Hello guys,

We are looking for a solution for the following problem.

We have a company for whom we host exchange 2013 with 3 domains. This works great.

Now we would like to be able to send from another domain (domain-C) we do not host. 

Of course, as seen in my previous post this is not ethical as then we had no connection with the domain-C.

We have been searching for a solution, and I think we found that based on these settings;

Under mail flow - send connectors we create a new SMTP connector with domain-C as FQDN. 

This is bound to the smart host (IP of mail server that host domain-C). There we need some kind of authentication with the google servers that host domain-C.

Are we on the right track here?

Hi MIEGroup,

It is a feasible way, however, if you do like this, what the user wants to do is basically "spoofing", which might not even work at all in the domain in question has setup SPF records in DNS. Then the message could be marked as spam or blocked entirely and potentially blacklist your sending IPs. 

In addition, you can refer the following similar thread, it may give you some hints to avoid spam:

https://social.technet.microsoft.com/Forums/office/en-US/4c1bda0c-3681-485d-a10f-6ad2832da867/allow-external-domain-to-send-on-behalf-of-user?forum=exchangesvradminlegacy

Best regards,

Hello Niko,

Thank you for the reply.

If I am correct using the google server as smart host(where the send on behalf domain is located) to send out the mails to the recipient should not be flagged as spam right? The reverse DNS will point to the google server that sends the mail.

The link you provide looks to me based on the google settings, not my exchange server side.

Hi Rene,

You are right. But here are few things that you need to take care of.

1. On Exchange:Configure new Send Connector for the specific remote domain with Google Servers as smarthost. Create a Send connector to route outbound email through a smart host

2.On Google Admin console - Google Apps for domain-C, you should have the setting enabled to allow SMTP relay using Gmail using your sending Ex servers IPs.

Steps:

Gmail SMTP relay service setting

If your organization uses a non-Gmail email service, such as Microsoft Exchange (or other non-Google SMTP service), you can use the SMTP relay service setting to route outgoing mail through Google. This setting enables you to filter messages for spam and viruses before they reach external contacts, and to apply Google Apps email security settings to outgoing messages.

Note: SMTP relay service is not available with the legacy free edition of Google Apps.

Sending limits for the SMTP relay service
When you've configured the SMTP relay service, youll need to configure your on-premise outbound mail server or other SMTP service to point to Google. See the steps below for instructions.

To route your outbound mail through Google Apps using the SMTP relay service setting:
Note: After you enter and save an IP address or range, you can enable or disable it in the future by checking or unchecking the box to the left of the entry.

1.     Sign in to the Google Admin console.
       From the dashboard, go to Apps > Google Apps > Gmail > Advanced settings.
2.     In the Authentication section, check one or both boxes to set an authentication method:
3.     Only accept mail from the specified IP addressesThe system only accepts mail sent from these IP   addresses as coming from your domains.

Read the article for full details:

https://support.google.com/a/answer/2956491?hl=

Hello Satyajit,

Thank you for the reply.

The relay settings within google are made.

Also there is a send connector configured for the domain-C with google as a smart host.

However, exchange is finding it difficult to be able to use 2 send connectors.

Even when the domain-C is first in the "cost" to send, mail issnt going out.

Satyajit's suggestion should do the trick. Have you made sure that the other send connector doesn't have domain-C listed as well in the address space?

Hi Rene,

Just as Keith pointed out.

"A common misconception is that outbound email can be load-balanced  for Exchange simply by provisioning two equal cost Send Connectors,  either using DNS to route directly or routing via a smart host for each  Send Connector.

When the cost of the Send Connectors and the proximity to their  source servers are the same, Exchange will simply choose the one with  the alphanumerically lower connector name, and will not load balance the outgoing email across both connections.

The correct solution is to deploy a single Send Connector with multiple  smart hosts."

Run Get-SendConnector look for the address spaces.

Found another solution:

1. Define a target Host Name for your SmartHost for instance: mail.company.local
2. Create TWO MX records:
         mail.company.local     MX    10   smtpA.company.local.
         mail.company.local     MX    20   smtpB.company.local.
3. Configure your SendConnector DNS or source server host file to resolve these names.

In this scenario, your SmartHost as defined in your Send Connector would be "mail.company.local", directing to smtp1.company.local always, and if it goes down, will start using smtp2.company.local.

References:

http://exchangeserverpro.com/exchange-2010-load-balance-outbound-email/