The Mailbox server handles all activity for the active mailboxes on that server. Mailbox services include all the traditional server components found in the Exchange Mailbox server role:
Client Access services
Client Access services provide authentication, limited redirection, and proxy services. Client Access services don't do any data rendering and offer all the usual client access protocols: HTTP, POP and IMAP, and SMTP.
Along with the new Mailbox role, Exchange now allows you to proxy traffic from Exchange 2016 to Exchange in addition to Exchange to Exchange 2016. This new flexibility gives you more control in how you move to Exchange without having to worry about deploying enough front-end capacity to service new Exchange servers.
The Edge Transport role
The Edge Transport role is typically deployed in your perimeter network, outside your internal Active Directory forest, and is designed to minimize the attack surface of your Exchange deployment.
By handling all Internet-facing mail flow, it also adds additional layers of message protection and security against viruses and spam, and can apply transport rules to control message flow.
Internet mail flow
All messages sent to the Internet from inside the organization are routed to Edge Transport servers after the messages are processed by the Transport service on the Exchange Mailbox server.
In Exchange, antispam features provide services to block unsolicited commercial email (spam) at the network perimeter.
Edge Transport rules
Edge Transport rules are used to control the flow of messages sent to or received from the Internet. Edge Transport rules are configured on each Edge Transport server to help protect corporate network resources and data by applying an action to messages meeting specified conditions.
Address rewriting presents a consistent email address appearance to external recipients. You configure address rewriting on Edge Transport servers to modify the SMTP addresses on inbound and outbound messages.