• Skip to primary navigation
  • Skip to main content
  • Skip to primary sidebar
  • Skip to secondary sidebar
OpenTechTips

OpenTechTips

Comprehensive IT Guides for Pros and Enthusiasts

MENUMENU
  • HOME
  • ALL TOPICS
    • Exchange
    • InfoSec
    • Linux
    • Networking
    • Scripting
      • PowerShell
    • SSL
    • Tools
    • Virtualization
    • Web
    • Windows
  • ABOUT
  • SUBSCRIBE
Home » 25/tcp or 2525/tcp: Exploring the Edge transport pipeline with Wireshark

25/tcp or 2525/tcp: Exploring the Edge transport pipeline with Wireshark

June 12, 2020 - by Zsolt Agoston - last edited on June 15, 2020

25/TCP or 2525/TCP?

Have you ever wondered how incoming and outgoing SMTP messages flow through your Exchange environment on their way to the destination mailboxes? In this article we utilize Wireshark packet capturing tool to see what ports are used on both Edge and the Mailbox servers to pass the messages through the pipeline. In our next article we'll dissect the transport pipeline with all the services involved in the process.

Our setup - Edge server and three Mailbox servers

In a simple environment only one single Mailbox server is used. There's not much to that scenario, both incoming and outgoing messages are passed to and from the internet through port 25/tcp SMTP port. However, things get interesting when multiple servers are involved. In our setup we have an EDGE server in the perimeter network, behind that four AD sites, each with an individual Exchange server, as shown in the following diagram

25/tcp or 2525/tcp: Exploring the Edge transport pipeline with Wireshark

The site links costs in our system are as follows:

PS C:\> Get-AdSiteLink | Select Name, ADCost, ExchangeCost

Name             ADCost ExchangeCost
----             ------ ------------
NY-California       100           25
NY-Texas            100           50
California-Miami    100           25
Texas-Miami         100           50

1. Incoming email from the Internet to MB4

Let's follow the route of our email from info@opentechtips.com all the way from the start to the destination John.Doe@alwayshotcafe.com mailbox, that is living on MB4 server.

25/tcp or 2525/tcp: Exploring the Edge transport pipeline with Wireshark

Mxtoolbox.com has a great header parser tool that displays the hops in an easily readable format.

25/tcp or 2525/tcp: Exploring the Edge transport pipeline with Wireshark

a. As expected, the message arrives in the Edge server, on SMTP port 25/tcp.

25/tcp or 2525/tcp: Exploring the Edge transport pipeline with Wireshark

The Edge server has a subscription to the NY AD site, with the MB1 mailbox server residing there. The Edge server also submits the message to port 25/tcp on the next hop (MB1) server.

b. From there, our message travels to MB4 through hub site MB2. Intra- and inter-site SMTP submission happens on port 2525/tcp.

25/tcp or 2525/tcp: Exploring the Edge transport pipeline with Wireshark

c. MB2 to MB4 also uses the Default HUB transport receive connector that listens on 2525/tcp.

25/tcp or 2525/tcp: Exploring the Edge transport pipeline with Wireshark

2. Outgoing email from MB4 to the Internet

Outgoing messages travel the exact same way in our setup, using the same route and same ports. Starting from MB4 mailbox server, the message is forwarded to MB2 on port 2525/tcp, then arrives on port port 2525/tcp on MB1, where the Default MB1 receive connector is listening to incoming intra-domain traffic. Then MB1 sends the message forwards the Edge server which sends it out to the next hop the MX record of the target domain specifies.

25/tcp or 2525/tcp: Exploring the Edge transport pipeline with Wireshark

This article only focused on the receiving ports the messages were travelling through. For a more detailed guide on what happens exactly during message delivery and submission please check out the next article here.

Reader Interactions

Comments Cancel reply

Your email address will not be published. Required fields are marked *

Primary Sidebar

Tools

Secondary Sidebar

CONTENTS

  • 25/TCP or 2525/TCP?
  • Our setup – Edge server and three Mailbox servers
  • 1. Incoming email from the Internet to MB4
  • 2. Outgoing email from MB4 to the Internet

  • Terms of Use
  • Disclaimer
  • Privacy Policy
Manage your privacy

To provide the best experiences, we and our partners use technologies like cookies to store and/or access device information. Consenting to these technologies will allow us and our partners to process personal data such as browsing behavior or unique IDs on this site and show (non-) personalized ads. Not consenting or withdrawing consent, may adversely affect certain features and functions.

Click below to consent to the above or make granular choices. Your choices will be applied to this site only. You can change your settings at any time, including withdrawing your consent, by using the toggles on the Cookie Policy, or by clicking on the manage consent button at the bottom of the screen.

Functional Always active
The technical storage or access is strictly necessary for the legitimate purpose of enabling the use of a specific service explicitly requested by the subscriber or user, or for the sole purpose of carrying out the transmission of a communication over an electronic communications network.
Preferences
The technical storage or access is necessary for the legitimate purpose of storing preferences that are not requested by the subscriber or user.
Statistics
The technical storage or access that is used exclusively for statistical purposes. The technical storage or access that is used exclusively for anonymous statistical purposes. Without a subpoena, voluntary compliance on the part of your Internet Service Provider, or additional records from a third party, information stored or retrieved for this purpose alone cannot usually be used to identify you.
Marketing
The technical storage or access is required to create user profiles to send advertising, or to track the user on a website or across several websites for similar marketing purposes.
Statistics

Marketing

Features
Always active

Always active
Manage options Manage services Manage {vendor_count} vendors Read more about these purposes
Manage options
{title} {title} {title}
Manage your privacy
To provide the best experiences, we use technologies like cookies to store and/or access device information. Consenting to these technologies will allow us to process data such as browsing behavior or unique IDs on this site. Not consenting or withdrawing consent, may adversely affect certain features and functions.
Functional Always active
The technical storage or access is strictly necessary for the legitimate purpose of enabling the use of a specific service explicitly requested by the subscriber or user, or for the sole purpose of carrying out the transmission of a communication over an electronic communications network.
Preferences
The technical storage or access is necessary for the legitimate purpose of storing preferences that are not requested by the subscriber or user.
Statistics
The technical storage or access that is used exclusively for statistical purposes. The technical storage or access that is used exclusively for anonymous statistical purposes. Without a subpoena, voluntary compliance on the part of your Internet Service Provider, or additional records from a third party, information stored or retrieved for this purpose alone cannot usually be used to identify you.
Marketing
The technical storage or access is required to create user profiles to send advertising, or to track the user on a website or across several websites for similar marketing purposes.
Statistics

Marketing

Features
Always active

Always active
Manage options Manage services Manage {vendor_count} vendors Read more about these purposes
Manage options
{title} {title} {title}