边缘传输服务器Edge Transport servers

边缘传输服务器通过为 Exchange 组织提供邮件中继和智能主机服务来处理所有入站和出站 Internet 邮件流。Edge Transport servers handle all inbound and outbound Internet mail flow by providing mail relay and smart host services for your Exchange organization. 边缘传输服务器上运行的代理提供额外的邮件保护,平添一重安全保障。Agents running on the Edge Transport server provide additional layers of message protection and security. 这些代理针对垃圾邮件提供保护,并应用邮件流规则(也称为传输规则)控制邮件流。These agents provide protection against spam and apply mail flow rules (also known as transport rules) to control mail flow. 所有这些功能协同工作可帮助最大限度地减少内部 Exchange 对 Internet 威胁的暴露。All of these features work together to help minimize the exposure of your internal Exchange to threats on the Internet.

由于边缘传输服务器安装在外围网络中,因此它从来不是您组织的内部 Active Directory 林的成员,也无法访问 Active Directory 信息。Because the Edge Transport server is installed in the perimeter network, it's never a member of your organization's internal Active Directory forest and doesn't have access to Active Directory information. 但是,边缘传输服务器需要驻留在 Active Directory 中的数据:例如,用于反垃圾邮件收件人查找任务的邮件流和收件人信息的连接器信息。However, the Edge Transport server requires data that resides in Active Directory: for example, connector information for mail flow and recipient information for antispam recipient lookup tasks. Microsoft Exchange EdgeSync 服务 (EdgeSync) 将该数据同步到边缘传输服务器。This data is synchronized to the Edge Transport server by the Microsoft Exchange EdgeSync service (EdgeSync). EdgeSync 是在 Exchange 2016 或 Exchange 2019 邮箱服务器上运行的进程的集合,用于建立从 Active Directory 到 Active Directory 轻型目录服务(AD LDS)实例在边缘传输服务器上的一次单向复制和配置信息。EdgeSync is a collection of processes run on an Exchange 2016 or Exchange 2019 Mailbox server to establish one-way replication of recipient and configuration information from Active Directory to the Active Directory Lightweight Directory Services (AD LDS) instance on the Edge Transport server. EdgeSync 仅复制边缘传输服务器执行反垃圾邮件配置任务所需的信息,并启用端到端邮件流。EdgeSync copies only the information that's required for the Edge Transport server to perform antispam configuration tasks and to enable end-to-end mail flow. EdgeSync 将按计划执行更新,使 AD LDS 中的信息保持最新状态。EdgeSync performs scheduled updates so the information in AD LDS remains current. 有关边缘订阅和 EdgeSync 的详细信息,请参阅Edge 订阅For more information about Edge Subscriptions and EdgeSync, see Edge Subscriptions.

可以在外围网络中安装多个边缘传输服务器。部署多台边缘传输服务器可为您的入站邮件流提供冗余和故障转移功能。通过为您的邮件域定义多个具有相同优先级值的 MX 记录,可以在边缘传输服务器之间实现组织的 SMTP 通信负载平衡。可以使用克隆的配置脚本实现多个边缘传输服务器之间的配置一致性。You can install more than one Edge Transport server in the perimeter network. Deploying more than one Edge Transport server provides redundancy and failover capabilities for your inbound message flow. You can load balance the SMTP traffic to your organization among Edge Transport servers by defining more than one MX record with the same priority value for your mail domain. You can achieve consistency in the configuration among multiple Edge Transport servers by using cloned configuration scripts.

通过边缘传输服务器角色,您可以管理以下邮件处理方案。The Edge Transport server role lets you manage the following message-processing scenarios.

Internet 邮件流Internet mail flow

边缘传输服务器接受来自 Internet 的传入 Exchange 组织的邮件。Edge Transport servers accept messages coming into the Exchange organization from the Internet. 边缘传输服务器处理邮件后,会将邮件路由到内部 Exchange 邮箱服务器;首先指向前端传输服务,然后再传输到传输服务。After the messages are processed by the Edge Transport server, mail is routed to an internal Exchange Mailbox server; first to the Front End Transport service, and then to the Transport service.

Exchange 邮箱服务器上的传输服务处理邮件后,从组织内部发送到 Internet 的所有邮件都将路由到边缘传输服务器。All messages sent to the Internet from inside the organization are routed to Edge Transport servers after the messages are processed by the Transport service on the Exchange Mailbox server. 可以将边缘传输服务器配置为使用 DNS 解析外部 SMTP 域的 MX 资源记录,也可以将边缘传输服务器配置为将邮件转发到智能主机以进行 DNS 解析。You can configure the Edge Transport server to use DNS to resolve MX resource records for external SMTP domains, or you can configure the Edge Transport server to forward messages to a smart host for DNS resolution.

反垃圾邮件保护Antispam protection

在 Exchange Server 中,反垃圾邮件功能提供了在网络外围阻止未经请求的商业电子邮件(垃圾邮件)的服务。In Exchange Server, antispam features provide services to block unsolicited commercial email (spam) at the network perimeter.

垃圾邮件制造者使用多种技术向组织发送垃圾邮件。边缘传输服务器通过提供一组协同工作以提供不同垃圾邮件筛选层和保护层的代理,帮助防止用户接收垃圾邮件。在连接器上建立缓送间隔会使电子邮件搜集尝试变得无效。Spammers use a variety of techniques to send spam into your organization. Edge Transport servers help prevent users from ever receiving spam by providing a collection of agents that work together to provide different layers of spam filtering and protection. Establishing tarpitting intervals on connectors makes email harvesting attempts ineffective.

边缘传输服务器上的邮件流规则Mail flow rules on Edge Transport servers

边缘传输服务器上的邮件流规则用于控制发送到 internet 或从 internet 接收的邮件流。Mail flow rules on Edge Transport servers are used to control the flow of messages sent to or received from the internet. 在每个边缘传输服务器上配置邮件流规则,以帮助保护公司网络资源和数据,具体方法是将操作应用于会议指定条件的邮件。Mail flow rules are configured on each Edge Transport server to help protect corporate network resources and data by applying an action to messages meeting specified conditions. 邮件流规则条件基于数据,如邮件主题、正文、头或发件人地址中的特定词语或文本模式;垃圾邮件信任级别(SCL);或附件类型。Mail flow rule conditions are based on data, such as specific words or text patterns in the message subject, body, header, or from address; the spam confidence level (SCL); or the attachment type. 当指定条件为真时,这些操作可确定处理邮件的方式。Actions determine how the message is processed when a specified condition is true. 可能的操作包括隔离邮件、丢弃或拒绝邮件、附加其他收件人或记录事件。Possible actions include quarantining a message, dropping or rejecting a message, appending additional recipients, or logging an event. 有例外情况(可选)可以不对特定邮件执行操作。Optional exceptions exempt particular messages from having an action applied.

地址重写Address rewriting

地址重写可向外部收件人呈现一致的电子邮件地址外观。在边缘传输服务器上配置地址重写可以修改入站和出站邮件上的 SMTP 地址。对于想要呈现一致的电子邮件地址外观的新合并组织而言,地址重写尤为有用。Address rewriting presents a consistent email address appearance to external recipients. You configure address rewriting on Edge Transport servers to modify the SMTP addresses on inbound and outbound messages. Address rewriting is especially useful for newly merged organizations that want to present a consistent email address appearance.