Configuring Outbound Mail Flow in Exchange Server 2013

Outbound mail flow in Exchange Server 2013 is managed with the use of Send Connectors.

Send Connectors are not configured by default when you first install Exchange Server 2013. If the Exchange 2013 server is installed in an existing organization then other Send Connectors may already exist that facilitate outbound mail flow. Otherwise, you will need to create at least one Send Connector yourself.

Most organizations will be dealing with one of the following outbound email flow scenarios:

  • email sent directly over the internet to the recipient’s server
  • email sent to the internet via a smart host
Sending directly over the internet vs sending via a smart host

There are other scenarios as well, such as:

  • email sent outbound via an Edge Transport server
  • email sent directly to a partner organization using TLS encryption

An organization can have one, two, or several Send Connectors to provide the specific email routing that they need.

For this article we’ll focus on the first two scenarios, as they are the most common; sending directly to the internet, and sending via a smart host. We’ll also cover testing and troubleshooting a Send Connector, and some more advanced configuration options.

Configuring Outbound Mail Flow Direct to the Internet

Configuring your Exchange 2013 organization to send means that your Exchange server will look up the MX records for the recipient’s email address, and then use those MX records as the IP address(es) to connect to via SMTP.

Looking up MX records means your server will be relying on DNS. If the server’s TCP/IP settings are configured for DNS servers inside your network that can’t resolve external names, then you can configure Exchange to use different DNS servers for external lookups.

To create the Send Connector for sending outbound email directly to the internet open the Exchange Admin Center and navigate to Mail Flow -> Send Connectors.


Click the + button to create a new Send Connector.


Give the connector a name and set the type to Internet. Click Next to continue.


Leave the network settings set to MX record. If you needed to configure specific external DNS servers you should also tick the box, but if your Exchange server can already resolve external DNS names then that should not be required. Click Next to continue.


Click the + button to add a new address space. Specify the FQDN of * (the wildcard character that effectively means “anything”). The cost can remain at the default setting of 1 if this is the only send connector for your organization. Click Save and then click Next to continue.


Click the + button to add the source servers for the connector. These are the servers that will be responsible for routing email out from your organization to the internet. Multiple servers will provide redundancy for outbound mail flow. Click OK and then click Finish.


The send connector is now visible in the Exchange Admin Center.


For further configuration and tested steps refer to the last section of this article.

Configuring Outbound Mail Flow via a Smart Host

Configuring a Send Connector to send outbound internet email via a smart host is the same process as above, with the following differences.

First, the network setting is configured to Route mail through smart hosts instead of MX records. You must then click the + button to add at least one smart host name or IP address. Multiple smart hosts are permitted and are recommended for redundancy.


When you choose to use a smart host you also get the option to configure authentication for the Send Connector. This is only necessary if the smart host requires it. Many email security servers/appliances or even hosted solutions will simply authenticate you based on your IP address rather than require other credentials.


Testing a New Send Connector

The obvious way to test a new send connector is to send an email from inside the organization to an external recipient.

When the message is received in the external mailbox you can then take the message headers and use the MXToolbox header analyzer or the ExRCA Message Analyzer to inspect the headers and confirm that the email passed through the source servers you were expecting it to for that outbound route.


If the email does not arrive you can inspect the transport queues on your Exchange servers for stuck email.

[PS] C:\>Get-TransportService | get-queue

Identity                   DeliveryType Status MessageCount Velocity RiskLevel OutboundIPPool NextHopDomain
--------                   ------------ ------ ------------ -------- --------- -------------- -------------
E15MB1\22206               SmtpDeliv... Ready  0            0        Normal    0              mailbox database 1
E15MB1\Submission          Undefined    Ready  0            0        Normal    0              Submission
E15MB1\Shadow\22204        ShadowRed... Ready  0            0        Normal    0              e15mb3.exchange2013dem...
E15MB2\22750               SmtpDeliv... Ready  0            0        Normal    0              mailbox database 2
E15MB2\Submission          Undefined    Ready  0            0        Normal    0              Submission
E15MB2\Shadow\22748        ShadowRed... Ready  0            0        Normal    0              e15mb1.exchange2013dem...
E15MB3\Submission          Undefined    Ready  0            0        Normal    0              Submission
E15MB3\Shadow\16452        ShadowRed... Ready  1            0        Normal    0              e15mb1.exchange2013dem...
E15MB3\Shadow\16456        ShadowRed... Ready  1            0        Normal    0              e15mb2.exchange2013dem...

To look more closely at the messages stuck in a single queue you can use Get-Queue and Get-Message together.

[PS] C:\>Get-Queue E15MB1\22206 | Get-Message | ft

If the properties of the stuck messages do not reveal the problem then another valuable source of troubleshooting information is the protocol logs. For more tips refer to the following article:

Further Configuration Options for Send Connectors

Some additional configuration options you can explore are:



  1. Denny Eapen says

    Hi Paul:

    Good article.

    Does it mean that emails CAN be sent to internet with only Mailbox Role and no CAS?


  2. Mor says

    I am a new IT engineer and learning Exchange server 2013.
    To connect Exchange server 2013 to internet, how can we make it in safely ?
    Please share your opinion.

  3. Grant says

    Is it possible – via send connector or other means (rule perhaps) to send all mail *from* a specific internal domain through a smarthost? For example, let’s say we have two divisions and each have their own domain – and Subdiv requires a smarthost for regulatory compliance, does not. Can we force outbound mail for through the smarthost but not so we don’t have to pay for compliance services?

  4. Kyle Kennedy says

    There is an option in the general tab of the send connector properties for “Proxy through client access server.” I understand in a split role environment, this box makes it work like 2010, ie, mail goes from mailbox to CAS and then sent out from there. However, what is the proper setting when CAS and MB are on the same server? Checked or unchecked?

  5. ajhstn says

    Hey all,

    I am in the process of migrating from EX 2010 to EX 2013. I have an existing 2010 2x dag, 2x cas environment. I have built on new servers 1x 2013 cas, and 1x 2013 mb.

    I have followed the step by step Exchange Server Deployment Assistant but cannot see it talk of mail flow anywhere. I have a single send connector in the 2010 env. I have various receive connectors. all https,http,smtp,imap and other outlook,rpc,mapi traffic go through a Riverbed Stingray Traffic Manager. My send connector routes email through a smart host.

    I have created a exchange 2013 mailbox. I can send email from 2010 to 2013, but I cannot send email from 2013 to 2010. Both farms are in the same domain, same network. They are all hyperv vm guests in the same cluster.

    The email that I try to send from the 2013 env to 2010 gets stuck in the 2013 Queue Viewer, its status is READY, it has no last error.

    Can anyone help clear this up for me? I need exchange 2010 and 2013 to coexist for a period of a few weeks, while I migrate all mailboxes, then after that I will close down exchange 2010.

    Thank you in advance.

    • says

      You should begin by troubleshooting SMTP connectivity from 2013 -> 2010. Try it with telnet. Check for antivirus or security products, or firewalls, or your Riverbed device, that may be interfering with the connections.

      Also look closer at the messages stuck in the queue. What is the last error? That usually gives you some hints about what the problem may be. Misconfigured Receive Connector permissions on the 2010 server is a example of where things can go wrong too, eg

  6. tricky says

    Hello Paul, you have a nice blog!
    Please give me advice:
    I just installed only 2 multy role server 2013 in two different sites. Inbound mail works fine, but I just try to create new one send connector in new site , and outbound mail flow stop working for me. If i disabe new send connector (just create it like post- internet- next- asterisk- next- my cas\mailbox in site 2 to scope)
    Annnd my mail do not go to Internet, just qued…. What I doing wrong?

  7. burt340 says

    Paul great article, is there a way to get exchange to ignore internal recipients (pre-staged for a migration) and send route messages our through a send connector?

  8. Voffka says

    Hi, Paul. Thanks for your article, its amazing, as usual :)

    the question is, like it was mentioned before,
    “Is it possible – via send connector or other means (rule perhaps) to send all mail *from* a specific internal domain through a smarthost? For example, let’s say we have two divisions and each have their own domain – and Subdiv requires a smarthost for regulatory compliance, does not. Can we force outbound mail for through the smarthost but not so we don’t have to pay for compliance services?”

    how to route mail thru a specific edge based on user’s primary domain ?

      • Mike says

        Hi Paul, so the FQDN does not really matter (except when using TLS, than the FQDN should match a name in a certificate). Will there be no reverse lookup checks to verify that the DNS of the FQDN matches the IP of the sender? Is there no effect when changing the name in a productive environment? Thanks!

        • says

          A good practice is to have the FQDN resolve in DNS to the public IP that the outbound connections will appear to be coming from.

          But as long as the FQDN can be resolved in DNS to an IP, and as long as the public IP also resolves in DNS to an FQDN, you should also be fine. It’s when either of those DNS lookups fail completely that things start to look suspicious.

          Changing the FQDN should have no impact on existing mail flow. Always plan and test your changes, and have a rollback plan ready.

  9. wale says

    Hi Paul,

    I have a new exchange 2013 installation, I have configured a send connector and I still cannot send mail to myself on the same network domain.

    I am testing by sending a mail to administrator internally, but mail always got stuk and never received, so i could not figure out what the problem is, Kindly assist. I have ISA Sever 2006 on my network as firewall. I have allow everything but yet can not recieved email internally and the exchange was properly installed.

    • says

      You’re trying to send between two mailboxes that are on the same server? Neither the send connector nor the ISA firewall should have any impact on that. I would say its more likely the messages are stuck in a queue (you can run Get-Queue to see the queues), or your transport services aren’t running at all (check Services.msc).

  10. Luis Henriques says

    Hi Paul,

    We are configuring a new exchange 2013 installation.
    We have 2 AD sites, both with access to internet and with an mpls connection between both.
    We are installing an Exchange 2013 DAG with 2 nodes, with one node in one site and the other node in the second site.
    We don’t have load balancers.

    Can we configure Exchange, with site resilience, so that when one server fails, mail flow could be assured by the other server (both send and receive mails)?



  11. Alice says

    I have installed an Exch2013 server into an Exch2007 org and am in the process of moving mailboxes to the ex2013 server.

    I have a send connector configured from each mail server to a smart host (McAfee MEG). All external mail travels thru the MEG.

    I also have a Barracuda Message Archiver that currently pulls messages from an Ex2007 journaling mailbox. With the migration to the ex2013 server, Barracuda is recommending going to SMTP Journaling, which requires creating a send connector on the ex2013 server.

    My question is would there be a conflict between the send connector for the MEG & the Send Connector for the Barracuda? The Address Space for the Barracuda connector is a specific fake domain, where the Address Space for the MEG connector is *.


    • says

      I’m not familiar with how Baracuda’s system works, so I would recommend you ask them.

      Generally speaking an email is going to traverse one Send Connector on its way out of your org. So if it goes out via the McAfee, I can’t imagine how it will also manage to go out via the Barracuda connector.

  12. AJ says

    Why would I want to use a smarthost? What is the typical situation pro/con of using just the MX record option vs. using the Smarthost option?

    • says

      The smarthost could be an email security appliance that all your outbound email is routing through, or a cloud-hosted email security service.

      The smarthost could be a separate internal system that has no MX records but still needs to receive emails.

      There’s no particular pros/cons to describe, it’s a case of meeting some business or technical requirement.

  13. mk says


    I love your articles – I’ve been using the for years!

    Question regarding configuring the FQDN for HELO/EHLO on a send connector. How is this done on Exchange 2013? Can this also be done for the receive connector?


  14. mk says

    As of now, for Exchange 2013, it appears that it can only be done via command:

    Set-SendConnector -Identity “” -Fqdn

    For example:
    Set-SendConnector -Identity “Outgoing Internet Mail” -Fqdn


  15. Luke C. says

    Hello Paul, I am in the midst of an Ex2010 Ex2013 migration. I am having issues when trying to send email externally from mailboxes on the Ex2013 server. I have a send connector that points to a hosted encryption service on the Ex2010 server (this shows up on the Ex2013 server as well). I get a “remote server returned ‘554 5.7.1 : Relay access denied'” when sending from accounts on the Ex2013 server but not the Ex2010 server.


    Best regards,

    • says

      Sounds like all mail from the 2013 mailboxes is traversing the send connector to the 2010 server, and whichever receive connector on the 2010 server is handling those connections is rejecting email sent to external recipients because is considered “relay”.

      • Luke C. says

        Thanks Paul. I found the issue. Our encryption service had blocked all but one of our external IP addresses. Mail from the new server was using the default gateway of our firewall. I changed the NAT translation on my firewall to use the approved IP address and mail started flowing properly externally.

        Thanks again for all of your assistance!

  16. Dave says

    Anyone know of a powershell script that could be used to add 100+ domains to a particular send connector so I don’t have to do it manually for each one in the Admin Console?

  17. Harry says

    Hi Paul,

    ice post. MXtools header analysis show our SMTP sender connector name is Is there anyway, we can change it to to mask my real server name?



  18. mk says

    Harry – the Send Connector name/identity is not seen. You need to change the Send Connector’s FQDN which can be done in two ways:

    1) Set-SendConnector -Identity “Outgoing Internet Mail” -Fqdn


    2) Using the EAC, go to Mail Flow / Send Connectors / / Scoping. Scroll down to the bottom where you can specify the FQDN.

    I’m assuming you are using Exchange 2013…


  19. mk says

    Hmm… my entry above wasn’t posted properly. You need to edit your Send Connector before going to the ‘Scoping’ section.


  20. Harry says


    Thank you for quick reply. Yes, it works great. BTW, if we check use external DNS for delivery, do we need to specify which external DNS server IP addresses from ISP ?

    Thanks again,


  21. mk says

    I’ve always used an internal DNS server, so I’m not 100% certain, however, that sounds right.

    If you have an active directory environment, you should have an internal DNS server, which you should consider using.


  22. Adnan says

    Hi Paul We have exchange 2013 with DAG on one location and users are globally sitting
    if we setup smarthost on each site can it reduce outbox time as any email over 3 MB taking 3 to 8 min time in outbox. or we need to add mailbox server on each site for fast delivery.

    • says

      The latency you’re seeing is probably more due to the latency between the client and their mailbox server. The closer they are to the active database copy for their mailbox, the better the performance will be.

      I think you should also check whether cached mode is enabled for their Outlook profiles, and also test whether the same delay happens with Outlook Web App. But I suspect this is just a latency issue.

      • Adnan says

        thanks Paul ,
        yes we do have delay issues from remote sites , but one thing is notable even for the LAN ( 1 GB links )Users on same site 5 MB takes more then 1 min to stay in outbox
        with owa it took 1 min approx to see the email in my sent items as i coud not see outbox.

        does smart host have any role in delivring emails faster or i need to to setup mailbox server on each site , if you can send any link of your articles for best practices for Exchange 2013 for remote sites when we have few user sitting (10 to 15 user) on remote site
        thanks for your help.

        • says

          Are you talking about emails to other internal recipients? If so then configuring a smart host on the send connector won’t make any difference.

          If you’re talking about emails to external recipients, using a smart host won’t necessarily improve delivery speed since the emails still need to travel over the same internet connection anyway.

          Emails stuck in the outbox can be due to many different reasons – server performance, network performance, client performance, antivirus software on the client…

  23. Adnan says

    thanks a lot for you suggestion really appreciate , as someone was suggesting that for remote site create a smart host locally on each site this will help fast delivery , any way i guess i should setup mailbox server in each site locally may help delivery for internal clients and fix latency issues.

    still if you could share exchange best practice that would be great.

  24. frederic says

    Hi Paul,

    Been reading your websites and books for quite a while, really great. need some help.

    our environment

    2 sites melbourne and sydney connected with site to site vpn.
    2 exchange 2013 Servers 1 at each sites
    we have 2 smtp domain . and
    We want melbourne site to send and receive only and the sydney

    i have already the respective mx and public ip pointing to the designated exchange servers, and created 2 smtp connectors.

    Do i need to configure or specify the respective ip address in the receive connectors. how does exchange know which smtp to use . if melbourne server or link is down will sydney still be able to send and receive emails for its smtp domain and vice versa.


  25. Mass says

    Hi Paul

    Been reading your site recently and found it very useful and handy, it’s perfect and lovingly.

    I am connecting a “Exchange Server 2013” and “MDaemon 14.5.2” which both installed on the same server. The “MDaemon” pulls emails from a “Catch-All” mail box on my host using “DPOP” and deliver them to users throught “Exchange Server” and Outlook. And send user emails through Outlook, Exchange, MDaemon, the host. I used to do it several years ago with “MDaemon 6” and “Exchange 2000”. but it has become tricky for me after these years.

    Internet Domain:
    AD Domain: mydomain.local
    Local AD Server:
    Local mail server IP:

    On local mail server I configured a gateway in MDaemon named “mydomain.local” and forwarded it to “” SMTP:2525 (In gateway configuration).
    I need two policies in exchange to rename the email addresses to “” and change smtp port to 2525 to be able to receive emails from MDaemon.

    I don’t know if these configurations are correct or no, and if i need anything else to configure. besides is it ok to have both mail servers in one server or not.

    I would be grateful if you answer my questions.

Leave a Reply

Your email address will not be published. Required fields are marked *