混合部署中的边缘传输服务器Edge Transport servers with hybrid deployments

边缘传输服务器角色是通常部署在位于 Exchange 组织外围网络中的计算机上的可选角色,旨在使组织的受攻击面降到最小。边缘传输服务器角色可处理所有面向 Internet 的邮件流,并为组织中的内部部署 Exchange 服务器提供 SMTP 中继和智能主机服务。The Edge Transport server role is an optional role that's typically deployed on a computer located in an Exchange organization's perimeter network and is designed to minimize the attack surface of the organization. The Edge Transport server role handles all Internet-facing mail flow, which provides SMTP relay and smart host services for the internal on-premises Exchange servers in your organization.

基于 Exchange 的混合部署组织中的边缘传输服务器Edge Transport servers in Exchange-based hybrid deployment organizations

想要使用边缘传输服务器的 Exchange 2016 组织可以选择部署 exExchange2k16 边缘传输服务器或运行最新版本的 Exchange 2016 及更高版本、Exchange 2013 或 Exchange 2010 的边缘传输服务器。如果您不想直接向 Internet 公开内部 Exchange 服务器,请使用边缘传输服务器。在混合部署中部署边缘传输服务器时,Exchange Online 将通过 Exchange Online Protection 服务连接到边缘传输服务器传送邮件。然后,边缘传输服务器将把邮件传递到收件人邮箱所在的内部部署 Exchange 邮箱服务器。Exchange 2016 organizations that want to use Edge Transport servers have the option of deploying Edge Transport servers running the latest release of Exchange 2016 and newer, Exchange 2013 or Exchange 2010. Use Edge Transport servers if you don't want to expose internal Exchange servers directly to the Internet. When you deploy an Edge Transport server in a hybrid deployment, Exchange Online, via the Exchange Online Protection service, will connect to your Edge Transport server to deliver messages. The Edge Transport server will then deliver messages to the on-premises Exchange Mailbox server where the recipient mailbox is located.

重要

不要在处理或修改 SMTP 通信的内部部署 Exchange 服务器和 Office 365 之间放置任何服务器、服务或设备。内部部署 Exchange 组织和 Office 365 之间的安全邮件流取决于组织之间发送的邮件中包含的信息。支持允许 TCP 端口 25 上的 SMTP 通信通过而无需修改的防火墙。如果服务器、服务或设备处理内部部署 Exchange 组织和 Office 365 之间发送的邮件,此信息将被删除。如果发生这种情况,该邮件将不再被视为组织内部邮件,并且将会对其应用反垃圾邮件筛选、 传输和日记规则以及可能不适用于它的其他策略。Don't place any servers, services, or devices between your on-premises Exchange servers and Office 365 that process or modify SMTP traffic. Secure mail flow between your on-premises Exchange organization and Office 365 depends on information contained in messages sent between the organization. Firewalls that allow SMTP traffic on TCP port 25 through without modification are supported. If a server, service, or device processes a message sent between your on-premises Exchange organization and Office 365, this information is removed. If this happens, the message will no longer be considered internal to your organization and will be subject to anti-spam filtering, transport and journal rules, and other policies that may not apply to it.

重要

如果您在其他位置具有其他 Exchange 边缘传输服务器,但是这些服务器不处理混合传输,那么这些服务器进行升级以支持混合部署。不过,如果希望 EOP 将来连接到其他边缘传输服务器以实现混合传输,则这些服务器必须运行最新版本的 Exchange 2016 及更高版本、Exchange 2010 或 Exchange 2013。If you have other Exchange Edge Transport servers in other locations that won't handle hybrid transport, they don't need to be upgraded to support a hybrid deployment. However, if in the future you want EOP to connect to additional Edge Transport servers for hybrid transport, they must be running the latest release of Exchange 2016 and newer, Exchange 2010 or Exchange 2013.

向混合部署添加边缘传输服务器Adding an Edge Transport server to a hybrid deployment

配置混合部署时,您可以视需要选择在内部部署组织中部署边缘传输服务器。配置混合部署时,您可以使用混合配置向导,选择一个或多个内部部署 Exchange 服务器,或选择一个或多个内部部署边缘传输服务器处理 Exchange Online 组织的混合邮件传输。Deploying an Edge Transport server in your on-premises organization when you configure a hybrid deployment is optional. When configuring your hybrid deployment, the Hybrid Configuration wizard allows you to either select one or more internal on-premises Exchange servers, or to select one or more on-premises Edge Transport servers to handle hybrid mail transport with the Exchange Online organization.

在将边缘传输服务器添加到混合部署时,混合配置向导将代表内部 Exchange 服务器与 EOP 进行通信。边缘传输服务器作为内部 Exchange 服务器和 EOP 之间的中继,用于从内部部署组织到 Exchange Online 组织的出站邮件。边缘传输服务器还作为内部 Exchange 服务器之间的中继,用于从 Exchange Online 组织到内部部署组织的入站邮件。所有以前由内部 Exchange 服务器处理的连接安全性由边缘传输服务器处理。收件人查询、遵从性策略和其他邮件检查继续由内部 Exchange 服务器处理。When you add an Edge Transport server to your hybrid deployment, it communicates with EOP on behalf of the internal Exchange servers. The Edge Transport server acts as a relay between the internal Exchange servers and EOP for outbound messaging from the on-premises organization to the Exchange Online organization. The Edge Transport server also acts as a relay between the internal Exchange servers for inbound messaging from the Exchange Online organization to the on-premises organization. All connection security previously handled by internal Exchange servers is handled by the Edge Transport server. Recipient lookup, compliance policies, and other message inspection, continue to be done on the internal Exchange servers.

如果将边缘传输服务器添加到了混合部署,那么不需要通过该服务器路由内部部署用户与 Internet 收件人之间发送的邮件。只有在内部部署与 Exchange Online 组织之间发送的邮件才会通过边缘传输服务进行路由。If you add an Edge Transport server to your hybrid deployment, you don't need to route mail sent between on-premises users and Internet recipients through it. Only messages sent between the on-premises and Exchange Online organizations will be routed through the Edge Transport server.

重要

如果您需要删除并重新创建用于您的内部部署组织和 Exchange Online 之间通信的边缘订阅,请务必再次运行混合配置向导。重新创建边缘订阅中删除的内部部署组织与 Exchange Online 所需的配置更改。重新运行混合配置向导应用这些更改。If you need to delete and recreate an Edge subscription that's used to communicate between your on-premises organization and Exchange Online, make sure to run the Hybrid Configuration wizard again. Recreating an Edge subscription removes configuration changes that are needed for your on-premises organization to talk to Exchange Online. Re-running the Hybrid Configuration wizard applies those changes again.

不使用边缘传输服务器的邮件流Mail flow without an Edge Transport server

下面的流程和图表展示了在没有部署边缘传输服务器时,本地组织与 Exchange Online 之间的邮件路径:The following process and diagram describes the path messages take between an on-premises organization and Exchange Online when there isn't an Edge Transport server deployed:

  1. 从内部部署组织到 Exchange Online 组织中的收件人的出站邮件从内部 Exchange 服务器上的邮箱进行发送。Outbound messages from the on-premises organization to recipients in the Exchange Online organization are sent from a mailbox on an internal Exchange server.

  2. Exchange 服务器直接将邮件发送至 EOP。The Exchange server sends the message directly to EOP .

  3. EOP 将邮件传递到 Exchange Online 组织。EOP delivers the message to the Exchange Online organization.

从 Exchange Online 组织发送到本地组织中收件人的邮件遵循相反的路由。Messages sent from the Exchange Online organization to recipients in the on-premises organization follow the reverse route.

未部署边缘传输服务器的混合部署中的邮件流Mail flow in a hybrid deployment without an Edge Transport server deployed

不使用边缘传输服务器的混合邮件流

使用边缘传输服务器的邮件流Mail flow with an Edge Transport server

以下流程介绍了在部署边缘传输服务器后,邮件在内部部署组织与 Exchange Online 之间采用的路径。从内部部署组织到 Exchange Online 组织中收件人的邮件是从内部 Exchange 服务器发送的:The following process describes the path messages take between an on-premises organization and Exchange Online when there is an Edge Transport server deployed. Messages from the on-premises organization to recipients in the Exchange Online organization are sent from the internal Exchange server:

  1. 从内部部署组织到 Exchange Online 组织中的收件人的邮件从内部 Exchange 服务器上的邮箱进行发送。Messages from the on-premises organization to recipients in the Exchange Online organization are sent from a mailbox on an internal Exchange server.

  2. Exchange 服务器将邮件发送到运行版本受支持的 Exchange 发行版边缘传输服务器。The Exchange server sends the message to an Edge Transport server running a supported version and release of Exchange.

  3. 边缘传输服务器将邮件发送至 EOP。The Edge Transport server sends the message to EOP.

  4. EOP 将邮件传递到 Exchange Online 组织。EOP delivers the message to the Exchange Online organization.

从 Exchange Online 组织发送到本地组织中收件人的邮件遵循相反的路由。Messages sent from the Exchange Online organization to recipients in the on-premises organization follow the reverse route.

部署了边缘传输服务器的混合部署中的邮件流Mail flow in a hybrid deployment with an Edge Transport server deployed

使用边缘传输服务器的混合邮件流