Spotlight on Exchange 2010: Receiving faxes using Exchange 2010 Unified Messaging

Published Aug 19 2009 03:29 AM 21.2K Views

If you are using Exchange 2007 UM to receive faxes, you should know about the changes we have made to the inbound faxing capabilities in Exchange 2010 UM. After working with our customers and partners, we determined that it was best for specialized partners with deep fax expertise to provide the comprehensive fax capability for Exchange Server 2010. We have therefore established partnerships with several fax vendors to ensure a seamless fax experience for customers who are new to Unified Messaging as well as those upgrading from Exchange Server 2007.

Exchange 2010 no longer creates fax messages itself but instead forwards the inbound fax calls to a dedicated partner fax solution. The partner fax solution establishes the fax call with the remote endpoint and receives the fax media on behalf of the UM-enabled user. It then sends an SMTP message, which contains the fax as a TIFF attachment, to the recipient's mailbox. The Exchange 2010 UM server ensures that the fax message is formatted just like the fax messages coming from Exchange 2007 UM server (Figure 1). 

Figure 1: Example of Exchange 2010 UM fax message.

To allow users to receive faxes via Exchange 2010 UM, customers must install and configure or sign up for service with one of the UM-certified partner fax solutions. At the time of writing, fax partner testing and certification is in progress. The list of compatible, UM-certified fax partners will be made available on our website when Exchange 2010 is launched.

The new fax capabilities in Exchange 2010 RTM are controlled by the following attributes:

    • FaxEnabled on UMDialPlan objects
    • AllowFax and FaxServerURI on UMMailboxPolicy objects
    • FaxEnabled on UMMailbox objects

By default, when the user is first UM-enabled, the UMDialPlan.FaxEnabled and UMMailbox.FaxEnabled are set to true, whereas UMMailboxPolicy.AllowFax is set to false. In order to enable a UM user for fax, all three of these attributes must be set to true and UMMailboxPolicy.FaxServerURI must point to a valid partner fax solution endpoint. Whenever UMMailboxPolicy.AllowFax is set to true, FaxServerURI must be provided to indicate to the UM server where to redirect the fax calls. FaxServerURI must have the following form: sip::;, where "fax server URI" is either an FQDN or an IP address of the partner fax solution; "port" is the port on which the fax server listens for incoming fax calls and "transport" is the transport protocol over which the fax calls are made (udp, tcp or tls). For example, you might configure fax as follows:

[PS] D:\>Set-UMMailboxPolicy MyPolicy -AllowFax $true -FaxServerURI ";transport=tcp"

You may be wondering how to secure communication with the partner fax solution. Partner fax messages must be authenticated; any unauthenticated message claiming to have come from a fax partner will not be processed by the UM server but instead will be delivered as a regular email. For authenticating the connection from the partner you can use mutual TLS, sender ID validation [1, 2], or establish trust via a dedicated receive connector. A receive connector should be sufficient for authenticating the partner fax solutions deployed in the enterprise together with the UM server. The receive connector will ensure that the Exchange server treats all traffic coming from the partner fax solution as authenticated. The connector should be deployed on the Hub Transport server used by the partner fax solution to submit SMTP fax messages and should have the following property values:

AuthMechanism                           : ExternalAuthoritative

PermissionGroups                        : ExchangeServers, Partners

RemoteIPRanges                          : {faxserverIP}

RequireTLS                              : False

EnableAuthGSSAPI                        : False

LiveCredentialEnabled                   : False

If the partner fax solution that you are using sends traffic to the UM server over a public network (e.g., a service-based partner fax solution hosted in the cloud), it is recommended to authenticate the sender using a sender ID check. This validation ensures that the IP, from which the message originated, is in fact authorized to send emails on behalf of the partner domain that the message claims to have come from. DNS acts as an intermediary by storing the sender ID records (or SPF records); fax partners must publish their SPF records in the DNS and Exchange 2010 will validate these by querying DNS. The sender ID agent must be running on Exchange Edge servers in order to perform the query. Alternatively, TLS can be used for traffic encryption or mutual TLS for encryption and authentication between the partner fax solution and Exchange.

The fax functionality of Exchange 2010 discussed here is not included with the beta version of Exchange 2010 but will be available with the RTM version. In the beta build of Exchange 2010, UM fax capabilities are completely disabled.

To summarize, the fax messages destined for UM-enabled users of Exchange 2010 UM RTM will look exactly the same as the ones in Exchange 2007. However, to enable this behavior, a certified partner fax solution must be deployed together with the UM server. The UMMailboxPolicy objects must be configured to point to the fax solution and the SMTP exchange between the partner fax solution and the UM server must be authenticated.

- Katarzyna Puchala


[1] Fighting SPAM and Phishing with Sender ID. Internet Resource. Last Accessed 7/21/09.

[2] Sender ID. Internet Resource. Last Accessed 7/21/09.

John Robinson

Not applicable
Introducing Fax partners....Does that mean that from "free incoming faxes" solution, we're going to a software or hardware solution that costs something ?

Not applicable
@Sacker - certainly sounds like it
Not applicable
I think Microsoft realizes faxing is a technology on its way out, and would rather spend energy on the future of messaging, not the past.  I think its a smart move.
Not applicable
We deployed inbound faxing in Exchange 2007 for all our users.  Now we're going to have to pay a partner to do this for us.  I think this is a bad move.  We send very few faxes, but receive a significant number of them, so this suited us perfectly.  If we'd known that this was going to happen, we wouldn't have bothered deploying it.  Our users are now used to this feature, so we're either going to have to take it away from them, or start paying.  It's like saying "Land lines are on the way out, so you can still receive calls, but you have to pay per call you receive, as well as the caller paying".

I'm not impressed.
Not applicable
Many organizations have different fax software vendors in Exchange 2003 today. US uses product x, UK product y and Germany another one. Is it possible to do this with the "new" 2010 capabilities?
Not applicable
It's not really much different than when IBM dropped Domino Fax from thier Suite and switched to partner fax solutions. I believe one of the reasons was that it cost more money to develop and maintain than they made off it.
Not applicable
Probably not the best place to post this question, but I haven't found an answer anywhere else.  With 2010 support hot add CPUs similar to SQL 2008?
Not applicable

The way I do things now: Fax comes in, modem wakes up, receives fax, exchange emails it to me.

The way this will be done in 2010: Fax comes in, call gets redirected to a trusted, third party partner, third party partner turns around sprinkles fax with magic pixie dust, emails it back to me, third party partner adds another charge to our monthly bill, depending on if the dust makes it with the fax exchange will either send it to me as a secure fax or emailed.

Have I got it all covered here or am I missing something?

Not applicable
I'm a bit unclear on one thing - if we want to receive inbound faxes, but do NOT want outbound faxing, are we still obliged to use a third party service?  Is there a way we can implement it internally for example using a Dialogic Media Gateway or something else?
Not applicable
Will Exchange 2010 support Windows Server 2008 R2 fax services?
Not applicable
faxing is not a technology that will way out , its like when we compare between petrol and sun power or natural Gas ! , Actually still the most secure  , and even Trusted communication link specailly for Critical business like Banks ,securuties ...etc

Microsoft delivered this to3rd part partners to keep away from difficult Technlogy not obselete technology

I recommend Kofax (formely Topcall) , for thos who wnat a production fax System with full features and integration capabilities.
Version history
Last update:
‎Jul 01 2019 03:45 PM
Updated by: