How-To: Deploy ModusGate with Exchange/LDAP Servers


Product: ModusGate

Version & Build: 4.7 and up


ModusGate - Exchange Deployment Guide

There are several ways to deploy ModusGate with Exchange.  Please download and review the attached document before contacting Support.  The document contains useful information that will help you configure and troubleshoot your setup.
Exchange 2003 Info

Exchange does not natively reject invalid addresses during the SMTP connection.  This can cause problems for ModusGate customers who select the SMTP authentication option for Automatically populate user list instead of using the LDAP or Exchange 2000+ options.  Problems arise when Exchange appears to accept invalid addresses which are added to the user list on ModusGate (thus causing licensing problems). 


However, Exchange 2003 can be configured to reject invalid addresses, resulting in a 550 5.5.1 User unknown error.  ModusGate, in turn, bounces these messages and your user count will reflect only valid addresses on your system.  Use the following instructions to configure this on the Exchange server:


NOTE: These instructions apply to Exchange 2003 only. 


Enable directory lookup for recipients in the recipient filter:

  • Go to the Exchange System Manager 
  • Open Global Settings and right-click Message Delivery
  • Select Properties and click on Recipient Filtering
  • Put a checkmark at Filter recipients who are not in the Directory
  • Click OK

Enable the recipient filter on the SMTP protocol binding that accepts mail from the Internet:

  • Navigate to the SMTP Virtual Server that listens on the Internet (repeat these steps if you have more than one)
  • Right-click on the SMTP Virtual Server, choose Properties
  • From General, click on Advanced 
  • Select the IP/port binding that corresponds to the one that listens on the Internet and click on Edit
  • Put a checkmark at Apply Recipient Filter
  • Click OK and exit

When someone does a RCPT TO: invaliduser@localdomain, they will get a 550 5.5.1 User unknown error.

Exchange 2007 Info

Microsoft® Exchange Server 2007, by default, accepts up to 5,000 total connections, with only 2% permitted from the same source (i.e. a maximum of 100 connections).  The server receives mail from countless addresses throughout the world.  However, with modusGate™ (or any SMTP gateway) in front of the Exchange Server, mail is received from only one IP address – that of modusGate™.

If modusGate™ is handling a heavy mail load, relaying legitimate mail to Exchange, it could be choked by Exchange’s limitations.  Therefore, Vircom suggests that you increase the percentage from 2 to 20. 

Please consult the following Microsoft KB article for complete details:

The following Exchange 2007 settings, mentioned in the article, are relevant to modusGate:

Set-ReceiveConnector > MaxInboundConnection

This parameter specifies the maximum number of inbound SMTP connections that this Receive connector allows at the same time. The default value is 5,000.

Set-ReceiveConnector > MaxInboundConnectionPercentagePerSource

This parameter specifies the maximum number of SMTP connections that a Receive connector allows at the same time from a single source messaging server. The value is expressed as the percentage of available remaining connections on a Receive connector. The maximum number of connections that are permitted by the Receive connector is defined by the MaxInboundConnection parameter. The default value of the MaxInboundConnectionPercentagePerSource parameter is 2%. Change this parameter to 20%.

Set-ReceiveConnector > MaxInboundConnectionPerSource

This parameter specifies the maximum number of SMTP connections that a Receive connector allows at the same time from a single source messaging server. The default value is 100.  Change this value to 1,000.
Exchange 2010 Info 
It is not required to configure an Edge Transport server for Exchange 2010, since modusGate and the Edge server perform similar functions. If you wish, however, an Edge server can be used in addition to modusGate for redundancy or dual protection purposes. 

Whatever your chosen setup, the modusGate server must communicate directly with the Exchange / Active Directory server through LDAP port (3268) to validate the email address. Therefore
when configuring the routes in modusGate, enter the IP of the Exchange / Active Directory Global Catalog Server for Auto-populate user list and Authentication.
If you wish to use a Hub Transport server and need help with configuration, please contact Microsoft directly for advice.