Update: Also check out this related post on dealing with certificate errors when users access Exchange from both the company's internal network as well as from the Internet:
http://thingsthatshouldbeeasy.blogspot.com/2009/02/certificate-errors-in-outlook-when.html
I had just installed and configured (at least I thought I did :) ) Exchange 2007. I sent a couple of test messages through from one internal account to another. Things seemed to be working well. But, when I tried to send a message to an external (Internet) address or receive a message, nothing happened. I did not get any obvious errors but the messages just did not get through.
It turns out that you must do some additional configuration on Exchange 2007 in order for it to allow inbound or outbound traffic from outside of its domain; that includes Internet messages. In order for Exchange 2007 to be able to send and receive Internet mail:
- Enter the Internet FQDN as an accepted domain
- Enter the Internet FQDN as an address policy ahead of the default policy for the local FQDN. This gives users two addresses: user@localFQDN and user@InternetFQDN and sets user@InternetFQDN as the default SMTP address. To test this, send an email from a user and check the user's from address. It should be user@InternetFQDN , not user@localFQDN. For example, if user jsmith in the mycompany.local domain sends the email, the from address should be jsmith@mycompany.com not jsmith@mycompany.local.
- Allow anonymous permissions on the default Receive connector. This allows people from the Internet to send email to the Exchange organization. If this is not done, emails from outside bounce with a message saying the sender was not authenticated. To test this, send an email from an external account, like Hotmail, to a user within the Exchange organization.
- Create a Send connector with the destination domain specified as "*". This allows the Exchange organization to send email to all domains. If this is not done, email sent outside the organization will be held by the server. The sending users will not receive any notice that their emails have not gone through. To test this, send an email to an external account, like Hotmail, from a user within the Exchange organization.
Thank you thank you thank you x ten million. Why is it so rare that anyone in this business provides a clear, concise answer to a specific problem?!
ReplyDeleteI'm glad this post was useful. It definitely falls into the category of "things that should be easy." I hope in the next version of Exchange Server there is a check box somewhere in the configuration screens that reads "Click here to send and receive Internet email."
ReplyDeleteThanks!! You saved me countless hours of wading through MS tech documents.
ReplyDeleteAnonymous persimmons? Do you perhaps mean anonymous permissions? grin
ReplyDeleteThanks! Who needs grammar check when you can have people check your work?
ReplyDeleteMan all i have to say if the person who posted this is my new hero.
ReplyDeletelike everyone else, thank you so very much. I made the transition from Exchange 2003 to 2007 today, and everything went well until I realized we weren't receiving anything, with no NDR's.
ReplyDelete2 minutes after I changed the setting ... e-mails started showing up.
<3
I am filled with so many conflicting emotions right now.
ReplyDeleteOn one hand, I am filled with violent, blind murderous rage for everyone at the Exchange 2007 development team, and on the other hand my soul is a bubbling mountain spring overflowing with endless love and gratitude for you, the author of this blog.
Well so far my hub is in I found the anonymous permissions thing out after a case of 'tick everything and hope' BUT the mail was still backing up on my edge transport so I am hoping the send connector you mention will allow my mail to go out.
ReplyDeleteI have follow with your step but
ReplyDeletecan not receive from external(internet)email address.
And my DNS is local
Maybe delay email is wrong?
Please help...?
THANK YOU!!! Without this, I was going to have to call in outside help, but thanks to you I saved my poor non-profit budget for more important things!
ReplyDeleteThank you I tried it, but it is still not working, I know that i need to do something but i don't know what is it.
ReplyDeleteMy problem is i want to use the same accounts that am using for my pop3 accounts. do i need to do something with my ISP
Also check out this related post on dealing with certificate errors when users access Exchange from both the company's internal network as well as from the Internet:
ReplyDeletehttp://thingsthatshouldbeeasy.blogspot.com/2009/02/certificate-errors-in-outlook-when.html
Wonderful! Just wonderful!!!! As much as I love Microsoft, their tutorials are ridiculously overstated!!! JESUS CHRIST... you solved my problem in 5 minutes after hours looking through Microsoft's knowledge base.
ReplyDeleteI have an exchange 2007 that is connected to a smart host.All users that have account on the webmail server can send internet mails from my exchange server while others are local they can only send mails within my exchange organisation.But I have four users that are not on the exchange server and they connect directly to the webmail through pop3.
ReplyDeleteI need a solution that links my local users(that cant send mail to the internet) to my POP3 users(users that connect directly to webmail) so that they can send and receive emails within them selves
It sounds like what you need to do is set up your webmail server as a trusted relay in Exchange. Check out this article by Scott Landry on the topic:
ReplyDeletehttp://msexchangeteam.com/archive/2006/12/28/432013.aspx
Brilliant, this.
ReplyDeleteHi, I went through all this and it is working fine except when I send emails to yahoo and aol they go into bulk folders. I have tried everything MX, A, PTR and SPF records which all check out and link back to the IP address. Any ideas? Does the certificate not being properly installed affect this at all?
ReplyDeleteNot sure what would be affecting the delivery of emails into Bulk folders. I would think that is more of a configuration of their spam blocker software. I don't think that the certificate configuration would have an affect on this, but I can't rule that out for certain.
ReplyDeleteAm new to Exchange so it's kind of confusing.
ReplyDeleteI have a SBS 2008 Server it came with Exchange 2007, currently our mails are hosted by a Internet mail server. i want a situation, when a mail is sent to the Internet mail server Exchange should get a copy and leave the original.
How can i make that happen?
Do i need a Public IP to achieve that or what?
You will definitely need a public IP. If you can't set your Internet mail provider to send your internal Exchange server a copy of the emails, you will need to set your internal Exchange server to handle Internet email as well as internal email. You will need to give it a public DNS name and set it to the public IP address. Then switch your public DNS's MX record to point to the internal Exchange servers public DNS name.
ReplyDeleteEugene Rosenfeld,
ReplyDeleteFor my Internet Mail Provider to send a copy of the company mails to our Exchange server do i need any public IP.
Is there any step by step book or video on how to configure MX record and exchange?