[Today’s post comes to us courtesy of Shawn Sullivan]
Today, we are going to discuss how to configure Non-Authoritative Accepted Domains in SBS 2008.
If you are not familiar with the concept of Accepted Domains in Exchange 2007, please refer to the following link before moving forward: http://technet.microsoft.com/en-us/library/bb124423(EXCHG.80).aspx
Three types of Accepted Domains exist in Exchange 2007. By default, SBS 2008 configures two Authoritative Accepted Domains for you; one for your .local namespace and one for your external FQDN. Authoritative domains are synonymous with enabling “This Exchange Organization is responsible for all mail delivery to this address” in Exchange 2003 recipient policies.
The other two types are Internal Relay and External Relay domains, which are Non-Authoritative domains. They must be created manually through the native Exchange interfaces if needed:
Internal Relay – Exchange accepts email for this domain, but is not the authority for all of its mail delivery, meaning that some recipients in this domain do not have mailboxes in the Exchange Organization. This is synonymous with disabling “This Exchange Organization is responsible for all mail delivery to this address” in Exchange 2003 recipient policies.
The common example that we see in SBS for this type of domain is with the use of the POP3 Connector, where a customer has configured SBS to share the same SMTP namespace as their ISP. If USERA@contoso.com has a mailbox at both the ISP and on SBS, but USERB@contoso.com only has a mailbox at the ISP, then configuring an Internal Relay accepted domain in addition to the existing SMTP connector will allow SBS 2008 mailbox users to send email to USERB.
External Relay – Used primarily on Edge Transport servers for message hygiene or smart host capabilities. Exchange accepts email for this domain, and then routes the email to the final destination using SMTP send connectors. It does not attempt any directory lookups for recipient mailboxes, as the domain is always outside of the Exchange organization. This is not the primary design intention of Exchange in SBS 2008, but this is configurable since SBS is running the Hub Transport server role.
Real World Application
In the following example, we are configuring SBS to share the SMTP namespace of Contoso.com, whom we are retrieving our mail from using the POP3 Connector. For detailed information regarding the POP3 Connector in SBS 2008, please visit the following SBS 2008 Technical Library link: http://technet.microsoft.com/en-us/library/cc794271.aspx
Through the use of an Internal Relay Accepted Domain, email for any unresolved recipients will be routed through the existing SMTP send connector.
If you do not configure the Accepted Domain properly, you may receive an NDR like the following:
The recipient’s e-mail address was not found in the recipient’s e-mail system. Microsoft Exchange will not try to redeliver this message for you. Please check the e-mail address and try resending this message, or provide the following diagnostic text to your system administrator
Creating Accepted Domains
There are two ways to create Accepted Domains in Exchange 2007.
Exchange Management Console:
Expand Organization Configuration > Hub Transport and click on the Accepted Domains tab.
In the right pane, under Actions, choose New Accepted Domain.
Assign it a meaningful name, enter in the domain name that you want to accept email for and choose the type of domain (Internal Relay)
At the completion screen, you can view the Powershell command that was applied in the background. Click Finish.
Exchange Management Shell:
If you want to go directly to the shell, you will need to use the New-AcceptedDomain command. For help on how to use this command, use the help new-accepteddomain –full
In the above screenshots, you can see an example of the command that is used:
New-AcceptedDomain –Name ‘POP3Connector Domain’ –DomainName ‘Contoso.com’ –DomainType ‘InternalRelay’
Email Address Considerations
To properly stamp recipients with email addresses in the shared SMTP namespace, you will need to accommodate the new Accepted Domain in your Email Address Policy. You can either edit the Windows SBS Email Address Policy to apply the new address to all recipients or create a new Email Address Policy to apply it to only specific recipients.
The advantage with a new Email Address Policy is greater control in assigning the reply to address for your recipients. When creating the policy, you can use either pre-canned filters or custom filters. For more information on recipient filters in Exchange 2007, please see: http://technet.microsoft.com/en-us/library/bb124268(EXCHG.80).aspx
Email Address Policies are different than the Recipient Policies of Exchange 2003 in that they are not used to periodically update mail enabled objects in as part of a background process. New recipients will be stamped upon creation according to the Email Address Policy to which they apply. For existing recipients, you may need to manually apply the policy to write the changes. To do this, run the following command from the Exchange Management Shell:
update-EmailAddressPolicy -Identity <EmailAddressPolicyID>
For more information on the Exchange Management Shell, visit the following: http://technet.microsoft.com/en-us/library/bb123778.aspx