Exchange 2013/Exchange 2010 混合部署中的传输路由Transport routing in Exchange 2013/Exchange 2010 hybrid deployments

本主题讨论来自 Internet 的入站邮件和发送到 Internet 的出站邮件的路由选项。This topic discusses your routing options for inbound messages from the Internet and outbound messages to the Internet.

重要

不要在处理或修改 SMTP 通信的内部部署 Exchange 服务器和 Office 365 之间放置任何服务器、服务或设备。内部部署 Exchange 组织和 Office 365 之间的安全邮件流取决于组织之间发送的邮件中包含的信息。支持允许 TCP 端口 25 上的 SMTP 通信通过而无需修改的防火墙。如果服务器、服务或设备处理内部部署 Exchange 组织和 Office 365 之间发送的邮件,此信息将被删除。如果发生这种情况,该邮件将不再被视为组织内部邮件,并且将会对其应用反垃圾邮件筛选、 传输和日记规则以及可能不适用于它的其他策略。Don't place any servers, services, or devices between your on-premises Exchange servers and Office 365 that process or modify SMTP traffic. Secure mail flow between your on-premises Exchange organization and Office 365 depends on information contained in messages sent between the organization. Firewalls that allow SMTP traffic on TCP port 25 through without modification are supported. If a server, service, or device processes a message sent between your on-premises Exchange organization and Office 365, this information is removed. If this happens, the message will no longer be considered internal to your organization and will be subject to anti-spam filtering, transport and journal rules, and other policies that may not apply to it.

备注

本主题中的示例不包括将边缘传输服务器添加到混合部署中。邮件在内部部署组织、Exchange Online 组织与 Internet 之间采用的路由不会随着添加边缘传输服务器而更改。只有内部部署组织中的路由会更改。有关向混合部署添加边缘传输服务器的详细信息,请参阅 Exchange 2013/Exchange 2010 混合部署中的边缘传输服务器The examples in this topic don't include the addition of Edge Transport servers into the hybrid deployment. The routes messages take between the on-premises organization, the Exchange Online organization, and the Internet don't change with the addition of an Edge Transport server. The routing only changes within the on-premises organization. For more information about adding Edge Transport servers to a hybrid deployment, see Edge Transport servers in Exchange 2013/Exchange 2010 hybrid deployments.

来自 Internet 的入站邮件Inbound messages from the Internet

作为计划和配置混合部署的一部分,需要决定是否想要通过 Exchange Online 或本地组织路由来自 Internet 发件人的所有邮件。所有来自 Internet 发件人的邮件最初会传递到所选的组织,然后根据收件人邮箱所在的位置路由。是否选择通过 Exchange Online 或本地组织路由邮件取决于各种因素,包括是否想要对发送到两种组织的所有邮件应用合规性策略以及每个组织中的邮箱数等。As part of planning and configuring your hybrid deployment, you need to decide whether you want all messages from Internet senders to be routed through Exchange Online or your on-premises organization. All messages from Internet senders will initially be delivered to the organization you select and then routed according to where the recipient's mailbox is located. Whether you choose to have messages routed through Exchange Online or your on-premises organization depends on various factors, including whether you want to apply compliance policies to all messages sent to both organizations, how many mailboxes are in each organization, and so on.

本地和 Exchange Online 组织中发送到收件人的路径取决于在混合部署中决定如何配置 MX 记录。首选方法是配置 MX 记录,使其指向 Office 365 中的 Exchange Online Protection (EOP),因为该配置提供最准确的垃圾邮件筛选。混合邮件配置向导不配置本地或 Exchange Online 组织的进站 Internet 邮件的路由。如果想要更改进站 Internet 邮件传递的方式,则必须手动配置 MX 记录。The path messages sent to recipients in your on-premises and Exchange Online organizations take depends on how you decide to configure your MX record in your hybrid deployment. The preferred method is to configure your MX record to point to Exchange Online Protection (EOP) in Office 365 as this configuration provides the most accurate spam filtering. The Hybrid Configuration wizard doesn't configure the routing for inbound Internet messages for either the on-premises or Exchange Online organizations. You must manually configure your MX record if you want to change how your inbound Internet mail is delivered.

  • 如果更改你的 MX 记录使其指向 Office 365 中的 Exchange Online Protection 服务: 这是混合部署推荐的配置。所有发送到任一组织中的任何收件人的邮件都将首先通过 Exchange Online 组织路由。发往位于本地组织中的收件人的邮件会首先通过 Exchange Online 组织路由,随后传递到本地组织中的收件人。如果你的 Exchange Online 组织中的收件人数量比本地组织中的多,并且如果你希望邮件被 EOP 筛选,则推荐该路由。Exchange Online Protection 需要该配置选项,以提供对垃圾邮件的扫描和阻止。If you change your MX record to point to the Exchange Online Protection service in Office 365: This is the recommended configuration for hybrid deployments. All messages sent to any recipient in either organization will be routed through the Exchange Online organization first. A message addressed to a recipient that's located in your on-premises organization will be routed first through your Exchange Online organization and then delivered to the recipient in your on-premises organization. This route is recommended if you have more recipients in your Exchange Online organization than in your on-premises organization and if you would like messages filtered by EOP. This configuration option is required for Exchange Online Protection to provide scanning and blocking for spam.

  • 如果您决定保留 MX 记录指向内部部署组织: 将首先通过内部部署组织路由所有发送到在任一组织中任何收件人的邮件。将首先路由至内部部署组织,然后传递给收件人在 Exchange Online 邮件发送到位于 Exchange Online 中的收件人。此路由可能非常有帮助的组织中必须检查通过日记解决方案的要求邮件发送到 / 发送组织合规性策略。如果选择此选项,Exchange Online Protection 不能有效地扫描的垃圾邮件。If you decide to keep your MX record pointed to your on-premises organization: All messages sent to any recipient in either organization will be routed through your on-premises organization first. A message addressed to a recipient that's located in Exchange Online will be routed first through your on-premises organization and then delivered to the recipient in Exchange Online. This route can be helpful for organizations where you have compliance policies that require messages sent to and from an organization be examined by a journaling solution. If you pick this option, Exchange Online Protection will not be able to effectively scan for spam messages.

有关详细信息,请参阅 Mail flow best practices for Exchange Online and Office 365 (Overview)For more information, see Mail flow best practices for Exchange Online and Office 365 (Overview).

阅读下面与您计划将从 Internet 收件人发送的邮件路由到内部部署和 Exchange Online 收件人的方式相匹配的章节。Read the section below that matches how you plan to route messages sent from Internet recipients to your on-premises and Exchange Online recipients.

通过 Exchange Online 组织路由入站 Internet 邮件Route incoming Internet messages through the Exchange Online organization

以下步骤和图表举例说明了在指向 MX 记录到 Office 365 组织中的 EOP 服务的情况下,混合部署中出现的入站邮件路径。邮件路径因是否选择启用集中邮件传输而异。The following steps and diagrams illustrate the inbound message path that occur in your hybrid deployment if you decide to point your MX record to the EOP service in the Office 365 organization. The message path differs depending on whether you choose to enable centralized mail transport.

重要

对于接收首先传递到 EOP 然后通过 Exchange Online 组织进行路由的邮件的每个内部部署邮箱,可能需要购买 EOP 许可证。有关详细信息,请与您的 Microsoft 经销商联系。You may need to purchase EOP licenses for each on-premises mailbox that receives messages that are first delivered to EOP and then routed through the Exchange Online organization. Contact your Microsoft reseller for more information.

当集中邮件传输被禁用(默认配置)时,混合部署中的入站 Internet 邮件按以下路由:When centralized mail transport is disabled (default configuration), incoming Internet messages are routed as follows in a hybrid deployment:

  1. 入站邮件从 Internet 发件人发送给收件人 chris@contoso.com 和 david@contoso.com。Chris 的邮箱位于内部部署组织中的 Exchange 2010 邮箱服务器上。David 的邮箱位于 Exchange Online 中。An inbound message is sent from an Internet sender to the recipients chris@contoso.com and david@contoso.com. Chris's mailbox is located on an Exchange 2010 Mailbox server in the on-premises organization. David's mailbox is located in Exchange Online.

  2. 因为这两个收件人都有 contoso.com 电子邮件地址,并且 contoso.com 的 MX 记录指向 EOP,所以邮件会传递到 EOP。Because the recipients both have contoso.com email addresses, and the MX record for contoso.com points to EOP, the message is delivered to EOP.

  3. EOP 将两个收件人的邮件都路由到 Exchange Online。EOP routes the messages for both recipients to Exchange Online.

  4. Exchange Online 对邮件进行病毒扫描并对每个收件人执行查找。通过查找,确定 Chris 的邮箱位于内部部署组织中,而 David 的邮箱位于 Exchange Online 组织中。Exchange Online scans the messages for viruses and performs a lookup for each recipient. Through the lookup, it determines that Chris's mailbox is located in the on-premises organization while David's mailbox is located in the Exchange Online organization.

  5. Exchange Online 将邮件拆分为两个副本。将邮件的一个副本传递到 David 的邮箱。Exchange Online splits the message into two copies. One copy of the message is delivered to David's mailbox.

  6. 将第二个副本从 Exchange Online 发送回 EOP。The second copy is sent from Exchange Online back to EOP.

  7. EOP 发送邮件到内部部署组织中的 Exchange 2013 客户端访问服务器。EOP sends the message to the Exchange 2013 Client Access servers in the on-premises organization.

  8. Exchange 2013 客户端访问服务器通过在 Exchange 2013 服务器和 Exchange 2010 集线器传输服务器之间配置的路由组连接器发送邮件。The Exchange 2013 Client Access server sends the message through the routing group connector that's configured between the Exchange 2013 server and the Exchange 2010 Hub Transport server.

  9. Exchange 2010 邮箱服务器接收邮件并传递到 Chris 的邮箱。在此示例中,客户端访问和邮箱服务器角色安装在同一 Exchange 2013 服务器上。The Exchange 2010 Mailbox server receives the message and delivers it to Chris's mailbox. In this example, the Client Access and Mailbox server roles are installed on the same Exchange 2013 server.

    通过 Exchange Online 组织为内部部署组织和 Exchange Online 组织路由邮件,同时禁用集中邮件传输(默认配置)Route mail through the Exchange Online organization for both on-premises and Exchange Online organizations with centralized mail transport disabled (default configuration)

通过 EXO 的入站邮件(未集中传输)

当集中邮件传输被启用时,混合部署中的入站 Internet 邮件按以下路由:When centralized mail transport is enabled, incoming Internet messages are routed as follows in a hybrid deployment:

  1. 入站邮件从 Internet 发件人发送给收件人 chris@contoso.com 和 david@contoso.com。Chris 的邮箱位于内部部署组织中的 Exchange 2010 邮箱服务器上。David 的邮箱位于 Exchange Online 中。An inbound message is sent from an Internet sender to the recipients chris@contoso.com and david@contoso.com. Chris's mailbox is located on an Exchange 2010 Mailbox server in the on-premises organization. David's mailbox is located in Exchange Online.

  2. 因为这两个收件人都有 contoso.com 电子邮件地址,并且 contoso.com 的 MX 记录指向 EOP,所以邮件会传递到 EOP 并扫描病毒。Because the recipients both have contoso.com email addresses, and the MX record for contoso.com points to EOP, the message is delivered to EOP and scanned for viruses.

  3. 由于启用了集中邮件传输,EOP 会将这两个收件人的邮件路由到内部部署 Exchange 2013 客户端访问服务器。Since centralized mail transport is enabled, EOP routes the messages for both recipients to the on-premises Exchange 2013 Client Access server.

  4. Exchange 2013 服务器为每个收件人执行查找。通过查找,确定 Chris 的邮箱位于内部部署组织中,而 David 的邮箱位于 Exchange Online 组织中。The Exchange 2013 server performs a lookup for each recipient. Through the lookup, it determines that Chris's mailbox is located in the on-premises organization while David's mailbox is located in the Exchange Online organization.

  5. Exchange 2013 服务器将邮件拆分为两个副本。邮件的一个副本被发送给 Chris 在内部部署 Exchange 2010 邮箱服务器中的邮箱。The Exchange 2013 server splits the message into two copies. One copy of the message is delivered to Chris's mailbox in the on-premises Exchange 2010 Mailbox server.

  6. 第二个副本从 Exchange 2013 服务器发送回 EOP。The second copy is sent from the Exchange 2013 server back to EOP.

  7. EOP 将邮件发送到 Exchange Online。EOP sends the message to Exchange Online.

  8. Exchange 将邮件发送到 David 的邮箱。在此示例中,客户端访问和邮箱服务器角色安装在同一 Exchange 2013 服务器上。Exchange delivers the message to David's mailbox. In this example, the Client Access and Mailbox server roles are installed on the same Exchange 2013 server.

    通过 Exchange Online 组织为内部部署组织和 Exchange Online 组织路由邮件,同时启用集中邮件传输Route mail through the Exchange Online organization for both on-premises and Exchange Online organizations with centralized mail transport enabled

通过 EXO 的入站邮件(集中传输)

通过内部部署组织路由入站 Internet 邮件Route incoming Internet messages through your on-premises organization

以下步骤和图表举例说明了在决定保持指向您的内部部署组织的 MX 记录的情况下,混合部署中将出现的入站 Internet 邮件路径。The following steps and diagram illustrate the inbound Internet message path that will occur in your hybrid deployment if you decide to keep your MX record pointed to your on-premises organization.

  1. 入站邮件从 Internet 发件人发送给收件人 chris@contoso.com 和 david@contoso.com。Chris 的邮箱位于内部部署组织中的 Exchange 2010 邮箱服务器上。David 的邮箱位于 Exchange Online 中。An inbound message is sent from an Internet sender to the recipients chris@contoso.com and david@contoso.com. Chris's mailbox is located on an Exchange 2010 Mailbox server in the on-premises organization. David's mailbox is located in Exchange Online.

  2. 因为这两个收件人都有 contoso.com 电子邮件地址,并且 contoso.com 的 MX 记录指向内部部署组织,所以邮件会传递到 Exchange 2010 集线器传输服务器。Because the recipients both have contoso.com email addresses, and the MX record for contoso.com points to the on-premises organization, the message is delivered to an Exchange 2010 Hub Transport server.

  3. Exchange 2010 邮箱服务器使用内部部署全局编录服务器对每个收件人执行查找。通过全局编录查找,该服务器可确定 Chris 的邮箱位于 Exchange 2010 邮箱服务器上,而 David 的邮箱在 Exchange Online 组织中,并具有混合路由地址 david@contoso.mail.onmicrosoft.com。The Exchange 2010 Mailbox server performs a lookup for each recipient using an on-premises global catalog server. Through the global catalog lookup, it determines that Chris's mailbox is located on the Exchange 2010 Mailbox server while David's mailbox is located in the Exchange Online organization and has a hybrid routing address of david@contoso.mail.onmicrosoft.com.

  4. Exchange 2010 邮箱服务器将邮件拆分为两个副本。将邮件的一个副本传递到 Chris 的邮箱。The Exchange 2010 Mailbox server splits the message into two copies. One copy of the message is delivered to Chris's mailbox.

  5. 邮件的第二个副本通过在 Exchange 2013 服务器与 Exchange 2010 服务器之间配置的路由组连接器发送。The second copy of the message is sent through the routing group connector that's configured between the Exchange 2013 server and the Exchange 2010 server.

  6. Exchange 2013 邮箱服务器通过配置为使用 TLS 的发送连接器将邮件发送到 EOP。EOP 接收传送给 Exchange Online 组织的邮件。The Exchange 2013 Mailbox server sends the message to EOP using a Send connector configured to use TLS. EOP receives messages sent to the Exchange Online organization.

  7. EOP 将邮件发送到 Exchange Online 组织,在该组织中对邮件进行病毒和基于内容的垃圾邮件的扫描并将其传递到 David 的邮箱。在此示例中,客户端访问和邮箱服务器角色安装在同一 Exchange 2013 服务器上。EOP sends the message to the Exchange Online organization where the message is scanned for viruses and content-based spam and then delivered to David's mailbox. In this example, the Client Access and Mailbox server roles are installed on the same Exchange 2013 server.

    通过内部部署组织为内部部署组织和 Exchange Online 组织路由邮件Route mail through the on-premises organization for both on-premises and Exchange Online organizations

通过内部部署的入站邮件

发送到 Internet 的出站邮件Outbound messages to the Internet

除了选择如何对发送给组织中的收件人的入站邮件进行路由之外,还可以选择如何对从 Exchange Online 收件人发送的出站邮件进行路由。运行"混合配置"向导时,可以选择两个选项之一:In addition to choosing how inbound messages addressed to recipients to your organizations are routed, you can also choose how outbound messages sent from Exchange Online recipients are routed. When you run the Hybrid Configuration wizard, you can select one of two options:

  • 不启用集中邮件传输 该选项在混合配置向导中默认选择,可直接将从 Exchange Online 组织发送的出站邮件路由到 Internet。如果无需将任何内部部署合规性策略或其他处理规则应用于从 Exchange Online 组织中的收件人发送的邮件,请使用此选项。Don't enable centralized mail transport Selected by default in the Hybrid Configuration wizard, this option routes outbound messages sent from the Exchange Online organization directly to the Internet. Use this option if you don't need to apply any on-premises compliance policies or other processing rules to messages that are sent from recipients in the Exchange Online organization.

  • 启用集中邮件控制 选择此选项将通过内部部署组织路由从 Exchange Online 组织发送的出站邮件。除了向同一个 Exchange Online 组织中的其他收件人发送的邮件之外,从 Exchange Online 组织中的收件人发送的所有出站邮件都会通过内部部署组织发送。这使您可以将合规性规则应用于这些邮件以及必须应用于所有收件人(无论这些收件人是处于 Exchange Online 组织中还是处于内部部署组织中)的任何其他过程或要求。Enable centralized mail transport Selecting this option routes outbound messages sent from the Exchange Online organization through your on-premises organization. Except for messages sent to other recipients in the same Exchange Online organization, all outbound messages sent from recipients in the Exchange Online organization are sent through the on-premises organization. This enables you to apply compliance rules to these messages and any other processes or requirements that must be applied to all of your recipients, regardless of whether they're located in the Exchange Online organization or the on-premises organization.

    备注

    仅对具有与符合性相关的特定传输需求的组织推荐使用集中式邮件传输。我们建议典型的 Exchange 组织不要启用集中式邮件传输。Centralized mail transport is only recommended for organizations with specific compliance-related transport needs. Our recommendation for typical Exchange organizations is not to enable centralized mail transport.

从内部部署收件人发送的邮件会始终使用 DNS 直接发送到 Internet 收件人(无论在“混合配置”向导中选择了以上哪个选项)。Messages sent from on-premises recipients are always sent to directly to Internet recipients using DNS regardless of which of the above choices you select in the Hybrid Configuration wizard.

以下步骤和图表说明从内部部署收件人发送的邮件的出站邮件路径。The following steps and diagram illustrate the outbound message path for messages sent from on-premises recipients.

  1. 在内部部署 Exchange 2010 邮箱服务器上拥有一个邮箱的 Chris 将一封邮件发送给外部 Internet 收件人 erin@cpandl.com。Chris, who has a mailbox on the on-premises Exchange 2010 Mailbox server, sends a message to an external Internet recipient, erin@cpandl.com.

  2. Exchange 2010 邮箱服务器将邮件发送到 Exchange 2010 集线器传输服务器。The Exchange 2010 Mailbox server sends the message to the Exchange 2010 Hub Transport server.

  3. Exchange 2010 集线器传输服务器查找 cpandl.com 的 MX 记录,然后将邮件发送到位于 Internet 上的 cpandl.com 邮件服务器。The Exchange 2010 Hub Transport server looks up the MX record for cpandl.com and sends the message to thecpandl.com mail servers located on the Internet.

    从内部部署发件人发送给 Internet 收件人的邮件Messages from on-premises senders to Internet recipients

从内部部署发出的出站邮件

阅读下面与您计划将从 Exchange Online 组织中收件人发送的邮件路由到 Internet 收件人的方式相匹配的章节。Read the section below that matches how you plan to route messages sent from recipients in the Exchange Online organization to Internet recipients.

使用 DNS(集中式邮件传输已禁用)传递来自 Exchange Online 的 Internet 邮件。Deliver Internet-bound messages from Exchange Online using DNS (Centralized mail transport disabled)

下面的步骤和关系图说明如何从 Exchange Online 的收件人发送给 Internet 收件人的邮件未在混合配置向导中选择启用集中邮件传输时出现的出站消息路径其是默认配置。The following steps and diagram illustrate the outbound message path for messages sent from Exchange Online recipients to an Internet recipient that occur when Enable centralized mail transport is not selected in the Hybrid Configuration wizard, which is the default configuration.

  1. 在内部部署 Exchange Online 组织中拥有一个邮箱的 David 将一封邮件发送给外部 Internet 收件人 erin@cpandl.com。David, who has a mailbox in the Exchange Online organization, sends a message to an external Internet recipient, erin@cpandl.com.

  2. Exchange Online 对邮件进行病毒扫描并将邮件发送给 Exchange Online EOP 服务。Exchange Online scans the message for viruses and sends the message to the Exchange Online EOP service.

  3. EOP 会在 MX 记录中查找 cpandl.com,并将邮件发送给位于 Internet 上的 cpandl.com 邮件服务器。EOP looks up the MX record for cpandl.com and sends the message to the cpandl.com mail servers located on the Internet.

    来自 Exchange Online 发件人的邮件将直接路由到 Internet,同时禁用集中邮件传输(默认配置)Mail from Exchange Online senders routed directly to the Internet with centralized mail transport disabled (default configuration)

直接从 Exchange Online 发出的出站邮件

通过本地组织路由来自 Exchange Online 的 Internet 邮件(集中式邮件传输已启用Route Internet-bound messages from Exchange Online through your on-premises organization (Centralized mail transport enabled)

下面的步骤和关系图阐释了当您选择混合配置向导中的启用集中邮件传输时出现的消息从 Exchange Online 的收件人发送给 Internet 收件人的出站邮件路径。The following steps and diagram illustrate the outbound message path for messages sent from Exchange Online recipients to an Internet recipient that occur when you select Enable centralized mail transport in the Hybrid Configuration wizard.

  1. 在内部部署 Exchange Online 组织中拥有一个邮箱的 David 将一封邮件发送给外部 Internet 收件人 erin@cpandl.com。David, who has a mailbox in the Exchange Online organization, sends a message to an external Internet recipient, erin@cpandl.com.

  2. Exchange Online 对邮件进行病毒扫描并将邮件发送给 EOP。Exchange Online scans the message for viruses and sends the message to EOP.

  3. EOP 配置为将所有 Internet 出站邮件发送给内部部署服务器,因此邮件会路由到 Exchange 2013 客户端访问服务器。邮件使用 TLS 发送。EOP is configured to send all Internet-bound messages to an on-premises server, so the message is routed to an Exchange 2013 Client Access server. The message is sent using TLS.

  4. Exchange 2013 客户端访问服务器对 David 的邮件执行遵从性、防病毒以及管理员配置的任何其他过程。An Exchange 2013 Client Access server performs compliance, anti-virus, and any other processes configured by the administrator on David's message.

  5. Exchange 2013 客户端访问服务器将邮件转发到 Exchange 2010 集线器传输服务器。在此示例中,客户端访问和邮箱服务器角色安装在同一 Exchange 2013 服务器上。The Exchange 2013 Client Access server forwards the message to the Exchange 2010 Hub Transport server. In this example, the Client Access and Mailbox server roles are installed on the same Exchange 2013 server.

  6. Exchange 2010 集线器传输服务器查找 cpandl.com 的 MX 记录,然后将邮件发送到位于 Internet 上的 cpandl.com 邮件服务器。The Exchange 2010 Hub Transport server looks up the MX record for cpandl.com and sends the message to the cpandl.com mail servers located on the Internet.

    通过内部部署组织路由的来自 Exchange Online 发件人的邮件(启用集中邮件传输)Mail from Exchange Online senders routed through on-premises organization with centralized mail transport enabled

通过内部部署的 Exchange Online 出站邮件