Despite a lot of people will use an antivirus/antispam solution in the cloud some people will like to have an additional Exchange aware antivirus product installed on their Exchange servers. One of the products which can be used for this is ForeFront Protection for Exchange 2010.
This software can be installed on the Edge, CAS/Hub and the Mailbox server. In most cases people decide to install it only on one server but in some cases it might be necessary to install it on all servers. The last situation may give the following issue:
You will find this event only on the server which hosts the Mailbox server role and as a result you won’t receive any notification when, for example, an engine could not be updated.
As you can see in the event it got some issues while setting up the SMTP connection to the CAS/Hub server to send the message. When you will have a look, with for example Wireshark to monitor the network traffic, you will see that it tries to authenticate using anonymous tls.
To solve this issue there are, depending on your Exchange environment, two solutions:
- create a seperate receive connector
- switch off the anonymous users authentication option for the default receive connector
The first option must be used when mail from the internet is delivered directly to your CAS/Hub server. In this case the anonymous users _on the _permissions group tab must be enabled, if you do not enable this option you won’t be able to receive e-mail from the internet. This connector can be created by using the Exchange Management Shell:
New-ReceiveConnector -Name 'Forefront' -MaxRecipientsPerMessage 5000 -Fqdn mail.domain.local -Bindings '0.0.0.0:25' -RemoteIPRanges '10.0.0.11-10.0.0.11' -MaxInboundConnectionPerSource Unlimited -MaxInboundConnectionPercentagePerSource 100 -SizeEnabled EnabledWithoutValue
The above command will create a receive connector which can only be used by a server which IP address is 10.0.0.11, all other clients can’t use this connector.
The second option will be used when you have an Edge server in the DMZ which is responsible for receiving mail from the internet.