About Mail Flow in Office365 hybrid deployment with local Exchange
The previous article introduced the hybrid deployment of local Exchange and Office365 Exchange services. After the hybrid deployment is configured, some mail delivery errors and migration user errors are solved one after another, and corresponding records and blog sharing are made. What about today, after the hybrid deployment of Office365 and local Exchange, we will introduce some configuration of mail flow, focusing on enabling centralized mail Transmission after the hybrid deployment of Office365 and local Exchange. For details, refer:
Https://technet.microsoft.com/zh-cn/library/jj659055 (v = exchg.150). aspx
Inbound emails from the Internet
The path for messages sent to recipients in both the on-premises and Exchange Online organizations depends on how your MX records are configured in the hybrid deployment. The hybrid Configuration Wizard does not configure routes for inbound Internet Mail deployed in the internal deployment or Exchange Online organization. If you want to change the method of passing inbound Internet mail, you must manually configure the MX record.
If you keep the MX record pointing to an on-premises organization: All emails sent to any recipient in any organization are routed through your on-premises Organization first. Messages sent to recipients in Exchange Online are first routed through the internal deployment organization and then delivered to recipients in Exchange Online. This route is more helpful for organizations that have compliance policies that require the diary solution to check the messages sent between an organization. This route is also recommended if the number of recipients in the internal deployment organization is greater than that in the Exchange Online organization.
If you decide to change the MX record to point to the Microsoft Exchange Online Protection (EOP) service in Office365: All recipients sent to any organization will first route through the Exchange Online organization. Emails sent to recipients in the On-premises organization are first routed through the Exchange Online organization and then delivered to recipients in the On-premises organization. If the Exchange Online organization contains more recipients than the internal deployment organization, we recommend that you use this route.
Organize inbound Internet mail through internal deployment
An inbound email is sent from an Internet sender to the recipient [email protected] and [email protected]. Chris's mailbox is located on the Exchange 2013 mailbox server in the internal deployment organization. David's mailbox is in Exchange Online.
Because both recipients have a contoso.com email address and the MX record of contoso.com points to the internal deployment organization, the mail is sent to the Exchange 2013 client to access the server.
The Exchange 2013 client access server uses the on-premises Global Catalog server to search for each recipient. By searching the global directory, make sure that Chris's mailbox is on the Exchange 2013 mailbox server, while David's mailbox is in the Exchange Online organization and has a hybrid route address of [email protected. In this example, the client access and mailbox server roles are installed on the same Exchange 2013 server. Exchange 2013 Client Access Server splits the email into two copies. A copy of the email will be sent to the Exchange 2013 mailbox server, in which it will be passed to Chris's mailbox.
The second copy of the message is sent to the EOP by the Exchange 2013 Client Access Server, which uses the send connector configured to use TLS to receive messages sent to the Exchange Online organization.
The EOP sends the email to the Exchange Online organization, scans the email in the organization for the virus, and passes it to David's mailbox.
Organize inbound Internet mails through Exchange Online
An inbound email is sent from an Internet sender to the recipient [email protected] and [email protected]. Chris's mailbox is located on the Exchange 2013 mailbox server in the internal deployment organization. David's mailbox is in Exchange Online.
Because both recipients have a contoso.com email address and the MX record of contoso.com points to EOP, the email will be sent to EOP.
EOP routes both recipients to Exchange Online.
Exchange Online performs virus scanning on emails and searches for each recipient. By searching, it is determined that Chris's mailbox is located in the internal deployment organization, while David's mailbox is located in the Exchange Online organization.
Exchange Online splits the email into two copies. Send a copy of the email to David's mailbox.
Send the second copy back to EOP from Exchange Online.
The EOP sends an email to the Exchange 2013 client in the internal deployment organization to access the server.
The Exchange 2013 client access server sends an email to the Exchange 2013 mailbox server and delivers it to Chris's mailbox. In this example, the client access and mailbox server roles are installed on the same Exchange 2013 server.
Route messages for internal deployment organizations and Exchange Online organizations through Exchange Online organizations, and disable centralized mail Transmission (default configuration)
An inbound email is sent from an Internet sender to the recipient [email protected] and [email protected]. Chris's mailbox is located on the Exchange 2013 mailbox server in the internal deployment organization. David's mailbox is in Exchange Online.
Because both recipients have a contoso.com email address and the MX record of contoso.com points to EOP, the email is sent to EOP and the virus is scanned.
Because centralized mail Transmission is enabled, EOP routes the messages of these two recipients to the internal deployment Exchange 2013 Client Access Server.
The Exchange 2013 Client Access Server performs a search for each recipient. By searching, it is determined that Chris's mailbox is located in the internal deployment organization, while David's mailbox is located in the Exchange Online organization.
Exchange 2013 Client Access Server splits the email into two copies. A copy of the email is sent to the mailbox in which Chris internally deploys the Exchange 2013 mailbox server.
The second copy is sent back to EOP from the Exchange 2013 Client Access Server.
EOP sends the email to Exchange Online.
Exchange sends the email to David's mailbox. In this example, the client access and mailbox server roles are installed on the same Exchange 2013 server.
Route messages for internal deployment organizations and Exchange Online organizations through Exchange Online organizations, and enable centralized mail Transmission
Emails sent from internal deployment senders to Internet recipients
Chris, who has a mailbox on the internal deployment of the Exchange 2013 mailbox server, sends an email to the external Internet recipient [email protected].
At the same time, the Exchange 2013 server with the client access and mailbox server role is installed to find the MX record of cpandl.com, and then send the mail to the cpandl.com email server on the Internet.
Emails sent from Exchange Online to the Internet through an internal deployment Organization (enabling centralized mail Transmission) Route
In an on-premises Exchange Online organization, David with a mailbox sends an email to an external Internet recipient [email protected].
Exchange Online scans emails for viruses and sends them to EOP.
EOP is configured to send all Internet outbound mail to the internal deployment server, so the mail is routed to the Exchange 2013 client to access the server. Send an email using TLS.
The Exchange 2013 Client Access Server performs compliance, anti-virus, and any other procedures configured by the Administrator for David's mail.
The Exchange 2013 Client Access Server searches for cpandl.com In the MX record and sends the email to the cpandl.com email server on the Internet.
Summary
After the local Exchange and Office365 Exchange are deployed in a hybrid manner, the mail flow can be shipped in the following two ways;
1. Point the MX record to the local device. All emails from external domains to Online users are delivered locally, and then locally delivered through the Office365 connector;
2. Point the MX record to the local device. The Online user's mailbox sends an email to the external domain mailbox and directly sends it back through the online sending connector (default configuration );
3. Point the MX record to Office365. The mail delivered by the external domain user to the local user will first go through Office365, and then office365 will be delivered to the local public network for Route delivery;
4. Point the MX record to Office365, and the Online user's mailbox sends an email to the external domain mailbox, directly sending the email back through the online sending connector (default configuration );
The following online tools are used to analyze and explain the mail delivery process;
Use the online mail header analysis tool to analyze mail streams
Http://mxtoolbox.com/EmailHeaders.aspx
First, check the user configuration.
User01 and user03 are local Exchange accounts
User02 and user20 are Online Exchange accounts
First, use the local user user01 to send an email to the Online user user02.
The office365 mailbox user receives the local user01 mailbox, we click reply
At the same time, we can view the mail header to view the user's mail delivery process. The following results are the analysis results through the mail header content.
The local user01 also received a reply email from the online user user02.
View and analyze the email header.
Next, we use the local user user01 to send an external QQ email and view the email header;
Send an external QQ mail to the local mailbox user user01 to reply to the mail, and then view the mail header
Next, we also use the online user user02 to send an email to an external QQ mailbox and view the email header.
Finally, we send an external QQ email to the online email account user02 to reply to the email and view the email header.
As mentioned above, no matter where the MX record points (Local or Online), the Online mailbox user will not ship the mail to the external domain mailbox user, instead, it is directly delivered from the Office365 sending connector;
If we want all emails of Online mail users to go through the local system, how can we set them? For details, see:
First, log on to the Exchange ECP Management Center-hybrid
Click Modify
Confirm to modify hybrid Configuration
Click More options
Select -- enable centralized mail Transmission
Then, configure
After the mixed configuration is updated, we can find that online users send emails to external domains through the local;
Again, we use user02 to send an email to qq and view the email header;
Enable the mail delivery path before centralized mail Transmission; online users are directly delivered to qq through the online Connector
Enable the mail delivery path after centralized transmission; online users are shipped to external domains through the local exchange service and then delivered to qq
Next, we Configure outlook to log on to the online mailbox user;
The premise is that the autodiscover record is specified in DNS. Microsoft recommends that you add an automatic discovery record;
Of course, we must add the autodiscover record for ease of use.
So we can use the automatic discovery configuration to configure outlook.
Server connection successful
User Login successful
We can view the connection information from outlook to the server.
We can see that the proxy server of the online user is automatically connected to the office365 proxy server, instead of the external domain name of the local published exchange service.
View the connection protocol and status