邮件流Mail flow

对于大多数组织来说,我们托管邮箱并处理邮件流。For most organizations, we host your mailboxes and take care of mail flow. 这是最简单的配置,意味着 Microsoft 管理所有邮箱和筛选。It's the simplest configuration and means that Microsoft manages all mailboxes and filtering. 但是,某些组织需要进行更复杂的邮件流设置来确保它们遵守特定的法规或业务需要。However, some organizations need more complex mail flow setups to make sure that they comply with specific regulatory or business needs. 你可以在这里找到这些选项的信息。You can find out about those options here.

出站电子邮件的自定义路由Custom routing of outbound email

Microsoft Exchange Online 可通过本地服务器或托管服务(有时称为"智能托管")路由来自组织的邮件流。Microsoft Exchange Online can route mail flowing from your organization through an on-premises server or a hosted service (sometimes called "smart hosting"). 这样,你的组织可以使用数据丢失防护(DLP)设备,对传出电子邮件执行自定义后续处理,并通过专用网络将电子邮件传递给业务合作伙伴。This lets your organization to use data loss prevention (DLP) appliances, perform custom post-processing of outgoing email, and deliver email to business partners through private networks. Exchange Online 还支持地址重写,其中,传出电子邮件将通过修改地址的本地网关路由。Exchange Online also supports Address Rewrite, which routes outgoing email through an on-premises gateway that modifies the addresses. 此功能使您可以隐藏子域,使来自多域组织的电子邮件显示为单个域,或使合作伙伴中继电子邮件显示为从组织内部发送。This feature lets you hide sub-domains, make email from a multi-domain organization appear as a single domain, or make partner-relayed email appear as if it were sent from inside your organization. 管理员在 Exchange 管理中心 (EAC) 内配置自定义的电子邮件路由。Administrators configure custom email routing within the Exchange admin center (EAC).

有关详细信息,请参阅设置连接器以在 Microsoft 和您自己的电子邮件服务器之间路由邮件For more information, see Set up connectors to route mail between Microsoft and your own email servers.

重要

Exchange Online 可将邮件流传入和传出组织。Exchange Online can deliver mail flowing into and out of your organization. 如果您的收件人域托管在 Exchange Online 中,且 DNS MX 记录指向 Exchange Online Protection,则从您的租户到收件人的邮件流将不会通过 internet 传输。If your recipient domain is hosted in Exchange Online with DNS MX records pointing to Exchange Online Protection, mail flow from your tenant to the recipient will not travel over the internet.

与受信任合作伙伴的安全邮件Secure messaging with a trusted partner

作为 Exchange Online 客户,您可以使用 Microsoft 连接器设置受信任合作伙伴的安全邮件流。As an Exchange Online customer, you can set up secure mail flow with a trusted partner by using Microsoft connectors. Microsoft 支持通过传输层安全性(TLS)进行安全通信,并且可以创建连接器以通过 TLS 强制执行加密。Microsoft supports secure communication through Transport Layer Security (TLS), and you can create a connector to enforce encryption via TLS. TLS是一种加密协议,提供通过 internet 进行通信的安全性。TLS is a cryptographic protocol that provides security for communications over the internet. 通过使用连接器,可以使用自签名证书或经证书颁发机构 (CA) 验证的证书配置强制的入站和出站 TLS。By using connectors, you can configure both forced incoming and outgoing TLS using self-signed or certification authority (CA)-validated certificates. 还可以应用其他安全限制,如指定合作伙伴组织发送邮件时使用的域名或 IP 地址范围。You can also apply other security restrictions, such as specifying domain names or IP address ranges from which your partner organization sends mail.

有关详细信息,请参阅Set up connectors for secure mail flow with a partner organizationFor more information, see Set up connectors for secure mail flow with a partner organization.

重要

可能需要经 CA 验证的证书。A CA-validated certificate may be required.

有条件的邮件路由Conditional mail routing

你可以使用连接器和传输规则将邮件直接传递到特定站点。通过基于条件的路由,你可以基于特定条件选择连接器。You can direct mail to specific sites by using connectors and transport rules. With criteria-based routing, you can choose a connector based on specific conditions.

有关详细信息,请参阅Scenario: Conditional mail routingFor more information, see Scenario: Conditional mail routing.

传入邮件安全列表Incoming mail safe list

你可以将受信任的合作伙伴的 IP 地址添加到安全列表中,以确保合作伙伴发送给你的邮件不经过反垃圾邮件筛选。为此,你可以使用连接筛选器的 IP 允许列表。You can add a trusted partner's IP address to a safe list to ensure that messages the partner sends to you are not subject to anti-spam filtering. To do this, you can use the connection filter's IP Allow list.

有关详细信息,请参阅Configure the connection filter policyFor more information, see Configure the connection filter policy.

混合电子邮件路由Hybrid email routing

混合部署使组织可以将随其现有本地 Microsoft Exchange 组织提供的功能丰富的体验和管理控制扩展到云。通过混合传输,在任一组织中的收件人之间发送的邮件会经过身份验证、加密并使用传输层安全性 (TLS) 传输,并且向 Exchange 组件(如传输规则、日记和反垃圾邮件策略)显示为"内部"。通过使用 Exchange Server 中的混合配置向导配置混合传输。A hybrid deployment gives organizations the ability to extend the feature-rich experience and administrative control they have with their existing on-premises Microsoft Exchange organization to the cloud. With hybrid transport, messages sent between recipients in either organization are authenticated, encrypted, and transferred using Transport Layer Security (TLS), and appear as "internal" to Exchange components such as transport rules, journaling, and anti-spam policies. You configure hybrid transport by using the Hybrid Configuration Wizard in Exchange Server.

若要详细了解混合部署中的邮件路由,请参阅 Exchange 混合部署中的传输路由For more information about mail routing in a hybrid deployment, see Transport routing in Exchange hybrid deployments.

Microsoft Exchange Server 部署助理还提供了有关混合部署预配和混合邮件传输的详细指导。The Microsoft Exchange Server Deployment Assistant also provides detailed hybrid deployment provisioning and hybrid message transport guidance.

含内部路由控制的共享地址空间(MX 指向内部)Shared Address Space with On-Premises Routing Control (MX Points to On-Premises)

具有本地路由控制的共享地址空间(MX 指向本地)是一种混合部署邮件路由方案,其中邮箱托管在 Exchange Online 和部分内部部署中,传入和传出 internet 邮件流通过内部部署 Exchange 组织进行路由。Shared Address Space with On-Premises Routing Control (MX Points to On-Premises) is a hybrid deployment mail-routing scenario in which your mailboxes are hosted partially in Exchange Online and partially on-premises, and incoming and outgoing internet mail flow is routed through the on-premises Exchange organization. 此方案也称为集中邮件传输。This scenario is also called centralized mail transport. 在这种情况下,将使用 EOP 设置 Exchange Online,并将传入 internet 邮件路由到您的本地邮件服务器,然后再将其路由到 EOP,并最终路由到 Exchange Online 中托管的邮箱。In this scenario, Exchange Online is provisioned with EOP and incoming internet mail is routed to your on-premises mail server before being routed to EOP and finally to mailboxes hosted in Exchange Online. 此外,来自 Exchange Online 邮箱的传出邮件通过内部部署 Exchange 组织路由,以获取发送给外部收件人的邮件。Additionally, outgoing mail from Exchange Online mailboxes is routed through the on-premises Exchange organization for messages sent to external recipients. 使用此配置,您可以对内部部署 Exchange 组织和 Exchange Online 组织中的所有邮箱使用一个 SMTP 域名称空间。With this configuration, you can use a single SMTP domain namespace for all mailboxes in both your on-premises Exchange organization and your Exchange Online organization.

若要详细了解混合部署中的传输选项,请参阅 Exchange 混合部署的传输选项For more information about transport options in a hybrid deployment, see Transport options in Exchange hybrid deployments.

不含内部路由控制的共享地址空间(MX 指向 EOP)Shared Address Space without On-Premises Routing Control (MX Points to EOP)

没有本地路由控制的共享地址空间(MX 指向 EOP)是一种混合邮件路由方案,在该方案中,邮箱使用 Exchange Online 和部分内部部署在云中进行了部分托管,并且 MX 记录指向 EOP。Shared Address Space without On-Premises Routing Control (MX Points to EOP) is a hybrid mail-routing scenario in which your mailboxes are hosted partially in the cloud using Exchange Online and partially on-premises, and your MX record points to EOP. 当您使用 Microsoft 托管您的组织的某些邮箱,并且您希望 EOP 保护您的内部部署和云邮箱时,此方案适用。This scenario is appropriate when you use Microsoft to host some of your organization's mailboxes and you want EOP to protect both your on-premises and cloud mailboxes. 在这种情况下,发送到组织中的收件人的邮件最初通过 EOP 路由,在垃圾邮件和策略筛选发生之前,它将进入您的本地邮箱和云邮箱。In this scenario, mail sent to recipients within your organization is initially routed through EOP, where spam and policy filtering occurs, before it reaches your on-premises mailboxes and cloud mailboxes.

若要详细了解混合部署中的传输选项,请参阅 Exchange 混合部署的传输选项For more information about transport options in a hybrid deployment, see Transport options in Exchange hybrid deployments.

使用混合配置向导解决部署问题Troubleshooting a deployment with the Hybrid Configuration Wizard

在 Microsoft Exchange Server 中使用混合配置向导来配置混合部署将极大地减少混合部署出现问题的可能性。然而,这里有一些混合配置向导范围之外的典型区域,如果配置不当的话,可能导致混合部署出现问题。这些配置包括正确的客户端访问服务器配置,以及正确的证书安装和配置。Using the Hybrid Configuration Wizard to configure a hybrid deployment in Microsoft Exchange Server greatly minimizes the potential that the hybrid deployment will experience problems. However, there are some typical areas outside the scope of the Hybrid Configuration Wizard that, if misconfigured, may present problems in a hybrid deployment. These include proper Client Access server configuration and proper certificate installation and configuration.

若要详细了解如何使用混合配置向导解决部署问题,请参阅混合部署故障排除For more information about troubleshooting a deployment with the Hybrid Configuration Wizard, see Troubleshoot a hybrid deployment.

管理混合配置Managing a hybrid configuration

通过更改混合配置向导中的设置,您可以修改现有混合配置。方案包括禁用集中式传输或禁用安全邮件传输。You can modify an existing hybrid configuration by changing settings in the Hybrid Configuration Wizard. Scenarios include disabling centralized transport or disabling secure mail transport.

若要详细了解如何管理混合部署配置,请参阅管理混合部署For more information about managing a hybrid deployment configuration, see Manage a hybrid deployment.

混合部署要求Hybrid deployment requirements

若要详细了解混合部署要求,请参阅混合部署先决条件For more information about hybrid deployment requirements, see Hybrid deployment prerequisites.

重要

在某些混合配置中,您必须为内部邮箱购买 Exchange Online Protection 许可证。In some hybrid configurations, you may need to purchase Exchange Online Protection licenses for your on-premises mailboxes.

功能可用性Feature availability

若要查看跨计划、独立选项和本地解决方案的功能可用性,请参阅Exchange Online 服务说明To view feature availability across plans, standalone options, and on-premises solutions, see the Exchange Online service description.