Outbound mail flow in Exchange Server 2013 is managed with the use of Send Connectors.
Send Connectors are not configured by default when you first install Exchange Server 2013. If the Exchange 2013 server is installed in an existing organization then other Send Connectors may already exist that facilitate outbound mail flow. Otherwise, you will need to create at least one Send Connector yourself.
Most organizations will be dealing with one of the following outbound email flow scenarios:
- email sent directly over the internet to the recipient’s server
- email sent to the internet via a smart host
There are other scenarios as well, such as:
- email sent outbound via an Edge Transport server
- email sent directly to a partner organization using TLS encryption
An organization can have one, two, or several Send Connectors to provide the specific email routing that they need.
For this article we’ll focus on the first two scenarios, as they are the most common; sending directly to the internet, and sending via a smart host. We’ll also cover testing and troubleshooting a Send Connector, and some more advanced configuration options.
Configuring Outbound Mail Flow Direct to the Internet
Configuring your Exchange 2013 organization to send means that your Exchange server will look up the MX records for the recipient’s email address, and then use those MX records as the IP address(es) to connect to via SMTP.
Looking up MX records means your server will be relying on DNS. If the server’s TCP/IP settings are configured for DNS servers inside your network that can’t resolve external names, then you can configure Exchange to use different DNS servers for external lookups.
To create the Send Connector for sending outbound email directly to the internet open the Exchange Admin Center and navigate to Mail Flow -> Send Connectors.
Click the + button to create a new Send Connector.
Give the connector a name and set the type to Internet. Click Next to continue.
Leave the network settings set to MX record. If you needed to configure specific external DNS servers you should also tick the box, but if your Exchange server can already resolve external DNS names then that should not be required. Click Next to continue.
Click the + button to add a new address space. Specify the FQDN of * (the wildcard character that effectively means “anything”). The cost can remain at the default setting of 1 if this is the only send connector for your organization. Click Save and then click Next to continue.
Click the + button to add the source servers for the connector. These are the servers that will be responsible for routing email out from your organization to the internet. Multiple servers will provide redundancy for outbound mail flow. Click OK and then click Finish.
The send connector is now visible in the Exchange Admin Center.
For further configuration and tested steps refer to the last section of this article.
Configuring Outbound Mail Flow via a Smart Host
Configuring a Send Connector to send outbound internet email via a smart host is the same process as above, with the following differences.
First, the network setting is configured to Route mail through smart hosts instead of MX records. You must then click the + button to add at least one smart host name or IP address. Multiple smart hosts are permitted and are recommended for redundancy.
When you choose to use a smart host you also get the option to configure authentication for the Send Connector. This is only necessary if the smart host requires it. Many email security servers/appliances or even hosted solutions will simply authenticate you based on your IP address rather than require other credentials.
Testing a New Send Connector
The obvious way to test a new send connector is to send an email from inside the organization to an external recipient.
When the message is received in the external mailbox you can then take the message headers and use the MXToolbox header analyzer or the ExRCA Message Analyzer to inspect the headers and confirm that the email passed through the source servers you were expecting it to for that outbound route.
If the email does not arrive you can inspect the transport queues on your Exchange servers for stuck email.
[PS] C:\>Get-TransportService | get-queue Identity DeliveryType Status MessageCount Velocity RiskLevel OutboundIPPool NextHopDomain -------- ------------ ------ ------------ -------- --------- -------------- ------------- E15MB122206 SmtpDeliv... Ready 0 0 Normal 0 mailbox database 1 E15MB1Submission Undefined Ready 0 0 Normal 0 Submission E15MB1Shadow22204 ShadowRed... Ready 0 0 Normal 0 e15mb3.exchange2013dem... E15MB222750 SmtpDeliv... Ready 0 0 Normal 0 mailbox database 2 E15MB2Submission Undefined Ready 0 0 Normal 0 Submission E15MB2Shadow22748 ShadowRed... Ready 0 0 Normal 0 e15mb1.exchange2013dem... E15MB3Submission Undefined Ready 0 0 Normal 0 Submission E15MB3Shadow16452 ShadowRed... Ready 1 0 Normal 0 e15mb1.exchange2013dem... E15MB3Shadow16456 ShadowRed... Ready 1 0 Normal 0 e15mb2.exchange2013dem...
To look more closely at the messages stuck in a single queue you can use Get-Queue and Get-Message together.
[PS] C:\>Get-Queue E15MB122206 | Get-Message | ft
If the properties of the stuck messages do not reveal the problem then another valuable source of troubleshooting information is the protocol logs. For more tips refer to the following article:
Further Configuration Options for Send Connectors
Some additional configuration options you can explore are:
- Proxying email through Front End/Client Access Servers
- Configuring protocol logging for Exchange 2013
- Configuring outbound message size limits for Exchange 2013
- Configuring the FQDN for HELO/EHLO on a send connector
Paul, we recently started a migration from exchange 2013 on prem to exchange 2016 /O365, and we configured all and got everything working and showing good but our exchange now will not send emails to outside domains. Any help is appreciated.
I’m fresher for Exchange Server. My senior installed Exchange Server 2019. Email can send local domain but can’t send to outbound mail (GMail, .com, etc), Please, guide to me where and how to configure for Internet email.
guys have exchange 2013 sitting on windows 2012 R2 but can not send or receive external mails
I can summarize that it is possible since exchange 2013 local, we can sent the emails on the internet using his ISP or a remote web server?
Hey Paul,
Thanks for all your contributions, They are really good specially when things don’t work, which tends to be the case more often than not.
I finally managed to setup my Exchange 2013 Server to play with from home (Separate Network, then my home network, and use a Palo Alto Firewall to create my Virtual Routers to separate my two internal and two external networks) Now as far as I know I configured everything correctly and my Exchange server and reach external web-sites and what not without issue. However when I attempt to send an email I see it stuck in the transport queue (Get-Queue), when I check my firewall I see the SMTP port 25 connections are allowed, and they all report the applicatino as incomplete, as if the connections are not allowed.
So using information from your other posts, I used the telnet trick to verify connectivity, and it seems from any computer in my networks (personal, or my test enviro) I can’t seem to connect to any of the external SMTP servers on port 25…
What am I missing, Do they require some form of Auth to work? TO me it doesn’t even seem to be the case as that would imply we’ve reached the application layer and my packets in my firewall would have said they are SMTP and no “incomplete” it’s like it’s being blocked at the 3rd layer (port). Do all external mail providers allow incoming SMTP email from anyone?
Any idea on what I may have missed would be greatly appreciated. I source your blogs on my blogs 🙂
You stated the Following:
“Many email security servers/appliances or even hosted solutions will simply authenticate you based on your IP address rather than require other credentials.”
Now my domain (Zewwy.ca) points to my public IP address for my basic home network (which I have a NAT rule on my Modem to point to my Web Server, to host my website), this however is not the IP address which email will be coming from. I created a MX record and A record for mx.zewwy.ca for this (which I want email coming in and our from). Will external providers validate me based on my root domain IP? or my mx record?
For some reason when I put my info into mxtoolbox’s whois, it reported a differen’t MX then the mx record I created in my DNS providers portal… Would this be due to replication (cache)? I did check shortly after the change (AKAIK TTY can be up to 3 hours generally).
One last ting I noticed, in your final step to troubleshoot (love that your post have these), it shows your email was stuck in Queue for almost an hour before google finally sent it on, however it shows it sent it connecting via ESMTPS, and not standard SMTP…. from all my testing so far by default, unless you configure it otherwise it always send over standard SMTP (Port 25), does the comment you stated above apply to most external domain email recipient servers?
Hi,
We are using an internal mail client (on powerbuilder) which is connected to Outlook 2013. We send a mail from this mail client which then sends it through Outlook to sener. From last week, on 9 out of 10 mails (mostly to external IDs) the mails are not reaching the recipients and we are getting failure notice — The following recipient(s) cannot be reached:
Server error: ‘550 5.7.1 Unable to relay’
Pls help
The Real Person!
The Real Person!
Search for how to configure a relay connector for your version of Exchange.
Hi Sir
Is there anyway to configure outbound mail redundancy automatically when internet service down?
For example, if we’ve multiple sites and each site have at least two outbound edge servers but these two edge servers are based on the same internet traffic.
When the internet traffic down on this site, outbound mails will be queuing on these two edge servers until time out, or it will be failover to other sites send connector?
thanks!
If the exchange server has multiple IPs how do you configure the IP address you wish to use for outbound SMTP?
The Real Person!
The Real Person!
Why does your server have multiple IP addresses?
Is there a tutorial for the absolute bare bones on how to get exchange setup (I’m meaning with setting up the DNS with it.)
I’m new to servers and I have one where I have 2 virtual machines, a DC and one with EXCH2013 installed. I’m having trouble getting them setup and could really use some help. Any help is appreciated. I’m able to get administrator to log into OWA at mail.domain.com but cant get anyone else to log into it. And i cannot send/receive outside emails.
Thank you!
John
The Real Person!
The Real Person!
This is written for Exchange 2016 but they are very similar versions. And it’s free: https://www.practical365.com/ebooks/exchange-server-2016-quick-start-guide/
Hi Paul,
Installation of Exchange 2013 on Server 2008 R2 Box, but need one suggestion. Should we install Exchange 2013 on C:\ drive or D:\ drive? And How much space need to be allot on each Drive on this Exchange server?
Regards
Samuel
Hi Paul,
I am creating a send connector for a journaling configuration (to Mimecast). We have recently switched to having two active directory sites in our organization. When creating the connector, and selecting all source Edge Transport servers (in both sites), I get the following warning: “warning the source transport servers specified for the connector aren’t in the same active directory site”. I did not get this warning in my lab (but that just may be our mock configuration). Is it proper to have two separate connectors per AD site for a proper configuration or should I stick with the single connector and ignore the warning in this case?
Thank you,
Pete
The Real Person!
The Real Person!
From memory I think the issue is sub-optimal routing/performance. The other approach to take is two separate send connectors – one per site. Then each site will route optimally (i.e. out the closest connector).
Hi Paul
in exchange 2013 can i have 2 send connectors , one sends directly to the internet and the other through smart host for the same domain and select users who send by each send connector without third party program
The Real Person!
The Real Person!
No.
Hi Paul,
I have an Exchange 2010 environment with two hub transports (HUB01 and HUB02). Due to the amount of email we are now sending, I added a third hub transport to the mix (HUB03), but did not update the Source Server listing on my send connector for internet outbound traffic to include this new hub transport. Users began to report that messages were being returned with looping errors. My understanding is that send connectors can be isolated to specific servers by leveraging the “Source Server” settings. However, it appears the new HUB03 server is not routing messages to HUB01 or HUB02 (which are both listed in the internet outbound send connector). Is there something wrong in my configuration, or is this normal behavior? To put it another way – can I have a one hub transport out of several that has basic receive connectors (Default, Client) but no send connectors assigned via the Source Server settings and still have successful mail flow?
Hi Paul,
Thanks for this article, it was very helpful– until I installed Exchange 2016. We’re in the middle of a migration from Exchange 2007 to 2016 via 2013. At this point everyone is using 2013, 2007 is gone and I’ve installed 2016. For all three versions we have two servers– prior to 2016, a CAS with a public IP (solely to provide externally-accessible ActiveSync and Web App) and an internal mailbox server with a private IP. The mailbox server routes outbound mail through a smart host.
Before 2016 was added to the mix it all worked great– I had two send connectors, one for the 2007 server to route outbound mail through an older Linux smart host (our other, newer, Linux mail server caused TLS to break with Exchange 2007) and the 2013 server routed outbound mail through our newer Linux server with its stricter TLS.
Once I installed 2016 (note– just installed, and not much more– Exchange 2016 almost immediately forced itself as a production server and clients started using it as their outbound server even with no mailboxes on it), nothing seemed to behave anymore.
First, because of the changes to 2016, there is no longer a distinction between a CAS and a mailbox server. In practice, I don’t want the external server to ever be a mailbox server, and I have removed the mailbox database. But because my Outlook clients seem to randomly choose any server they want to to send mail, I added both of my 2016 servers to the send connector. Now Exchange will sometimes — but not always– route outbound mail through multiple Exchange servers before going out to the smart host! I suspect that I don’t fully understand something here.
With 2007 and 2013 together, it all made sense. Users with a 2007 mailbox used the send connector with the 2007 server as the source, and users with a 2013 mailbox used the send connector with the 2013 server as the source, and each routed out through their appropriate smart host. Once 2016 is installed, Outlook and Exchange (both versions) choose whichever server(s) they please, both for Oulook connections and for routing.
Can you help untangle this for me?
“These are the servers that will be responsible for routing email out from your organization to the internet. Multiple servers will provide redundancy for outbound mail flow. Click OK and then click Finish.”
You have added three Servers in Send Connector for redundancy but which Server will be act as a primary to send outbound emails?
The Real Person!
The Real Person!
There’s no primary. All three servers will be involved in sending email.
Hi Paul. I have a send connector that routes all mail * to one smarthost, but I’m doing a spam cutover and want to have 2 of the domains that are a part of “*” to a different smarthost. I tried creating a new send connector with the 2 domains in address space and gave it a cost of 1. I then changed my original send connector to have a cost of 2. My test emails sent from my 2 domain names in question are still routing through the initial send connector. Do you have any idea on how to pull this off at ease? Thanks. Gary
The Real Person!
The Real Person!
Send connector costs is the way to do it. You can separate them more, like using 1 and 10, but I doubt that’s the issue. Is the send connector enabled, and the smart host it’s trying to send to available? If a route is marked down I expect Exchange will stop trying to use it.
hello sir, i am facing problem to send mail when we want to send mail.emails already going to Draft box.
Mail is not sending.please help me about this issue.
The Real Person!
The Real Person!
That is often caused by a problem with the DNS configuration of the Exchange server.
https://thoughtsofanidlemind.com/2013/03/25/exchange-2013-dns-stuck-messages/
Hello Paul,
We have 2 exchange 2013 servers and they are both CAS, Database and DAG member. We have problem sending attachments to non-MS outlook users. They receive just winmail.dat.
I tried Set-RemoteDomain Default -TNEFEnabled $false but then there are alot of e-mail in the queue and failed to deliveries.
Set-RemoteDomain Default -TNEFEnabled $Null and same story
Current situation is Set-RemoteDomain Default -TNEFEnabled $True and non-MS outlook contacts cannot receive attachments.
Do you think it is related to send connector? Can I create multiple connector other than default?
Could you please advise what to do?
Kind regards,
Isac
Hi Paul
We have two Exchange servers (2013) and would like to know if we can use the second NIC to
send out emailto our email provider
ExchangeServer1
NIC1 192.168.1.20
NIC2 192.168.2.20
ExchangeServer2
NIC1 192.168.1.21
NIC2 192.168.2.21
So would i do Set-SendConnector “Outward” -SourceIPAddress 192.168.2.20 so that all SMTP goes out on that ipaddress to our email provider, and as we have two exchange servers then i would have to create a second Connector pointed to 192.16.2.21 ?
Or do i do Netsh int ipv4 add address Nic1 192.168.1.20 skipassource=true
Netsh int ipv4 add address Nic1 192.168.1.21 skipassource=true
Confused
The Real Person!
The Real Person!
I’m confused why you have multi-homed servers in the first place.
Hi Paul
Normally I would just have one nic (Teamed)per server, but I have been told to do it this way. So would i create two “Send Connectors” and do
Set-SendConnector “Outward” -SourceIPAddress 192.168.2.20
Set-SendConnector “Outward2” -SourceIPAddress 192.168.2.21
Or do you not recommend this ?
Thanks Paul
Michael
The Real Person!
The Real Person!
Told by who?
I can’t think of any reason to try running a multi-homed Exchange server like that. In fact, it’s probably more likely to cause you problems.
The person above me !!! lol
My understanding of this , is that SMTP uses the primary nic to send email via the send connector, so is there a way for forcing Exchange to do this ?
From my experience and what i have read on the internet this is not the way to do it? So how do i convince my boss to use only one NIC (teamed)?
Thanks Paul
The Real Person!
The Real Person!
Well, consider that the -SourceIPAddress parameter is, according to TechNet:
“This parameter is valid only for Send connectors configured on an Edge server.”
So you’d need to be running Edge Transport servers to use that.
There’s no business or technical requirement other than your boss thinks that is how it should be done? That’s not a good reason to add complexity to an environment. Keep it simple and easy to support, run single-homed Exchange servers.
I’ve seen people try to run multi-homed Exchange servers in the past for really no good reason other than they think they’re somehow making things more secure or optimizing network throughput (neither of which are true), and it ends up breaking stuff they never anticipated and making every troubleshooting scenario more difficult to deal with.
Pingback: Configuring the option of Force TLS in Exchange on-Premises environment |Part 4#12 - o365info.com
Hi,
hello,
i need your advice or contribution on how to resolve delays in bulk email blast to customer.
we send bulk mails to about 65000 customers over internet but the mails to delay to recipients. it sometimes take more 2-4 days to move out of the queue.
we have two mailbox server exchange 2013 (DAG) and edge server.
your contribution will be highly appreciated.
Regards
The Real Person!
The Real Person!
What solution are you looking for? If you email someone who can’t receive the email, it will queue on your servers, that is the normal behaviour.
For bulk email of that nature you are probably better off using a mail system such as Aweber or Mailchimp rather than carry all the risks and problems of trying to run it through your Exchange server.
Hi
I want to add some smart hosts to my exchange, the work I think has to be done, is, install smtp on a server , then create some virtual smtp server and then add them to my exchange server send connector. but when I want to choose server in new send connector wizard there is just one server.
I installed exchange 2016 on another server . but now I dont know how to add the new one to the current exchange server
would you give me a hint how to do that ? and am I right by this scenario?
Thanks
Hi Paul,
How can I Configuring the FQDN for HELO/EHLO on a send connector?
please give a help link
Thanks
The Real Person!
The Real Person!
Open the properties of the send connector, or use the set-sendconnector cmdlet.
Mass,
Would you email me a copy of your configurations. I need that as my Exchange cannot send emails out thru MDaemon smart host.
Thank you.
Hi Paul,
my ISP that i use as smarthost have decided to use port 465 and ssl auth for outgoing email traffic, i have my own exchange 2013 can i configure it to use SSL auth? they have also decided to similar on the incoming email. do you know of any workarounds?
//:Erik
Hi Paul,
Need your guidance for removing/encrypting my internal Exchange 2013 servers IP address and hostnames in email headers for outbound emails. I have found the below command for removing but let me know if anything more needs to be done for the same.
Get-SendConnector “Connector Name” | Remove-ADPermission -AccessRight ExtendedRight -ExtendedRights ms-Exch-Send-Headers-Routing -user “NT AUTHORITYAnonymous Logon”
The Real Person!
The Real Person!
You’re following the Header Firewall guidance here?
https://technet.microsoft.com/en-us/library/bb232136(v=exchg.150).aspx
I want to remove the details of my internal messaging servers from the email headers in the emails which is sent to internet domains. So that my internal server details are not exposed to internet recipients.
The Real Person!
The Real Person!
Yep, the Header Firewall is what you should be looking into for that.
Paul,
I have an awkward scenario. It seems that recently our Exchange 2013 server has been sending out on our default IP instead of the correct external IP that is used by the external DNS MX records and referenced with the SPF record – hence causing us to look like spam of course. Is there a means to get the send connector to use a specific external IP instead of our default?
Can I use the smart host option for this ?
P.S. It was originally forced by a previous network appliance (my hunch anyway) to do this. Now to only add DKIM.
The Real Person!
The Real Person!
Usually that NATing of outbound connections is handled by the firewall or edge router for your network.
Hello Paul, How are you?
I created a send connector without TLS, but through testing I realized that even then returns the error message below domains that do not have TLS configured.
#>
MessageId:
Recipients: {} schmidt@externaldomain.com.br
RecipientStatus: {[{LRT =}, {LED = 500 5.3.3 Unrecognized command};} {FQDN =; = {IP}]}
<#
I also realized that even if I create an output connector, it authenticates the "Default mbx01" which has TLS set up.
Is there any way to send to create a customized output connector without TLS not authenticate the Default connector?
###########
#My SCRIPT#
###########
#Criar um conector dedicado para um dominio
new-SendConnector -Name 'AddressSpaces – No TLS' -Usage 'Custom' -AddressSpaces 'SMTP:teste.com;1' -IsScopedConnector $false -DNSRoutingEnabled $true -UseExternalDNSServersEnabled $false -SourceTransportServers "BRPHEXMBX01","BRPHEXMBX02","BRPHEXMBX03","BRPHEXMBX04","BRPHEXMBX05","BRPHEXMBX06"
#Configurar tamanho máximo de mensagem e habilitar logs
Set-SendConnector 'AddressSpaces – No TLS' -MaxMessageSize 50MB -ProtocolLoggingLevel Verbose
#To add multiple Address Spaces from a text file called addressspaces.txt use this command sequence instead:
$ConnectorConfiguration = Get-SendConnector "AddressSpaces – No TLS"
Get-Content addressspaces.txt | foreach {$ConnectorConfiguration.AddressSpaces += "$_"}
Set-SendConnector 'AddressSpaces – No TLS' -AddressSpaces $ConnectorConfiguration.AddressSpaces
#Disable StartTLS on Send Connector
Get-SendConnector "AddressSpaces – No TLS" | FL IgnoreSTARTTLS
Get-SendConnector "AddressSpaces – No TLS" | Set-SendConnector -IgnoreSTARTTLS $true
Get-SendConnector "AddressSpaces – No TLS" | Set-SendConnector -Port 2525
#Restart the Microsoft Exchange Transport Service
Restart-Service msexchangetransport -Verbose
Reference: http://www.moh10ly.com/blog/office-365/emails-between-o365-and-on-premises-do-not-work
http://blogs.technet.com/b/get-exchangehelp/archive/2013/02/05/disable-opportunistic-tls-between-an-edge-server-and-a-hosted-service-such-as-exchange-online-protection.aspx
http://sys-pro.blogspot.com.br/2013/06/451-440-primary-target-ip-address.html
Tanks Paul!
Paul
I dont have a public IP and also due to lack of IPS and IDS devices i prefer to receive emails on a well protected host on internet, and also I need to use exchange server in my LAN for its features. in this situation I need “DPOP” or “MultiPOP” to download emails from the host and deliver it to the LAN users.
What solution do u recommend me.
Thank you for giving me your time
The Real Person!
The Real Person!
I’ve seen customers use POP to retrieve mail and submit it to Exchange before. That’s fine if you have no choice (like a lack of public IP address control). I just wouldn’t install the software directly on the Exchange server. Don’t try to change the ports Exchange uses or try to install software that will conflict with the ports Exchange already uses.
I have no experience with MDaemon itself so I can’t really say whether your solution will work or not.
Thank you very much Paul
as you said i installed MDaemon and Exchange on two servers and they are working fine, Thank you very much
By the way, MDaemon is a light, fast, and handy mail server which has many features of exchange, and if you install outlook connector you can also share contacts and calendar and so on, But it has a long way to go to become like exchange server. I can say it’s perfect for SOHO environments. that’s why i use it as a mail gateway. Anyway.
Thank you very much for your attention and really appreciate the time you spent to answer my questions.
Yours
Masoud
Hi Paul
Been reading your site recently and found it very useful and handy, it’s perfect and lovingly.
I am connecting a “Exchange Server 2013” and “MDaemon 14.5.2” which both installed on the same server. The “MDaemon” pulls emails from a “Catch-All” mail box on my host using “DPOP” and deliver them to users throught “Exchange Server” and Outlook. And send user emails through Outlook, Exchange, MDaemon, the host. I used to do it several years ago with “MDaemon 6” and “Exchange 2000”. but it has become tricky for me after these years.
Internet Domain: mydomain.com
AD Domain: mydomain.local
Local AD Server: 192.168.0.5
Local mail server IP: 192.168.0.10
On local mail server I configured a gateway in MDaemon named “mydomain.local” and forwarded it to “192.168.0.5” SMTP:2525 (In gateway configuration).
I need two policies in exchange to rename the email addresses to “mydomain.com” and change smtp port to 2525 to be able to receive emails from MDaemon.
I don’t know if these configurations are correct or no, and if i need anything else to configure. besides is it ok to have both mail servers in one server or not.
I would be grateful if you answer my questions.
The Real Person!
The Real Person!
Why are you doing it that way? Exchange doesn’t need all that other stuff involved, it’s perfectly capable of sending and receiving email without all those extra parts.
Dear Paul
I need to use “DPOP” and “MultiPOP” to receive emails from the host due to some reasons.
The Real Person!
The Real Person!
I wouldn’t install MDaemon and Exchange on the same server. Other than that, since I don’t know what your reasons are there’s not much I can suggest.
Hi Paul,
Been reading your websites and books for quite a while, really great. need some help.
our environment
2 sites melbourne and sydney connected with site to site vpn.
2 exchange 2013 Servers 1 at each sites
we have 2 smtp domain . domainA.com and domainb.com
We want melbourne site to send and receive only domainA.com and the sydney domainB.com
i have already the respective mx and public ip pointing to the designated exchange servers, and created 2 smtp connectors.
Do i need to configure or specify the respective ip address in the receive connectors. how does exchange know which smtp to use . if melbourne server or link is down will sydney still be able to send and receive emails for its smtp domain and vice versa.
cheers
The Real Person!
The Real Person!
Inbound routes can be separate because you control that using MX records.
Outbound routes, no. Send connectors aren’t conditional in that way.
thanks.
thanks a lot for you suggestion really appreciate , as someone was suggesting that for remote site create a smart host locally on each site this will help fast delivery , any way i guess i should setup mailbox server in each site locally may help delivery for internal clients and fix latency issues.
still if you could share exchange best practice that would be great.
Hi Paul We have exchange 2013 with DAG on one location and users are globally sitting
if we setup smarthost on each site can it reduce outbox time as any email over 3 MB taking 3 to 8 min time in outbox. or we need to add mailbox server on each site for fast delivery.
The Real Person!
The Real Person!
The latency you’re seeing is probably more due to the latency between the client and their mailbox server. The closer they are to the active database copy for their mailbox, the better the performance will be.
I think you should also check whether cached mode is enabled for their Outlook profiles, and also test whether the same delay happens with Outlook Web App. But I suspect this is just a latency issue.
thanks Paul ,
yes we do have delay issues from remote sites , but one thing is notable even for the LAN ( 1 GB links )Users on same site 5 MB takes more then 1 min to stay in outbox
with owa it took 1 min approx to see the email in my sent items as i coud not see outbox.
does smart host have any role in delivring emails faster or i need to to setup mailbox server on each site , if you can send any link of your articles for best practices for Exchange 2013 for remote sites when we have few user sitting (10 to 15 user) on remote site
thanks for your help.
The Real Person!
The Real Person!
Are you talking about emails to other internal recipients? If so then configuring a smart host on the send connector won’t make any difference.
If you’re talking about emails to external recipients, using a smart host won’t necessarily improve delivery speed since the emails still need to travel over the same internet connection anyway.
Emails stuck in the outbox can be due to many different reasons – server performance, network performance, client performance, antivirus software on the client…
Somehow, using internal server keeps getting error on DNS resolution on gmail. After check using external DNS even though I have not configured the following, it works great.
This is what we need:
https://www.practical365.com/exchange-2013-manually-configure-dns-lookups/
I’ve always used an internal DNS server, so I’m not 100% certain, however, that sounds right.
If you have an active directory environment, you should have an internal DNS server, which you should consider using.
mk
@mk,
Thank you for quick reply. Yes, it works great. BTW, if we check use external DNS for delivery, do we need to specify which external DNS server IP addresses from ISP ?
Thanks again,
Harry
Hmm… my entry above wasn’t posted properly. You need to edit your Send Connector before going to the ‘Scoping’ section.
mk
Harry – the Send Connector name/identity is not seen. You need to change the Send Connector’s FQDN which can be done in two ways:
1) Set-SendConnector -Identity “Outgoing Internet Mail” -Fqdn mail.yourdomain.com
or
2) Using the EAC, go to Mail Flow / Send Connectors / / Scoping. Scroll down to the bottom where you can specify the FQDN.
I’m assuming you are using Exchange 2013…
mk
Hi Paul,
ice post. MXtools header analysis show our SMTP sender connector name is CASservername.mydomain.com. Is there anyway, we can change it to mx.mydomain.com to mask my real server name?
Thanks,
Harry
Anyone know of a powershell script that could be used to add 100+ domains to a particular send connector so I don’t have to do it manually for each one in the Admin Console?
Hello Paul, I am in the midst of an Ex2010 Ex2013 migration. I am having issues when trying to send email externally from mailboxes on the Ex2013 server. I have a send connector that points to a hosted encryption service on the Ex2010 server (this shows up on the Ex2013 server as well). I get a “remote server returned ‘554 5.7.1 : Relay access denied'” when sending from accounts on the Ex2013 server but not the Ex2010 server.
Thoughts?
Best regards,
The Real Person!
The Real Person!
Sounds like all mail from the 2013 mailboxes is traversing the send connector to the 2010 server, and whichever receive connector on the 2010 server is handling those connections is rejecting email sent to external recipients because is considered “relay”.
Thanks Paul. I found the issue. Our encryption service had blocked all but one of our external IP addresses. Mail from the new server was using the default gateway of our firewall. I changed the NAT translation on my firewall to use the approved IP address and mail started flowing properly externally.
Thanks again for all of your assistance!
As of now, for Exchange 2013, it appears that it can only be done via command:
Set-SendConnector -Identity “” -Fqdn
For example:
Set-SendConnector -Identity “Outgoing Internet Mail” -Fqdn mail.yourdomain.com
mk
Paul,
I love your articles – I’ve been using the for years!
Question regarding configuring the FQDN for HELO/EHLO on a send connector. How is this done on Exchange 2013? Can this also be done for the receive connector?
Thanks,
Michael
Why would I want to use a smarthost? What is the typical situation pro/con of using just the MX record option vs. using the Smarthost option?
The Real Person!
The Real Person!
The smarthost could be an email security appliance that all your outbound email is routing through, or a cloud-hosted email security service.
The smarthost could be a separate internal system that has no MX records but still needs to receive emails.
There’s no particular pros/cons to describe, it’s a case of meeting some business or technical requirement.
I have installed an Exch2013 server into an Exch2007 org and am in the process of moving mailboxes to the ex2013 server.
I have a send connector configured from each mail server to a smart host (McAfee MEG). All external mail travels thru the MEG.
I also have a Barracuda Message Archiver that currently pulls messages from an Ex2007 journaling mailbox. With the migration to the ex2013 server, Barracuda is recommending going to SMTP Journaling, which requires creating a send connector on the ex2013 server.
My question is would there be a conflict between the send connector for the MEG & the Send Connector for the Barracuda? The Address Space for the Barracuda connector is a specific fake domain, where the Address Space for the MEG connector is *.
Thanks
The Real Person!
The Real Person!
I’m not familiar with how Baracuda’s system works, so I would recommend you ask them.
Generally speaking an email is going to traverse one Send Connector on its way out of your org. So if it goes out via the McAfee, I can’t imagine how it will also manage to go out via the Barracuda connector.
Hi Paul,
We are configuring a new exchange 2013 installation.
We have 2 AD sites, both with access to internet and with an mpls connection between both.
We are installing an Exchange 2013 DAG with 2 nodes, with one node in one site and the other node in the second site.
We don’t have load balancers.
Can we configure Exchange, with site resilience, so that when one server fails, mail flow could be assured by the other server (both send and receive mails)?
Regards,
Luis
The Real Person!
The Real Person!
For outbound mail flow, configure two Send Connectors, one for each site/server.
For inbound mail flow, configure two MX records, one for each site.
Hi Paul,
I have a new exchange 2013 installation, I have configured a send connector and I still cannot send mail to myself on the same network domain.
I am testing by sending a mail to administrator internally, but mail always got stuk and never received, so i could not figure out what the problem is, Kindly assist. I have ISA Sever 2006 on my network as firewall. I have allow everything but yet can not recieved email internally and the exchange was properly installed.
The Real Person!
The Real Person!
You’re trying to send between two mailboxes that are on the same server? Neither the send connector nor the ISA firewall should have any impact on that. I would say its more likely the messages are stuck in a queue (you can run Get-Queue to see the queues), or your transport services aren’t running at all (check Services.msc).
When i am sending mail outside from my domain then it is showing this error
Error encountered while communicating with primary target ip address “Failed to connect winsock error code 10061, Win32 error code 10061” Attempted failover to alternate host but did not succeed.
Hi,
which server we need to mentioned in •Configuring the FQDN for HELO/EHLO on a send connector
Cas or mailbox ?
The Real Person!
The Real Person!
Use whichever hostname you want to appear to the outside world, eg smtp.domain.com, or just the hostname of the Mailbox server.
Hi Paul, so the FQDN does not really matter (except when using TLS, than the FQDN should match a name in a certificate). Will there be no reverse lookup checks to verify that the DNS of the FQDN matches the IP of the sender? Is there no effect when changing the name in a productive environment? Thanks!
The Real Person!
The Real Person!
A good practice is to have the FQDN resolve in DNS to the public IP that the outbound connections will appear to be coming from.
But as long as the FQDN can be resolved in DNS to an IP, and as long as the public IP also resolves in DNS to an FQDN, you should also be fine. It’s when either of those DNS lookups fail completely that things start to look suspicious.
Changing the FQDN should have no impact on existing mail flow. Always plan and test your changes, and have a rollback plan ready.
Pingback: Real Estate investing education
Hi, Paul. Thanks for your article, its amazing, as usual 🙂
the question is, like it was mentioned before,
“Is it possible – via send connector or other means (rule perhaps) to send all mail *from* a specific internal domain through a smarthost? For example, let’s say we have two divisions and each have their own domain – joe@maindiv.com and bob@subdiv.com. Subdiv requires a smarthost for regulatory compliance, maindiv.com does not. Can we force outbound mail for subdiv.com through the smarthost but not maindiv.com so we don’t have to pay for compliance services?”
how to route mail thru a specific edge based on user’s primary domain ?
Google for RooteBySender tool.
Regards,
Victor
Paul great article, is there a way to get exchange to ignore internal recipients (pre-staged for a migration) and send route messages our through a send connector?
The Real Person!
The Real Person!
Sure. Apply forwarding on the mailbox.
Hi Paul
Can you explain what you mean by forwarding on the mailbox?
Can you explain how this works in terms of flow?
I.e Old Mail platform – migration to new platform via send connector?
Hello Paul, you have a nice blog!
Please give me advice:
I just installed only 2 multy role server 2013 in two different sites. Inbound mail works fine, but I just try to create new one send connector in new site , and outbound mail flow stop working for me. If i disabe new send connector (just create it like post- internet- next- asterisk- next- my casmailbox in site 2 to scope)
Annnd my mail do not go to Internet, just qued…. What I doing wrong?
Pingback: Exchange 2010 to 2013 Migration – Configuring Transport
Hey all,
I am in the process of migrating from EX 2010 to EX 2013. I have an existing 2010 2x dag, 2x cas environment. I have built on new servers 1x 2013 cas, and 1x 2013 mb.
I have followed the step by step Exchange Server Deployment Assistant but cannot see it talk of mail flow anywhere. I have a single send connector in the 2010 env. I have various receive connectors. all https,http,smtp,imap and other outlook,rpc,mapi traffic go through a Riverbed Stingray Traffic Manager. My send connector routes email through a smart host.
I have created a exchange 2013 mailbox. I can send email from 2010 to 2013, but I cannot send email from 2013 to 2010. Both farms are in the same domain, same network. They are all hyperv vm guests in the same cluster.
The email that I try to send from the 2013 env to 2010 gets stuck in the 2013 Queue Viewer, its status is READY, it has no last error.
Can anyone help clear this up for me? I need exchange 2010 and 2013 to coexist for a period of a few weeks, while I migrate all mailboxes, then after that I will close down exchange 2010.
Thank you in advance.
Andrew
The Real Person!
The Real Person!
You should begin by troubleshooting SMTP connectivity from 2013 -> 2010. Try it with telnet. Check for antivirus or security products, or firewalls, or your Riverbed device, that may be interfering with the connections.
Also look closer at the messages stuck in the queue. What is the last error? That usually gives you some hints about what the problem may be. Misconfigured Receive Connector permissions on the 2010 server is a example of where things can go wrong too, eg http://support.microsoft.com/kb/979175
There is an option in the general tab of the send connector properties for “Proxy through client access server.” I understand in a split role environment, this box makes it work like 2010, ie, mail goes from mailbox to CAS and then sent out from there. However, what is the proper setting when CAS and MB are on the same server? Checked or unchecked?
The Real Person!
The Real Person!
There is no proper setting. The option exists for specific scenarios that some customers might have.
On multi-role servers it doesn’t matter either way, in my opinion.
Is it possible – via send connector or other means (rule perhaps) to send all mail *from* a specific internal domain through a smarthost? For example, let’s say we have two divisions and each have their own domain – joe@maindiv.com and bob@subdiv.com. Subdiv requires a smarthost for regulatory compliance, maindiv.com does not. Can we force outbound mail for subdiv.com through the smarthost but not maindiv.com so we don’t have to pay for compliance services?
Have a look at this tool:
http://www.ivasoft.com/routebysender.shtml
I am a new IT engineer and learning Exchange server 2013.
To connect Exchange server 2013 to internet, how can we make it in safely ?
Please share your opinion.
Hi Paul:
Good article.
Does it mean that emails CAN be sent to internet with only Mailbox Role and no CAS?
Thanks
Denny
The Real Person!
The Real Person!
CAS is still a required role in an Exchange deployment.
This is a very helpful post. It was handy in guiding me on how to setup exchange to use smarthosts.
I have an Exchange problem that I can’t seem to find anything on. Server works with exception of sending outbound mail. This is the error I am not getting:
Delivery Report for jgreff@shareatech.com (jgreff@shareatech.com)
Submitted
7/16/2013 5:22 PM PE860-FS02
The message was submitted to pe860-fs02.dyslexia.local.
Pending
7/16/2013 5:22 PM pe860-fs02.dyslexia.local
Message was received by pe860-fs02.dyslexia.local from PE860-FS02.DYSLEXIA.local.
7/16/2013 5:22 PM pe860-fs02.dyslexia.local
The message has been queued on server ‘pe860-fs02.dyslexia.local’ since 7/16/2013 5:22:30 PM (UTC-05:00) Eastern Time (US & Canada). The last attempt to send the message was at 7/16/2013 8:31:43 PM (UTC-05:00) Eastern Time (US & Canada) and generated the error ‘[{LRT=};{LED=};{FQDN=};{IP=}]’.
7/16/2013 8:41 PM pe860-fs02.dyslexia.local
Message delivery is taking longer than expected. There may be system delays. For more information, contact your helpdesk.
Wasn’t sure if you have any ideas. I receive mail and internal mail works fine.