Hello.
There are two infrastructures.
First: Edge + Gfi Antispam -> Exchange 2019 on-premise.
The second: Edge -> Exchange 2019 on-premise.
There is a two-way trust relationship between us.
Question: Can I take their domain mail to my Edge server for spam filtering and forward it to their mail server?
Hi,
You could refer to the official document below to get more information about: Allow anonymous relay on Exchange servers
The anonymous relay is associated with Front-End Transport Services. For Exchange 2019, it should be hosted on the mailbox role server. And it only has Transport services on the Edge server.
And the configuration for send connectors:
Send connectors in Exchange Server
A related thread here: How to configure Edge Transport server to relay external domains
If an Answer is helpful, please click "Accept Answer" and upvote it.
Note: Please follow the steps in our documentation to enable e-mail notifications if you want to receive the related email notification for this thread.
Hi,
I am writing to see how everything is going on with this thread. If you still have further concern on this, please feel free to let us know.
If an Answer is helpful, please click "Accept Answer" and upvote it.
Note: Please follow the steps in our documentation to enable e-mail notifications if you want to receive the related email notification for this thread.
Hello. I don't really understand.
I have to switch their MX records to my Edge server.
Allow anonymous reception on the Edge server ?
on MAILBOX make a forwarding connector to their mail server ?
Sure, you wont be able to subscribe to the other AD forest, but you dont need to.
Their mx record points to your Edge, then you create a send connector based using their SMTP address space and forward to their mail server.
Their mx record points to your Edge, then you create a send connector based using their SMTP address space and forward to their mail server.
Can you tell me more about it? I guess I have to create a connector using PowerShell on the Edge server ?
By the way is this other domain an accepted domain in your org? Just thinking about this, it occurred to me this may be a sticking point since you need to essentially relay anonymously- which means a specific receive connector for the relay and that may not work since you are receiving these messages from the internet
We have full access to this domain.By the way is this other domain an accepted domain in your org?
Hi @47451047
Relay is configured on a receive connector, while the recipient scope is specified on a send connector.
Yes, point their MX records to your Edge server
Configure a receive connector to allow Anonymous Relay. discussion here: How to configure Edge Transport server to relay external domains
Your send connetor to that domain should be created on Edge server.
If an Answer is helpful, please click "Accept Answer" and upvote it.
Note: Please follow the steps in our documentation to enable e-mail notifications if you want to receive the related email notification for this thread.
Hi,
New-ReceiveConnector -Name "Anonymous Relay" -TransportRole FrontendTransport -Custom -Bindings 0.0.0.0:25 -RemoteIpRanges 192.168.5.10,192.168.5.11
Set-ReceiveConnector "Anonymous Relay" -PermissionGroups AnonymousUsers
Get-ReceiveConnector "Anonymous Relay" | Add-ADPermission -User "NT AUTHORITY\ANONYMOUS LOGON" -ExtendedRights "Ms-Exch-SMTP-Accept-Any-Recipient"
Set-ReceiveConnector "Anonymous Relay" -AuthMechanism ExternalAuthoritative -PermissionGroups ExchangeServers
14 people are following this question.
