locked
Send and recieve emails externally in two different domains RRS feed

  • Question

  • HELLO,

    I am testing exchange server 2019 on windows server 2019 in a lab environment.

    My internal domain is uc.local

    My active directory is uc.local

    My external domain is fuotuoke.net.

    I can send and recieve emails locally.I can't send or receive email externally.

    In my external domain, I created MX record pointing

    to mail.fuotuoke.net. "mail.fuotuoke.net" points to the ip address of exchange server using nat

    I have also checked "anonymous user " in the recieve connector (I created a new one)

    I equllay set up send connector to route mails to any domain. I sent mail to  gmail but got an error that the mail was rejected because it didnt pass through valid authentication. Can any one assist me to fix the issue?


    Collins onyegbado

    Saturday, September 26, 2020 3:09 PM

All replies

  • Hi,

    due to the proliferation of spam mail in the last 15 or so years, public email providers and, to a slightly lesser degree, enterprises and organisations expect you to set up certain things in order to verify that your server is indeed allowed to send mails on behalf of the domain. The absolute minimum you need to fulfill is:

    • an SPF record in your external DNS designating the server's (external) FQDN and/or IP address as a legitimate submitter for that domain.
    • an IP address that does not belong to a dialup pool (cheaper ISPs will often offer 'fixed IP addresses' but in reality those are just dynamic IP addresses that never change)
    • a PTR record resolving the IP address back to the hostname your server advertises in its EHLO banner.

    If your IP is 'not good enough' you can ask your ISP if they offer a SMTP smarthost you could use as the next hop.


    Evgenij Smirnov

    http://evgenij.smirnov.de

    Sunday, September 27, 2020 7:26 AM
  • Hi Evgeniji,

    Thank you for your response . I have access to the c panel . I have set up the SPF .I have created A record that points to the public ip of the exchange. I am using NAT port forwarding (smtp,IMAP,pop) to the private ip of the exchange. I can't see anywhere in the zone editor to create reverse dns look up of the ip address to the hostname.

    Alternatively, based on some findings on the internet,I want to try with iis SMTP relay service as the smart host for exchange. I have it existing which allows me to send mails from applications to gmail and other external domains.


    Collins onyegbado

    Sunday, September 27, 2020 7:45 AM
  • Hi,

    you won't usually finde a place to create a PTR record with your domain provider because the reverse zone does not belong to any specific Internet domain but to the ISP assigning IP addresses to their clients.

    If you already have an SMTP service in place that has been configured to send out to the intermen, by all means set that as the next hop. This will of course prevent you from, doing mutual TLS and the like but just for sending out into the world it should do.


    Evgenij Smirnov

    http://evgenij.smirnov.de

    Sunday, September 27, 2020 7:58 AM
  • hello Evgenij,

    I have not still made progress. The IIS is actually receiving  the mail from the exchange but unable to send mail to the internet. i see the mails in the \intepub\mailroot\queue.

    I want to be sure if am using the correct smart host because there is an option in the Microsoft smtp server where you need to enter the FQDN of the smart host. Before now ,i had an application which used to send mail through this smtp service. So the smart host i put then was smtp.gmail.com.

    Right now my application cant send mail out. I have been battling with it since morning.

    i don't know if you have other suggestions. Below is the extract of mail i found in the mail queue above

    Received: from dceast.uc.fuotuoke.edu.ng ([172.17.67.4]) by dceast.uc.fuotuoke.edu.ng over TLS secured channel with Microsoft SMTPSVC(10.0.14393.2608);
         Sun, 27 Sep 2020 19:00:18 +0100
    Received: from exchange2019.uc.fuotuoke.edu.ng (172.17.67.4) by
     exchange2019.uc.fuotuoke.edu.ng (172.17.67.4) with Microsoft SMTP Server
     (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384) id
     15.2.221.12; Sun, 27 Sep 2020 19:00:16 +0100
    Received: from exchange2019.uc.fuotuoke.edu.ng ([fe80::9cc5:7dd:48d3:c70e]) by
     exchange2019.uc.fuotuoke.edu.ng ([fe80::9cc5:7dd:48d3:c70e%7]) with mapi id
     15.02.0221.012; Sun, 27 Sep 2020 19:00:16 +0100
    From: "Collins u. Onyegbado" <onyegbadocu@uc.fuotuoke.edu.ng>
    To: "collinks79@gmail.com" <collinks79@gmail.com>
    Subject: Hello Jenny
    Thread-Topic: Hello Jenny
    Thread-Index: AQHWlPgN38Zq9Cv1n0++qfSekahTTA==
    Date: Sun, 27 Sep 2020 18:00:15 +0000
    Message-ID: <8279708a2c394989a0fc27530a99a57b@fuotuoke.net>
    Accept-Language: en-US
    Content-Language: en-US
    X-MS-Has-Attach:
    X-MS-TNEF-Correlator:
    x-originating-ip: [172.17.67.1]
    Content-Type: multipart/alternative;
        boundary="_000_8279708a2c394989a0fc27530a99a57bfuotuokenet_"
    MIME-Version: 1.0
    Return-Path: onyegbadocu@uc.fuotuoke.edu.ng
    X-OriginalArrivalTime: 27 Sep 2020 18:00:18.0663 (UTC) FILETIME=[0F7C8F70:01D694F8]

    --_000_8279708a2c394989a0fc27530a99a57bfuotuokenet_
    Content-Type: text/plain; charset="iso-8859-1"
    Content-Transfer-Encoding: quoted-printable

    Hello Jenny,this is uche

    --_000_8279708a2c394989a0fc27530a99a57bfuotuokenet_
    Content-Type: text/html; charset="iso-8859-1"
    Content-Transfer-Encoding: quoted-printable

    <html>
    <head>
    <meta http-equiv=3D"Content-Type" content=3D"text/html; charset=3Diso-8859-=
    1">
    <style type=3D"text/css" style=3D"display:none;"><!-- P {margin-top:0;margi=
    n-bottom:0;} --></style>
    </head>
    <body dir=3D"ltr">
    <div id=3D"divtagdefaultwrapper" style=3D"font-size:12pt;color:#000000;font=
    -family:Calibri,Helvetica,sans-serif;" dir=3D"ltr">
    <p>Hello Jenny,this is uche<br>
    </p>
    </div>
    </body>
    </html>

    --_000_8279708a2c394989a0fc27530a99a57bfuotuokenet_--


    Collins onyegbado

    Sunday, September 27, 2020 6:11 PM
  • Hi,

    Exchange server forum is a public platform, please cover your domain name and email addresses.

    If it's convenient for you, you can post the screenshot of the NDR message here, and don't forget to cover personal information. 

    You can check these for more information about configuring send connectors. If you are confused about setting the FQDN or authentication mechanism, you can contact the vendor for more information.

    Use smart hosts to route mail,

    Create a Send connector in Exchange Server to send mail to the internet.

    Please note: Exchange Server Development forum mainly discuss issues about Exchange development, and it's not monitored. Other TechNet Exchange sub-forums are migrated to Microsoft Q&A. We invite you to post new questions with related tags in the new forum.

    Regards,

    Lydia Zhou


    Please remember to mark the replies as answers if they helped. If you have feedback for TechNet Subscriber Support, contact tnsf@microsoft.com.

    Monday, September 28, 2020 7:27 AM
  • Hello Lydia,

    Thank you for that advice. I was very worn out yesterday .I will check the links you sent.I believe I set up the send connector correctly to route mails to the windows iis smtp service.If this was not correctly set up,iis wouldn't have revived those mails from exchange.

    I have equally set up send connector to route mails directly to the internet but no success


    Collins onyegbado

    Monday, September 28, 2020 7:55 AM
  • Hello,

    I can't find exchange management console in exchange server 2019.I can only see toolbox

    How do I access it so that I can snapshot the ndr messages?


    Collins onyegbado

    Monday, September 28, 2020 2:54 PM
  • Still unable to make progress.let us analyse my network topology.

    My exchange fqdn is exchange.lab.local

    My external domain is mail.example.com

    I am trying to send mail from this exchange.local using email as user@lab.local to user@gmail.com

    Now gmail has to perform a reverse dns lookup of

    exchange.lab.local which is not resolvable from the internet link. Could this be an issue for not sending mails to external domain?

    I have created another forward lookup zone "example.com" in the internal dns. So I created mail.example.com which resolves both internally and externally to the ip address of the exchange

    I have used user@example.com to send mail but no success.I am falling sick.....


    Collins onyegbado

    Monday, September 28, 2020 3:22 PM
  • The NDR message is sent back to the sender mailbox, you can get it from the sender side. Additionally, the EAC was introduced in Exchange 2013, and replaces the EMC and the ECP. In general, we use EAC and EMS to manage Exchange 2019.

    When you use the connector routing mails directly to the internet, please try to send the message with @example.com, and set FQDN to mail.example.com.

    You can use the following command, and post the sender connector settings here, and don't forget to cover the personal information:

    Get-SendConnector sender|fl

    Please note: Exchange Server Development forum mainly discuss issues about Exchange development, and it's not monitored. Other TechNet Exchange sub-forums are migrated to Microsoft Q&A. We invite you to post new questions with related tags in the new forum.

    Regards, 

    Lydia Zhou


    Please remember to mark the replies as answers if they helped. If you have feedback for TechNet Subscriber Support, contact tnsf@microsoft.com.

    Tuesday, September 29, 2020 8:24 AM
  • Ok.see below




    --

      AddressSpaces                : {SMTP:*;1}
    AuthenticationCredential     :
    CloudServicesMailEnabled     : False
    Comment                      :
    ConnectedDomains             : {}
    ConnectionInactivityTimeOut  : 00:10:00
    ConnectorType                : Default
    DNSRoutingEnabled            : True
    DomainSecureEnabled          : False
    Enabled                      : True
    ErrorPolicies                : Default
    ForceHELO                    : False
    Fqdn                         : mail.example.com
    FrontendProxyEnabled         : False
    HomeMTA                      : Microsoft MTA
    HomeMtaServerId              : EXCHANGE2019
    Identity                     : outboundconnector
    IgnoreSTARTTLS               : False
    IsScopedConnector            : False
    IsSmtpConnector              : True
    MaxMessageSize               : Unlimited
    Name                         : outboundconnector
    Port                         : 25
    ProtocolLoggingLevel         : None
    Region                       : NotSpecified
    RequireOorg                  : False
    RequireTLS                   : False
    SmartHostAuthMechanism       : None
    SmartHosts                   : {}
    SmartHostsString             :
    SmtpMaxMessagesPerConnection : 20
    SourceIPAddress              : 0.0.0.0
    SourceRoutingGroup           : Exchange Routing Group (DWBGZMFD01QNBJR)
    SourceTransportServers       : {EXCHANGE2019}
    TlsAuthLevel                 :
    TlsCertificateName           :
    TlsDomain                    :
    UseExternalDNSServersEnabled : False

        

     

                 



    Collins onyegbado


    • Edited by Collinks2 Tuesday, September 29, 2020 10:02 AM
    Tuesday, September 29, 2020 10:00 AM
  • Hello Lydia,

    I have been able to send mail to info@techijack.com. The owner of the mail sent me a Skype message that he got the mail. So,this has proven that the send connector is working.

    Other domains like gmail, Yahoo might be blocking the  mail from my exchange server due to authentication failure. I am thinking if I should create DKIM record in addition to the SPF and dmarc records I created .I saw some information via google. What do you think?

    Meanwhile I came across the fact that I can install another exchange as edge transport server to sit on the internet age


    Collins onyegbado

    Tuesday, September 29, 2020 3:47 PM
  • What we can confirm is that the sender connector works and can send messages to the Internet, yes, it's suggested to deploy SPF, DKIM, DMARC for your organization, then test the mail flow again.

    Please note: Exchange Server Development forum mainly discuss issues about Exchange development, and it's not monitored. Other TechNet Exchange sub-forums are migrated to Microsoft Q&A. We invite you to post new questions with related tags in the new forum.

    Regards,

    Lydia Zhou


    Please remember to mark the replies as answers if they helped. If you have feedback for TechNet Subscriber Support, contact tnsf@microsoft.com.

    Wednesday, September 30, 2020 8:27 AM
  • Hello.Lydia,

    I have been able to send email to gmail.con after adding the dkim record.However, gmail places the mail in spam folder.

    I used this to tool dkimvalidator.com to validate the dkim and SPF records.The dkim record shows "result=pass"

    While the SPF record shows "result=softfail"

    The validator explained the softfail locally explains that the sender is not authorised to send mail from

    exchangeserver@externaldomain.com

    I don't if there is something that need to be configured in exchange.


    Collins onyegbado

    Sunday, October 4, 2020 7:07 PM
  • There are many reasons can cause the "softfail". Please check your SPF records and make sure the IP address is set correctly.

    Here is a similar issue for your reference: SPF issue: what causes softfail?.

    Please Note: Since the web site is not hosted by Microsoft, the link may change without notice. Microsoft does not guarantee the accuracy of this information.

    Note: Exchange Server Development forum mainly discuss issues about Exchange development, and it's not monitored. Other TechNet Exchange sub-forums are migrated to Microsoft Q&A. We invite you to post new questions with related tags in the new forum.

    Regards,

    Lydia Zhou


    Please remember to mark the replies as answers if they helped. If you have feedback for TechNet Subscriber Support, contact tnsf@microsoft.com.

    Tuesday, October 6, 2020 8:58 AM
  • Hello Lydia,

    It was an ip address issues that caused the "softfail" your reference made me to understand the SPF records. I connected another internet connection because the int with the public ip in the SPF record is very slow. So the result of the SPF records shows "pass"

    However, the mail still goes to the spam. I am thinking if I should contact my  isp to create a PTR record for reverse dns lookup. I set up exchange and edge. The sync is working since am still sending mails through the edge. Which name should it resolve to, exchange or edge?

    For the Inbound mail,I am using port forwarding.should the smtp port 25 traffic be forwarded to exchange or edge? Edge should be one to recieve traffic and forward it to exchange. I really need to be sure.

    Hope to read from you


    Collins onyegbado

    Tuesday, October 6, 2020 9:23 PM
  • Since you have the Edge server, yes, inbound messages should be routed to your Edge, then they will be routed to Exchange Mailbox servers in your organization. The PTR record should also resolve to the Edge server.

    Here is a similar thread for your reference: exchange 2016 dns records for external and internal dns server.

    Please note: Exchange Server Development forum mainly discuss issues about Exchange development, and it's not monitored. Other TechNet Exchange sub-forums are migrated to Microsoft Q&A. We invite you to post new questions with related tags in the new forum.

    Regards, 

    Lydia Zhou


    Please remember to mark the replies as answers if they helped. If you have feedback for TechNet Subscriber Support, contact tnsf@microsoft.com.

    Thursday, October 8, 2020 7:22 AM