none
Routing Email to Un-Accepted Domain Internally

    Question

  • Hi All,

    This is a bit peculiar. But it’s been bugging me for some time now. Its nothing like I need to implement or need this, but just a concern to understand mail routing.

    I was able to route email to

    myname@gmail.cominternally back in Exchange 2003 to a mailbox hosted inside mydomain.com. I didn’t add the email domain to accepted domain as we say now.

    As per the reading and available information from MS for Exchange 2013, it is possible to route emails only if we add the email domain to the accepted domains list.

    Even the email policy will not let you save information if the domain is first not added in accepted domain.


    If you delete an accepted domain that's used in an email address policy, the policy is no longer valid, and recipients with email addresses in that SMTP domain will be unable to send or receive email.


     

    However adding

    myname@gmail.comis allowed as an additional SMTP address to MAILBOX ENABLED local user (I’m not talking about external contact or Mail Enabled user here)

    We typing

    myname@gmail.comon new email GAL resolves it and lets me send email to the local user. (Even if I hide the user I believe it will work)

    I’m trying to understand what is happening here and why it is accepting the email addressed to gmail.com(delivering it to local mailbox) instead of routing it out to internet.

    Any reference to this in MS article.

    Doing this in a accepted domain scenario makes sense, by how it works without the domain in accepted domain list works. How does categorizer works.

    My Findings:


    *The categorizer resolves the message sender by searching for the address in the ‘proxyAddresses’ attribute in Active Directory.

    *The categorizer also resolves the message recipients by searching for the addresses in the ‘proxyAddresses’ attribute in Active Directory.

    *The categorizer also checks to verify that the mail attribute exists in Active Directory, and stamps the mail attribute as the SMTP address.

    *For local delivery, the categorizer marks the recipient as local by setting a per-recipient property on a message indicating the destination server for each recipient.

     

     


    So,

    Q:If we don’t have domain mentioned in accepted domain, is exchange going to accept email for it at all?

    A: NO (Microsoft says)

    What I think what MS means is Accepted Domain basically refers to emails coming from outside the exchange, which will not be accepted.

    That would refer to the ‘SMTP Receive’ process of submission (

    From SMTP Receive through a Receive connector).  But internal would be process of submission (Through a transport agent and would bypass the Accepted Domain check.)

     

    Let me know your views and test results if you happen to test it.


    Regards,

    Satyajit

    Please“Vote As Helpful” if you find my contribution useful or “MarkAs Answer” if it does answer your question. That will encourage me - and others - to take time out to help you.


    • Edited by Satyajit321 Monday, September 15, 2014 7:19 AM
    Monday, September 15, 2014 7:19 AM

Answers

  • The only place that an address to which you are routing mail should be is in the ExternalEmailAddress property of a mail contact or mail user (a mail user has no Exchange mailbox, it has one outside the organization).

    If you add an e-mail address to any mail recipient in EmailAddresses, it's an inbound address.  It's matched and the mail goes to the recipient who has the address.

    A domain has to be in accepted domains for Exchange to accept mail for it from outside the organization, even if it's rerouting that mail somewhere else.


    Ed Crowley MVP "There are seldom good technological solutions to behavioral problems."

    • Marked as answer by Satyajit321 Thursday, September 18, 2014 12:16 PM
    Thursday, September 18, 2014 7:01 AM
    Moderator

All replies

  • The only place that an address to which you are routing mail should be is in the ExternalEmailAddress property of a mail contact or mail user (a mail user has no Exchange mailbox, it has one outside the organization).

    If you add an e-mail address to any mail recipient in EmailAddresses, it's an inbound address.  It's matched and the mail goes to the recipient who has the address.

    A domain has to be in accepted domains for Exchange to accept mail for it from outside the organization, even if it's rerouting that mail somewhere else.


    Ed Crowley MVP "There are seldom good technological solutions to behavioral problems."

    • Marked as answer by Satyajit321 Thursday, September 18, 2014 12:16 PM
    Thursday, September 18, 2014 7:01 AM
    Moderator
  • Hi Ed,

    Thanks for the clarification.

    This however gives arise to another doubt.

    How is NDR generated for non-existent internal email. Let me know if my understanding is correct.

    xzy@mydomain.com

    1.Email is searched in AD for matching  EmailAddresses attribute. (Non found)

    2.Next It goes to Accepted Domain list and checks if its authoritative for this domain (Yes, Generates NDR, NO goes next)

    3. Next Its routed to the Send Conenctors for possible match and sent; else If nothing matched it sent via the * Send Connector


    Regards,

    Satyajit

    Please “Vote As Helpful” if you find my contribution useful or “Mark As Answer” if it does answer your question. That will encourage me - and others - to take time out to help you.

    Thursday, September 18, 2014 12:25 PM
  • I believe your logic is more or less correct.  Regarding #3, send connectors can have the domain or a partial match.  The connector with the most specific match is used.

    Ed Crowley MVP "There are seldom good technological solutions to behavioral problems."

    Thursday, September 18, 2014 3:00 PM
    Moderator
  • Hi Ed,

    Thanks again.


    Regards,

    Satyajit

    Please “Vote As Helpful” if you find my contribution useful or “Mark As Answer” if it does answer your question. That will encourage me - and others - to take time out to help you.

    Tuesday, September 23, 2014 9:28 AM
  • You're welcome.  Happy to have helped.

    Ed Crowley MVP "There are seldom good technological solutions to behavioral problems."

    Tuesday, September 23, 2014 7:31 PM
    Moderator