In some situations it is necessary to share an email domain between two distinct email systems.  This is referred to as Shared SMTP Namespace and is common when:

  • Two companies merge but maintain separate systems for a period of time
  • Non-Exchange systems are involved in the email environment, eg a Unix Sendmail server

Because Exchange Server handles this so easily it is generally best to send email to that domain name to the Exchange server first, and then let Exchange determine which recipients are local and which need to be sent on to another host.

How to Share an Email Domain Between Two Mail Systems

First take a look at the domain name that you want to share.  It is likely configured as an Authoritative domain in your Accepted Domains list.

[PS] C:\>Get-AcceptedDomain | fl domainname, *type*

DomainName : mycompany.local
DomainType : Authoritative

To share the namespace we simply change the DomainType to Internal Relay.

[PS] C:\>Set-AcceptedDomain mycompany.local -DomainType InternalRelay

Now that the domain type has been changed we need a Send Connector to tell Exchange where to send the emails that do not have a local recipient.

[PS] C:\>New-SendConnector -Name "Internal Relay" -Custom -AddressSpaces mycompany.local -SmartHosts 10.8.0.25 -SourceTransportServers ex2007.mycompany.local

Identity       AddressSpaces            Enabled
--------       -------------            -------
Internal Relay {smtp:mycompany.local;1} True

In that example the IP address of the other email system is 10.8.0.25, and the Hub Transport server to use to send the emails is ex2007.mycompany.local.

Now when an email arrives on the Exchange server that has no matching local recipient address, it will forward it on to the other mail system for delivery.

Update: In the comments below and via email some readers have described situations in which this does not work as simply as I outline above.  The most common scenario reported to me is that it doesn’t work without setting up Contacts in each organization for the users in the other organization.  Without those Contacts emails to recipients in the other organization result in an NDR.

This can happen when recipient filtering is occuring on the Exchange servers, or on a server running a third party anti-spam product, that rejects email that is addressed to invalid recipients.  This check is usually performed with an LDAP lookup against Active Directory.  However in a shared SMTP namespace scenario like this, any given Active Directory does not contain all of the valid recipients for all of the organizations sharing the namespace.

So to avoid NDRs when using shared SMTP namespace you will need to either disable recipient filtering, configure the product to do LDAP queries against all directories that share the namespace, or create Contacts.

When the shared namespace is no longer required for your organization you can decommission it following the process here.

About the Author

Paul Cunningham

Paul is a former Microsoft MVP for Office Apps and Services. He works as a consultant, writer, and trainer specializing in Office 365 and Exchange Server. Paul no longer writes for Practical365.com.

Comments

  1. Jason

    I’ve been trying to come up with a better solution to our Exchange and I think this article would work but just wanted to run this by you just in case.

    I manage a domain that is basically a sister domain to another organization (government entities). My domain looks like “sub.domain.gov” and the other domain is “domain.gov”. From a namespace perspective we look like a subdomain but we are not, we are separate domains with a trust setup between the two. They host email for us so here is my problem.

    When we create users we have to wait for the other domain to create their mailbox on their Exchange server and link the mailbox to our user’s AD account. This can sometimes take days and sometimes weeks to accomplish which is frustrating for us and the user. We have our own Exchange server that we use during the initial user setup to send them a link to their annual security training, completely stupid I know. So once their main email is created we have to go back into the user profile and setup their actual email stuff for Outlook.

    My question is, could this article potentially resolve this issue? I just want to create their account and setup their Outlook once and have it so if someone sends an email to “username@domain.gov” it will land in their mailbox at “username@sub.domain.gov”.

    If this would work, how would setting this up affect the users setup the old stupid way? Thank you for your time reading this and hopefully it made some sense.

  2. Pat

    Hello Paul,

    We have a centralized hybrid exchane environment. We use a local barracuda appliance and that is why we used centralized. We will eventually move all cloud but we need to resolve a few issues first. Historically we use our local cas as an smtp server for many of our applications SQL alerts PRTG alerts ect. We have one server that needs the ability to send email external support rather than an internal team but for some reason we are unable to get the mail to route out of our exchane server. Currently we send email from that server with an inbound connector that allows anonymous email sent from the server IP Address to the CAS. Any ideas as to how this can work?

  3. Mike

    I think this will work:
    new-transportrule “Loop detect – Set X-Loop =1” -SetHeaderName “X-Loop” -SetHeaderValue 1 -Comments “Prevents Loop Storm” -Enabled:$True

  4. Mike

    This is a merger. We want to get the old Exchange org users moved over. First we need to share the namespace. Your instructions just mention making changes on the authoritative domain side. I can see where email will find it’s way to users in the ‘remote’ org based on the settings you specify.
    However, you don’t mention making any changes on the ‘remote’ org. Should the ‘original’ email domain not also be added as type ‘internal relay’ in ‘remote’ org and a send connector also added, pointing back to the ‘original’ org? Maybe I’m overthinking it. I guess my short question is, should anything be added to ‘remote’ org as well?

    1. Avatar photo
      Paul Cunningham

      Yes, you’ll need to make the same configuration on the other side as well. Now you’ve got an infinite loop condition, so you also need to add transport/mail flow rules to each organization to set a custom header to enable loop conditions to be detected and stopped.

      My Google skills have left for the weekend so hopefully you’re able to find an article explaining that in more detail.

      1. Mike

        Thanks Paul. Putting change in tonight. I’ve seen articles for the transport rules. I’ll get those in place when I make the change. Appreciate the feedback!

  5. Justin

    Can an SMTP Namepsace be shared with more than one exchange server?

    1. Avatar photo
      Paul Cunningham

      Depends what you mean by “server”. Perhaps what you mean is “organization”? An Exchange organization can have multiple servers, that’s normal and it’s not SMTP namespace sharing.

      SMTP namespace sharing can be configured between multiple organizations. More than two gets complicated.

  6. Pavel

    Dear Paul,

    I tried to set up an Internal Relay and a connector, as you described. I sent several test emails and most of them where received successfully on the second email server where we are going to move.

    The first email got into spam folder, some got into Inbox as intended, but emails from mail.ru domain were not received at all. I see them in log files of Exchange server. I guess they where rejected because of strict SPF policy. Mail.ru domain doesn’t let any other servers to send emails from it name. And while relaying, our current server is recognised as sending server.

    Send log file says:
    <,550 5.7.1 Email rejected per DMARC policy for mail.ru 1512218519-qv7ezIKsaf-frL0vxRM,

    Is there anything I can do about it?

    1. Avatar photo
      Paul Cunningham

      Perhaps you can configure your antispam software to bypass filtering for emails coming from that Exchange server.

      1. Pavel

        Unfortunately, I can’t. It’s a service like Gmail for business, that doesn’t have such settings.

  7. novih sandra

    Hi Paul,

    Great article.
    but i have question, in your article use exchange on premises, can i deploy share email domain with two mail system mdaemon (250 users) and exchange online office 365 (250 users) ?

    Thanks
    Novih

    1. Avatar photo
      Paul Cunningham

      Yes but I have no idea what would be required on the MDaemon side of that setup.

  8. MO

    Hi Paul,
    In Exchange 2016
    We want to relay all outside e-mails, including local to local. For example our exchange has two users: user1@la3des.com, and user2@la3des.com. I want to route all sent emails including user1 sent to user2. How to achieve this?

    Send connectors can not able to relay. I tried to internal relay domain. However it routes outgoing non-existing ones. I want existing mailboxes too.

  9. Al ameen

    Hello Paul,

    I want to share same SMTP domain to 4 exchange organization. If I create Internal relay accepted domain and send connector will it work. Can I create single send connector and add all 3 exchange infra smart host IP and add domain name.

    Could you please help me how the send connector will fall back to next smart host.

  10. Chandan Kumar

    Hi Paul,

    Greetings for the day.

    i have one query for exchange server. There is 2 CAS server in my organization and i want to define mail routing for alternate basis. Is it possible to use one CAS for one mail routing and another available CAS server for next mail routing.

    Thanks

  11. Elesa

    Is there a way to keep your domain name and have emails on the cloud and a server? For example, one business splits into two and they want to keep the same domain and emails but half will be using a server and the other half now runs their programs including email from the cloud. Is this possible or will you not be able to keep the domain name?

  12. Rรฉda

    Hi Paul,

    I would like to migrate my email server iPlanet to Exchange Server.

    Could you please suggest to me a tools (Offline) that can do this operation.

    Many thank’s

  13. Christopher

    Hi Paul,

    I have two separate domains. The old domain accepts email with the new domain address. The new one does too. So thank you for this post, so when I migrate users, they will continue to get their email.

    I am getting an error on the third step.
    “Exchange server “MyOtherExchServerName.FQDN” was not found. Please make sure you typed the name correctly.”

    I can ping the server, so I know it is typed correctly.

    Both domains have Exchange 2016

    1. Christopher

      I found out what I did wrong, disregard…. sorry

  14. Kokeb Diriba

    What will be needed to communicate between two different mail servers because the domain is found in blacklist. Thank you for your help.

    1. Avatar photo
      Paul Cunningham

      Work with the blacklist provider to resolve whatever problem caused you to be blacklisted.

  15. Oliver

    Hello Paul

    What i need to configure that the second Exchange Server (other Company) can send mails ( shared E-Mail Domain) over the Internet-SendConnector on the first Exchange Server? Thanks for your help.

  16. Mike

    Paul,

    You mention “There are other ways of syncing the GAL between orgs”. Is it possible to elaborate on this? We are doing a cross-forest migration from 2003, 2010 to 2013. We’d like to get the GAL and Free/Busy available during the migration if possible.

    I thought federation may work between 2010 and 2013 but since it will be the same root domain I cannot seem to get it to work.

    1. Avatar photo
      Paul Cunningham

      There are several third party sync tools available for GAL sync scenarios. I can’t recommend one over another because they vary in features and suitability for different scenarios.

  17. Rocky

    How would forward email from one accepted domain to another? Here’s the scenario: company in Exchange 2013 hybrid mode – migrating mailboxes and public folders to Office 365. Our internal domain namespace is local.company.com and externally, our email address is company.com. Both local.company.com and company.com are accepted domains in our Exchange 2013 but NOT in our Office 365 tenant.
    Problem is, we have a myriad of in-house applications send emails to recipients with “@local.company.com”. Is there a way to send emails destined for “@local.company.com” to “@company.com”?

    1. Avatar photo
      Paul Cunningham

      You should add local.company.com to Office 365 as well, in your case.

      1. Rocky

        Other than adding local.company.com to Office 365, is there another way?

        1. Avatar photo
          Paul Cunningham

          What’s wrong with doing it that way? That’s how it should work.

        2. jat

          hello

          I did the following:
          create debian 8 virtual machine on ms azure portal with fixed public address
          enable incoming 25 port in iptables for ms address (below)

          configure name resolution
          configue exim header rewrite

          E rewrite all envelope fields
          F rewrite the envelope From field
          T rewrite the envelope To field
          b rewrite the Bcc: header
          c rewrite the Cc: header
          f rewrite the From: header
          h rewrite all headers
          r rewrite the Reply-To: header
          s rewrite the Sender: header
          t rewrite the To: header

          begin rewrite

          *@fromdomain.com $1@todomain.com Ffrsbc
          *@secondfromdomain.com $1@secondtodomain.com Ffrsbc
          etc …

          add office 365 to relay hosts
          hostlist relay_from_hosts = 127.0.0.1 :*.outbound.protection.outlook.com

          #https://db-ip.com/all/213.199.154 , 213.199.154.0/24 -ms outlook addresses

          configure office 365
          create mail flow rule or for specific case ,
          or send ALL outgoing e-mail to virtual machine

          thats all
          you outgoing e-mails domain name is changed

  18. Alex

    Hi Paul,

    If we have two Exchange orgs sharing SMTP space, one of them configured as Internal Relay (OrgA) and the other as Authoritative (OrgB), what happens if a user from OrgB sends to OrgA?
    Would it be an NDR? Do we need users from OrgA configured as external contacts in OrgB?
    If we had both orgs configured as Internal Relay would it cause a message loop?
    Thanks.

    Alex

    1. Avatar photo
      Paul Cunningham

      You’ll need to set it as internal relay in both orgs for bi-directional mail flow.

      You can use a transport rule to detect and break loops. Set a header that you can then detect and drop messages if necessary.

  19. Sergio Rodrigues

    Hi.
    I need a big help to config my exchange server.
    Anyone? please

  20. Ludovic

    Hi Paul,

    You said in your article:
    “Now when an email arrives on the Exchange server that has no matching local recipient address, it will forward it on to the other mail system for delivery.”

    Does this mean that i have to:
    – remove the contact from the local exchange server?
    – setup the main SMTP email address for that user on the new server to xxx@ex2007.mycompany.local ?

    And finally, when creating the new Send connector, can the new/remote server be in the could (Microsoft online)?
    New-SendConnector -Name “Internal Relay” -Custom -AddressSpaces mycompany.local -SmartHosts “CLOUD” -SourceTransportServers ex2007.mycompany.local

    The problem with this, how do i allow users from the cloud to send emails with the original domain name @mycompany.local ? There will be SFP issues.

    Thank you for your help

    Best

    Ludovic

    1. Avatar photo
      Paul Cunningham

      If you’re trying to set up Office 365 to work with an on-prem Exchange organization you really should be looking at deploying a Hybrid configuration.

  21. Pervaiz

    Hi Paul,

    I have a single domain and I want to host my domain on two server one is exchange server and second cpanel
    And I want half email on exchange server other on cpanel . plz suggest is it workable or not

  22. Kyle

    Hi Paul,

    I have been able to get the shared SMTP namespace working perfectly in my lab and I want to get GAL sync and availability services working as well. I understand what needs to happen to configure GalSync and availability services in a normal situation, but wondering how to get it working with the shared namespace or if it is even an issue and I am just over thinking it. I know autodiscover needs to also be working and can get it working internally by running Export-AutoDiscoverConfig in each domain and configuring internal DNS correctly. Looking for any information that will help me to get this all working. The two environments will keep this configuration moving forward. Thanks in advance.

  23. Muthu

    Hi,
    I have some issue in “Internal Relay Domain” configuration. My scenario is sharing the same SMTP name space between my in house Exchange 2010 and Google. The given below are the Two issue

    1. Unable to limit Max Recipient per message to 10 (Set the restrictions on Organisation, Receive Connector, Mailbox)
    2. External Users not getting NDR from in house server

    The configuration was
    First mail come to Google(MX point to Google) if user not available it will forward to in house. In House Exchange user can Send mails directly to Internet not via Smart Host.

    Thanks in advance.

  24. Simon Barratt

    What about outbound? This will work with email coming in, but what if we want to route a portion of all internet email for certain users outbound. I would like to route all Internet email for some people to flow through a different gateway and leave all the other people sending out through the existing smarthost config.

    Is there a way to only send email from a subset of people through a different smarthost config?

  25. Abhijeet

    Hi, Paul,

    I have two On-premises exchange serves , + one lotus domino and MDaemon server ,which will user Same shared SMTP domain.

    my requirement is when email receive in exchange, if mailbox is not available then it will forward to lotus & mdeamon server
    I have created mail-content for Lotus & domino users , and i have crated accepted domain (internal -relay )for both the servers like domino.abcd.com and Mdeamon.abcd.com and i have set secondary smtp address in mail-content … and created send connector
    But still i am unable to get email in lotus & Mdemon

    Please advise .. what i am doing wrong and what i am missing to do configuration

  26. Rob

    Hey,

    I want to migrate from a local mail-server (zarafa on a linux machine) to Office 365 in the cloud.
    It will take a couple of days to migrate all user mailboxes to the O365 environment so I want a temporary solution to share the domain between both mail-servers.

    I added my domainname to Office 365 and has set the type as Internal Relay.

    Now I want to add my outbound connector, but I’m not sure what I need to use as SmartHosts and SourceTransportServers (-SmartHosts 10.8.0.25 -SourceTransportServers ex2007.mycompany.local)? Do I need the IP and domainname from my current local mailserver? Do I need to configure my local mailserver to act as a Smarthost?

    Thanks in advance for your reply.

  27. Paul Mark

    Hi,

    I got SendMail 8.12 running as my email server. I plan to get Office 365 (Business Premium) with Exchange Online .

    I got 200 users and will migrate users in batches of 10.

    Can I have a shared name space with my Exchange Online and SendMail on premise ?

    Can I point my MS records to Exchange Online ?

    Is it possible to migrate mailboxes to exchange online ?

    Thanks,
    Paul

      1. Paul Mark

        Hi, Paul.

        Thanks for the information very useful.

        Can both on the on-premise (SendMail) & exchange online exist with a single name space?

        For example users 1 to 50 mailboxes are hosted on the SendMail server (on premise) while users 51 to 100 mailboxes are hosted on Exchange Online (on cloud)?

        The Same NameSpace
        Users 1 to 50 = userX@domainA.com (SendMail)
        Users 51 to 100 = userX@domainA.com (Exchange Online)

        On the first Quarter I plan to have some of my users migrated to Exchange Online while the rest will remain on premise.

        Appreciate any inputs or suggestions.

        Thanks,
        Paul

  28. Moutasim

    I did the same settings , and tried to send email from my local exchange(test@abc.com) to hosted email server(test1@abc.com i receive this error.

    Delivery has failed to these recipients or distribution lists:
    test1@abc.com
    Your message wasn’t delivered because of security policies. Microsoft Exchange will not try to redeliver this message for you. Please provide the following diagnostic text to your system administrator.
    The following organization rejected your message: mail19c40.carrierzone.com.
    ________________________________________

  29. Alexander Vererfve

    Hi Paul,

    We’ve configured free/busy between 3 domains (all with Exchange 2010 SP3), we have GALSync in place and a domain trust between all domains.

    We exported the autodiscover SCP to the all domains and configured the availability addressspace.

    The free/busy availability isn’t stable, suddenly it stops working from A to B , then from C to A, another day from B to A. Each time a request fails we see following error on the CAS server:

    Process Microsoft.Exchange.InfoWorker.Common.Delayed`1[System.String]: SMTP:XXX failed. Exception returned is Microsoft.Exchange.InfoWorker.Common.Availability.AutoDiscoverFailedException: Exceeded the number of Autodiscover redirections for e-mail SMTP:xxx. The maximum allowed redirections are 3. Name of the server where exception originated: xxx. This event may occur when Availability Service cannot discover an Availability Service in the remote forest.

    Any ideas how this can be resolved?

    Many thanks in advance!

    Alex

    1. Alex

      I’m getting the same behavior as Alexander Vererfve…between 2 trusted forests with org sharing in place. Free/busy lookups will sometimes work and sometimes not. Getting the same error as above. Alexander, did you get this resolved? and if so, how?
      Thanks

  30. Aruna Lakshitha

    Dear Paul,

    Thank you very much for the article. I have come cross with a situation like below.

    At this point some of users using Office365 free service and we have registered domain within Office365 . Unfortunately Microsoft remove free service and now we don’t have access to custom domain management.

    If we want to migrate some of the users from Office365 to In house Exchange servers we could use the solution that you have proposed. But when user who remaining in the Office365 need a send email to user who migrated to Exchange server then we have an issue. Email will not deliver to Exchange environment and it will give delivery failure error. Appreciate if you could give me a solution for this scenario.

    Thanks in advance.

    Regards,

    Aruna

    1. Avatar photo
      Paul Cunningham

      Not sure what “free Office 365” is but I would suggest you move *all* your users off a discontinued service, not just some.

  31. Alexander Vererfve

    Hi Paul,

    We have a two-way transitive Trust between 3 forests. I’ve configured GALsync with FIM and configured the availability service between the exchange servers (all 2010). Everything works and users can see calendars of users of the other forests.

    But now they want to use the same SMTP domain over the 3 exchange servers. Mailflow is workin: the shared SMTP domain is configured as an internal relay domain and is delivered to the other forests through Send connectors.

    The thing that isn’t working is the availability between the forests (all same primary SMTP domain). Is this even possible?

    Thx for your help!

    Alex

    1. Alexander Vererfve

      Hi Paul,

      I’ve got it working, was a permission issue.

      Forget to run this one in one of the forests ๐Ÿ™‚ :

      Get-ClientAccessServer | Add-ADPermission -AccessRights ExtendedRight -ExtendedRights “ms-Exch-EPI-Token-Serialization” -User “DOMAINExchange Servers”

  32. Matt

    I am planning a move for a client from GoDaddy to an internal Exchange 2013. I can just point the MX records to the new internal server, setup an external relay back to GoDaddy. If a user has a mailbox, their mail stays internal, otherwise goes to GoDaddy? If so, this would be great as 1/3 are outside sales. On the external relay, do you just put in IP of GoDaddy server? Do you know if this will work with GoDaddy?

    Matt

    1. Matt

      I also have a send connector going through a SmartHost. Do I need to change that? Or not use it for now until migration is complete? I am confused on how to set the send connector.

      Matt

  33. lee

    Hi paul,

    I have two diff companies merging to be one. Both are to change domain names to a new but the same name. For example domainA and domainB will have to discard both domain names to use domainZ as a single company in the nearest future. I have got office 365 for domainZ. Domain A and domain B are onsite on different locations.

    I have planned to configure mail forwarding from domainZ to push mails to the onsite domains, user by user so that all mails whether to new or old domains gets to the recipient on their respective old domains. this way, there would be local comm if ISP has issues.

    My challenge:
    How do I configure outgoing mails from the old domains (Domain A and Domain B) to bear the new namespace domainZ?

    OR

    what is the best way to receive emails for old and new domains but have non staff see only the new domain.

    An urgent response will be appreciated. Thanks in advance!

  34. Graham

    I’ve just done this on office 365 exchange online. Works like a dream. Just perfect. Thanks for the tip.

    1. Nelson

      Hi Graham,

      We are interested in setting this up as well. Both of our businesses are on Cloud Office 365. In your setup, di you set this up across two O365 online tenants?

  35. cstew

    Hi Paul,

    i want to move to exchange 2013 from 07. i’d really like to do it mailbox by mailbox, will your method work in the following scenario.

    1. install the new exchange server
    2. create the mailbox on the new exchange server (same email@domain.com address as the one on 07)
    3. disable the mailbox on the 07 server
    4. have your method deliver the email for that user to the new exchange server since the mailbox is no longer active on the old one.

    thanks

    1. Avatar photo
      Paul Cunningham

      This article refers to sharing an SMTP namespace between two separate email organizations.

      What you’re referring to can be achieved by doing an Exchange migration within the same organization. Refer to Microsoft’s Exchange Deployment Assistant for details of how to migrate from Exchange 2007 to 2013.

  36. Rich

    Any specific permissions needed on the remote Exchange receive connectors? I am unable to connect when the send connector is set to none for authentication.

    1. Avatar photo
      Paul Cunningham

      Sure, the receive connector would need to be configured to accept anonymous users if you don’t want to use authentication.

  37. ultimate

    Hi Paul and Guys,

    Is there any way to configure 2 SMTP Server (one Exchange 2013 and one Mdaemon 11) with two different domain (ie: abc.com and xyz.com) can forward to each-other users with same Alias?
    Example, I send email to boss@abc.com, it automatic forward to boss@xyz.com.
    Is Exchange 2013 able to do this? or Mdaemon?

    Thank you all.

    1. ultimate

      Hi All,

      I found a solution for exchange 2013 using forwardingsmtpaddress option in set-mailbox command.
      1. New-remotedomain xyz.com -DomainName xyz.com
      2. set-mailbox -identity boss@abc.com -ForwardingSmtpAddress boss@zyx.com -DeliverToMailboxAndForward $true

      I’m trying to find the way to do this on Mdaemon now..

  38. Mikey

    Hi.

    When sharing the SMTP name space with Linux:

    1. Where do you point the incoming traffic? To Exchange or Linux??
    2. How is Linux Sendmail is aware that some of the recipients exist on the exchange mail system?

    Thank

    1. Avatar photo
      Paul Cunningham

      1. I would usually send it to Exchange first because that is the system I’m most comfortable with. But really you should point the incoming traffic at whichever system has the majority of mailboxes.

      2. No idea. You’ll need to refer to some Sendmail doco or tutorials, sorry ๐Ÿ™‚

  39. Rajiv

    Hi,
    Can we use Zimbra on linux with Google apps sharing the same domain ,at least till all users are comfortable on zimbra.

    1. Avatar photo
      Paul Cunningham

      I have no information on namespace sharing for non-Exchange products or the steps that would be required to set it up on those products. That is something you should refer to the documentation for those systems to learn about.

  40. MB

    Hi Paul,

    I have a question/problem with split-delivery from Exchange to Google Apps. We are migrating users from Google Apps to Exchange 2013. We have changed MX records for our domain to point to our Exchange instance. On Exchange, we have two send connectors 1st for all email (*) with priority 2 and 2nd for @ourdomain.com as an internal relay through Google Apps smarthost, with priority 1.

    This was done so that, if the recipient has an Exchange mailbox in our organization, the email gets delivered to the user. If the recipient does not exist in our organization, the email gets relayed to Google Apps.

    What we are seeing is that sometimes, the email does not get delivered to the user’s mailbox in Exchange. It goes to their Google Apps mailbox instead. This does not happen all the time…it appears intermitten.

    Do you have any ideas as to what something like this would happen? Basically, we are mimicking this configuration:

    http://community.spiceworks.com/how_to/show/38537-ms-exchange-and-google-apps-split-delivery-for-single-domain-name-k-12-school-sample-shown

  41. Bishu

    Paul,

    Have similar question!

    We have 200 user in Google apps & another 100 in Exchange 2010. in both the domain name is same @sample.com. MX record are pointing to Google Apps, Split delivery is configured in Google apps & Google apps as primary & exchange as secondary.

    User in Google apps are able to send mail to exchange user, but user who are in exchange are not able to send emails to Google apps

    How we can resolve this issue?

    1. Avatar photo
      Paul Cunningham

      This very article explains how to configure the Exchange side of things.

      1. bishu naik

        getting this error:
        451 4.4.0 Primary target IP address responded with: “.” Attempted failover to alternate host, but that did not succeed

        1. Avatar photo
          Paul Cunningham

          More info please. What are you trying to achieve, what have you configured, when is the error appearing, what have you done to troubleshoot it so far?

  42. SteveTill

    Paul,

    Have a question regarding your example. When you said, “Two companies merge but maintain separate systems for a period of time”. I’m trying to visualize this and I’m having trouble. What do you mean by two companies merging and maintaining separate systems? When I hear this I think of two companies that have separate domains. Can you clarify a little more?

  43. Rajnish

    Hi Paul,

    I have read your article these are very helpful. I have a query here for one of our customer. They have Exchange 2010 (2 Mailbox in DAG, 2 HUB+CAS) in coexisting Exchange 2003. they want to use single domain namespace (@abc.com) Mail flow is working fine as mentioned below.

    1. Exchange 2003 to Exchange 2010 – working fine
    2. Exchange 2010 to Exchange 2003 – working fine
    3. Exchange 2003 to MDaemon (Using unresolved recipient in Exchange will forward mail to Mdaemon)
    4. Exchange 2003 to POP (It is on ISP level where the external user use to download email using POP)

    Point 1 and 2 is working fine without any fail. Problem here, Exchange 2003 is able to forward unresolved recipient to either 3 or 4 but not simultaneously to both,

    Customer wants to use both Mdaemon and ISP mail server with single domain namespace,

    Please help me out in this if possible anything suitable for such setup.

    Regards
    Rajnish

    1. Avatar photo
      Paul Cunningham

      You would need to pick one (MDaemon or the ISP) for Exchange to send to, then configure that one to forward unresolved recipients on to the next one.

      Eg, Exchange -> MDaemon -> ISP

      My guess is MDaemon will have that capability, but I wouldn’t know any more details about it.

      I wouldn’t consider it a good long term strategy either.

  44. Gandalfmagic

    Hi Paul,
    very good article.

    Can you tell me if you have found any problem by mixing user types in a single distribution group?

    I’m trying to mix them and only the local users of exchange server are delivered correctly.
    My other server is a linux with postfix, and the message seems to never reach it.

    Thank you

    1. ayman shabour

      dears
      we have to exchange2010 servers in different domain controller one in head office and another in another city,
      so we add contacts for city in head office and contacts for head office in the city site and made to send connectors and we are working fine..
      in head office they used MX record in mail host now they received mail to exchange after add external mail for user as replay and they sending and receiving out site and in site mail.
      but in the city we just received mail and when send any mail to out site(HOtmail) the mail rejected from the exchange in head office by these error
      550 5.7.1 unable to relay…
      any one can advice me plz
      shabour313@hotmail.com

  45. steve jensen

    Hi Paul,

    How does this work if you have split the domain across 3 or more organisations?

    Is the practical limit only 2?

    How does this affect mail loops?

    Mail In > Org A > Org B > Org C> Back to Org A > Outgoing mail?

    It’s doing my head in!

  46. Mangesh

    One problem what i have seen is :
    I have set my domain @abc.com as Internal relay from Authoratative.
    We have Exchange & Linux mail server running collaterally. So if mailbox is not present in Exchange mail will be delivered to Linux. So now if my Linux mail server is not running then email sent to non-existent exchange user say a@abc.com relayed to my internet mail gateway server for delivery using Organization send connector & gets into loop.

    I need to make my domain as Authoratative from Internal relay to revert NDR for non-existent emails.

  47. SST

    I am using Microsoft Exchange with the following problem. Can sense.com ( domain) receive all email and then forward to newtest.com(another domain)? For example, sent email to abc@sense.com , by the DNS, email will transfer to @sense.com first. And then seeking mailbox โ€œabcโ€. So can we forward all received email in sense.com to newtest.com(abc@sense.com forward to abc@newtest.com), even though abc@sense.com doesnโ€™t exist. Server can directly forward the mail to newtest.com (just change the domain name).
    Is it possible to do this

    1. Avatar photo
      Paul Cunningham

      If you want all the email for @sense.com to go to the @newtest.com server why not just point the MX records at the @newtest.com server and use an email address policy to assign the @sense.com email addresses to mailboxes on the server?

  48. Moumita

    Hi Paul,

    The above posted document is really very helpful.. We have configured a similar environment where we have exchange 2007 server as the Internet facing server and another Linux mail server sharing the same email domain. Now, we are facing issue while sending emails from Linux mail server to exchange server for internal recipients. Inbound and outbound external emails from both exchange and Linux is working fine. Even internal emails from exchange server (set as Internal relay and Linux server is configured as smart hosts) to Linux server is working fine. But internal mail from Linux to exchange is not working.

    Can you please help us resolving the issue or guide us what we need to configure in the Linux box (Postfix is configured as the SMTP service).

    1. Tan Nguyen

      I have same issue with Moumita whe configuring Share an email domain between Exchange and a non-Exchange system.
      Users from Exchange send mail to non-Exchange OK. But users from non-Exchange could not send email to Exchange.

      The ideal is that in the non-Exchange system, configure all email receive from clients relay directly to Exchange system. Then exchange can do the filter: deliver to Exchange user mailbox or relay back to non-Exchange if not exist in Exchange

      Currently I don know how to config non-Exchange relay all email to Exchange.(my system is Fortimail)

      1. Avatar photo
        Paul Cunningham

        I recommend you refer to your Fortimail documentation or contact their support.

  49. Meeus Jo

    Hello Paul,

    Iโ€™m the middle of a difficult and slow migration at the company.

    We have and old 2003 domain and exchange 2003 that we are going to abandon when the migration is complete. The mess was so big management decided to build an entire new domain beside the old domain and with a trust relationship copy the data over. The new domain has a new name, clean user accounts and new AD structure.
    Now we are going to setup a exchange 2013 in the new domain, but, we are stuck with the mail domain name on the old 2003 domain/exchange.
    Management wants the mails to arrive at the new exchange and the old exchange server.
    The users have the same mail address on both domains.
    Is there a way to pull this off thatโ€™s not over complicated, they like overcomplicated here.

    Kind regards,

    Jo

  50. Piotr

    HI Paul
    Similar question to above, however I may need to give further explanation of the problem.
    In our Exchange 2010 setup we have got 2 x mailbox/Hub transport servers (DAG created) and one CAS. we are also using Smartermail server. I have created 3 MX records in DNS – first two pointing to Hub Transport servers and third one to Smartermail.
    When the message comes to Exchange servers where split domain is configured and the user exist in Exchange – it is delivered. However, when the user on the same domain is located on Smartermail server, the message keeps floating on one of the servers and I can see EventID: Defer, Source content: loop detected.
    Setting up send connector with the split domain name works, but this is not ideal, as in hosting environment I will probably have quite few of those domains and would prefer to have it working without setting the connector manually.
    Is there any way to do so?
    Thanks
    Piotr

  51. Tim

    We have two organizations, both running Exchange 2010.

    If we share an email domain between the two can we set the primary SMTP address in both organizations as the same ?
    I want to be able to send email from both organizations as the same address

    Thank you !

  52. Riaan

    You need to add the users as well to the 2nd server after the setup of the relay.

  53. Pete

    I followed the setup but mail is not flowing between the 2 server. I am not getting a NDR from the emails they are just sitting in the queue. It looks like the mail is still going out thru the default send connector not the one setup in the relay. What can i do to fix this.

    thanks

    1. Avatar photo
      Paul Cunningham

      Check the costs on the send connectors. The default one should have a higher cost than the one for the specific domain.

  54. Dave Turner

    has anyone tried this on sbs2011?

    Our domain is located on godaddy and I have some users I left all users on godaddy and use exchange to pop in and pick up the email. I did this becuase we have over 20 email accounts that are email accounts which could haver lots of junk in them and are used by groups to email with. They aren’t regular employees so I just soon leave them off the server.

    I followed the step above but my email for the address located at godaddy are still getting kicked back say the email address does not exit. I configure the smarthost as smtpout.godaddy.com with authentication. I also set the port to port 80 using emsfor the godaddy send connector

    Thanks for your help

  55. Klaus Thorn

    thanks indeed!
    You saved me a lot of work (… typing transport rules for each user).

  56. itismd

    Hi all,
    I am new to exchange and i need help to resolve a situation. i’m installing exchange for our company and we already have an existing company hostin our website as well as email services.

    let say our domain is ourdomain.com an we are already recieving and sending emails using this domain.
    How do i configure exchange to work with the existing domain. i have installed svr 2008 and created AD with ourdomain.com. i have also installed exchange 2010 and am trying to configure the dns and mx records. please how do i link this up? Secondly how do i configure exchange for remote users who are not part of the local domian?
    An urgent response will higly be appreciated

    1. Dave Turner

      Did you figure this out? I need to the exact samething.

      Thanks

  57. HK

    Hi All,
    So what happens in the following scenario:
    Mail System 1=Microsoft Exchange 2010
    Mail System 2= Novel GroupWise

    Situation:
    Internal user on mail System 1 send an email to an internal user on Mail System 2 and vice versa?
    I am not sure it will work!
    Thanks for the reply

  58. Sam

    If Recipient filtering is enabled, I would suggest to create mail enabled user which will have AD account. By creating mail enabled user I was able to add email alias which did not worked for me when I had mail contact.

    I was also getting NDR with mail contact when there was no AD account for the user. So I have to create AD account to stop NDRs.

    In summary mail enabled user worked for me.

    Thanks
    Sam

  59. Riaan

    Hi All
    So I set up both servers with the internal relays and created contacts and it was working like a charm (6-7 months at least)…with emphasis on ‘was’. For some reason now I just piles up in the Queue. When I click on retry it wont deliver and then i get these silly messages in the event viewer that says that my certificates doesn’t match up with the FQDN. I tried to add the certificate again with enable-exchangecertificate but to no avail.
    PLEASE HELP ME !!!!

    1. Avatar photo
      Paul Cunningham

      Those “silly messages” might be a clue.

      It is all mail from your org to *anywhere* queuing? Or just mail from your org to the other org that shares your namespace?

      The queue viewer should also be revealing to you why the messages aren’t delivering (eg “unable to connect” or a specific error code and message).

  60. Tim Saunders

    Hi Paul,
    First I would like to say this is a great thread. I have learned alot just from the posts here. I have a scenario I would like to get your opinion about.

    Company A and Company B are divesting. Company A has moved to new physical location seperate from Company B. Company A owns the Domain Name/MX Record for Exchange. Company B owns the existing mail boxes for all the users that moved to Company A. Company A is moving to cloud environment with Office 365. Company B is keeping existing environment entact.

    I need to migrate all mailboxes from Company B over to Company A. I need to route the MX record to point to new exchange environment in Company A. Company B needs to continue to receive email through the Domain Name owned by Company A for a period of time.

    What are you suggestions and opionion of how this should be handled?

    1. Tim Saunders

      In addition is there a dependency on migrating end user accounts in AD before the Exchange mailboxes or do these have to be done in parallel?

  61. Anshu

    HI Paul,
    Post is very helpful. I have one query. When creating smtp addresses via RUS for new namespace (@examle.com) it is possible that same username (Abc G) is present in both organisations and abc.g@example.com will then we created in both organisations. How can we resolve this.
    Thanks,
    Anshu

  62. Greg

    Hi,

    Hopefully you can help me, we have 2 sites – 2 seperate AD domain and are trying to configure the above so that we can use 1 single email domain for both sites (we have a Branch Office VPN between the sites). We have setup the Source Exchange Server as above and disabled recipient filtering on both Servers but still cannot get this to work correctly. What does the authentication method for the Smart Host Connector need to be?

    Thanks in advance!

    Greg

  63. bluej

    I am working on the similar project like what you described here. SMTP domain @example.com is shared by server A and server B. Server A is Exchange 2003 while Server B is Exchange 2010. The two servers are in diffirent forest. The MX record pointing to Server A. @example.com is setup as accept domain but not authroized domain on server A, the coresponding SMTP connector is setup from server A to server B. So the mail flow is no problem from Internet to server A and then server B. But I am confused how could server B to send email someone@example.com to server A? because server B is authorized for example.com. Will it generate NDR?

    1. Avatar photo
      Paul Cunningham

      Hi bluej, if you want the shared name space to be bi-directional then you’d need to set up the correct config on each site. So for example you’ve already done the 2003 side by the sounds of it, you’d then just need to set the domain as an Internal Relay domain on the 2010 side and configure a Send Connector for that name space.

      1. Zannuzi

        Wont this create an infinite loop between server A and serverB?

      2. Avatar photo
        Paul Cunningham

        Hi Zannuzi, yes it can, though Exchange has infinite loop detection and will eventually drop the message (I think it does so after 30 loops by default).

  64. Don

    Hi Paul,
    We currently have our exchange mail system (mail.com) hosted by another company. I setup an exchange server here on site (mail.net) and everything is working fine. However, soon I need to migrate the mail.com address completely over to our servers. Could you give me your recommendation on the easiest way to do this without any configuration changes on the other end?
    Thanks, Don

    1. Avatar photo
      Paul Cunningham

      Don, once you point the MX records at your own server you’ll start receiving the email to your server (after DNS refresh delay – suggest turning the TTL for your MX record down to 5 minutes a few days in advance of the cutover).

  65. Josh

    Paul

    Do you have any suggestions how how to deal with a split namespace between two Exchange 2010 organizations? Right now if i set @domainA.com as the primary SMTP for the users in Domain B we get all kinds of autodiscover issues (for the users in Domain B)

      1. Josh

        Well because autodiscover.domainA.com points to a different forrest the users in Domain B lose out of office, calendar ability etc.

        I’ve found a “work around” that involves a reg key for @domainA.com pointing to a local autodiscover XML file and a uRL redired to autodiscover.domainb.com and it seems to work, I’m just wondering if there is a better solution?

  66. Blair Muller

    Hey there,

    In this setup, can I setup a new email account on any exchange server or does it need to be setup on the primary MX exchange server?

    1. Avatar photo
      Paul Cunningham

      If you’re sharing a namespace across two different orgs? You can put a new mailbox in either one, just pick the one that makes the most sense (eg if it is location-based, or departmental-based).

      Usually the shared namespace is a temporary solution while a merger/consolidation is going on, so if that is in your future plans perhaps just create all new mailboxes in the org that will be the one that everything merges into.

  67. Manoj

    Hi Paul,

    Perfect!
    we created mail users without mail box and it is working fine.
    Thanks.

    Manoj

  68. Sylvain Gagnon

    Thanks a lot. Got it to work in no time. Our incoming mail gateway is a Linux box running Sendmail and it does ldap queries against our AD directory for name validation, Beside the steps here, I only had to change the cost of my ‘Internet Send Connector’ to 2 so it would check against the specified domain name in my ‘Internal Relay’ (cost of 1) first. When both had a cost of 1, I would still get NDR.

    1. Manoj

      Excellent!
      Every thing works fine, we do have similar setup as Sylvain mentioned in last comment i.e. incoming gateway is linux with ldap. There are about 100 users in linux and almost same in Exchange 2010.

      Now problem is, how do i show up linux mail users in GAL?

  69. Ben McHutchison

    Hi Scott,

    I have two issues (in my new share smtp namespace between exch 03 & exch10),
    one of which your posts above regarding the ability to route unresolved names to a particular host fixed the NDR issues i was having. Thanks heaps….

    but the remaining issue i have now is recieving an email externally to an email address that exists on a second exchange server running 2010 sharing the same namespace. When you email a user on the exchange 2010 organisation you a system undeliverable stating;

    The e-mail account does not exist at the organization this message was sent to. Check the e-mail address, or contact the recipient directly to find out the correct address.

    When the user does exist on the exchange 2010 server its the exchange 2003 server which excepts port 25, somewhere is not “forwarding it to the exchange 2010”

    Yet emails internally between organisations work fine in any direction. Any ideas ? thx Ben

  70. Scott Thomson

    Thanks for the pointers, I was sharing between Exchange 2007 and our old Exchange 2000 server, I needed to migrate away from an empty root domain and a new company name so set up new forest and wanted to migrate.

    I was getting the NDRs when trying to send from old Exchange to new Exchange, but mail was flowing from new to old perfectly.

    In my case I fixed this by the settings in the Virtual SMTP server in Exchange 2000. There is an option to route unresolved names to a particular host. In this case the new Exchange 2007 server in the new forest. Mail flow works both ways now.

    Now to get GALsync working.

  71. Avatar photo
    Paul Cunningham

    I’ve just updated the post to explain why NDRs occur in some situations when SMTP namespace sharing is implemented. The common cause seems to be due to recipient filtering.

  72. JL

    I’m trying to do the exact same thing as we have 2 orgs and want mail for domainB to route via domainA and mailboxes are spilt between the 2 domains i.e. some in domainA and some in domainB. So we’ve got an accepted domain for domainB as internal relay and a corresponding connector set to relay mail to domainb via it’s smarthost. It works if we have a contact object in domainA only if not we get an unknown address 550 NDR.

    Some posts I read say we don’t need contacts (like yours) and some say we need that or at least gal sync in between the 2 orgs. What gives? Even MS says you don’t need it:

    http://technet.microsoft.com/en-us/library/bb676395%28EXCHG.80%29.aspx

    But it won’t work unless you do.

  73. Avatar photo
    Paul Cunningham

    iamme, I’ve never had a problem like you describe, it has always worked fine for me as shown in the article. I’ve never had to resort to using Contacts to handle the email forwarding.

    You might be thinking of using Contacts so that user in the other domain show up in the GAL. There are other ways of syncing the GAL between orgs that don’t require you to create Contacts.

    And yes, for any local recipient to receive email to a given domain you will either need an Email Address Policy to assign them addresses, or manually assign them.

    However, it is the Accepted Domain that controls whether or not the Exchange org accepts mail for the domain and what it does with it, not the EAP. So the lack of an EAP doesn’t necessarily make the Accepted Domain “useless”.

    It really is very simple to set up shared SMTP namespace between to orgs like this so I’m not sure why you’ve heard so many bad stories.

    1. lasseboo

      Hi,

      thanx for your documentation! But I havent heard bad stories, I am experiencing them :

      I sat up shared namespace yesterday (Exchange 2007 on SBS 2008) after your doc and those from Microsoft, but it works only well for new addresses.

      That means, I deleted old.user@foo.bar from the SBS-Console, checked that all emailaddresses have disappeared in ADDS and Exchange Console, Addressbook-Lookup is disabled, I restarted the Exchange, waited for some hours – but I still get an NDR from the local Exchange when trying to send a mail to old.user@foo.bar.

      But the Send Connector works, because when I am sending a mail to a formerly not existing emailaddress (f. ex. some.user@foo.bar) that is neither present in the local Exchange, it will be delivered to the SmartHost.

      All local addresses *@foo.bar here at the local Exchange are still working well. But there seems to be some cashed addresses (or I forgot something), because all deleted addresses from the SBS / Exchange will produce a NDR when someone sends an email to them ๐Ÿ™

      Any ideas … ?!

      thanx in advance

      lasseboo

        1. lasseboo

          Hi, Paul,

          thanx for your reply – after all those years ๐Ÿ™‚

          But this isnt the failure: I used a freshly new account on an old XP-machine, i.e. an account that never before used the (deleted) addresses.

          And I did not use the autocomplete-function where I only have to set in:

          user.name

          at the addressbar in Outlook and let do the system the work to complete it. I used the full address:

          user.name@our-exchange.bar

          And the NDR is like this:

          Generierender Server: exchange.foo.bar

          IMCEAEX-_O=FIRST+20ORGANIZATION_OU=EXCHANGE+20ADMINISTRATIVE+20GROUP+20+28FYDIBOHF23SPDLT+29_CN=RECIPIENTS_CN=Michael+2Eexchange.foo.bar
          #550 5.1.1 RESOLVER.ADR.ExRecipNotFound; not found ##

          This NDR is from an email to a further locally address that I never sent mails to from my account before.

          Still it is possible to send an email to existing.user@foo.bar, and to send an emaikl to completely-locally-unknown.user@foo.bar, the first will be delivered locally and the latter send to the Smarthost which serves foo.bar, our shared namespace.

          Any ideas … ?!

          Thanx in advance! ๐Ÿ™‚

        2. Avatar photo
          Paul Cunningham

          That is the IMCEAX issue. Read the link I posted in my earlier comment.

        3. lasseboo

          Hi, Paul,

          thanx again for your hints! Seems now solved with a remaining part at the clients – bad ๐Ÿ™

          What we did so far to get it working:

          1) set the domain from Authoritative to InternalRelay:

          Set-AcceptedDomain unser-exchange.de -DomainType InternalRelay

          or, according to Microsoft:

          New-AcceptedDomain -Name “unser-exchange.de” -DomainName unser-exchange.de -DomainType InternalRelay

          2) create an external send connector:

          New-SendConnector -Name “Internal Relay” -Internet -AddressSpace unser-exchange.de -DNSRoutingEnabled $false -SmartHosts mx.extern.de-SmartHostAuthMechanism ExternalAuthoritative -MaxMessageSize 20MB

          or, according to Microsoft:

          New-SendConnector -Name “Internal Relay” -Custom -AddressSpaces unser-exchange.de -SmartHosts mx.extern.de -SourceTransportServers ex2007.mycompany.local

          3) Since the domain existed before, we hab to disable the addressbook requests:

          Get-AcceptedDomain | select name,domaintype,addressbookenabled
          Set-AcceptedDomain unser-exchange.de -AddressBookEnabled $false

          4) Stopping Recipient filtering

          5) Than these steps in the Exchange Shell:

          Get-EmailAddressPolicy | Update-EmailAddressPolicy
          Get-AddressList | Update-AddressList
          Get-GlobalAddressList | Update-GlobalAddressList
          get-mailbox | set-mailbox -applymandantoryproperties

          6) With all these we are now more or less able to send mails from the “old” exchange to a moved user at the new Exchange in the shared namespace – but not reliable! It works sometimes, sometimes not.

          When connecting to the Exchange with a freshly new account, it is possible to send mails to the “old” (moved) users. At the other systems at the “old” office, it is now sometimes possible, sometimes not.

          At some machines it was necessary to delete the moved users from the autocompletion in the “To:”-line, but at some machines that did not help. We donยดt like to delete the whole auto completion (i.e. NK2 or suggested contacts). The solution would be, that a user from the new Exchange (that means, with an “orphaned” account from the “old” Exchange) send a mail to a user at the “old” office – a reply than will be send as it should.

          So it is solved more or less – I must admit that I did not understand the “X 500-Proxyaddress for the attribute LegacyExchangeDN” at all : Maybe this would have been a cleaner solution, but I was not sure if it is necessary to create a X500-address for each moved user or if it is possible to create a “global” rule. And since this is a deeper operation at the heart of the ADS I did not give it a try โ€ฆ

          Again, thanx for your help and best regards

  74. iamme

    Don’t you have to have contacts in the local Exchange forest for it to forward to the target environment? I’ve heard of people doing this, it failing, and needing to create contacts that will handle the e-mail addresses that come in that will then have the forwarding address that will then use the Send Connector. And I’ve heard that you also need an e-mail address policy as well otherwise the Accepted Domain will be useless. Do you know whether these are true?

  75. Exch2007Admin

    Quick question: When changing the DomainType from “Authoritative” to “InternalRelay” this will not impede mail flow in anyway will it?

    1. Avatar photo
      Paul Cunningham

      I’ve never had a problem with it, but as with all changes I suggest you schedule it for a low impact time of day and have a test/rollback plan ready just in case.

Leave a Reply