for that group. (otherwise, any mailbox server can perform the distribution group expansion)
– When a DG is expanded, it may result in duplication of message for sending to different routing destinations

Question 13

Q

What might cause an e-mail message to be duplicated and sent to different routing destinations?

Answer

A

This can happen, for example, if a distribution group is made up of both internal mailboxes and external contacts.

The message would be duplicated, with one having a routing destination of a mailbox database for the internal recipients, and one with a routing destination of a Send Connector for the external recipients.

Question 14

Q

What is a Delivery Group?

Answer

A

Each Routing Destination has one or more mailbox servers that are responsible for delivering messages to their destination.

Those servers are referred to as a Delivery Group.

Question 15

Q

What are possible Delivery Groups?

Answer

A

• a DAG
– The DAG members are the Delivery Group for any mailboxes that are hosted within that DAG

• Mailbox server(s) within an AD site
– If a mailbox is not hosted in a DAG, then any of the mailbox servers in the same site as the mailbox itself are used as the Delivery Group.

• Source Mailbox servers for a connector
– if a message needs to be sent over a Send Connector, then the source servers for that connector are the Delivery Group.

• an Active Directory site.
– if a hub site has been configured, and it is the least-cost route to the destination, then the mailbox servers in that site are a Delivery Group.

Question 16

Q

How are messages with multiple recipients routed?

Answer

A

For distribution groups:
– The nearest Transport service is used, and the group is expanded to determine routing destinations.

For multiple recipients:
– The first 20 recipients are used to determine the best Transport service to use. Then, that transport service decides what to do from there.

Question 17

Q

How does Exchange route email messages?

Answer

A

The Categorizer calculates the least-cost route to the delivery group for that recipient.

Question 18

Q

What is least-cost routing?

Answer

A

The Active Directory replication topology configures AD Site links with a “cost value.”

The lower the “cost,” the better the speed or bandwidth of the WAN connection between the two sites.

Exchange looks at these same IP Site Cost Links when calculating the least-cost route between two servers in the same organization.

Question 19

Q

What does “queuing to the point of failure” refer to?

Answer

A

If a site has an outage, then Exchange will try to send messages destined for that site to the closest site and queued until the destination site is online again.

This will only happen if the target mailbox is NOT hosted in a DAG, or if all DAG sites are down.

Question 20

Q

What will happen if a destination mailbox is hosted on a server that is having an outage?

Answer

A

If the mailbox is hosted in a DAG and the DAG member hosting the mailbox is down, then the sending server will try to deliver the message to:

(in order of preference)

the closets DAG member,
any DAG member,
queuing to the point of failure if no DAG members are available

If the mailbox is not hosted by a DAG, then the sending server will simply queue to the point of failure.

Question 21

Q

What is an “Exchange Cost”?

Answer

A

A parameter that can be set on an AD Site Link, which will be used by Exchange to calculate route cost instead of the IP Site Link cost.

Exchange Cost value will override the IP Site Link cost value.

This is useful in situations where the AD topology doesn’t match how you want your Exchange routing to behave.

Question 22

Q

How do you configure an Exchange Cost?

Answer

A

Exchange Cost values are assigned to AD Sites Links.

Set-ADSiteLink
“SiteA-SiteB”
-ExchangeCost 5

Question 23

Q

How will a “Hub Site” influence Exchange routing between sites?

Answer

A

When an AD Site has been configured as a Hub Site,

and that site exists on the Least Cost Routing path between two other sites,

then a message will be sent to an exchange server in the Hub site, instead of directly to the destination server.

Question 24

Q

What is the PowerShell command to create a new Hub Site?

Answer

A

To set an AD Site as a Hub Site:

Set-ADSite
“Name of Site”
-HubSiteEnabled:$true

Question 25

Q

What is Shadow Redundancy?

Answer

A

A feature that makes a copy of each e-mail message onto another Mailbox server, to protect the message from failure of a server that is processing the message.

The goal is to improve availability and resilience of e-mail in transit.

Question 26

Q

How does Shadow Redundancy work?

Answer

A

When Front End Transport sends a message to a Transport service, the message will also be copied to another Transport service before the first Transport service acknowledges receipt.

When the Shadow copy has been successfully created, the first mailbox server sends back the acknowledgement to the sending device or server.

Question 27

Q

What is a Shadow Queue?

Answer

A

Part of Shadow Redundancy.

The Shadow Queue is where Shadow copies of e-mail messages are stored on the Shadow server for that message.

Question 28

Q

How is a server selected to copy a message onto for Shadow Redundancy?

Answer

A

If the receiving server is NOT a DAG member:
- a mailbox server in the local directory site is used as the Shadow server.

If the receiving server is a DAG member:
- another DAG member is used as the Shadow server.

If the DAG spans multiple Active Directory sites:
- Shadow Redundancy will try to pick a DAG member in a different site, so you have site resilience for the message.

Question 29

Q

How do you configure Shadow Redundancy?

Answer

A

It is enabled by default.
Disabling it is not recommended.
It is enabled and configured organization-wide. Cannot be configured per-server.
You can set it to either accept or reject messages if shadow redundancy fails.

Question 30

Q

What happens if a Shadow copy fails to be created?

Answer

A

You have the option to set whether Messages are accepted or rejected if a shadow copy fails to be created.

If you have multiple servers in each AD site, or if servers are members of a DAG, you can set messages to be rejected if the Shadow copy fails to be created, if you want to prioritize resiliency over continued delivery.

In single-server sites/environments, Shadow copies will always fail to be created, so they must be accepted in this setting.

Question 31

Q

What is the PowerShell command to Reject a message when a shadow copy fails to be created?

Answer

A

Set-TransportConfig

-RejectMessageOnShadowFailure:$true

Question 32

Q

Part of Transport, this feature will protect message resiliency while the message is in transit.

Answer

A

What is:

Shadow Redundancy

Question 33

Q

Part of Transport, this feature will protect message resiliency after the message has been delivered.

Answer

A

What is:

Safety Net

Question 34

Q

What is Safety Net?

Answer

A

Safety Net stores copies of successfully delivered messages, so they can be resubmitted into the transport pipeline if necessary.

Question 35

Q

When might Safety Net be used to resubmit a message?

Answer

A

After a lossy failover of a database in a DAG.

* During activation of a lagged database copy.

Question 36

Q

How long will Safety Net hold copies of delivered messages for?

Answer

A

The default hold time is 2 days, but it is configurable at the organization level.

Question 37

Q

How should Safety Net be configured if you are using Lagged Database Copies?

Answer

A

The hold time of Safety Net should be set to match or exceed the longest lag time on your lagged database copies.

Question 38

Q

Powershell command to configure Safety Net Hold Time?

Answer

A

Set-TransportConfig

SafetyNetHoldTime
10. 00:00:00

(format is dd.hh:mm:ss)

Question 39

Q

How is Safety Net itself made redundant?

Answer

A

As long as Shadow Redundancy hasn’t been disabled, then Safety Net is made redundant by Shadow Safety Net.

The the Primary Safety Net is unavailable for resubmission requests, Shadow Safety Net can service the requests.

Question 40

Q

At what point are messages moved into the Safety Net?

Answer

A

After a message has been successfully delivered to the recipient, the primary copy of the message is moved to Safety Net, and the shadow copy of the message is moved to the Shadow Safety Net (as long as Shadow Redundancy hasn’t been disabled).

Question 41

Q

What database is Safety Net part of?

Answer

A

Safety Net is part of the Transport Database.

Question 42

Q

What is a Receive Connector?

Answer

A

Receive Connectors are used to receive e-mail from clients, servers, or other transport services.

Question 43

Q

What are the default Receive Connectors that come configured when you install Exchange?

Answer

A

There are 5 default receive connectors created by Exchange.
Each will have the server name in the Connector’s name:

• Front End Transport Service Receive Connectors:
○ Default Frontend
○ Client FrontEnd
○ Outbound Proxy Frontend

• Transport Service Receive Connectors:
○ Default
○ Client Proxy

Question 44

Q

What is this Receive Connector, and what port does it use?

Default Frontend

Answer

A

Bound to the Front End Transport Service
Listens on Port: TCP 25
Entry point for e-mail from non-Exchange systems into the organization.

Question 45

Q

What is this Receive Connector, and what port does it use?

Client FrontEnd

Answer

A

Bound to the Front End Transport Service
Listens on Port: 587
Requires client authentication
Used for secure, authenticated SMTP (protected by TLS)
Used, for example, by POP and IMAP clients, and by internal devices or apps that are configured to use authentication.

Question 46

Q

What is this Receive Connector, and what port does it use?

Outbound Proxy Frontend

Answer

A

Bound to the Front End Transport Service
Listens on Port: 717
Only used if a send connector is configured to proxy outbound e-mail via Front End Transport service.
By default, send connectors are NOT configured in this way, so this Receive Connector is almost never used in the real world.

Question 47

Q

What is this Receive Connector, and what port does it use?

Default

Answer

A

Bound to the Transport Service
Listens on Port: 2525
Accepts connections from other transport services on the same or different servers.
That would include connections:
that have been proxied from the Default Frontend connector,
from Edge Transport servers,
from Mailbox Transport services,
or from other transport services on other servers.

Question 48

Q

What is this Receive Connector, and what port does it use?

Client Proxy

Answer

A

Bound to the Transport Service
Listens on Port: 465
Accepts client connections proxied by Frontend services

Question 49

Q

For what reasons should you modify any of the Default Receive Connectors?

Answer

A

Generally, you should not modify them, except to do the following:

Change message size limits
Change rate limits
Configure a TLS certificate to use on a particular connector

Question 50

Q

What is a Relay Connector?

Answer

A

A particular type of Receive Connector.

If a device or application needs to send e-mail messages, (such as for notifications, alerts, scan-to-email, etc.), Exchange can perform that service.

A connector built for this purpose is commonly called a Relay Connector.

Question 51

Q

What is the difference between Internal Relay and External Relay, and how are they configured?

Answer

A

Internal Relay works without any special configuration required.

The default Frontend Receive Connector is already configured to accept SMTP connections from anywhere, and the Exchange server will allow an anonymous sender to send e-mail to any internal recipients (since that is also how internet e-mail is treated).

But, if a sender tries to send e-mail to an external recipient, they must either use authentication (which will go through the Client FrontEnd Receive Connector), or an External Relay Connector must be configured to allow anonymous senders from specific IP addresses.

Question 52

Q

If more than one Front End Receive Connector is configured to listen on Port 25 for internal senders, how does an Exchange server know which connector to use?

Answer

A

The most specific match wins.

The Default Frontend Receive Connector is configured for all IP addresses. So, it is the least-specific configuration.

If a non-default Receive Connector has been configured with a specific set or range of IP addresses, then Exchange will use the connector that most specifically matches the source’s IP address.

Question 53

Q

What is an “Accepted Domain”?

Answer

A

Accepted DOmains are SMTP namespaces that an Exchange organization is able to send and recieve e-mail for.

A domain must be added as an accepted domain before it can be used in e-mail addresses assigned to recipients.

Question 54

Q

What types of Accepted Domains are there?

Answer

A

There are three types of Accepted Domains:

Authoritative
Internal Relay
External Relay

Question 55

Q

What is this type of Accepted Domain:

Authoritative

Answer

A

A domain that the Exchange organization is solely responsible for.
Exchange will only deliver e-mails to local recipients (that are within the local Exchange organization)
All e-mail for unknown recipients is rejected.

Question 56

Q

What is this type of Accepted Domain:

Internal Relay

Answer

A

A domain that the Exchange organization shares responsibility for.
Recipients can be within the local Exchange organization, or can be located in an external mail system (whether another Exchange organization, or a third-party mail system).
Exchange will first look for a local recipient, and if none are found, it will relay the mail off to another mail system.
(A Send Connector handles the routing of the message to the other mail system.)

Question 57

Q

What is this type of Accepted Domain:

External Relay

Answer

A

A domain for which Exchange has no local recipients, but can relay the messages to another mail system.
Only recipients that are located in an external mail system.
(A Send Connector handles the routing of the message to the other mail system.)

Question 58

Q

How can you assign e-mail addresses using sub-domains to recipients?

Answer

A

You can either configure the sub-domain as an Accepted Domain,

(for example, sales.company.com)

or you can add an Accepted Domain using a Wildcard.

(for example, *.company.com)

which will allow ANY subdomain to be used in e-mail addresses assigned to recipients.

Question 59

Q

Using e-mail address policies, how can you assign e-mail addresses using sub-domains to recipients?

Answer

A

If your Accepted Domain was configured with a wildcard, you cannot use its sub-domains in E-mail Address Policies.

Instead, you would need to add the specific sub-domains as their own Accepted Domain.

Question 60

Q

What is a “primary e-mail address”?

Answer

A

A recipient can have more than one e-mail address, but the primary e-mail address is the address that the e-mails they send will appear to be FROM.

Question 61

Q

What is this:

EAP

Answer

A

E-mail Address Policy/Policies

Question 62

Q

How can you use e-mail address policies to remove unwanted e-mail addresses?

Answer

A

You cannot.

EAPs can be used to add e-mail addresses, but they never remove e-mail addresses.

Question 63

Q

In an EAP address format, what does this variable mean?

%g

Answer

A

Given name

Question 64

Q

In an EAP address format, what does this variable mean?

%i

Answer

A

Middle initial

Answer 65

A

Display name

Answer 66

A

Exchange alias

Answer 67

A

Use first X letters of surname

Answer 68

A

Use first X letters of given name

Answer 69

A

It will default to use the user’s Exchange Alias. For example,

alias@domain.com

Answer 70

A

When Exchange is installed, it creates one default EAP for the organization.

By default, it will just assign the default Accepted Domain to all recipients. That Accepted Domain will be whatever the AD Forest name is.

Answer 71

A

You configure queries in the policy, for example, what text is in the “Company” field of the user.

Policies are also configured with a priority.

If more than one policy matches the recipient, the highest priority policy wins.

Note: The HIGHER the priority number, that means it will win. Unlike some other Microsoft systems where a lower number wins.

Answer 72

A

Each MX record includes a Preference value. The record with the LOWEST preference number is what Exchange will attempt to connect to first.

Answer 73

A

Send Connectors are used to route e-mail to external recipients.

At least one Send Connector is required per organization, for sending mail out to the internet.

Answer 74

A

Send connectors are shared for all recipients and domains in an organization. You don’t need to configure separate send connectors for seperate parts of your organization.

But, additional Send Connectors can be used for:

Controlling e-mail delivery to specific external domains
Securing mail flow to partner organizations
Fault tolerance; so you have multiple out-bound routes from your organization

Answer 75

A

An optional server role for Exchange organizations.
You would typically only install it if you need a specific feature, or to satisfy a security policy.
It handles SMTP communications (e-mail transport) going out to, and coming in from, the internet.
It is not involved in any client connectivity or other connectivity.
It is designed to be placed in a perimeter network.

Answer 76

A

Organizations that require no direct connectivity between the internal network and the internet could use an Edge Transport Server in their DMZ.

Answer 77

A

Address Rewriting Inbound Agent
Address Rewriting Outbound Agent
Attachment filtering
Antispam agents

Answer 78

A

• The Edge Transport server must be able to resolve Mailbox server names
– either Point server to internal DNS, or add entries to hosts file.

• The Mailbox servers must be able to resolve Edge Transport server names
– best done by manually adding A records to internal DNS zone

• Edge Transport must be able to perform public DNS lookups for MX records.

Answer 79

A

• TCP 25
– There must be bi-directional SMTP access between Edge Transport servers and internal/external e-mail servers.

• TCP 50636
– Outbound Edgesync access from Mailbox servers to Edge Transport servers.

• NAT inbound SMTP connections to the Edge Transport server instead of the internal mailbox server.

Answer 80

A

TCP 50636

Answer 81

A

Active Directory Lightweight Directory Service

Answer 82

A

Just one:

Active Directory Lightweight Directory Service (ADLDS)

Answer 83

A

setup.exe
/m:install
/r:e
/iacceptexchangeserverlicenseterms

/m specifies the “mode”
/r specifies “role”

Answer 84

A

EdgeSync is the process that handles synchronization of data from AD to Edge Transport Servers, where it is stored in the ADLDS instance on the Edge Transport Server.

It is necessary because Edge Transport servers, being on a perimeter network, should not have inbound access to a domain controller.

Answer 85

A

For EdgeSync to connect an Edge Transport server to the internal Exchange organization, an Edge Subscription must be configured.

Answer 86

A

EdgeSync synchronizes:

• Topology Data
(about the internal Exchange organization)

Configuration Data
Recipient Data

Also, when the Edge Subscription is first created, it creates “EdgeSync” send and receive connectors on the mailbox servers for internet mail flow.

Answer 87

A

There is no GUI or WUI. All administration must be performed through Exchange Management Shell.

Answer 88

A

A feature of the Edge Transport Server role,

It allows for changing the “from” or “to” e-mail addresses on inbound and outbound e-mail through the use of rules.

It is rarely used in the real world, usually limited to scenarios of rebranding or mergers.

Note: Even though it can change the “from” email address, it will not remove the original sender’s address from the header, so that NDR can be returned.

Answer 89

A

• Changing a single email address to another address
– to present a single, public alias for a particular sender
– to consolidate a team of agents to have a single public address, such as “Sales”

• Changing a single domain to another domain
– useful during rebranding

• Multiple sub-domains to a single domain
– useful when multiple internal subdomains are used, but you want to unify them for external mail.

Answer 90

A

A manually created rule that tells the Address Rewriting agents when and how to change e-mail addresses.

Answer 91

A

Transport Layer Security

It is the successor to SSL. (Though, in casual terms, people often still refer to TLS as SSL.)

Answer 92

A

A command (verb) for the SMTP protocol to use TLS.

Answer 93

A

Opportunistic
Forced
Mutual

Answer 94

A

Accepts STARTTLS from other hosts.
Sends STARTTLS to other hosts.
Falls back to insecure if TLS isn’t available.
Works with untrusted certificates, such as self-signed certs.
Provides Confidentiality for the e-mail in transit (if it’s successful and doesn’t fall back)
Does NOT provide Authentication about the other host that Exchange is connecting to for sending or receiving that e-mail.

Answer 95

A

No configuration changes are required. It will do this by default.

Answer 96

A

Requires TLS for both inbound and outbound SMTP.
Fails if TLS isn’t available.
Works with untrusted certificates, such as self-signed certs.
Provides Confidentiality for the e-mail in transit.
Does NOT provide Authentication about the other host that Exchange is connecting to for sending or receiving that e-mail.

Answer 97

A

To require TLS, set the RequireTls attribute on send or receive connectors to $true.

Answer 98

A

Requires TLS for both inbound and outbound SMTP.
Fails if TLS isn’t available.
Fails if certificate can’t be validated.
Provides Confidentiality for the e-mail in transit
DOES provide Authentication about the host Exchange is connecting to.

Answer 99

A

A term for when you have two Exchange Edge Transport servers in different organizations performing Mutual TLS.

When it occurs, Outlook displays a “Domain Secured” icon on messages.

Note, it is incredibly rare in the real world.

Answer 100

A

Another term for “Domain Secure”

Answer 101

A

Edge Transport Servers on both ends of the connection
Valid certificates on both servers, installed and enabled for SMTP
There must not be any non-Exchange servers involved in the mail flow path (such as third-party spam filters).
The domain to be secured must be specified in the “TLS Receive Domain Secure List” and/or the “TLS Send Domain Secure List”
A “Parter” Send Connector and/or Receive Connector for the secured domain to use.

Answer 102

A

Sender Policy Framework

A DNS TXT record that receiving servers can look up to validate your sending server’s IP address.
Used to help prevent spoofing of your domain names by spammers.
Not mandatory to implement, but recommended.
SPF records are only a suggestion and the receiving server can ignore or override.

Answer 103

A

The version of SPF (which also servers to indicate that this TXT record is an SPF record)
One or more “Mechanisms”
A Qualifier for each Mechanism

Answer 104

A

In this format:

v=spf1

Answer 105

A

Matches any host
Generally placed at the end of a record as a catch-all, to indicate what should be done for any hosts not defined in the SPF record.

Answer 106

A

• Matches a single IPv4 address or IPv4 network range

Answer 107

A

• Matches a single IPv6 address or IPv6 network range

Answer 108

A

Matches a host name or domain name
So the receiving server will look up the A record of the domain in DNS, and if it resolves to the IP address that is making the inbound SMTP connection, then that’s a match

Answer 109

A

Matches against the MX records for the domain
Useful to use if outbound mail for your organization is handled by the same server that MX records resolve to for inbound mail. A nice, simple way to construct your SPF record.

Answer 110

A

Uses reverse DNS to match the sending server’s IP address to the host’s name that it resolves to
Not recommended because it causes a high load on DNS and can be quite slow.

Answer 111

A

• Simply checks if domain name that the e-mail is trying to send from actually exists

Answer 112

A

Matches against the SPF record for another domain
Usually used if outbound e-mail is routed through a cloud service, such as Exchange Online Protection.
Basically saying: “as long as this other SPF record says it’s ok, then it’s ok by me.”

Answer 113

A

Pass
Meaning, e-mail from hosts indicated by the Mechanism should be accepted
This is the default qualifier if none is provided.

Answer 114

A

• It will use the default qualifier, which is + (Pass)

Answer 115

A

Fail

* Meaning, e-mail from hosts indicated by the Mechanism should be rejected

Answer 116

A

Soft Fail

* Meaning, e-mail from hosts indicated by the Mechanism can be accepted but treated as possible spam

Answer 117

A

Neutral

* Meaning, the receiving mail server is advised to do whatever it wants

Answer 118

A

Only the Malware agent.

Answer 119

A

In addition to the Malware agent that is available by default, installing the Anti-Spam agents will make the following available:

Content Filter
Sender ID
Sender Filter
Recipient Filter
Protocol Analysis

Answer 120

A

Connection Filtering
Content Filter
Sender ID
Sender Filter
Recipient Filter
Protocol Analysis
Attachment Filter
(Note, it does not support the Malware agent)

Answer 121

A

An Anti-Spam Agent
Exists only on Edge Transport server role (cannot be installed on a Mailbox server role)
Makes block or allow decisions based on the IP address that is making the SMTP connection
Can use block/allow list providors
Can use explicit block/allow list entries

Answer 122

A

An Anti-Spam Agent
Makes filtering decisions based on the content of email messages
Applies a Spam Confidence Level (SCL) score.
Can reject, delete, or quarantine messages based on the SCL
You can add custom phrases and keywords to influence how Content Filtering scores messages

Answer 123

A

Spam Confidence Level

A score applied to a message by Content Filtering. The higher the level, the more likely it is spam.

Answer 124

A

An Anti-Spam Agent
Looks up SPF Records
Default action is simply to stamps messages with the results (will not reject email even if it fails)
Can be configured to Reject messages that fail SPF lookup
Bypass rules can be configured, so SPF is not considered for particular senders or internal recipients
Only effective if sender’s domain has an SPF record

Answer 125

A

An Anti-Spam Agent
Makes filtering decisions based on senders or sender domains that you choose to block.
Can be configured to either Reject the message, or simply StampStatus.
Can be configured to block an e-mail address, a domain name, or entire top-level domains.

Answer 126

A

An Anti-Spam Agent
Makes filtering decisions based on the recipient of an email message
Can check for non-existent recipients, restricted distribution groups, internal-only mailboxes

Answer 127

A

When a spammer sends messages to many different recipients, to determine which ones are rejected based on being invalid recipients, which it can use to determine valid recipients.

Spammers use recipient validation to find legitimate email addresses.

Answer 128

A

Exchange will “tarpit” high volumes of suspicious behavior by 5 seconds (by default).

TarpitInterval is configured on Receive Connectors, and can be set to any interval you want, though the default of 5 seconds is usually sufficient.

Answer 129

A

An Anti-Spam Agent
Caluclates “Sender Reputation” level / score.
Adds to the Sender Filter block list if score is above threshold, for a period of time (24 hours by default).
Factors several characteristics to determine Sender Reputation.

Answer 130

A

HELO/EHLO analysis
Reverse DNS lookup
SCL ratings determined by the Content Filtering Agent
Open proxy test

Answer 131

A

An Anti-Spam Agent
Only available on Edge Transport Server role. (Not on Mailbox Servers)
Pre-configured with a list of file types to filter, such as executables and scripts.
Attachment types can be added or removed, to customize list.
Can be set to either Reject messages with filtered attachments, or simply Strip the attachment from the message.

Answer 132

A

Mailbox users can maintain their own list of safe and blocked sender addresses or domains, called their Safelist.

Answer 133

A

Exchange can aggregate Safelist information to use it during antispam filtering.
Content filtering is bypassed for safe senders.
Sender filtering rejects or deletes messages from senders on a user’s blocked list.
Enabled by default

Answer 134

A

Only available on Mailbox Servers (not on Edge Transport)
Asked during Setup if you want it Enabled (default is enabled)
Malware filtering occurs at the transport layer, not database layer, therefore it does not replace running a file-level antivirus.

Answer 135

A

Exchange servers that host Transport services queue messages for delivery.

If the destination server can’t be reached, the server will hold the message in its queue and retry delivery at regular intervals.

Queued messages will eventually expire.

Answer 136

A

The default Expiration Timeout is 2 days, but you can configure it as desired.

Answer 137

A

Set-TransportService

MessageExpirationTimeout
3. 00:00:00

Answer 138

A

An option that can be configured on Send and Receive Connectors.

It captures the SMTP conversation that occurs between two hosts/devices.

Both the Front End Transport Service and the Transport Service each have Protocol Logs for both Send and Receive.

Answer 139

A

By default, the only Receive Connectors that have Protocol Logging enabled are:

Default Frontend
Outbound Proxy Frontend

Other default Receive Connectors, and all manually created Send or Receive Connectors, have it disabled by default.

Answer 140

A

Just two levels:

None (Disabled)
Verbose (Enabled)

Answer 141

A

Because the Protocol Logs are capturing the information from the very first stages of the SMTP connection, it is useful for identifying errors that occur before email enters the transport pipeline.

So, they are useful for troubleshooting connectivity issues at the server level.

Answer 142

A

An Exchange feature that records detailed log files of e-mail traffic as messages travel through the transport pipeline.

(I.e., between Exchange servers within the organization, and between different roles, services, and components on individual servers.)

It only records metadata.

Answer 143

A

It only records metadata.

It does not store message contents other than the message subject (by default).

Metadata includes:

Sender
Recipient
Date
Time
Overall message size
Subject (by default, but optional)

Answer 144

A

Only the Transport Service.

(The Front End Transport service is only a proxy for SMTP connections, so it performs no logging other than Protocol Logging.)

Answer 145

A

The log TXT files are human-readable, and located within Exchange’s installation folder:
Program Files > Microsoft > Exchange Server > V15 > Transport Roles > Logs > MessageTracking
These logs can also be imported into Excel to improve readability.
You can also perform Message Tracking Log searches in PowerShell

Answer 146

A

• Example command:

Get-MessageTrackingLog
-Sender
john@company.com
-Recipients
mary@website.com

• You can use several filter options to narrow your results.

Answer 147

A

A Remote Domain is configured so that settings can be defined for outgoing message transfer to external mail systems.

Answer 148

A

• Message formats (HTML, rich text, plain text)
– If you know a certain domain only supports certain kinds of formats, you can convert outgoing messages to the required format)

• Automatic (out of office) replies

• Non-delivery reports
– with or without diagnostic information

Answer 149

A

Get-RemoteDomain

Answer 150

A

A state of resource exhaustion for Exchange servers, which leads to the server actively refusing some or all connections or e-mail delivery attempts.

It is a symptom of server sizing or performance issues. A server goes into a Back Pressure state as a method of self-preservation.

Answer 151

A

Low free disk space on the drives that store the Transport Queue database and logs
Too many uncommitted database transactions in memory
Excess memory utilization, either by the transport service processes, or overall by the server

Answer 152

A

Normal
• no problems

Medium
• means a resource is moderately over-utilized
• server begins limiting some connection types, e.g. external connections, but continues processing internal mail

High
• means a resource is severely over-utilized
• server stops accepting all new connections

Answer 153

A

SMTP error 452 4.3.1 Insufficient system resources

* Application event log entries, including ID #s 15004 through 15007.

Answer 154

A

Check block lists on a site such as MXToolbox.com to see what lists you appear on.
See if lists provide a reason for your entry. Make corrections as required.
Check that your receive connectors are properly configured and are not being used as an open relay for spammers.
Contact the list that you have been blocked on to request removal.

Answer 155

A

Transport Rules

Answer 156

A

Rules created to look for messages matching specified criteria or conditions, and to take specified action on those messages.
Applied to entire organization / at the organization level.

Answer 157

A

• Sender details
– e.g. domain name

• Recipient details
– e.g. name, group membership, AD attributes)

• Message content
– e.g. keywords in subject, body, sensitive data types, attachments)

• Message size
– total size, attachment size, etc.

Answer 158

A

Forward or redirect message
Reject or delete message
Add additional recipients in To/Cc/Bcc
Apply rights management/encryption
Modify spam score
Set any message header values
Send message to a moderator for approval before sending out
Apply a disclaimer to the message

Answer 159

A

An e-mail domain that is used by more than one mail organization / system, where each has a separate set of recipients using that domain.

Answer 160

A

The domain added as an Accepted Domain (in each organization)
Its Domain Type must be set to Internal Relay (in each organization)
If a Recipient Filter is in place, the AddressBookEnabled property of the Domain must be set to $false, so that Recipient Filtering is not performed on it
A send connector for that address space, set to route to the other organizations that share the namespace (in each organization)
Transport Rules to prevent looped relaying of a message when a recipient cannot be found

Answer 161

A

Exchange will automatically detect a loop and reject a message, but it takes about 30 loops before that detection kicks in.
This can create delays and perhaps excessive traffic, so it’s best to configure transport rules to reject a message after a single loop:
Two Transport Rules are required:

– One rule tags the message header when a message is relayed out

– A second rule (with lower priority and thus and processed first) looks for the tag when receiving a message, and rejects it to prevent a loop

Answer 162

A

For total message size, the default limit is 10 MB.

Answer 163

A

For number of recipients, the default limit is 500.

Answer 164

A

It is counted as a single recipient, even if the group has thousands of members.

Answer 165

A

For the Organization
For a Connector (Send, Receive, and AD Site Connectors)
For a server
For a recipient (Mailboxes and Distribution Groups)

Answer 166

A

The most restrictive limit wins.

Answer 167

A

Only mobile and web users.

I.e., only messages going through that server via ActiveSync, Outlook on the Web, and Exchange Web Services.

Answer 168

A

A single Send Connector per internet-facing site is appropriate, and you generally should not configure more.
Send connectors should usually be configured with equal cost, so that each site’s Public IP is kept in use so they gain reputation on the internet as a good sender for your domain.

Answer 169

A

Send Connectors are configured with a “cost” which is part of the least-cost route calculation.
One site may actually send out through another site’s send connector, if the other send connector and the AD Site Link leading to it total to a lower cost than it’s own send connector.
But, using unequal costs so that only one Public IP gets utilized for outgoing mail is not recommended.

Answer 170

A

Create multiple MX records, pointing to different Public IP addresses of different servers/sites.

They can be configured either with:

equal priority, which results in a generally random distribution between the two routes,
or differing priorities, which results in the lower priority record generally being attempted first.

Answer 171

A

Queues will automatically retry every 10 mintues.

* You can force a retry by running this cmdlet: Retry-Queue

Answer 172

A

When routing topology changes (such as changing route cost or creating a new connector), new routes are only evaluated for new email messages.
So if messages are already in the transport queue because they failed to be routed, they will be retried using the same, previously determined route.
Retry-Queue forces a retry, and the -Resubmit forces re-evaluation of the queued messages for new routes.

Answer 173

A

The messages will remain in that server’s queue and will not reattempt delivery until the server is online again.
So, prior to taking the server down, you should:

– Drain transport queues.

– Redirect remaining queued messages to another server.

– Note, Shadow Redundancy or Safety Net messages on the server are not redirected, and thus will still be at risk.

Answer 174

A

It tells Exchange to continue processing existing e-mail, but stop accepting new mail into the Transport queue.

This is done in preparation of taking the server offline.

Brainscape's Knowledge GenomeTM

Transport Services Flashcards

Brainscape's Knowledge Genome^TM