In some situations it is necessary to share an email domain between two distinct email systems. This is referred to as Shared SMTP Namespace and is common when:
- Two companies merge but maintain separate systems for a period of time
- Non-Exchange systems are involved in the email environment, eg a Unix Sendmail server
Because Exchange Server handles this so easily it is generally best to send email to that domain name to the Exchange server first, and then let Exchange determine which recipients are local and which need to be sent on to another host.
First take a look at the domain name that you want to share. It is likely configured as an Authoritative domain in your Accepted Domains list.
[PS] C:\>Get-AcceptedDomain | fl domainname, *type* DomainName : mycompany.local DomainType : Authoritative
To share the namespace we simply change the DomainType to Internal Relay.
[PS] C:\>Set-AcceptedDomain mycompany.local -DomainType InternalRelay
Now that the domain type has been changed we need a Send Connector to tell Exchange where to send the emails that do not have a local recipient.
[PS] C:\>New-SendConnector -Name "Internal Relay" -Custom -AddressSpaces mycompany.local -SmartHosts 10.8.0.25 -SourceTransportServers ex2007.mycompany.local
Identity AddressSpaces Enabled
-------- ------------- -------
Internal Relay {smtp:mycompany.local;1} True
In that example the IP address of the other email system is 10.8.0.25, and the Hub Transport server to use to send the emails is ex2007.mycompany.local.
Now when an email arrives on the Exchange server that has no matching local recipient address, it will forward it on to the other mail system for delivery.
Update: In the comments below and via email some readers have described situations in which this does not work as simply as I outline above. The most common scenario reported to me is that it doesn’t work without setting up Contacts in each organization for the users in the other organization. Without those Contacts emails to recipients in the other organization result in an NDR.
This can happen when recipient filtering is occuring on the Exchange servers, or on a server running a third party anti-spam product, that rejects email that is addressed to invalid recipients. This check is usually performed with an LDAP lookup against Active Directory. However in a shared SMTP namespace scenario like this, any given Active Directory does not contain all of the valid recipients for all of the organizations sharing the namespace.
So to avoid NDRs when using shared SMTP namespace you will need to either disable recipient filtering, configure the product to do LDAP queries against all directories that share the namespace, or create Contacts.
About Paul Cunningham
Quick question: When changing the DomainType from “Authoritative” to “InternalRelay” this will not impede mail flow in anyway will it?
I’ve never had a problem with it, but as with all changes I suggest you schedule it for a low impact time of day and have a test/rollback plan ready just in case.
Don’t you have to have contacts in the local Exchange forest for it to forward to the target environment? I’ve heard of people doing this, it failing, and needing to create contacts that will handle the e-mail addresses that come in that will then have the forwarding address that will then use the Send Connector. And I’ve heard that you also need an e-mail address policy as well otherwise the Accepted Domain will be useless. Do you know whether these are true?
iamme, I’ve never had a problem like you describe, it has always worked fine for me as shown in the article. I’ve never had to resort to using Contacts to handle the email forwarding.
You might be thinking of using Contacts so that user in the other domain show up in the GAL. There are other ways of syncing the GAL between orgs that don’t require you to create Contacts.
And yes, for any local recipient to receive email to a given domain you will either need an Email Address Policy to assign them addresses, or manually assign them.
However, it is the Accepted Domain that controls whether or not the Exchange org accepts mail for the domain and what it does with it, not the EAP. So the lack of an EAP doesn’t necessarily make the Accepted Domain “useless”.
It really is very simple to set up shared SMTP namespace between to orgs like this so I’m not sure why you’ve heard so many bad stories.
I’m trying to do the exact same thing as we have 2 orgs and want mail for domainB to route via domainA and mailboxes are spilt between the 2 domains i.e. some in domainA and some in domainB. So we’ve got an accepted domain for domainB as internal relay and a corresponding connector set to relay mail to domainb via it’s smarthost. It works if we have a contact object in domainA only if not we get an unknown address 550 NDR.
Some posts I read say we don’t need contacts (like yours) and some say we need that or at least gal sync in between the 2 orgs. What gives? Even MS says you don’t need it:
http://technet.microsoft.com/en-us/library/bb676395%28EXCHG.80%29.aspx
But it won’t work unless you do.
I’ve just updated the post to explain why NDRs occur in some situations when SMTP namespace sharing is implemented. The common cause seems to be due to recipient filtering.
Thanks for the pointers, I was sharing between Exchange 2007 and our old Exchange 2000 server, I needed to migrate away from an empty root domain and a new company name so set up new forest and wanted to migrate.
I was getting the NDRs when trying to send from old Exchange to new Exchange, but mail was flowing from new to old perfectly.
In my case I fixed this by the settings in the Virtual SMTP server in Exchange 2000. There is an option to route unresolved names to a particular host. In this case the new Exchange 2007 server in the new forest. Mail flow works both ways now.
Now to get GALsync working.
Hi Scott,
I have two issues (in my new share smtp namespace between exch 03 & exch10),
one of which your posts above regarding the ability to route unresolved names to a particular host fixed the NDR issues i was having. Thanks heaps….
but the remaining issue i have now is recieving an email externally to an email address that exists on a second exchange server running 2010 sharing the same namespace. When you email a user on the exchange 2010 organisation you a system undeliverable stating;
The e-mail account does not exist at the organization this message was sent to. Check the e-mail address, or contact the recipient directly to find out the correct address.
When the user does exist on the exchange 2010 server its the exchange 2003 server which excepts port 25, somewhere is not “forwarding it to the exchange 2010″
Yet emails internally between organisations work fine in any direction. Any ideas ? thx Ben
Thanks a lot. Got it to work in no time. Our incoming mail gateway is a Linux box running Sendmail and it does ldap queries against our AD directory for name validation, Beside the steps here, I only had to change the cost of my ‘Internet Send Connector’ to 2 so it would check against the specified domain name in my ‘Internal Relay’ (cost of 1) first. When both had a cost of 1, I would still get NDR.
Excellent!
Every thing works fine, we do have similar setup as Sylvain mentioned in last comment i.e. incoming gateway is linux with ldap. There are about 100 users in linux and almost same in Exchange 2010.
Now problem is, how do i show up linux mail users in GAL?
Manoj, you could create Contacts for those users.
Hi Paul,
Perfect!
we created mail users without mail box and it is working fine.
Thanks.
Manoj
Hey there,
In this setup, can I setup a new email account on any exchange server or does it need to be setup on the primary MX exchange server?
If you’re sharing a namespace across two different orgs? You can put a new mailbox in either one, just pick the one that makes the most sense (eg if it is location-based, or departmental-based).
Usually the shared namespace is a temporary solution while a merger/consolidation is going on, so if that is in your future plans perhaps just create all new mailboxes in the org that will be the one that everything merges into.
Paul
Do you have any suggestions how how to deal with a split namespace between two Exchange 2010 organizations? Right now if i set @domainA.com as the primary SMTP for the users in Domain B we get all kinds of autodiscover issues (for the users in Domain B)
What sort of autodiscover issues Josh?
Well because autodiscover.domainA.com points to a different forrest the users in Domain B lose out of office, calendar ability etc.
I’ve found a “work around” that involves a reg key for @domainA.com pointing to a local autodiscover XML file and a uRL redired to autodiscover.domainb.com and it seems to work, I’m just wondering if there is a better solution?
I haven’t had to deal with it myself, but this white paper has cross-forest autodiscover guidance in it.
http://blogs.technet.com/b/exchange/archive/2007/10/03/3404056.aspx
Hi Paul,
We currently have our exchange mail system (mail.com) hosted by another company. I setup an exchange server here on site (mail.net) and everything is working fine. However, soon I need to migrate the mail.com address completely over to our servers. Could you give me your recommendation on the easiest way to do this without any configuration changes on the other end?
Thanks, Don
Don, once you point the MX records at your own server you’ll start receiving the email to your server (after DNS refresh delay – suggest turning the TTL for your MX record down to 5 minutes a few days in advance of the cutover).
I am working on the similar project like what you described here. SMTP domain @example.com is shared by server A and server B. Server A is Exchange 2003 while Server B is Exchange 2010. The two servers are in diffirent forest. The MX record pointing to Server A. @example.com is setup as accept domain but not authroized domain on server A, the coresponding SMTP connector is setup from server A to server B. So the mail flow is no problem from Internet to server A and then server B. But I am confused how could server B to send email someone@example.com to server A? because server B is authorized for example.com. Will it generate NDR?
Hi bluej, if you want the shared name space to be bi-directional then you’d need to set up the correct config on each site. So for example you’ve already done the 2003 side by the sounds of it, you’d then just need to set the domain as an Internal Relay domain on the 2010 side and configure a Send Connector for that name space.
Wont this create an infinite loop between server A and serverB?
Hi Zannuzi, yes it can, though Exchange has infinite loop detection and will eventually drop the message (I think it does so after 30 loops by default).
Hi Paul,
thanks for your reply. I combined both your idea of bi-directional relay domain and also transport rule to detect infinite loop based on below article. Now I can receive emails sent to a single mx domain pointing across multiple exchange forests. Amazinggggg !!!!!
http://www.sysadminsblog.com/microsoft/shared-smtp-namespace-during-cross-forest-migration/#comment-492
Hi,
Hopefully you can help me, we have 2 sites – 2 seperate AD domain and are trying to configure the above so that we can use 1 single email domain for both sites (we have a Branch Office VPN between the sites). We have setup the Source Exchange Server as above and disabled recipient filtering on both Servers but still cannot get this to work correctly. What does the authentication method for the Smart Host Connector need to be?
Thanks in advance!
Greg
HI Paul,
Post is very helpful. I have one query. When creating smtp addresses via RUS for new namespace (@examle.com) it is possible that same username (Abc G) is present in both organisations and abc.g@example.com will then we created in both organisations. How can we resolve this.
Thanks,
Anshu
Hi Paul,
First I would like to say this is a great thread. I have learned alot just from the posts here. I have a scenario I would like to get your opinion about.
Company A and Company B are divesting. Company A has moved to new physical location seperate from Company B. Company A owns the Domain Name/MX Record for Exchange. Company B owns the existing mail boxes for all the users that moved to Company A. Company A is moving to cloud environment with Office 365. Company B is keeping existing environment entact.
I need to migrate all mailboxes from Company B over to Company A. I need to route the MX record to point to new exchange environment in Company A. Company B needs to continue to receive email through the Domain Name owned by Company A for a period of time.
What are you suggestions and opionion of how this should be handled?
In addition is there a dependency on migrating end user accounts in AD before the Exchange mailboxes or do these have to be done in parallel?
Hi All
So I set up both servers with the internal relays and created contacts and it was working like a charm (6-7 months at least)…with emphasis on ‘was’. For some reason now I just piles up in the Queue. When I click on retry it wont deliver and then i get these silly messages in the event viewer that says that my certificates doesn’t match up with the FQDN. I tried to add the certificate again with enable-exchangecertificate but to no avail.
PLEASE HELP ME !!!!
Those “silly messages” might be a clue.
It is all mail from your org to *anywhere* queuing? Or just mail from your org to the other org that shares your namespace?
The queue viewer should also be revealing to you why the messages aren’t delivering (eg “unable to connect” or a specific error code and message).
If Recipient filtering is enabled, I would suggest to create mail enabled user which will have AD account. By creating mail enabled user I was able to add email alias which did not worked for me when I had mail contact.
I was also getting NDR with mail contact when there was no AD account for the user. So I have to create AD account to stop NDRs.
In summary mail enabled user worked for me.
Thanks
Sam
Hi all,
I am new to exchange and i need help to resolve a situation. i’m installing exchange for our company and we already have an existing company hostin our website as well as email services.
let say our domain is ourdomain.com an we are already recieving and sending emails using this domain.
How do i configure exchange to work with the existing domain. i have installed svr 2008 and created AD with ourdomain.com. i have also installed exchange 2010 and am trying to configure the dns and mx records. please how do i link this up? Secondly how do i configure exchange for remote users who are not part of the local domian?
An urgent response will higly be appreciated
Did you figure this out? I need to the exact samething.
Thanks
thanks indeed!
You saved me a lot of work (… typing transport rules for each user).
has anyone tried this on sbs2011?
Our domain is located on godaddy and I have some users I left all users on godaddy and use exchange to pop in and pick up the email. I did this becuase we have over 20 email accounts that are email accounts which could haver lots of junk in them and are used by groups to email with. They aren’t regular employees so I just soon leave them off the server.
I followed the step above but my email for the address located at godaddy are still getting kicked back say the email address does not exit. I configure the smarthost as smtpout.godaddy.com with authentication. I also set the port to port 80 using emsfor the godaddy send connector
Thanks for your help