Outbound mail flow in Exchange Server 2013 is managed with the use of Send Connectors.

Send Connectors are not configured by default when you first install Exchange Server 2013. If the Exchange 2013 server is installed in an existing organization then other Send Connectors may already exist that facilitate outbound mail flow. Otherwise, you will need to create at least one Send Connector yourself.

Most organizations will be dealing with one of the following outbound email flow scenarios:

  • email sent directly over the internet to the recipient’s server
  • email sent to the internet via a smart host
exchange-2013-send-connectors-01
Sending directly over the internet vs sending via a smart host

There are other scenarios as well, such as:

  • email sent outbound via an Edge Transport server
  • email sent directly to a partner organization using TLS encryption

An organization can have one, two, or several Send Connectors to provide the specific email routing that they need.

For this article we’ll focus on the first two scenarios, as they are the most common; sending directly to the internet, and sending via a smart host. We’ll also cover testing and troubleshooting a Send Connector, and some more advanced configuration options.

Configuring Outbound Mail Flow Direct to the Internet

Configuring your Exchange 2013 organization to send means that your Exchange server will look up the MX records for the recipient’s email address, and then use those MX records as the IP address(es) to connect to via SMTP.

Looking up MX records means your server will be relying on DNS. If the server’s TCP/IP settings are configured for DNS servers inside your network that can’t resolve external names, then you can configure Exchange to use different DNS servers for external lookups.

To create the Send Connector for sending outbound email directly to the internet open the Exchange Admin Center and navigate to Mail Flow -> Send Connectors.

exchange-2013-send-email-direct-01

Click the + button to create a new Send Connector.

exchange-2013-send-email-direct-02

Give the connector a name and set the type to Internet. Click Next to continue.

exchange-2013-send-email-direct-03

Leave the network settings set to MX record. If you needed to configure specific external DNS servers you should also tick the box, but if your Exchange server can already resolve external DNS names then that should not be required. Click Next to continue.

exchange-2013-send-email-direct-04

Click the + button to add a new address space. Specify the FQDN of * (the wildcard character that effectively means “anything”). The cost can remain at the default setting of 1 if this is the only send connector for your organization. Click Save and then click Next to continue.

exchange-2013-send-email-direct-05

Click the + button to add the source servers for the connector. These are the servers that will be responsible for routing email out from your organization to the internet. Multiple servers will provide redundancy for outbound mail flow. Click OK and then click Finish.

exchange-2013-send-email-direct-06

The send connector is now visible in the Exchange Admin Center.

exchange-2013-send-email-direct-07

For further configuration and tested steps refer to the last section of this article.

Configuring Outbound Mail Flow via a Smart Host

Configuring a Send Connector to send outbound internet email via a smart host is the same process as above, with the following differences.

First, the network setting is configured to Route mail through smart hosts instead of MX records. You must then click the + button to add at least one smart host name or IP address. Multiple smart hosts are permitted and are recommended for redundancy.

exchange-2013-send-email-smart-host-01

When you choose to use a smart host you also get the option to configure authentication for the Send Connector. This is only necessary if the smart host requires it. Many email security servers/appliances or even hosted solutions will simply authenticate you based on your IP address rather than require other credentials.

exchange-2013-send-email-smart-host-02

Testing a New Send Connector

The obvious way to test a new send connector is to send an email from inside the organization to an external recipient.

When the message is received in the external mailbox you can then take the message headers and use the MXToolbox header analyzer or the ExRCA Message Analyzer to inspect the headers and confirm that the email passed through the source servers you were expecting it to for that outbound route.

exchange-2013-send-connectors-test-01

If the email does not arrive you can inspect the transport queues on your Exchange servers for stuck email.

[PS] C:\>Get-TransportService | get-queue

Identity                   DeliveryType Status MessageCount Velocity RiskLevel OutboundIPPool NextHopDomain
--------                   ------------ ------ ------------ -------- --------- -------------- -------------
E15MB122206               SmtpDeliv... Ready  0            0        Normal    0              mailbox database 1
E15MB1Submission          Undefined    Ready  0            0        Normal    0              Submission
E15MB1Shadow22204        ShadowRed... Ready  0            0        Normal    0              e15mb3.exchange2013dem...
E15MB222750               SmtpDeliv... Ready  0            0        Normal    0              mailbox database 2
E15MB2Submission          Undefined    Ready  0            0        Normal    0              Submission
E15MB2Shadow22748        ShadowRed... Ready  0            0        Normal    0              e15mb1.exchange2013dem...
E15MB3Submission          Undefined    Ready  0            0        Normal    0              Submission
E15MB3Shadow16452        ShadowRed... Ready  1            0        Normal    0              e15mb1.exchange2013dem...
E15MB3Shadow16456        ShadowRed... Ready  1            0        Normal    0              e15mb2.exchange2013dem...

To look more closely at the messages stuck in a single queue you can use Get-Queue and Get-Message together.

[PS] C:\>Get-Queue E15MB122206 | Get-Message | ft

If the properties of the stuck messages do not reveal the problem then another valuable source of troubleshooting information is the protocol logs. For more tips refer to the following article:

Further Configuration Options for Send Connectors

Some additional configuration options you can explore are:

 

About the Author

Paul Cunningham

Paul is a former Microsoft MVP for Office Apps and Services. He works as a consultant, writer, and trainer specializing in Office 365 and Exchange Server. Paul no longer writes for Practical365.com.

Comments

  1. Mark F

    Paul, we recently started a migration from exchange 2013 on prem to exchange 2016 /O365, and we configured all and got everything working and showing good but our exchange now will not send emails to outside domains. Any help is appreciated.

  2. JOHN

    I’m fresher for Exchange Server. My senior installed Exchange Server 2019. Email can send local domain but can’t send to outbound mail (GMail, .com, etc), Please, guide to me where and how to configure for Internet email.

  3. muwawu

    guys have exchange 2013 sitting on windows 2012 R2 but can not send or receive external mails

  4. Yvann

    I can summarize that it is possible since exchange 2013 local, we can sent the emails on the internet using his ISP or a remote web server?

  5. AK

    Hey Paul,

    Thanks for all your contributions, They are really good specially when things don’t work, which tends to be the case more often than not.

    I finally managed to setup my Exchange 2013 Server to play with from home (Separate Network, then my home network, and use a Palo Alto Firewall to create my Virtual Routers to separate my two internal and two external networks) Now as far as I know I configured everything correctly and my Exchange server and reach external web-sites and what not without issue. However when I attempt to send an email I see it stuck in the transport queue (Get-Queue), when I check my firewall I see the SMTP port 25 connections are allowed, and they all report the applicatino as incomplete, as if the connections are not allowed.

    So using information from your other posts, I used the telnet trick to verify connectivity, and it seems from any computer in my networks (personal, or my test enviro) I can’t seem to connect to any of the external SMTP servers on port 25…

    What am I missing, Do they require some form of Auth to work? TO me it doesn’t even seem to be the case as that would imply we’ve reached the application layer and my packets in my firewall would have said they are SMTP and no “incomplete” it’s like it’s being blocked at the 3rd layer (port). Do all external mail providers allow incoming SMTP email from anyone?

    Any idea on what I may have missed would be greatly appreciated. I source your blogs on my blogs 🙂

    1. AK

      You stated the Following:

      “Many email security servers/appliances or even hosted solutions will simply authenticate you based on your IP address rather than require other credentials.”

      Now my domain (Zewwy.ca) points to my public IP address for my basic home network (which I have a NAT rule on my Modem to point to my Web Server, to host my website), this however is not the IP address which email will be coming from. I created a MX record and A record for mx.zewwy.ca for this (which I want email coming in and our from). Will external providers validate me based on my root domain IP? or my mx record?

      For some reason when I put my info into mxtoolbox’s whois, it reported a differen’t MX then the mx record I created in my DNS providers portal… Would this be due to replication (cache)? I did check shortly after the change (AKAIK TTY can be up to 3 hours generally).

      1. AK

        One last ting I noticed, in your final step to troubleshoot (love that your post have these), it shows your email was stuck in Queue for almost an hour before google finally sent it on, however it shows it sent it connecting via ESMTPS, and not standard SMTP…. from all my testing so far by default, unless you configure it otherwise it always send over standard SMTP (Port 25), does the comment you stated above apply to most external domain email recipient servers?

  6. Pawan

    Hi,

    We are using an internal mail client (on powerbuilder) which is connected to Outlook 2013. We send a mail from this mail client which then sends it through Outlook to sener. From last week, on 9 out of 10 mails (mostly to external IDs) the mails are not reaching the recipients and we are getting failure notice — The following recipient(s) cannot be reached:

    Server error: ‘550 5.7.1 Unable to relay’

    Pls help

    1. Avatar photo
      Paul Cunningham

      Search for how to configure a relay connector for your version of Exchange.

  7. Johnny

    Hi Sir

    Is there anyway to configure outbound mail redundancy automatically when internet service down?

    For example, if we’ve multiple sites and each site have at least two outbound edge servers but these two edge servers are based on the same internet traffic.

    When the internet traffic down on this site, outbound mails will be queuing on these two edge servers until time out, or it will be failover to other sites send connector?

    thanks!

  8. Chad E

    If the exchange server has multiple IPs how do you configure the IP address you wish to use for outbound SMTP?

  9. john

    Is there a tutorial for the absolute bare bones on how to get exchange setup (I’m meaning with setting up the DNS with it.)

    I’m new to servers and I have one where I have 2 virtual machines, a DC and one with EXCH2013 installed. I’m having trouble getting them setup and could really use some help. Any help is appreciated. I’m able to get administrator to log into OWA at mail.domain.com but cant get anyone else to log into it. And i cannot send/receive outside emails.

    Thank you!
    John

  10. Samuel

    Hi Paul,
    Installation of Exchange 2013 on Server 2008 R2 Box, but need one suggestion. Should we install Exchange 2013 on C:\ drive or D:\ drive? And How much space need to be allot on each Drive on this Exchange server?

    Regards
    Samuel

  11. Pete Esposito

    Hi Paul,

    I am creating a send connector for a journaling configuration (to Mimecast). We have recently switched to having two active directory sites in our organization. When creating the connector, and selecting all source Edge Transport servers (in both sites), I get the following warning: “warning the source transport servers specified for the connector aren’t in the same active directory site”. I did not get this warning in my lab (but that just may be our mock configuration). Is it proper to have two separate connectors per AD site for a proper configuration or should I stick with the single connector and ignore the warning in this case?

    Thank you,
    Pete

    1. Avatar photo
      Paul Cunningham

      From memory I think the issue is sub-optimal routing/performance. The other approach to take is two separate send connectors – one per site. Then each site will route optimally (i.e. out the closest connector).

  12. ossama

    Hi Paul

    in exchange 2013 can i have 2 send connectors , one sends directly to the internet and the other through smart host for the same domain and select users who send by each send connector without third party program

  13. Tom

    Hi Paul,
    I have an Exchange 2010 environment with two hub transports (HUB01 and HUB02). Due to the amount of email we are now sending, I added a third hub transport to the mix (HUB03), but did not update the Source Server listing on my send connector for internet outbound traffic to include this new hub transport. Users began to report that messages were being returned with looping errors. My understanding is that send connectors can be isolated to specific servers by leveraging the “Source Server” settings. However, it appears the new HUB03 server is not routing messages to HUB01 or HUB02 (which are both listed in the internet outbound send connector). Is there something wrong in my configuration, or is this normal behavior? To put it another way – can I have a one hub transport out of several that has basic receive connectors (Default, Client) but no send connectors assigned via the Source Server settings and still have successful mail flow?

  14. Jeff Powell

    Hi Paul,
    Thanks for this article, it was very helpful– until I installed Exchange 2016. We’re in the middle of a migration from Exchange 2007 to 2016 via 2013. At this point everyone is using 2013, 2007 is gone and I’ve installed 2016. For all three versions we have two servers– prior to 2016, a CAS with a public IP (solely to provide externally-accessible ActiveSync and Web App) and an internal mailbox server with a private IP. The mailbox server routes outbound mail through a smart host.
    Before 2016 was added to the mix it all worked great– I had two send connectors, one for the 2007 server to route outbound mail through an older Linux smart host (our other, newer, Linux mail server caused TLS to break with Exchange 2007) and the 2013 server routed outbound mail through our newer Linux server with its stricter TLS.
    Once I installed 2016 (note– just installed, and not much more– Exchange 2016 almost immediately forced itself as a production server and clients started using it as their outbound server even with no mailboxes on it), nothing seemed to behave anymore.
    First, because of the changes to 2016, there is no longer a distinction between a CAS and a mailbox server. In practice, I don’t want the external server to ever be a mailbox server, and I have removed the mailbox database. But because my Outlook clients seem to randomly choose any server they want to to send mail, I added both of my 2016 servers to the send connector. Now Exchange will sometimes — but not always– route outbound mail through multiple Exchange servers before going out to the smart host! I suspect that I don’t fully understand something here.
    With 2007 and 2013 together, it all made sense. Users with a 2007 mailbox used the send connector with the 2007 server as the source, and users with a 2013 mailbox used the send connector with the 2013 server as the source, and each routed out through their appropriate smart host. Once 2016 is installed, Outlook and Exchange (both versions) choose whichever server(s) they please, both for Oulook connections and for routing.
    Can you help untangle this for me?

  15. Umer

    “These are the servers that will be responsible for routing email out from your organization to the internet. Multiple servers will provide redundancy for outbound mail flow. Click OK and then click Finish.”

    You have added three Servers in Send Connector for redundancy but which Server will be act as a primary to send outbound emails?

    1. Avatar photo
      Paul Cunningham

      There’s no primary. All three servers will be involved in sending email.

  16. Gary

    Hi Paul. I have a send connector that routes all mail * to one smarthost, but I’m doing a spam cutover and want to have 2 of the domains that are a part of “*” to a different smarthost. I tried creating a new send connector with the 2 domains in address space and gave it a cost of 1. I then changed my original send connector to have a cost of 2. My test emails sent from my 2 domain names in question are still routing through the initial send connector. Do you have any idea on how to pull this off at ease? Thanks. Gary

    1. Avatar photo
      Paul Cunningham

      Send connector costs is the way to do it. You can separate them more, like using 1 and 10, but I doubt that’s the issue. Is the send connector enabled, and the smart host it’s trying to send to available? If a route is marked down I expect Exchange will stop trying to use it.

  17. Zamshed

    hello sir, i am facing problem to send mail when we want to send mail.emails already going to Draft box.

    Mail is not sending.please help me about this issue.

  18. ISac

    Hello Paul,
    We have 2 exchange 2013 servers and they are both CAS, Database and DAG member. We have problem sending attachments to non-MS outlook users. They receive just winmail.dat.

    I tried Set-RemoteDomain Default -TNEFEnabled $false but then there are alot of e-mail in the queue and failed to deliveries.

    Set-RemoteDomain Default -TNEFEnabled $Null and same story

    Current situation is Set-RemoteDomain Default -TNEFEnabled $True and non-MS outlook contacts cannot receive attachments.

    Do you think it is related to send connector? Can I create multiple connector other than default?

    Could you please advise what to do?

    Kind regards,

    Isac

  19. Mike Parker

    Hi Paul

    We have two Exchange servers (2013) and would like to know if we can use the second NIC to
    send out emailto our email provider
    ExchangeServer1
    NIC1 192.168.1.20
    NIC2 192.168.2.20
    ExchangeServer2
    NIC1 192.168.1.21
    NIC2 192.168.2.21

    So would i do Set-SendConnector “Outward” -SourceIPAddress 192.168.2.20 so that all SMTP goes out on that ipaddress to our email provider, and as we have two exchange servers then i would have to create a second Connector pointed to 192.16.2.21 ?

    Or do i do Netsh int ipv4 add address Nic1 192.168.1.20 skipassource=true
    Netsh int ipv4 add address Nic1 192.168.1.21 skipassource=true

    Confused

    1. Avatar photo
      Paul Cunningham

      I’m confused why you have multi-homed servers in the first place.

      1. Mike Parker

        Hi Paul

        Normally I would just have one nic (Teamed)per server, but I have been told to do it this way. So would i create two “Send Connectors” and do

        Set-SendConnector “Outward” -SourceIPAddress 192.168.2.20
        Set-SendConnector “Outward2” -SourceIPAddress 192.168.2.21

        Or do you not recommend this ?

        Thanks Paul

        Michael

        1. Avatar photo
          Paul Cunningham

          Told by who?

          I can’t think of any reason to try running a multi-homed Exchange server like that. In fact, it’s probably more likely to cause you problems.

          1. Mike Parker

            The person above me !!! lol

            My understanding of this , is that SMTP uses the primary nic to send email via the send connector, so is there a way for forcing Exchange to do this ?
            From my experience and what i have read on the internet this is not the way to do it? So how do i convince my boss to use only one NIC (teamed)?

            Thanks Paul

          2. Avatar photo
            Paul Cunningham

            Well, consider that the -SourceIPAddress parameter is, according to TechNet:

            “This parameter is valid only for Send connectors configured on an Edge server.”

            So you’d need to be running Edge Transport servers to use that.

            There’s no business or technical requirement other than your boss thinks that is how it should be done? That’s not a good reason to add complexity to an environment. Keep it simple and easy to support, run single-homed Exchange servers.

            I’ve seen people try to run multi-homed Exchange servers in the past for really no good reason other than they think they’re somehow making things more secure or optimizing network throughput (neither of which are true), and it ends up breaking stuff they never anticipated and making every troubleshooting scenario more difficult to deal with.

  20. Daniel

    Hi,

    hello,

    i need your advice or contribution on how to resolve delays in bulk email blast to customer.

    we send bulk mails to about 65000 customers over internet but the mails to delay to recipients. it sometimes take more 2-4 days to move out of the queue.

    we have two mailbox server exchange 2013 (DAG) and edge server.

    your contribution will be highly appreciated.

    Regards

    1. Avatar photo
      Paul Cunningham

      What solution are you looking for? If you email someone who can’t receive the email, it will queue on your servers, that is the normal behaviour.

      For bulk email of that nature you are probably better off using a mail system such as Aweber or Mailchimp rather than carry all the risks and problems of trying to run it through your Exchange server.

  21. younos baghaie

    Hi
    I want to add some smart hosts to my exchange, the work I think has to be done, is, install smtp on a server , then create some virtual smtp server and then add them to my exchange server send connector. but when I want to choose server in new send connector wizard there is just one server.
    I installed exchange 2016 on another server . but now I dont know how to add the new one to the current exchange server

    would you give me a hint how to do that ? and am I right by this scenario?

    Thanks

  22. Anatoly

    Hi Paul,
    How can I Configuring the FQDN for HELO/EHLO on a send connector?
    please give a help link

    Thanks

    1. Avatar photo
      Paul Cunningham

      Open the properties of the send connector, or use the set-sendconnector cmdlet.

  23. Noel

    Mass,

    Would you email me a copy of your configurations. I need that as my Exchange cannot send emails out thru MDaemon smart host.

    Thank you.

  24. Erik

    Hi Paul,
    my ISP that i use as smarthost have decided to use port 465 and ssl auth for outgoing email traffic, i have my own exchange 2013 can i configure it to use SSL auth? they have also decided to similar on the incoming email. do you know of any workarounds?

    //:Erik

  25. Kapil K

    Hi Paul,

    Need your guidance for removing/encrypting my internal Exchange 2013 servers IP address and hostnames in email headers for outbound emails. I have found the below command for removing but let me know if anything more needs to be done for the same.

    Get-SendConnector “Connector Name” | Remove-ADPermission -AccessRight ExtendedRight -ExtendedRights ms-Exch-Send-Headers-Routing -user “NT AUTHORITYAnonymous Logon”

      1. Kapil K

        I want to remove the details of my internal messaging servers from the email headers in the emails which is sent to internet domains. So that my internal server details are not exposed to internet recipients.

        1. Avatar photo
          Paul Cunningham

          Yep, the Header Firewall is what you should be looking into for that.

  26. Brian

    Paul,

    I have an awkward scenario. It seems that recently our Exchange 2013 server has been sending out on our default IP instead of the correct external IP that is used by the external DNS MX records and referenced with the SPF record – hence causing us to look like spam of course. Is there a means to get the send connector to use a specific external IP instead of our default?

    Can I use the smart host option for this ?

    P.S. It was originally forced by a previous network appliance (my hunch anyway) to do this. Now to only add DKIM.

    1. Avatar photo
      Paul Cunningham

      Usually that NATing of outbound connections is handled by the firewall or edge router for your network.

  27. Evandro Semedo

    Hello Paul, How are you?

    I created a send connector without TLS, but through testing I realized that even then returns the error message below domains that do not have TLS configured.

    #>
    MessageId:
    Recipients: {} schmidt@externaldomain.com.br
    RecipientStatus: {[{LRT =}, {LED = 500 5.3.3 Unrecognized command};} {FQDN =; = {IP}]}
    <#

    I also realized that even if I create an output connector, it authenticates the "Default mbx01" which has TLS set up.

    Is there any way to send to create a customized output connector without TLS not authenticate the Default connector?

    ###########
    #My SCRIPT#
    ###########

    #Criar um conector dedicado para um dominio
    new-SendConnector -Name 'AddressSpaces – No TLS' -Usage 'Custom' -AddressSpaces 'SMTP:teste.com;1' -IsScopedConnector $false -DNSRoutingEnabled $true -UseExternalDNSServersEnabled $false -SourceTransportServers "BRPHEXMBX01","BRPHEXMBX02","BRPHEXMBX03","BRPHEXMBX04","BRPHEXMBX05","BRPHEXMBX06"

    #Configurar tamanho máximo de mensagem e habilitar logs
    Set-SendConnector 'AddressSpaces – No TLS' -MaxMessageSize 50MB -ProtocolLoggingLevel Verbose

    #To add multiple Address Spaces from a text file called addressspaces.txt use this command sequence instead:
    $ConnectorConfiguration = Get-SendConnector "AddressSpaces – No TLS"
    Get-Content addressspaces.txt | foreach {$ConnectorConfiguration.AddressSpaces += "$_"}
    Set-SendConnector 'AddressSpaces – No TLS' -AddressSpaces $ConnectorConfiguration.AddressSpaces

    #Disable StartTLS on Send Connector
    Get-SendConnector "AddressSpaces – No TLS" | FL IgnoreSTARTTLS
    Get-SendConnector "AddressSpaces – No TLS" | Set-SendConnector -IgnoreSTARTTLS $true
    Get-SendConnector "AddressSpaces – No TLS" | Set-SendConnector -Port 2525

    #Restart the Microsoft Exchange Transport Service
    Restart-Service msexchangetransport -Verbose

    Reference: http://www.moh10ly.com/blog/office-365/emails-between-o365-and-on-premises-do-not-work

    http://blogs.technet.com/b/get-exchangehelp/archive/2013/02/05/disable-opportunistic-tls-between-an-edge-server-and-a-hosted-service-such-as-exchange-online-protection.aspx

    http://sys-pro.blogspot.com.br/2013/06/451-440-primary-target-ip-address.html

    Tanks Paul!

  28. Mass

    Paul

    I dont have a public IP and also due to lack of IPS and IDS devices i prefer to receive emails on a well protected host on internet, and also I need to use exchange server in my LAN for its features. in this situation I need “DPOP” or “MultiPOP” to download emails from the host and deliver it to the LAN users.
    What solution do u recommend me.

    Thank you for giving me your time

    1. Avatar photo
      Paul Cunningham

      I’ve seen customers use POP to retrieve mail and submit it to Exchange before. That’s fine if you have no choice (like a lack of public IP address control). I just wouldn’t install the software directly on the Exchange server. Don’t try to change the ports Exchange uses or try to install software that will conflict with the ports Exchange already uses.

      I have no experience with MDaemon itself so I can’t really say whether your solution will work or not.

      1. Mass

        Thank you very much Paul
        as you said i installed MDaemon and Exchange on two servers and they are working fine, Thank you very much

        By the way, MDaemon is a light, fast, and handy mail server which has many features of exchange, and if you install outlook connector you can also share contacts and calendar and so on, But it has a long way to go to become like exchange server. I can say it’s perfect for SOHO environments. that’s why i use it as a mail gateway. Anyway.

        Thank you very much for your attention and really appreciate the time you spent to answer my questions.

        Yours
        Masoud

  29. Mass

    Hi Paul

    Been reading your site recently and found it very useful and handy, it’s perfect and lovingly.

    I am connecting a “Exchange Server 2013” and “MDaemon 14.5.2” which both installed on the same server. The “MDaemon” pulls emails from a “Catch-All” mail box on my host using “DPOP” and deliver them to users throught “Exchange Server” and Outlook. And send user emails through Outlook, Exchange, MDaemon, the host. I used to do it several years ago with “MDaemon 6” and “Exchange 2000”. but it has become tricky for me after these years.

    Internet Domain: mydomain.com
    AD Domain: mydomain.local
    Local AD Server: 192.168.0.5
    Local mail server IP: 192.168.0.10

    On local mail server I configured a gateway in MDaemon named “mydomain.local” and forwarded it to “192.168.0.5” SMTP:2525 (In gateway configuration).
    I need two policies in exchange to rename the email addresses to “mydomain.com” and change smtp port to 2525 to be able to receive emails from MDaemon.

    I don’t know if these configurations are correct or no, and if i need anything else to configure. besides is it ok to have both mail servers in one server or not.

    I would be grateful if you answer my questions.

    1. Avatar photo
      Paul Cunningham

      Why are you doing it that way? Exchange doesn’t need all that other stuff involved, it’s perfectly capable of sending and receiving email without all those extra parts.

      1. Mass

        Dear Paul

        I need to use “DPOP” and “MultiPOP” to receive emails from the host due to some reasons.

        1. Avatar photo
          Paul Cunningham

          I wouldn’t install MDaemon and Exchange on the same server. Other than that, since I don’t know what your reasons are there’s not much I can suggest.

  30. frederic

    Hi Paul,

    Been reading your websites and books for quite a while, really great. need some help.

    our environment

    2 sites melbourne and sydney connected with site to site vpn.
    2 exchange 2013 Servers 1 at each sites
    we have 2 smtp domain . domainA.com and domainb.com
    We want melbourne site to send and receive only domainA.com and the sydney domainB.com

    i have already the respective mx and public ip pointing to the designated exchange servers, and created 2 smtp connectors.

    Do i need to configure or specify the respective ip address in the receive connectors. how does exchange know which smtp to use . if melbourne server or link is down will sydney still be able to send and receive emails for its smtp domain and vice versa.

    cheers

    1. Avatar photo
      Paul Cunningham

      Inbound routes can be separate because you control that using MX records.

      Outbound routes, no. Send connectors aren’t conditional in that way.

      1. frederic

        thanks.

  31. Adnan

    thanks a lot for you suggestion really appreciate , as someone was suggesting that for remote site create a smart host locally on each site this will help fast delivery , any way i guess i should setup mailbox server in each site locally may help delivery for internal clients and fix latency issues.

    still if you could share exchange best practice that would be great.

  32. Adnan

    Hi Paul We have exchange 2013 with DAG on one location and users are globally sitting
    if we setup smarthost on each site can it reduce outbox time as any email over 3 MB taking 3 to 8 min time in outbox. or we need to add mailbox server on each site for fast delivery.

    1. Avatar photo
      Paul Cunningham

      The latency you’re seeing is probably more due to the latency between the client and their mailbox server. The closer they are to the active database copy for their mailbox, the better the performance will be.

      I think you should also check whether cached mode is enabled for their Outlook profiles, and also test whether the same delay happens with Outlook Web App. But I suspect this is just a latency issue.

      1. Adnan

        thanks Paul ,
        yes we do have delay issues from remote sites , but one thing is notable even for the LAN ( 1 GB links )Users on same site 5 MB takes more then 1 min to stay in outbox
        with owa it took 1 min approx to see the email in my sent items as i coud not see outbox.

        does smart host have any role in delivring emails faster or i need to to setup mailbox server on each site , if you can send any link of your articles for best practices for Exchange 2013 for remote sites when we have few user sitting (10 to 15 user) on remote site
        thanks for your help.

        1. Avatar photo
          Paul Cunningham

          Are you talking about emails to other internal recipients? If so then configuring a smart host on the send connector won’t make any difference.

          If you’re talking about emails to external recipients, using a smart host won’t necessarily improve delivery speed since the emails still need to travel over the same internet connection anyway.

          Emails stuck in the outbox can be due to many different reasons – server performance, network performance, client performance, antivirus software on the client…

  33. mk

    I’ve always used an internal DNS server, so I’m not 100% certain, however, that sounds right.

    If you have an active directory environment, you should have an internal DNS server, which you should consider using.

    mk

  34. Harry

    @mk,

    Thank you for quick reply. Yes, it works great. BTW, if we check use external DNS for delivery, do we need to specify which external DNS server IP addresses from ISP ?

    Thanks again,

    Harry

  35. mk

    Hmm… my entry above wasn’t posted properly. You need to edit your Send Connector before going to the ‘Scoping’ section.

    mk

  36. mk

    Harry – the Send Connector name/identity is not seen. You need to change the Send Connector’s FQDN which can be done in two ways:

    1) Set-SendConnector -Identity “Outgoing Internet Mail” -Fqdn mail.yourdomain.com

    or

    2) Using the EAC, go to Mail Flow / Send Connectors / / Scoping. Scroll down to the bottom where you can specify the FQDN.

    I’m assuming you are using Exchange 2013…

    mk

  37. Harry

    Hi Paul,

    ice post. MXtools header analysis show our SMTP sender connector name is CASservername.mydomain.com. Is there anyway, we can change it to mx.mydomain.com to mask my real server name?

    Thanks,

    Harry

  38. Dave

    Anyone know of a powershell script that could be used to add 100+ domains to a particular send connector so I don’t have to do it manually for each one in the Admin Console?

  39. Luke C.

    Hello Paul, I am in the midst of an Ex2010 Ex2013 migration. I am having issues when trying to send email externally from mailboxes on the Ex2013 server. I have a send connector that points to a hosted encryption service on the Ex2010 server (this shows up on the Ex2013 server as well). I get a “remote server returned ‘554 5.7.1 : Relay access denied'” when sending from accounts on the Ex2013 server but not the Ex2010 server.

    Thoughts?

    Best regards,

    1. Avatar photo
      Paul Cunningham

      Sounds like all mail from the 2013 mailboxes is traversing the send connector to the 2010 server, and whichever receive connector on the 2010 server is handling those connections is rejecting email sent to external recipients because is considered “relay”.

      1. Luke C.

        Thanks Paul. I found the issue. Our encryption service had blocked all but one of our external IP addresses. Mail from the new server was using the default gateway of our firewall. I changed the NAT translation on my firewall to use the approved IP address and mail started flowing properly externally.

        Thanks again for all of your assistance!

  40. mk

    As of now, for Exchange 2013, it appears that it can only be done via command:

    Set-SendConnector -Identity “” -Fqdn

    For example:
    Set-SendConnector -Identity “Outgoing Internet Mail” -Fqdn mail.yourdomain.com

    mk

  41. mk

    Paul,

    I love your articles – I’ve been using the for years!

    Question regarding configuring the FQDN for HELO/EHLO on a send connector. How is this done on Exchange 2013? Can this also be done for the receive connector?

    Thanks,
    Michael

  42. AJ

    Why would I want to use a smarthost? What is the typical situation pro/con of using just the MX record option vs. using the Smarthost option?

    1. Avatar photo
      Paul Cunningham

      The smarthost could be an email security appliance that all your outbound email is routing through, or a cloud-hosted email security service.

      The smarthost could be a separate internal system that has no MX records but still needs to receive emails.

      There’s no particular pros/cons to describe, it’s a case of meeting some business or technical requirement.

  43. Alice

    I have installed an Exch2013 server into an Exch2007 org and am in the process of moving mailboxes to the ex2013 server.

    I have a send connector configured from each mail server to a smart host (McAfee MEG). All external mail travels thru the MEG.

    I also have a Barracuda Message Archiver that currently pulls messages from an Ex2007 journaling mailbox. With the migration to the ex2013 server, Barracuda is recommending going to SMTP Journaling, which requires creating a send connector on the ex2013 server.

    My question is would there be a conflict between the send connector for the MEG & the Send Connector for the Barracuda? The Address Space for the Barracuda connector is a specific fake domain, where the Address Space for the MEG connector is *.

    Thanks

    1. Avatar photo
      Paul Cunningham

      I’m not familiar with how Baracuda’s system works, so I would recommend you ask them.

      Generally speaking an email is going to traverse one Send Connector on its way out of your org. So if it goes out via the McAfee, I can’t imagine how it will also manage to go out via the Barracuda connector.

  44. Luis Henriques

    Hi Paul,

    We are configuring a new exchange 2013 installation.
    We have 2 AD sites, both with access to internet and with an mpls connection between both.
    We are installing an Exchange 2013 DAG with 2 nodes, with one node in one site and the other node in the second site.
    We don’t have load balancers.

    Can we configure Exchange, with site resilience, so that when one server fails, mail flow could be assured by the other server (both send and receive mails)?

    Regards,

    Luis

    1. Avatar photo
      Paul Cunningham

      For outbound mail flow, configure two Send Connectors, one for each site/server.

      For inbound mail flow, configure two MX records, one for each site.

  45. wale

    Hi Paul,

    I have a new exchange 2013 installation, I have configured a send connector and I still cannot send mail to myself on the same network domain.

    I am testing by sending a mail to administrator internally, but mail always got stuk and never received, so i could not figure out what the problem is, Kindly assist. I have ISA Sever 2006 on my network as firewall. I have allow everything but yet can not recieved email internally and the exchange was properly installed.

    1. Avatar photo
      Paul Cunningham

      You’re trying to send between two mailboxes that are on the same server? Neither the send connector nor the ISA firewall should have any impact on that. I would say its more likely the messages are stuck in a queue (you can run Get-Queue to see the queues), or your transport services aren’t running at all (check Services.msc).

      1. Altamus Aslam

        When i am sending mail outside from my domain then it is showing this error

        Error encountered while communicating with primary target ip address “Failed to connect winsock error code 10061, Win32 error code 10061” Attempted failover to alternate host but did not succeed.

  46. Mohan

    Hi,
    which server we need to mentioned in •Configuring the FQDN for HELO/EHLO on a send connector

    Cas or mailbox ?

    1. Avatar photo
      Paul Cunningham

      Use whichever hostname you want to appear to the outside world, eg smtp.domain.com, or just the hostname of the Mailbox server.

      1. Mike

        Hi Paul, so the FQDN does not really matter (except when using TLS, than the FQDN should match a name in a certificate). Will there be no reverse lookup checks to verify that the DNS of the FQDN matches the IP of the sender? Is there no effect when changing the name in a productive environment? Thanks!

        1. Avatar photo
          Paul Cunningham

          A good practice is to have the FQDN resolve in DNS to the public IP that the outbound connections will appear to be coming from.

          But as long as the FQDN can be resolved in DNS to an IP, and as long as the public IP also resolves in DNS to an FQDN, you should also be fine. It’s when either of those DNS lookups fail completely that things start to look suspicious.

          Changing the FQDN should have no impact on existing mail flow. Always plan and test your changes, and have a rollback plan ready.

  47. Voffka

    Hi, Paul. Thanks for your article, its amazing, as usual 🙂

    the question is, like it was mentioned before,
    “Is it possible – via send connector or other means (rule perhaps) to send all mail *from* a specific internal domain through a smarthost? For example, let’s say we have two divisions and each have their own domain – joe@maindiv.com and bob@subdiv.com. Subdiv requires a smarthost for regulatory compliance, maindiv.com does not. Can we force outbound mail for subdiv.com through the smarthost but not maindiv.com so we don’t have to pay for compliance services?”

    how to route mail thru a specific edge based on user’s primary domain ?

    1. Victor

      Google for RooteBySender tool.

      Regards,
      Victor

  48. burt340

    Paul great article, is there a way to get exchange to ignore internal recipients (pre-staged for a migration) and send route messages our through a send connector?

      1. Ryan Smiley

        Hi Paul

        Can you explain what you mean by forwarding on the mailbox?
        Can you explain how this works in terms of flow?

        I.e Old Mail platform – migration to new platform via send connector?

  49. tricky

    Hello Paul, you have a nice blog!
    Please give me advice:
    I just installed only 2 multy role server 2013 in two different sites. Inbound mail works fine, but I just try to create new one send connector in new site , and outbound mail flow stop working for me. If i disabe new send connector (just create it like post- internet- next- asterisk- next- my casmailbox in site 2 to scope)
    Annnd my mail do not go to Internet, just qued…. What I doing wrong?

  50. ajhstn

    Hey all,

    I am in the process of migrating from EX 2010 to EX 2013. I have an existing 2010 2x dag, 2x cas environment. I have built on new servers 1x 2013 cas, and 1x 2013 mb.

    I have followed the step by step Exchange Server Deployment Assistant but cannot see it talk of mail flow anywhere. I have a single send connector in the 2010 env. I have various receive connectors. all https,http,smtp,imap and other outlook,rpc,mapi traffic go through a Riverbed Stingray Traffic Manager. My send connector routes email through a smart host.

    I have created a exchange 2013 mailbox. I can send email from 2010 to 2013, but I cannot send email from 2013 to 2010. Both farms are in the same domain, same network. They are all hyperv vm guests in the same cluster.

    The email that I try to send from the 2013 env to 2010 gets stuck in the 2013 Queue Viewer, its status is READY, it has no last error.

    Can anyone help clear this up for me? I need exchange 2010 and 2013 to coexist for a period of a few weeks, while I migrate all mailboxes, then after that I will close down exchange 2010.

    Thank you in advance.
    Andrew

    1. Avatar photo
      Paul Cunningham

      You should begin by troubleshooting SMTP connectivity from 2013 -> 2010. Try it with telnet. Check for antivirus or security products, or firewalls, or your Riverbed device, that may be interfering with the connections.

      Also look closer at the messages stuck in the queue. What is the last error? That usually gives you some hints about what the problem may be. Misconfigured Receive Connector permissions on the 2010 server is a example of where things can go wrong too, eg http://support.microsoft.com/kb/979175

  51. Kyle Kennedy

    There is an option in the general tab of the send connector properties for “Proxy through client access server.” I understand in a split role environment, this box makes it work like 2010, ie, mail goes from mailbox to CAS and then sent out from there. However, what is the proper setting when CAS and MB are on the same server? Checked or unchecked?

    1. Avatar photo
      Paul Cunningham

      There is no proper setting. The option exists for specific scenarios that some customers might have.

      On multi-role servers it doesn’t matter either way, in my opinion.

  52. Grant

    Is it possible – via send connector or other means (rule perhaps) to send all mail *from* a specific internal domain through a smarthost? For example, let’s say we have two divisions and each have their own domain – joe@maindiv.com and bob@subdiv.com. Subdiv requires a smarthost for regulatory compliance, maindiv.com does not. Can we force outbound mail for subdiv.com through the smarthost but not maindiv.com so we don’t have to pay for compliance services?

  53. Mor

    I am a new IT engineer and learning Exchange server 2013.
    To connect Exchange server 2013 to internet, how can we make it in safely ?
    Please share your opinion.

  54. Denny Eapen

    Hi Paul:

    Good article.

    Does it mean that emails CAN be sent to internet with only Mailbox Role and no CAS?

    Thanks
    Denny

  55. Moses Kihumuro

    This is a very helpful post. It was handy in guiding me on how to setup exchange to use smarthosts.

  56. Joel Greff

    I have an Exchange problem that I can’t seem to find anything on. Server works with exception of sending outbound mail. This is the error I am not getting:

    Delivery Report for jgreff@shareatech.com ‎(jgreff@shareatech.com)‎

    Submitted
    7/16/2013 5:22 PM PE860-FS02
    The message was submitted to pe860-fs02.dyslexia.local.
    Pending
    7/16/2013 5:22 PM pe860-fs02.dyslexia.local
    Message was received by pe860-fs02.dyslexia.local from PE860-FS02.DYSLEXIA.local.

    7/16/2013 5:22 PM pe860-fs02.dyslexia.local
    The message has been queued on server ‘pe860-fs02.dyslexia.local’ since 7/16/2013 5:22:30 PM (UTC-05:00) Eastern Time (US & Canada). The last attempt to send the message was at 7/16/2013 8:31:43 PM (UTC-05:00) Eastern Time (US & Canada) and generated the error ‘[{LRT=};{LED=};{FQDN=};{IP=}]’.

    7/16/2013 8:41 PM pe860-fs02.dyslexia.local
    Message delivery is taking longer than expected. There may be system delays. For more information, contact your helpdesk.

    Wasn’t sure if you have any ideas. I receive mail and internal mail works fine.

Leave a Reply