none
Externally directing mail for a shared SMTP namespace RRS feed

  • Question

  • Hi,

    I have a temporary requirement to share an SMTP namespace between 2 separate organisations (ie organisation A has users with email addresses with same domain as organisation B’s users). Both organisations are using Exchange 2007.


    I would normally just use an Internal Relay Domain to achieve this, however in this scenario I have a specific requirement to separate inbound external mail before it reaches any of the organisations (although an internal relay domain will still be used to route mail between the organisations) Exchange systems.


    Is anyone able to provide any suggestions as to how I could achieve this?

    What I would like is to have a server in a DMZ and point the mx record for this domain to it so it receives all mail and then depending on where the recipient resides, it directs mail to the appropriate organisation. The server can be provided with a list of recipients (via LDAP if required) within organisation A (so it can assume that non matching recipients are part of org B). Is there any way I could do this with an edge server (or another product/solution)?


    Thanks for any help.

    Tuesday, June 7, 2011 4:01 PM

Answers

  • There are several ways you could achieve your goal. You could do this with the rewrite features of Sendmail / Postfix, with the Exchange Edge Server 2007 / 2010 Address Rewriting Inbound Agent, or just with a plain and simple Exchange Mailbox server (anything should do).

    Let's start with placing an Exchange 2007 Mailbox server in the DMZ. Make it part of its own Exchange organization, authoritative for the shared SMTP namespace between the two organizations (fabrikam.com). Point the MX for fabrikam.com to that server. This server will contain all mailboxes for the two organizations. Then you set up forwarding (with Exchange 2007 / 2010 use the AD attribute targetAddress, so you don't have to add contacts). Each organization needs an additional proxy address to forward to: org 1 fabrikam.net, org 2 fabrikam.org. Configure appropriate send connectors.

    More elegant is perhaps to use Exchange Edge servers. Each recipient still needs a proxy address. In a large scale consolidation we once used Sendmail on Solaris doing address rewriting and forwarding /routing. After one and half years there were only two separate organizations with the same primary SMTP address left and the SMTP folks wanted to get rid of their routing lists. That's when we used the forwarding method with mailboxes, basically serving as routing objects.

    For Edge take a look here:

    Address Rewriting in Exchange 2007
    http://exchangeinbox.com/article.aspx?i=139

    Import Address Rewrite Entries
    http://technet.microsoft.com/en-us/library/bb331966.aspx


    MCTS: Messaging | MCSE: S+M
    • Marked as answer by Gen Lin Monday, June 13, 2011 3:21 AM
    Tuesday, June 7, 2011 9:26 PM

All replies

  • If you have edge then you can use a transport rules and should be able to acheive what you are trying to do.
    Tuesday, June 7, 2011 5:53 PM
  • There are several ways you could achieve your goal. You could do this with the rewrite features of Sendmail / Postfix, with the Exchange Edge Server 2007 / 2010 Address Rewriting Inbound Agent, or just with a plain and simple Exchange Mailbox server (anything should do).

    Let's start with placing an Exchange 2007 Mailbox server in the DMZ. Make it part of its own Exchange organization, authoritative for the shared SMTP namespace between the two organizations (fabrikam.com). Point the MX for fabrikam.com to that server. This server will contain all mailboxes for the two organizations. Then you set up forwarding (with Exchange 2007 / 2010 use the AD attribute targetAddress, so you don't have to add contacts). Each organization needs an additional proxy address to forward to: org 1 fabrikam.net, org 2 fabrikam.org. Configure appropriate send connectors.

    More elegant is perhaps to use Exchange Edge servers. Each recipient still needs a proxy address. In a large scale consolidation we once used Sendmail on Solaris doing address rewriting and forwarding /routing. After one and half years there were only two separate organizations with the same primary SMTP address left and the SMTP folks wanted to get rid of their routing lists. That's when we used the forwarding method with mailboxes, basically serving as routing objects.

    For Edge take a look here:

    Address Rewriting in Exchange 2007
    http://exchangeinbox.com/article.aspx?i=139

    Import Address Rewrite Entries
    http://technet.microsoft.com/en-us/library/bb331966.aspx


    MCTS: Messaging | MCSE: S+M
    • Marked as answer by Gen Lin Monday, June 13, 2011 3:21 AM
    Tuesday, June 7, 2011 9:26 PM
  • Thanks for the replies
     
    Regarding the use of Transport Rules on an Edge server - I couldnt see any way I could do this as the rules were too limiited? I did however wonder about writing a transport agent although this would need more work than using something 'out of the box'.
     
     
    For address re-writing and forwarding, one issue (the I forgot to mention) I have is organisation B's Exchange also host mail for another organsation, ideally I would like to have been able to have had the address re-written when a user who is hosted on org B's Exchange (but wants to use the SMTP domain of org A which org A is authoratative for) when they send mail to this other organisation. As this would effectivly just be internal there wouldnt be an opportunity to re-write the address?

    Also, instead of address re-writing could I not just do the following?

    • Org A is authoritative for the smtp domain
    • Org A has contact objects for users with mailboxes in org B where their address is the shared domain and they have an org B external/ targetAddress (so mail is forwarded)
    • Org B user mailboxes has a primary/reply address of the shared domain and its own org b address as another proxy address
    • Create send connectors between the two

    It seems to work ok in the lab but not sure if there's a reason this wouldnt work?

    It doesn’t split mail the way I wanted to but does at least do the job of sharing the smtp namespace in the same way as an internal relay domain?

    Monday, June 13, 2011 11:22 AM