1

Will be testing thoroughly, but I need to share an email domain namespace across three organizations without VPN tunnels nor Active Directory integration.

I have setup a test configuration using Internal Relay as the Accepted Domain configuration option at locations "A" and "B" as well as configuring the Send Connectors with the appropriate address space, cost, and smarthost (A to B, B to A); mail is flowing fine at the moment, both directions.

However, I'm not sure how location "C" is going to play out: I initially thought I'd add a second Send Connector with same address space, but a higher cost for the third location on each Exchange Server, as follows:

Location A:

Send Connector #1: "to Location B", address space example.com, cost 5 Send Connector #2: "to Location C", address space example.com, cost 10

Rinse and repeat for the other two locations.

So for example if location A user alice@example.com sends an email to location C user charles@example.com, since Send Connector #1 has the lower cost (higher priority), it will try there first, at which point Location B's Exchange Server would respond with a 550 Unknown User.

Here's my question: will Location A's Exchange Server try Send Connector #2 or because it's a permanent failure, Exchange will just send an NDR to Alice? I'm assuming it's the latter.

If so, is there a way to alter this? How else would you recommend handling this situation? I've looked into doing automatic forwarders to Contacts that represent a "glue" domain (i.e. create a sub-domain off of example.com, i.e. A.example.com, B.example.com, etc.) but that really looks kludgy and unsustainable.

gravyface
  • 13,957
  • 19
  • 68
  • 100
  • I've done it with 2 servers but not 3. However, I would think you'd want to set the 3rd server as the "Authoritative domain" for example.com. Email would come in to #1, relay to #2, relay again to #3 and then stop there. – TheCleaner Oct 09 '13 at 16:32
  • I don't think that's going to work because what happens when #3 wants to email #2 or #1? the local Exchange will throw a 550 unknown user instead of relaying to #2 (and/or #1; same problem as described in my question). – gravyface Oct 09 '13 at 18:33
  • Have galsync between them so that they know about each recipient. By having the local "contacts" for users that are exist on #1 and #2, then #3 knows they exist and since they are contacts they get sent out the normal SMTP send connector. At that point the interweb MX record routes the email over to #1 and #1 either takes it (mailbox on #1) or sends it over to #2 (mailbox exists there). Same thing happens on the others. So if #2 is sending to a user on #1 they will use the user contact on #2, send out external and come back in #1. With #3 authortitative there isn't a loop. – TheCleaner Oct 11 '13 at 15:03
  • @TheCleaner sounds more brittle than just setting it up as described below, plus the added cost of Galsync, I'm assuming. – gravyface Oct 11 '13 at 15:06
  • It's more for preventing the loop I guess. It was the way that MS told me was the best option. Here's some of the links I used: http://technet.microsoft.com/en-us/library/aa996314(v=exchg.141).aspx and http://technet.microsoft.com/en-us/library/bb676395(v=exchg.141).aspx and we used http://www.netsec.de/en/products/galsync/ -- but one of our corporate requirements was that we needed shared GALs so that the merged companies wouldn't complain about "we don't know your email address". – TheCleaner Oct 11 '13 at 15:08
  • Oh we also needed this: http://www.tools4exchange.com/2010/07/galsync-and-federation-using-exchange-2010---part-i.html - federation was needed beyond just SMTP namespace sharing. – TheCleaner Oct 11 '13 at 15:11
  • @TheCleaner cool, thanks for that. We'll see how this goes; the loop seems to be prevented by Exchange by default, received an NDR after bouncing around about 10 times: #5.4.6 smtp;554 5.4.6 Hop count exceeded - possible mail loop – gravyface Oct 11 '13 at 15:51
  • BTW, another prime example of a question worthy of upvotes that wasn't. – TheCleaner Oct 11 '13 at 17:53

1 Answers1

1

Having two Send Connectors does not appear to work as suspected. I had to configure a single Send Connector on each location's mail server as follows and permit relaying on each location's Receive Connector that's tied to their sibling location (see below).

Location A -> Location B -> Location C -> Location A

I tested with an invalid recipient from Location A's test user and Location A's mail server prevented the loop by silently failing with a "Local Loop Detected" error, but no NDR was sent.

gravyface
  • 13,957
  • 19
  • 68
  • 100