In some situations it is necessary to share an email domain between two distinct email systems. This is referred to as Shared SMTP Namespace and is common when:
- Two companies merge but maintain separate systems for a period of time
- Non-Exchange systems are involved in the email environment, eg a Unix Sendmail server
Because Exchange Server handles this so easily it is generally best to send email to that domain name to the Exchange server first, and then let Exchange determine which recipients are local and which need to be sent on to another host.
First take a look at the domain name that you want to share. It is likely configured as an Authoritative domain in your Accepted Domains list.
[PS] C:\>Get-AcceptedDomain | fl domainname, *type* DomainName : mycompany.local DomainType : Authoritative
To share the namespace we simply change the DomainType to Internal Relay.
[PS] C:\>Set-AcceptedDomain mycompany.local -DomainType InternalRelay
Now that the domain type has been changed we need a Send Connector to tell Exchange where to send the emails that do not have a local recipient.
[PS] C:\>New-SendConnector -Name "Internal Relay" -Custom -AddressSpaces mycompany.local -SmartHosts 10.8.0.25 -SourceTransportServers ex2007.mycompany.local Identity AddressSpaces Enabled -------- ------------- ------- Internal Relay {smtp:mycompany.local;1} True
In that example the IP address of the other email system is 10.8.0.25, and the Hub Transport server to use to send the emails is ex2007.mycompany.local.
Now when an email arrives on the Exchange server that has no matching local recipient address, it will forward it on to the other mail system for delivery.
Update: In the comments below and via email some readers have described situations in which this does not work as simply as I outline above. The most common scenario reported to me is that it doesn’t work without setting up Contacts in each organization for the users in the other organization. Without those Contacts emails to recipients in the other organization result in an NDR.
This can happen when recipient filtering is occuring on the Exchange servers, or on a server running a third party anti-spam product, that rejects email that is addressed to invalid recipients. This check is usually performed with an LDAP lookup against Active Directory. However in a shared SMTP namespace scenario like this, any given Active Directory does not contain all of the valid recipients for all of the organizations sharing the namespace.
So to avoid NDRs when using shared SMTP namespace you will need to either disable recipient filtering, configure the product to do LDAP queries against all directories that share the namespace, or create Contacts.
When the shared namespace is no longer required for your organization you can decommission it following the process here.
Pingback: Microsoft Releasing Cross-Tenant Domain Sharing Preview for Exchange OnlineΒ
Pingback: Using Email Address Rewrite to Alleviate Domain Sharing Challenges
I’ve been trying to come up with a better solution to our Exchange and I think this article would work but just wanted to run this by you just in case.
I manage a domain that is basically a sister domain to another organization (government entities). My domain looks like “sub.domain.gov” and the other domain is “domain.gov”. From a namespace perspective we look like a subdomain but we are not, we are separate domains with a trust setup between the two. They host email for us so here is my problem.
When we create users we have to wait for the other domain to create their mailbox on their Exchange server and link the mailbox to our user’s AD account. This can sometimes take days and sometimes weeks to accomplish which is frustrating for us and the user. We have our own Exchange server that we use during the initial user setup to send them a link to their annual security training, completely stupid I know. So once their main email is created we have to go back into the user profile and setup their actual email stuff for Outlook.
My question is, could this article potentially resolve this issue? I just want to create their account and setup their Outlook once and have it so if someone sends an email to “username@domain.gov” it will land in their mailbox at “username@sub.domain.gov”.
If this would work, how would setting this up affect the users setup the old stupid way? Thank you for your time reading this and hopefully it made some sense.
Hello Paul,
We have a centralized hybrid exchane environment. We use a local barracuda appliance and that is why we used centralized. We will eventually move all cloud but we need to resolve a few issues first. Historically we use our local cas as an smtp server for many of our applications SQL alerts PRTG alerts ect. We have one server that needs the ability to send email external support rather than an internal team but for some reason we are unable to get the mail to route out of our exchane server. Currently we send email from that server with an inbound connector that allows anonymous email sent from the server IP Address to the CAS. Any ideas as to how this can work?
I think this will work:
new-transportrule “Loop detect – Set X-Loop =1” -SetHeaderName “X-Loop” -SetHeaderValue 1 -Comments “Prevents Loop Storm” -Enabled:$True
This is a merger. We want to get the old Exchange org users moved over. First we need to share the namespace. Your instructions just mention making changes on the authoritative domain side. I can see where email will find it’s way to users in the ‘remote’ org based on the settings you specify.
However, you don’t mention making any changes on the ‘remote’ org. Should the ‘original’ email domain not also be added as type ‘internal relay’ in ‘remote’ org and a send connector also added, pointing back to the ‘original’ org? Maybe I’m overthinking it. I guess my short question is, should anything be added to ‘remote’ org as well?
The Real Person!
The Real Person!
Yes, you’ll need to make the same configuration on the other side as well. Now you’ve got an infinite loop condition, so you also need to add transport/mail flow rules to each organization to set a custom header to enable loop conditions to be detected and stopped.
My Google skills have left for the weekend so hopefully you’re able to find an article explaining that in more detail.
Thanks Paul. Putting change in tonight. I’ve seen articles for the transport rules. I’ll get those in place when I make the change. Appreciate the feedback!
Can an SMTP Namepsace be shared with more than one exchange server?
The Real Person!
The Real Person!
Depends what you mean by “server”. Perhaps what you mean is “organization”? An Exchange organization can have multiple servers, that’s normal and it’s not SMTP namespace sharing.
SMTP namespace sharing can be configured between multiple organizations. More than two gets complicated.
Dear Paul,
I tried to set up an Internal Relay and a connector, as you described. I sent several test emails and most of them where received successfully on the second email server where we are going to move.
The first email got into spam folder, some got into Inbox as intended, but emails from mail.ru domain were not received at all. I see them in log files of Exchange server. I guess they where rejected because of strict SPF policy. Mail.ru domain doesn’t let any other servers to send emails from it name. And while relaying, our current server is recognised as sending server.
Send log file says:
<,550 5.7.1 Email rejected per DMARC policy for mail.ru 1512218519-qv7ezIKsaf-frL0vxRM,
Is there anything I can do about it?
The Real Person!
The Real Person!
Perhaps you can configure your antispam software to bypass filtering for emails coming from that Exchange server.
Unfortunately, I can’t. It’s a service like Gmail for business, that doesn’t have such settings.
Hi Paul,
Great article.
but i have question, in your article use exchange on premises, can i deploy share email domain with two mail system mdaemon (250 users) and exchange online office 365 (250 users) ?
Thanks
Novih
The Real Person!
The Real Person!
Yes but I have no idea what would be required on the MDaemon side of that setup.
Hi Paul,
In Exchange 2016
We want to relay all outside e-mails, including local to local. For example our exchange has two users: user1@la3des.com, and user2@la3des.com. I want to route all sent emails including user1 sent to user2. How to achieve this?
Send connectors can not able to relay. I tried to internal relay domain. However it routes outgoing non-existing ones. I want existing mailboxes too.
Hello Paul,
I want to share same SMTP domain to 4 exchange organization. If I create Internal relay accepted domain and send connector will it work. Can I create single send connector and add all 3 exchange infra smart host IP and add domain name.
Could you please help me how the send connector will fall back to next smart host.
Hi Paul,
Greetings for the day.
i have one query for exchange server. There is 2 CAS server in my organization and i want to define mail routing for alternate basis. Is it possible to use one CAS for one mail routing and another available CAS server for next mail routing.
Thanks
Is there a way to keep your domain name and have emails on the cloud and a server? For example, one business splits into two and they want to keep the same domain and emails but half will be using a server and the other half now runs their programs including email from the cloud. Is this possible or will you not be able to keep the domain name?
The Real Person!
The Real Person!
What you’re describing is what is known as a hybrid configuration.
https://www.practical365.com/exchange-server/hybrid-exchange-office-365/
Hi Paul,
I would like to migrate my email server iPlanet to Exchange Server.
Could you please suggest to me a tools (Offline) that can do this operation.
Many thank’s
Hi Paul,
I have two separate domains. The old domain accepts email with the new domain address. The new one does too. So thank you for this post, so when I migrate users, they will continue to get their email.
I am getting an error on the third step.
“Exchange server “MyOtherExchServerName.FQDN” was not found. Please make sure you typed the name correctly.”
I can ping the server, so I know it is typed correctly.
Both domains have Exchange 2016
I found out what I did wrong, disregard…. sorry
What will be needed to communicate between two different mail servers because the domain is found in blacklist. Thank you for your help.
The Real Person!
The Real Person!
Work with the blacklist provider to resolve whatever problem caused you to be blacklisted.
Hello Paul
What i need to configure that the second Exchange Server (other Company) can send mails ( shared E-Mail Domain) over the Internet-SendConnector on the first Exchange Server? Thanks for your help.
Paul,
You mention “There are other ways of syncing the GAL between orgs”. Is it possible to elaborate on this? We are doing a cross-forest migration from 2003, 2010 to 2013. We’d like to get the GAL and Free/Busy available during the migration if possible.
I thought federation may work between 2010 and 2013 but since it will be the same root domain I cannot seem to get it to work.
The Real Person!
The Real Person!
There are several third party sync tools available for GAL sync scenarios. I can’t recommend one over another because they vary in features and suitability for different scenarios.
How would forward email from one accepted domain to another? Here’s the scenario: company in Exchange 2013 hybrid mode – migrating mailboxes and public folders to Office 365. Our internal domain namespace is local.company.com and externally, our email address is company.com. Both local.company.com and company.com are accepted domains in our Exchange 2013 but NOT in our Office 365 tenant.
Problem is, we have a myriad of in-house applications send emails to recipients with “@local.company.com”. Is there a way to send emails destined for “@local.company.com” to “@company.com”?
The Real Person!
The Real Person!
You should add local.company.com to Office 365 as well, in your case.
Other than adding local.company.com to Office 365, is there another way?
The Real Person!
The Real Person!
What’s wrong with doing it that way? That’s how it should work.
hello
I did the following:
create debian 8 virtual machine on ms azure portal with fixed public address
enable incoming 25 port in iptables for ms address (below)
configure name resolution
configue exim header rewrite
E rewrite all envelope fields
F rewrite the envelope From field
T rewrite the envelope To field
b rewrite the Bcc: header
c rewrite the Cc: header
f rewrite the From: header
h rewrite all headers
r rewrite the Reply-To: header
s rewrite the Sender: header
t rewrite the To: header
begin rewrite
*@fromdomain.com $1@todomain.com Ffrsbc
*@secondfromdomain.com $1@secondtodomain.com Ffrsbc
etc …
add office 365 to relay hosts
hostlist relay_from_hosts = 127.0.0.1 :*.outbound.protection.outlook.com
#https://db-ip.com/all/213.199.154 , 213.199.154.0/24 -ms outlook addresses
configure office 365
create mail flow rule or for specific case ,
or send ALL outgoing e-mail to virtual machine
thats all
you outgoing e-mails domain name is changed
Hi Paul,
If we have two Exchange orgs sharing SMTP space, one of them configured as Internal Relay (OrgA) and the other as Authoritative (OrgB), what happens if a user from OrgB sends to OrgA?
Would it be an NDR? Do we need users from OrgA configured as external contacts in OrgB?
If we had both orgs configured as Internal Relay would it cause a message loop?
Thanks.
Alex
The Real Person!
The Real Person!
You’ll need to set it as internal relay in both orgs for bi-directional mail flow.
You can use a transport rule to detect and break loops. Set a header that you can then detect and drop messages if necessary.
Hi.
I need a big help to config my exchange server.
Anyone? please
Hi Paul,
You said in your article:
“Now when an email arrives on the Exchange server that has no matching local recipient address, it will forward it on to the other mail system for delivery.”
Does this mean that i have to:
– remove the contact from the local exchange server?
– setup the main SMTP email address for that user on the new server to xxx@ex2007.mycompany.local ?
And finally, when creating the new Send connector, can the new/remote server be in the could (Microsoft online)?
New-SendConnector -Name “Internal Relay” -Custom -AddressSpaces mycompany.local -SmartHosts “CLOUD” -SourceTransportServers ex2007.mycompany.local
The problem with this, how do i allow users from the cloud to send emails with the original domain name @mycompany.local ? There will be SFP issues.
Thank you for your help
Best
Ludovic
The Real Person!
The Real Person!
If you’re trying to set up Office 365 to work with an on-prem Exchange organization you really should be looking at deploying a Hybrid configuration.
Hi Paul,
I have a single domain and I want to host my domain on two server one is exchange server and second cpanel
And I want half email on exchange server other on cpanel . plz suggest is it workable or not
Hi Paul,
I have been able to get the shared SMTP namespace working perfectly in my lab and I want to get GAL sync and availability services working as well. I understand what needs to happen to configure GalSync and availability services in a normal situation, but wondering how to get it working with the shared namespace or if it is even an issue and I am just over thinking it. I know autodiscover needs to also be working and can get it working internally by running Export-AutoDiscoverConfig in each domain and configuring internal DNS correctly. Looking for any information that will help me to get this all working. The two environments will keep this configuration moving forward. Thanks in advance.
Hi,
I have some issue in “Internal Relay Domain” configuration. My scenario is sharing the same SMTP name space between my in house Exchange 2010 and Google. The given below are the Two issue
1. Unable to limit Max Recipient per message to 10 (Set the restrictions on Organisation, Receive Connector, Mailbox)
2. External Users not getting NDR from in house server
The configuration was
First mail come to Google(MX point to Google) if user not available it will forward to in house. In House Exchange user can Send mails directly to Internet not via Smart Host.
Thanks in advance.
What about outbound? This will work with email coming in, but what if we want to route a portion of all internet email for certain users outbound. I would like to route all Internet email for some people to flow through a different gateway and leave all the other people sending out through the existing smarthost config.
Is there a way to only send email from a subset of people through a different smarthost config?
The Real Person!
The Real Person!
No. Send connectors are destination-based, not source-based.
Hi, Paul,
I have two On-premises exchange serves , + one lotus domino and MDaemon server ,which will user Same shared SMTP domain.
my requirement is when email receive in exchange, if mailbox is not available then it will forward to lotus & mdeamon server
I have created mail-content for Lotus & domino users , and i have crated accepted domain (internal -relay )for both the servers like domino.abcd.com and Mdeamon.abcd.com and i have set secondary smtp address in mail-content … and created send connector
But still i am unable to get email in lotus & Mdemon
Please advise .. what i am doing wrong and what i am missing to do configuration
Hey,
I want to migrate from a local mail-server (zarafa on a linux machine) to Office 365 in the cloud.
It will take a couple of days to migrate all user mailboxes to the O365 environment so I want a temporary solution to share the domain between both mail-servers.
I added my domainname to Office 365 and has set the type as Internal Relay.
Now I want to add my outbound connector, but I’m not sure what I need to use as SmartHosts and SourceTransportServers (-SmartHosts 10.8.0.25 -SourceTransportServers ex2007.mycompany.local)? Do I need the IP and domainname from my current local mailserver? Do I need to configure my local mailserver to act as a Smarthost?
Thanks in advance for your reply.
Hi,
I got SendMail 8.12 running as my email server. I plan to get Office 365 (Business Premium) with Exchange Online .
I got 200 users and will migrate users in batches of 10.
Can I have a shared name space with my Exchange Online and SendMail on premise ?
Can I point my MS records to Exchange Online ?
Is it possible to migrate mailboxes to exchange online ?
Thanks,
Paul
The Real Person!
The Real Person!
You can migrate to Office 365 from any IMAP-capable mail system.
https://technet.microsoft.com/en-us/library/jj874015(v=exchg.150).aspx
Hi, Paul.
Thanks for the information very useful.
Can both on the on-premise (SendMail) & exchange online exist with a single name space?
For example users 1 to 50 mailboxes are hosted on the SendMail server (on premise) while users 51 to 100 mailboxes are hosted on Exchange Online (on cloud)?
The Same NameSpace
Users 1 to 50 = userX@domainA.com (SendMail)
Users 51 to 100 = userX@domainA.com (Exchange Online)
On the first Quarter I plan to have some of my users migrated to Exchange Online while the rest will remain on premise.
Appreciate any inputs or suggestions.
Thanks,
Paul
I did the same settings , and tried to send email from my local exchange(test@abc.com) to hosted email server(test1@abc.com i receive this error.
Delivery has failed to these recipients or distribution lists:
test1@abc.com
Your message wasn’t delivered because of security policies. Microsoft Exchange will not try to redeliver this message for you. Please provide the following diagnostic text to your system administrator.
The following organization rejected your message: mail19c40.carrierzone.com.
________________________________________
Hi Paul,
We’ve configured free/busy between 3 domains (all with Exchange 2010 SP3), we have GALSync in place and a domain trust between all domains.
We exported the autodiscover SCP to the all domains and configured the availability addressspace.
The free/busy availability isn’t stable, suddenly it stops working from A to B , then from C to A, another day from B to A. Each time a request fails we see following error on the CAS server:
Process Microsoft.Exchange.InfoWorker.Common.Delayed`1[System.String]: SMTP:XXX failed. Exception returned is Microsoft.Exchange.InfoWorker.Common.Availability.AutoDiscoverFailedException: Exceeded the number of Autodiscover redirections for e-mail SMTP:xxx. The maximum allowed redirections are 3. Name of the server where exception originated: xxx. This event may occur when Availability Service cannot discover an Availability Service in the remote forest.
Any ideas how this can be resolved?
Many thanks in advance!
Alex
I’m getting the same behavior as Alexander Vererfve…between 2 trusted forests with org sharing in place. Free/busy lookups will sometimes work and sometimes not. Getting the same error as above. Alexander, did you get this resolved? and if so, how?
Thanks
Dear Paul,
Thank you very much for the article. I have come cross with a situation like below.
At this point some of users using Office365 free service and we have registered domain within Office365 . Unfortunately Microsoft remove free service and now we don’t have access to custom domain management.
If we want to migrate some of the users from Office365 to In house Exchange servers we could use the solution that you have proposed. But when user who remaining in the Office365 need a send email to user who migrated to Exchange server then we have an issue. Email will not deliver to Exchange environment and it will give delivery failure error. Appreciate if you could give me a solution for this scenario.
Thanks in advance.
Regards,
Aruna
The Real Person!
The Real Person!
Not sure what “free Office 365” is but I would suggest you move *all* your users off a discontinued service, not just some.
Hi Paul,
We have a two-way transitive Trust between 3 forests. I’ve configured GALsync with FIM and configured the availability service between the exchange servers (all 2010). Everything works and users can see calendars of users of the other forests.
But now they want to use the same SMTP domain over the 3 exchange servers. Mailflow is workin: the shared SMTP domain is configured as an internal relay domain and is delivered to the other forests through Send connectors.
The thing that isn’t working is the availability between the forests (all same primary SMTP domain). Is this even possible?
Thx for your help!
Alex
Hi Paul,
I’ve got it working, was a permission issue.
Forget to run this one in one of the forests π :
Get-ClientAccessServer | Add-ADPermission -AccessRights ExtendedRight -ExtendedRights “ms-Exch-EPI-Token-Serialization” -User “DOMAINExchange Servers”
I am planning a move for a client from GoDaddy to an internal Exchange 2013. I can just point the MX records to the new internal server, setup an external relay back to GoDaddy. If a user has a mailbox, their mail stays internal, otherwise goes to GoDaddy? If so, this would be great as 1/3 are outside sales. On the external relay, do you just put in IP of GoDaddy server? Do you know if this will work with GoDaddy?
Matt
I also have a send connector going through a SmartHost. Do I need to change that? Or not use it for now until migration is complete? I am confused on how to set the send connector.
Matt
Hi paul,
I have two diff companies merging to be one. Both are to change domain names to a new but the same name. For example domainA and domainB will have to discard both domain names to use domainZ as a single company in the nearest future. I have got office 365 for domainZ. Domain A and domain B are onsite on different locations.
I have planned to configure mail forwarding from domainZ to push mails to the onsite domains, user by user so that all mails whether to new or old domains gets to the recipient on their respective old domains. this way, there would be local comm if ISP has issues.
My challenge:
How do I configure outgoing mails from the old domains (Domain A and Domain B) to bear the new namespace domainZ?
OR
what is the best way to receive emails for old and new domains but have non staff see only the new domain.
An urgent response will be appreciated. Thanks in advance!
The Real Person!
The Real Person!
Sounds like you’re planning to migrate multiple forests/orgs into Office 365? I would start by reading this:
http://technet.microsoft.com/library/jj873754(v=exchg.150).aspx
Pingback: auto junkyards north atlanta
Pingback: iberostar.com fandango promotional code fandango movie
I’ve just done this on office 365 exchange online. Works like a dream. Just perfect. Thanks for the tip.
Hi Graham,
We are interested in setting this up as well. Both of our businesses are on Cloud Office 365. In your setup, di you set this up across two O365 online tenants?
Hi Paul,
i want to move to exchange 2013 from 07. i’d really like to do it mailbox by mailbox, will your method work in the following scenario.
1. install the new exchange server
2. create the mailbox on the new exchange server (same email@domain.com address as the one on 07)
3. disable the mailbox on the 07 server
4. have your method deliver the email for that user to the new exchange server since the mailbox is no longer active on the old one.
thanks
The Real Person!
The Real Person!
This article refers to sharing an SMTP namespace between two separate email organizations.
What you’re referring to can be achieved by doing an Exchange migration within the same organization. Refer to Microsoft’s Exchange Deployment Assistant for details of how to migrate from Exchange 2007 to 2013.
Any specific permissions needed on the remote Exchange receive connectors? I am unable to connect when the send connector is set to none for authentication.
The Real Person!
The Real Person!
Sure, the receive connector would need to be configured to accept anonymous users if you don’t want to use authentication.
Hi Paul and Guys,
Is there any way to configure 2 SMTP Server (one Exchange 2013 and one Mdaemon 11) with two different domain (ie: abc.com and xyz.com) can forward to each-other users with same Alias?
Example, I send email to boss@abc.com, it automatic forward to boss@xyz.com.
Is Exchange 2013 able to do this? or Mdaemon?
Thank you all.
Hi All,
I found a solution for exchange 2013 using forwardingsmtpaddress option in set-mailbox command.
1. New-remotedomain xyz.com -DomainName xyz.com
2. set-mailbox -identity boss@abc.com -ForwardingSmtpAddress boss@zyx.com -DeliverToMailboxAndForward $true
I’m trying to find the way to do this on Mdaemon now..
Hi.
When sharing the SMTP name space with Linux:
1. Where do you point the incoming traffic? To Exchange or Linux??
2. How is Linux Sendmail is aware that some of the recipients exist on the exchange mail system?
Thank
The Real Person!
The Real Person!
1. I would usually send it to Exchange first because that is the system I’m most comfortable with. But really you should point the incoming traffic at whichever system has the majority of mailboxes.
2. No idea. You’ll need to refer to some Sendmail doco or tutorials, sorry π
Hi,
Can we use Zimbra on linux with Google apps sharing the same domain ,at least till all users are comfortable on zimbra.
The Real Person!
The Real Person!
I have no information on namespace sharing for non-Exchange products or the steps that would be required to set it up on those products. That is something you should refer to the documentation for those systems to learn about.
Pingback: Own findings while working on an AD and Exchange migration project | SysAdmin On Fire
Pingback: How to Decommission a Shared SMTP Namespace in Exchange Server
Pingback: Using Log Parser and Protocol Logs to Analyze Send Connector Usage
Hi Paul,
I have a question/problem with split-delivery from Exchange to Google Apps. We are migrating users from Google Apps to Exchange 2013. We have changed MX records for our domain to point to our Exchange instance. On Exchange, we have two send connectors 1st for all email (*) with priority 2 and 2nd for @ourdomain.com as an internal relay through Google Apps smarthost, with priority 1.
This was done so that, if the recipient has an Exchange mailbox in our organization, the email gets delivered to the user. If the recipient does not exist in our organization, the email gets relayed to Google Apps.
What we are seeing is that sometimes, the email does not get delivered to the user’s mailbox in Exchange. It goes to their Google Apps mailbox instead. This does not happen all the time…it appears intermitten.
Do you have any ideas as to what something like this would happen? Basically, we are mimicking this configuration:
http://community.spiceworks.com/how_to/show/38537-ms-exchange-and-google-apps-split-delivery-for-single-domain-name-k-12-school-sample-shown
Paul,
Have similar question!
We have 200 user in Google apps & another 100 in Exchange 2010. in both the domain name is same @sample.com. MX record are pointing to Google Apps, Split delivery is configured in Google apps & Google apps as primary & exchange as secondary.
User in Google apps are able to send mail to exchange user, but user who are in exchange are not able to send emails to Google apps
How we can resolve this issue?
The Real Person!
The Real Person!
This very article explains how to configure the Exchange side of things.
getting this error:
451 4.4.0 Primary target IP address responded with: “.” Attempted failover to alternate host, but that did not succeed
The Real Person!
The Real Person!
More info please. What are you trying to achieve, what have you configured, when is the error appearing, what have you done to troubleshoot it so far?
Paul,
Have a question regarding your example. When you said, “Two companies merge but maintain separate systems for a period of time”. I’m trying to visualize this and I’m having trouble. What do you mean by two companies merging and maintaining separate systems? When I hear this I think of two companies that have separate domains. Can you clarify a little more?
Hi Paul,
I have read your article these are very helpful. I have a query here for one of our customer. They have Exchange 2010 (2 Mailbox in DAG, 2 HUB+CAS) in coexisting Exchange 2003. they want to use single domain namespace (@abc.com) Mail flow is working fine as mentioned below.
1. Exchange 2003 to Exchange 2010 – working fine
2. Exchange 2010 to Exchange 2003 – working fine
3. Exchange 2003 to MDaemon (Using unresolved recipient in Exchange will forward mail to Mdaemon)
4. Exchange 2003 to POP (It is on ISP level where the external user use to download email using POP)
Point 1 and 2 is working fine without any fail. Problem here, Exchange 2003 is able to forward unresolved recipient to either 3 or 4 but not simultaneously to both,
Customer wants to use both Mdaemon and ISP mail server with single domain namespace,
Please help me out in this if possible anything suitable for such setup.
Regards
Rajnish
The Real Person!
The Real Person!
You would need to pick one (MDaemon or the ISP) for Exchange to send to, then configure that one to forward unresolved recipients on to the next one.
Eg, Exchange -> MDaemon -> ISP
My guess is MDaemon will have that capability, but I wouldn’t know any more details about it.
I wouldn’t consider it a good long term strategy either.
Hi Paul,
very good article.
Can you tell me if you have found any problem by mixing user types in a single distribution group?
I’m trying to mix them and only the local users of exchange server are delivered correctly.
My other server is a linux with postfix, and the message seems to never reach it.
Thank you
dears
we have to exchange2010 servers in different domain controller one in head office and another in another city,
so we add contacts for city in head office and contacts for head office in the city site and made to send connectors and we are working fine..
in head office they used MX record in mail host now they received mail to exchange after add external mail for user as replay and they sending and receiving out site and in site mail.
but in the city we just received mail and when send any mail to out site(HOtmail) the mail rejected from the exchange in head office by these error
550 5.7.1 unable to relay…
any one can advice me plz
shabour313@hotmail.com
Hi Paul
no comments or advice’s about my scenario
Hi Paul,
How does this work if you have split the domain across 3 or more organisations?
Is the practical limit only 2?
How does this affect mail loops?
Mail In > Org A > Org B > Org C> Back to Org A > Outgoing mail?
It’s doing my head in!
One problem what i have seen is :
I have set my domain @abc.com as Internal relay from Authoratative.
We have Exchange & Linux mail server running collaterally. So if mailbox is not present in Exchange mail will be delivered to Linux. So now if my Linux mail server is not running then email sent to non-existent exchange user say a@abc.com relayed to my internet mail gateway server for delivery using Organization send connector & gets into loop.
I need to make my domain as Authoratative from Internal relay to revert NDR for non-existent emails.
I am using Microsoft Exchange with the following problem. Can sense.com ( domain) receive all email and then forward to newtest.com(another domain)? For example, sent email to abc@sense.com , by the DNS, email will transfer to @sense.com first. And then seeking mailbox βabcβ. So can we forward all received email in sense.com to newtest.com(abc@sense.com forward to abc@newtest.com), even though abc@sense.com doesnβt exist. Server can directly forward the mail to newtest.com (just change the domain name).
Is it possible to do this
The Real Person!
The Real Person!
If you want all the email for @sense.com to go to the @newtest.com server why not just point the MX records at the @newtest.com server and use an email address policy to assign the @sense.com email addresses to mailboxes on the server?
Hi Paul,
The above posted document is really very helpful.. We have configured a similar environment where we have exchange 2007 server as the Internet facing server and another Linux mail server sharing the same email domain. Now, we are facing issue while sending emails from Linux mail server to exchange server for internal recipients. Inbound and outbound external emails from both exchange and Linux is working fine. Even internal emails from exchange server (set as Internal relay and Linux server is configured as smart hosts) to Linux server is working fine. But internal mail from Linux to exchange is not working.
Can you please help us resolving the issue or guide us what we need to configure in the Linux box (Postfix is configured as the SMTP service).
I have same issue with Moumita whe configuring Share an email domain between Exchange and a non-Exchange system.
Users from Exchange send mail to non-Exchange OK. But users from non-Exchange could not send email to Exchange.
The ideal is that in the non-Exchange system, configure all email receive from clients relay directly to Exchange system. Then exchange can do the filter: deliver to Exchange user mailbox or relay back to non-Exchange if not exist in Exchange
Currently I don know how to config non-Exchange relay all email to Exchange.(my system is Fortimail)
The Real Person!
The Real Person!
I recommend you refer to your Fortimail documentation or contact their support.
Hello Paul,
Iβm the middle of a difficult and slow migration at the company.
We have and old 2003 domain and exchange 2003 that we are going to abandon when the migration is complete. The mess was so big management decided to build an entire new domain beside the old domain and with a trust relationship copy the data over. The new domain has a new name, clean user accounts and new AD structure.
Now we are going to setup a exchange 2013 in the new domain, but, we are stuck with the mail domain name on the old 2003 domain/exchange.
Management wants the mails to arrive at the new exchange and the old exchange server.
The users have the same mail address on both domains.
Is there a way to pull this off thatβs not over complicated, they like overcomplicated here.
Kind regards,
Jo
HI Paul
Similar question to above, however I may need to give further explanation of the problem.
In our Exchange 2010 setup we have got 2 x mailbox/Hub transport servers (DAG created) and one CAS. we are also using Smartermail server. I have created 3 MX records in DNS – first two pointing to Hub Transport servers and third one to Smartermail.
When the message comes to Exchange servers where split domain is configured and the user exist in Exchange – it is delivered. However, when the user on the same domain is located on Smartermail server, the message keeps floating on one of the servers and I can see EventID: Defer, Source content: loop detected.
Setting up send connector with the split domain name works, but this is not ideal, as in hosting environment I will probably have quite few of those domains and would prefer to have it working without setting the connector manually.
Is there any way to do so?
Thanks
Piotr
We have two organizations, both running Exchange 2010.
If we share an email domain between the two can we set the primary SMTP address in both organizations as the same ?
I want to be able to send email from both organizations as the same address
Thank you !
You need to add the users as well to the 2nd server after the setup of the relay.
I followed the setup but mail is not flowing between the 2 server. I am not getting a NDR from the emails they are just sitting in the queue. It looks like the mail is still going out thru the default send connector not the one setup in the relay. What can i do to fix this.
thanks
The Real Person!
The Real Person!
Check the costs on the send connectors. The default one should have a higher cost than the one for the specific domain.
has anyone tried this on sbs2011?
Our domain is located on godaddy and I have some users I left all users on godaddy and use exchange to pop in and pick up the email. I did this becuase we have over 20 email accounts that are email accounts which could haver lots of junk in them and are used by groups to email with. They aren’t regular employees so I just soon leave them off the server.
I followed the step above but my email for the address located at godaddy are still getting kicked back say the email address does not exit. I configure the smarthost as smtpout.godaddy.com with authentication. I also set the port to port 80 using emsfor the godaddy send connector
Thanks for your help
thanks indeed!
You saved me a lot of work (… typing transport rules for each user).
Hi all,
I am new to exchange and i need help to resolve a situation. i’m installing exchange for our company and we already have an existing company hostin our website as well as email services.
let say our domain is ourdomain.com an we are already recieving and sending emails using this domain.
How do i configure exchange to work with the existing domain. i have installed svr 2008 and created AD with ourdomain.com. i have also installed exchange 2010 and am trying to configure the dns and mx records. please how do i link this up? Secondly how do i configure exchange for remote users who are not part of the local domian?
An urgent response will higly be appreciated
Did you figure this out? I need to the exact samething.
Thanks
Hi All,
So what happens in the following scenario:
Mail System 1=Microsoft Exchange 2010
Mail System 2= Novel GroupWise
Situation:
Internal user on mail System 1 send an email to an internal user on Mail System 2 and vice versa?
I am not sure it will work!
Thanks for the reply
If Recipient filtering is enabled, I would suggest to create mail enabled user which will have AD account. By creating mail enabled user I was able to add email alias which did not worked for me when I had mail contact.
I was also getting NDR with mail contact when there was no AD account for the user. So I have to create AD account to stop NDRs.
In summary mail enabled user worked for me.
Thanks
Sam
Pingback: Exchange Server NDR 550 5.5.1 User Unknown for Internal Relay Domain
Hi All
So I set up both servers with the internal relays and created contacts and it was working like a charm (6-7 months at least)…with emphasis on ‘was’. For some reason now I just piles up in the Queue. When I click on retry it wont deliver and then i get these silly messages in the event viewer that says that my certificates doesn’t match up with the FQDN. I tried to add the certificate again with enable-exchangecertificate but to no avail.
PLEASE HELP ME !!!!
The Real Person!
The Real Person!
Those “silly messages” might be a clue.
It is all mail from your org to *anywhere* queuing? Or just mail from your org to the other org that shares your namespace?
The queue viewer should also be revealing to you why the messages aren’t delivering (eg “unable to connect” or a specific error code and message).
Hi Paul,
First I would like to say this is a great thread. I have learned alot just from the posts here. I have a scenario I would like to get your opinion about.
Company A and Company B are divesting. Company A has moved to new physical location seperate from Company B. Company A owns the Domain Name/MX Record for Exchange. Company B owns the existing mail boxes for all the users that moved to Company A. Company A is moving to cloud environment with Office 365. Company B is keeping existing environment entact.
I need to migrate all mailboxes from Company B over to Company A. I need to route the MX record to point to new exchange environment in Company A. Company B needs to continue to receive email through the Domain Name owned by Company A for a period of time.
What are you suggestions and opionion of how this should be handled?
In addition is there a dependency on migrating end user accounts in AD before the Exchange mailboxes or do these have to be done in parallel?
Pingback: Email Fundamentals: What is an Open Relay? « MidThought's
HI Paul,
Post is very helpful. I have one query. When creating smtp addresses via RUS for new namespace (@examle.com) it is possible that same username (Abc G) is present in both organisations and abc.g@example.com will then we created in both organisations. How can we resolve this.
Thanks,
Anshu
Hi,
Hopefully you can help me, we have 2 sites – 2 seperate AD domain and are trying to configure the above so that we can use 1 single email domain for both sites (we have a Branch Office VPN between the sites). We have setup the Source Exchange Server as above and disabled recipient filtering on both Servers but still cannot get this to work correctly. What does the authentication method for the Smart Host Connector need to be?
Thanks in advance!
Greg
I am working on the similar project like what you described here. SMTP domain @example.com is shared by server A and server B. Server A is Exchange 2003 while Server B is Exchange 2010. The two servers are in diffirent forest. The MX record pointing to Server A. @example.com is setup as accept domain but not authroized domain on server A, the coresponding SMTP connector is setup from server A to server B. So the mail flow is no problem from Internet to server A and then server B. But I am confused how could server B to send email someone@example.com to server A? because server B is authorized for example.com. Will it generate NDR?
The Real Person!
The Real Person!
Hi bluej, if you want the shared name space to be bi-directional then you’d need to set up the correct config on each site. So for example you’ve already done the 2003 side by the sounds of it, you’d then just need to set the domain as an Internal Relay domain on the 2010 side and configure a Send Connector for that name space.
Wont this create an infinite loop between server A and serverB?
The Real Person!
The Real Person!
Hi Zannuzi, yes it can, though Exchange has infinite loop detection and will eventually drop the message (I think it does so after 30 loops by default).
Hi Paul,
thanks for your reply. I combined both your idea of bi-directional relay domain and also transport rule to detect infinite loop based on below article. Now I can receive emails sent to a single mx domain pointing across multiple exchange forests. Amazinggggg !!!!!
http://www.sysadminsblog.com/microsoft/shared-smtp-namespace-during-cross-forest-migration/#comment-492
Hi Paul,
We currently have our exchange mail system (mail.com) hosted by another company. I setup an exchange server here on site (mail.net) and everything is working fine. However, soon I need to migrate the mail.com address completely over to our servers. Could you give me your recommendation on the easiest way to do this without any configuration changes on the other end?
Thanks, Don
The Real Person!
The Real Person!
Don, once you point the MX records at your own server you’ll start receiving the email to your server (after DNS refresh delay – suggest turning the TTL for your MX record down to 5 minutes a few days in advance of the cutover).
Pingback: Avoiding Infinite Loops with Internal Relay Domains in Exchange 2007/2010
Paul
Do you have any suggestions how how to deal with a split namespace between two Exchange 2010 organizations? Right now if i set @domainA.com as the primary SMTP for the users in Domain B we get all kinds of autodiscover issues (for the users in Domain B)
The Real Person!
The Real Person!
What sort of autodiscover issues Josh?
Well because autodiscover.domainA.com points to a different forrest the users in Domain B lose out of office, calendar ability etc.
I’ve found a “work around” that involves a reg key for @domainA.com pointing to a local autodiscover XML file and a uRL redired to autodiscover.domainb.com and it seems to work, I’m just wondering if there is a better solution?
The Real Person!
The Real Person!
I haven’t had to deal with it myself, but this white paper has cross-forest autodiscover guidance in it.
http://blogs.technet.com/b/exchange/archive/2007/10/03/3404056.aspx
Hey there,
In this setup, can I setup a new email account on any exchange server or does it need to be setup on the primary MX exchange server?
The Real Person!
The Real Person!
If you’re sharing a namespace across two different orgs? You can put a new mailbox in either one, just pick the one that makes the most sense (eg if it is location-based, or departmental-based).
Usually the shared namespace is a temporary solution while a merger/consolidation is going on, so if that is in your future plans perhaps just create all new mailboxes in the org that will be the one that everything merges into.
Hi Paul,
Perfect!
we created mail users without mail box and it is working fine.
Thanks.
Manoj
Thanks a lot. Got it to work in no time. Our incoming mail gateway is a Linux box running Sendmail and it does ldap queries against our AD directory for name validation, Beside the steps here, I only had to change the cost of my ‘Internet Send Connector’ to 2 so it would check against the specified domain name in my ‘Internal Relay’ (cost of 1) first. When both had a cost of 1, I would still get NDR.
Excellent!
Every thing works fine, we do have similar setup as Sylvain mentioned in last comment i.e. incoming gateway is linux with ldap. There are about 100 users in linux and almost same in Exchange 2010.
Now problem is, how do i show up linux mail users in GAL?
The Real Person!
The Real Person!
Manoj, you could create Contacts for those users.
Hi Scott,
I have two issues (in my new share smtp namespace between exch 03 & exch10),
one of which your posts above regarding the ability to route unresolved names to a particular host fixed the NDR issues i was having. Thanks heaps….
but the remaining issue i have now is recieving an email externally to an email address that exists on a second exchange server running 2010 sharing the same namespace. When you email a user on the exchange 2010 organisation you a system undeliverable stating;
The e-mail account does not exist at the organization this message was sent to. Check the e-mail address, or contact the recipient directly to find out the correct address.
When the user does exist on the exchange 2010 server its the exchange 2003 server which excepts port 25, somewhere is not “forwarding it to the exchange 2010”
Yet emails internally between organisations work fine in any direction. Any ideas ? thx Ben
Pingback: Exchange Server 2007/2010: How to Change the Primary Email Domain
Thanks for the pointers, I was sharing between Exchange 2007 and our old Exchange 2000 server, I needed to migrate away from an empty root domain and a new company name so set up new forest and wanted to migrate.
I was getting the NDRs when trying to send from old Exchange to new Exchange, but mail was flowing from new to old perfectly.
In my case I fixed this by the settings in the Virtual SMTP server in Exchange 2000. There is an option to route unresolved names to a particular host. In this case the new Exchange 2007 server in the new forest. Mail flow works both ways now.
Now to get GALsync working.
The Real Person!
The Real Person!
I’ve just updated the post to explain why NDRs occur in some situations when SMTP namespace sharing is implemented. The common cause seems to be due to recipient filtering.
I’m trying to do the exact same thing as we have 2 orgs and want mail for domainB to route via domainA and mailboxes are spilt between the 2 domains i.e. some in domainA and some in domainB. So we’ve got an accepted domain for domainB as internal relay and a corresponding connector set to relay mail to domainb via it’s smarthost. It works if we have a contact object in domainA only if not we get an unknown address 550 NDR.
Some posts I read say we don’t need contacts (like yours) and some say we need that or at least gal sync in between the 2 orgs. What gives? Even MS says you don’t need it:
http://technet.microsoft.com/en-us/library/bb676395%28EXCHG.80%29.aspx
But it won’t work unless you do.
The Real Person!
The Real Person!
iamme, I’ve never had a problem like you describe, it has always worked fine for me as shown in the article. I’ve never had to resort to using Contacts to handle the email forwarding.
You might be thinking of using Contacts so that user in the other domain show up in the GAL. There are other ways of syncing the GAL between orgs that don’t require you to create Contacts.
And yes, for any local recipient to receive email to a given domain you will either need an Email Address Policy to assign them addresses, or manually assign them.
However, it is the Accepted Domain that controls whether or not the Exchange org accepts mail for the domain and what it does with it, not the EAP. So the lack of an EAP doesn’t necessarily make the Accepted Domain “useless”.
It really is very simple to set up shared SMTP namespace between to orgs like this so I’m not sure why you’ve heard so many bad stories.
Hi,
thanx for your documentation! But I havent heard bad stories, I am experiencing them :
I sat up shared namespace yesterday (Exchange 2007 on SBS 2008) after your doc and those from Microsoft, but it works only well for new addresses.
That means, I deleted old.user@foo.bar from the SBS-Console, checked that all emailaddresses have disappeared in ADDS and Exchange Console, Addressbook-Lookup is disabled, I restarted the Exchange, waited for some hours – but I still get an NDR from the local Exchange when trying to send a mail to old.user@foo.bar.
But the Send Connector works, because when I am sending a mail to a formerly not existing emailaddress (f. ex. some.user@foo.bar) that is neither present in the local Exchange, it will be delivered to the SmartHost.
All local addresses *@foo.bar here at the local Exchange are still working well. But there seems to be some cashed addresses (or I forgot something), because all deleted addresses from the SBS / Exchange will produce a NDR when someone sends an email to them π
Any ideas … ?!
thanx in advance
lasseboo
The Real Person!
The Real Person!
Look closer at your NDRs. I suspect you’re seeing addresses starting with IMCEAX as described here:
https://support.microsoft.com/kb/2807779?wa=wsignin1.0
This is due to autocomplete caches in Outlook clients.
Hi, Paul,
thanx for your reply – after all those years π
But this isnt the failure: I used a freshly new account on an old XP-machine, i.e. an account that never before used the (deleted) addresses.
And I did not use the autocomplete-function where I only have to set in:
user.name
at the addressbar in Outlook and let do the system the work to complete it. I used the full address:
user.name@our-exchange.bar
And the NDR is like this:
Generierender Server: exchange.foo.bar
IMCEAEX-_O=FIRST+20ORGANIZATION_OU=EXCHANGE+20ADMINISTRATIVE+20GROUP+20+28FYDIBOHF23SPDLT+29_CN=RECIPIENTS_CN=Michael+2Eexchange.foo.bar
#550 5.1.1 RESOLVER.ADR.ExRecipNotFound; not found ##
This NDR is from an email to a further locally address that I never sent mails to from my account before.
Still it is possible to send an email to existing.user@foo.bar, and to send an emaikl to completely-locally-unknown.user@foo.bar, the first will be delivered locally and the latter send to the Smarthost which serves foo.bar, our shared namespace.
Any ideas … ?!
Thanx in advance! π
The Real Person!
The Real Person!
That is the IMCEAX issue. Read the link I posted in my earlier comment.
Hi, Paul,
thanx again for your hints! Seems now solved with a remaining part at the clients – bad π
What we did so far to get it working:
1) set the domain from Authoritative to InternalRelay:
Set-AcceptedDomain unser-exchange.de -DomainType InternalRelay
or, according to Microsoft:
New-AcceptedDomain -Name “unser-exchange.de” -DomainName unser-exchange.de -DomainType InternalRelay
2) create an external send connector:
New-SendConnector -Name “Internal Relay” -Internet -AddressSpace unser-exchange.de -DNSRoutingEnabled $false -SmartHosts mx.extern.de-SmartHostAuthMechanism ExternalAuthoritative -MaxMessageSize 20MB
or, according to Microsoft:
New-SendConnector -Name “Internal Relay” -Custom -AddressSpaces unser-exchange.de -SmartHosts mx.extern.de -SourceTransportServers ex2007.mycompany.local
3) Since the domain existed before, we hab to disable the addressbook requests:
Get-AcceptedDomain | select name,domaintype,addressbookenabled
Set-AcceptedDomain unser-exchange.de -AddressBookEnabled $false
4) Stopping Recipient filtering
5) Than these steps in the Exchange Shell:
Get-EmailAddressPolicy | Update-EmailAddressPolicy
Get-AddressList | Update-AddressList
Get-GlobalAddressList | Update-GlobalAddressList
get-mailbox | set-mailbox -applymandantoryproperties
6) With all these we are now more or less able to send mails from the “old” exchange to a moved user at the new Exchange in the shared namespace – but not reliable! It works sometimes, sometimes not.
When connecting to the Exchange with a freshly new account, it is possible to send mails to the “old” (moved) users. At the other systems at the “old” office, it is now sometimes possible, sometimes not.
At some machines it was necessary to delete the moved users from the autocompletion in the “To:”-line, but at some machines that did not help. We donΒ΄t like to delete the whole auto completion (i.e. NK2 or suggested contacts). The solution would be, that a user from the new Exchange (that means, with an “orphaned” account from the “old” Exchange) send a mail to a user at the “old” office – a reply than will be send as it should.
So it is solved more or less – I must admit that I did not understand the “X 500-Proxyaddress for the attribute LegacyExchangeDN” at all : Maybe this would have been a cleaner solution, but I was not sure if it is necessary to create a X500-address for each moved user or if it is possible to create a “global” rule. And since this is a deeper operation at the heart of the ADS I did not give it a try β¦
Again, thanx for your help and best regards
Don’t you have to have contacts in the local Exchange forest for it to forward to the target environment? I’ve heard of people doing this, it failing, and needing to create contacts that will handle the e-mail addresses that come in that will then have the forwarding address that will then use the Send Connector. And I’ve heard that you also need an e-mail address policy as well otherwise the Accepted Domain will be useless. Do you know whether these are true?
Quick question: When changing the DomainType from “Authoritative” to “InternalRelay” this will not impede mail flow in anyway will it?
The Real Person!
The Real Person!
I’ve never had a problem with it, but as with all changes I suggest you schedule it for a low impact time of day and have a test/rollback plan ready just in case.