YOU ARE HERE: HOME / TUTORIALS / CONFIGURING OUTBOUND MAIL FLOW IN EXCHANGE SERVER 2013

Configuring Outbound Mail Flow inExchange Server 2013 MAY 4, 2013 PAUL CUNNINGHAM 19 COMMENTS

Tweet 15 1

Outbound mail flow in Exchange Server 2013 is managed with the use of Send Connectors.

HOME ABOUT MEMBERS CONTACT

EXCHANGE SERVER 2013 OFFICE 365 POWERSHELL SSL CERTIFICATES HIGH AVAILABILITY

MIGRATION EBOOKS

Share 1 33 people like this. Be the first of your friends.Like

Send Connectors are not configured by default when you first install Exchange Server 2013.If the Exchange 2013 server is installed in an existing organization then other SendConnectors may already exist that facilitate outbound mail flow. Otherwise, you will need tocreate at least one Send Connector yourself.

Most organizations will be dealing with one of the following outbound email flow scenarios:

email sent directly over the internet to the recipients serveremail sent to the internet via a smart host

Sending directly over the internet vs sending via a smart host

There are other scenarios as well, such as:

email sent outbound via an Edge Transport serveremail sent directly to a partner organization using TLS encryption

An organization can have one, two, or several Send Connectors to provide the specific emailrouting that they need.

For this article well focus on the first two scenarios, as they are the most common; sendingdirectly to the internet, and sending via a smart host. Well also cover testing andtroubleshooting a Send Connector, and some more advanced configuration options.

CONFIGURING OUTBOUND MAIL FLOW DIRECTTO THE INTERNETConfiguring your Exchange 2013 organization to send means that your Exchange server willlook up the MX records for the recipients email address, and then use those MX records asthe IP address(es) to connect to via SMTP.

Looking up MX records means your server will be relying on DNS. If the servers TCP/IPsettings are configured for DNS servers inside your network that cant resolve externalnames, then you can configure Exchange to use different DNS servers for external lookups.

To create the Send Connector for sending outbound email directly to the internet open theExchange Admin Center and navigate to Mail Flow -> Send Connectors.

Click the + button to create a new Send Connector.

Give the connector a name and set the type to Internet. Click Next to continue.

Leave the network settings set to MX record. If you needed to configure specific externalDNS servers you should also tick the box, but if your Exchange server can already resolveexternal DNS names then that should not be required. Click Next to continue.

Click the + button to add a new address space. Specify the FQDN of * (the wildcardcharacter that effectively means anything). The cost can remain at the default setting of 1if this is the only send connector for your organization. Click Save and then click Next tocontinue.

Click the + button to add the source servers for the connector. These are the servers thatwill be responsible for routing email out from your organization to the internet. Multipleservers will provide redundancy for outbound mail flow. Click OK and then click Finish.

The send connector is now visible in the Exchange Admin Center.

For further configuration and tested steps refer to the last section of this article.

CONFIGURING OUTBOUND MAIL FLOW VIA ASMART HOSTConfiguring a Send Connector to send outbound internet email via a smart host is the sameprocess as above, with the following differences.

First, the network setting is configured to Route mail through smart hosts instead of MXrecords. You must then click the + button to add at least one smart host name or IP address.Multiple smart hosts are permitted and are recommended for redundancy.

When you choose to use a smart host you also get the option to configure authentication forthe Send Connector. This is only necessary if the smart host requires it. Many email securityservers/appliances or even hosted solutions will simply authenticate you based on your IPaddress rather than require other credentials.

TESTING A NEW SEND CONNECTORThe obvious way to test a new send connector is to send an email from inside theorganization to an external recipient.

When the message is received in the external mailbox you can then take the messageheaders and use the MXToolbox header analyzer or the ExRCA Message Analyzer to inspectthe headers and confirm that the email passed through the source servers you wereexpecting it to for that outbound route.

If the email does not arrive you can inspect the transport queues on your Exchange serversfor stuck email.

[PS] C:\>Get-TransportService | get-queue

Identity DeliveryType Status MessageCount Velocity RiskLevel OutboundIPPool NextHopDomain-------- ------------ ------ ------------ -------- --------- -------------- -------------E15MB1\22206 SmtpDeliv... Ready 0 0 Normal 0 mailbox database 1E15MB1\Submission Undefined Ready 0 0 Normal 0 SubmissionE15MB1\Shadow\22204 ShadowRed... Ready 0 0 Normal 0 e15mb3.exchange2013dem...E15MB2\22750 SmtpDeliv... Ready 0 0 Normal 0 mailbox database 2E15MB2\Submission Undefined Ready 0 0 Normal 0 SubmissionE15MB2\Shadow\22748 ShadowRed... Ready 0 0 Normal 0 e15mb1.exchange2013dem...E15MB3\Submission Undefined Ready 0 0 Normal 0 SubmissionE15MB3\Shadow\16452 ShadowRed... Ready 1 0 Normal 0 e15mb1.exchange2013dem...E15MB3\Shadow\16456 ShadowRed... Ready 1 0 Normal 0 e15mb2.exchange2013dem...

To look more closely at the messages stuck in a single queue you can use Get-Queue and

Get-Message together.

[PS] C:\>Get-Queue E15MB1\22206 | Get-Message | ft

If the properties of the stuck messages do not reveal the problem then another valuablesource of troubleshooting information is the protocol logs. For more tips refer to thefollowing article:

Troubleshooting Email Delivery with Exchange Server Protocol Logging

FURTHER CONFIGURATION OPTIONS FOR SENDCONNECTORSSome additional configuration options you can explore are:

Proxying email through Front End/Client Access ServersConfiguring protocol logging for Exchange 2013Configuring outbound message size limits for Exchange 2013Configuring the FQDN for HELO/EHLO on a send connector

FILED UNDER: TUTORIALS

TAGGED: EXCHANGE 2013, MAIL FLOW, SEND CONNECTOR, TRANSPORT

Tweet 15 1

ABOUT PAUL CUNNINGHAMPaul is a Microsoft Exchange Server MVP and publisher ofExchange Server Pro. He also holds several Microsoftcertifications including for Exchange Server 2007, 2010 and 2013.

Find Paul on Twitter, LinkedIn or Google+, or get in touch for consulting/supportengagements.

RELATED ARTICLES:

1. Exchange Server 2013 Mail Flow and Transport Services

2. How to Correctly Use Multiple Smart Hosts to Load Balance Outbound Email forExchange 2010

3. Restricting outbound email with Exchange Server 2007 Transport Rules

Share 1 33 people like this. Be the first of your friends.Like

4. Route outbound email through the Exchange Server 2007 Hub Transport server

5. Configuring the Exchange Server 2007 Hub Transport Server

COMMENTS

Moses Kihumuro saysAugust 9, 2013 at 10:33 pm

This is a very helpful post. It was handy in guiding me on how to setup exchange touse smarthosts.

Reply

Denny Eapen saysOctober 11, 2013 at 5:51 am

Hi Paul:

Good article.

Does it mean that emails CAN be sent to internet with only Mailbox Role and noCAS?

ThanksDenny

Reply

Paul Cunningham saysOctober 13, 2013 at 11:19 am

CAS is still a required role in an Exchange deployment.

Reply

Mor saysNovember 16, 2013 at 11:55 pm

I am a new IT engineer and learning Exchange server 2013.To connect Exchange server 2013 to internet, how can we make it in safely ?

Please share your opinion.

Reply

Grant saysDecember 4, 2013 at 9:30 am

Is it possible via send connector or other means (rule perhaps) to send all mail*from* a specific internal domain through a smarthost? For example, lets say wehave two divisions and each have their own domain joe@maindiv.com andbob@subdiv.com. Subdiv requires a smarthost for regulatory compliance,maindiv.com does not. Can we force outbound mail for subdiv.com through thesmarthost but not maindiv.com so we dont have to pay for compliance services?

Reply

Victor saysMay 18, 2014 at 4:25 am

Have a look at this tool:http://www.ivasoft.com/routebysender.shtml

Reply

Kyle Kennedy saysDecember 10, 2013 at 5:20 am

There is an option in the general tab of the send connector properties for Proxythrough client access server. I understand in a split role environment, this boxmakes it work like 2010, ie, mail goes from mailbox to CAS and then sent out fromthere. However, what is the proper setting when CAS and MB are on the sameserver? Checked or unchecked?

Reply

Paul Cunningham saysDecember 11, 2013 at 11:14 pm

There is no proper setting. The option exists for specific scenarios that somecustomers might have.

On multi-role servers it doesnt matter either way, in my opinion.

Reply

ajhstn saysFebruary 22, 2014 at 4:08 pm

Hey all,

I am in the process of migrating from EX 2010 to EX 2013. I have an existing 20102x dag, 2x cas environment. I have built on new servers 1x 2013 cas, and 1x 2013mb.

I have followed the step by step Exchange Server Deployment Assistant but cannotsee it talk of mail flow anywhere. I have a single send connector in the 2010 env. Ihave various receive connectors. all https,http,smtp,imap and otheroutlook,rpc,mapi traffic go through a Riverbed Stingray Traffic Manager. My sendconnector routes email through a smart host.

I have created a exchange 2013 mailbox. I can send email from 2010 to 2013, but Icannot send email from 2013 to 2010. Both farms are in the same domain, samenetwork. They are all hyperv vm guests in the same cluster.

The email that I try to send from the 2013 env to 2010 gets stuck in the 2013Queue Viewer, its status is READY, it has no last error.

Can anyone help clear this up for me? I need exchange 2010 and 2013 to coexist fora period of a few weeks, while I migrate all mailboxes, then after that I will closedown exchange 2010.

Thank you in advance.Andrew

Reply

Paul Cunningham saysFebruary 23, 2014 at 8:17 pm

You should begin by troubleshooting SMTP connectivity from 2013 -> 2010.Try it with telnet. Check for antivirus or security products, or firewalls, or yourRiverbed device, that may be interfering with the connections.

Also look closer at the messages stuck in the queue. What is the last error? Thatusually gives you some hints about what the problem may be. MisconfiguredReceive Connector permissions on the 2010 server is a example of wherethings can go wrong too, eg http://support.microsoft.com/kb/979175

Reply

tricky saysJuly 12, 2014 at 5:47 am

Hello Paul, you have a nice blog!Please give me advice:I just installed only 2 multy role server 2013 in two different sites. Inbound mailworks fine, but I just try to create new one send connector in new site , andoutbound mail flow stop working for me. If i disabe new send connector (just createit like post- internet- next- asterisk- next- my cas\mailbox in site 2 to scope)Annnd my mail do not go to Internet, just qued. What I doing wrong?

Reply

burt340 saysAugust 7, 2014 at 3:58 am

Paul great article, is there a way to get exchange to ignore internal recipients (pre-staged for a migration) and send route messages our through a send connector?

Reply

Paul Cunningham saysAugust 8, 2014 at 11:25 am

Sure. Apply forwarding on the mailbox.

Reply

Voffka saysSeptember 12, 2014 at 6:21 pm

Hi, Paul. Thanks for your article, its amazing, as usual

the question is, like it was mentioned before,Is it possible via send connector or other means (rule perhaps) to send all mail*from* a specific internal domain through a smarthost? For example, lets say we

have two divisions and each have their own domain joe@maindiv.com andbob@subdiv.com. Subdiv requires a smarthost for regulatory compliance,maindiv.com does not. Can we force outbound mail for subdiv.com through thesmarthost but not maindiv.com so we dont have to pay for compliance services?

how to route mail thru a specific edge based on users primary domain ?

Reply

Victor saysDecember 15, 2014 at 10:24 pm

Google for RooteBySender tool.

Regards,Victor

Reply

Mohan saysDecember 4, 2014 at 11:10 pm

Hi,which server we need to mentioned in Configuring the FQDN for HELO/EHLO ona send connector

Cas or mailbox ?

Reply

Paul Cunningham saysDecember 8, 2014 at 1:13 pm

Use whichever hostname you want to appear to the outside world, egsmtp.domain.com, or just the hostname of the Mailbox server.

Reply

LEAVE A REPLY

Your email address will not be published. Required fields are marked *

Name *

Email *

Comment

POST COMMENT

Notify me of followup comments via e-mail

Search this website

POPULAR RESOURCES

LATEST ARTICLES

PowerShell Script to Remove MailboxFolder Permissions

How to Remove an SSL Certificatefrom Exchange Server 2013

Exchange Server 2013 HighAvailability Q&A Recording NowAvailable

Completing Individual Move Requestsfrom a Migration Batch

New Updates Released for ExchangeServer 2013, 2010 and 2007

TRAINING

Exchange 2013 Boot Camp

Exchange 2010 Boot Camp

Deploying and Managing ExchangeServer 2013 High Availability

Mastering Message Tracking

RECOMMENDED

Exchange 2003 to 2010 Migration

Exchange 2007 to 2010 Migration

Exchange PowerShell Scripts

Exchange Server 2013 Books

Find us on Facebook

Exchange Server Pro

5,168 people like Exchange Server Pro.

Facebook social plugin

Like

Digicert SSL Certificates

ABOUT PAUL CUNNINGHAM

Paul is a Microsoft ExchangeServer MVP and publisher ofExchange Server Pro. He also

holds several Microsoft certificationsincluding for Exchange Server 2007,2010 and 2013. Find Paul on Twitter,LinkedIn or Google+, or get in touch forconsulting/support engagements.

COPYRIGHT 2015 DISCLOSURE PRIVACY POLICY

We are an Authorized DigiCert SSL Partner.