cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 
SOLVED

External SMTP flow for Hybrid environment

Jason Hopp
Brass Contributor

‎Jul 06 2017 09:21 AM

‎Jul 06 2017 09:21 AM

External SMTP flow for Hybrid environment

I am running a hybrid environment with Office 365. All mailboxes are in Exchange Online and I am trying to minimize my Exchange 2013 footprint on-prem. My programs, printers, and devices point to a DNS record that goes to our Netscalers. The Netscaler sends email to the hybrid server (Exchange 2013 CU12), then up to 365, via certificate.

When I test an email from one of my devices, it is successful if the email address is internal (same domain). But if the email is external I get the error message that the email address is invalid, and the email is not sent.

I have set the receive connector for the hybrid to 'Anonymous Users' only. I have included the IP addresses of the netscaler.

If I set the recieve connector to include the authentication option of TLS, then the external email will go through. The only problem is that the path is as followes: Device > Netscaler > hybrid server > other on-prem Exchange server > hybrid server > 365.

I am trying to get rid of the 'other on-prem Exchange server'. Any suggestions would be appreciated. Been working on this for a couple of weeks, and ready to get it off my plate.

Thanks,
Jason H

Labels:
5,585 Views
0 Likes
4 Replies
Reply
4 Replies
Nuno Silva

‎Jul 06 2017 09:25 AM

‎Jul 06 2017 09:25 AM

Re: External SMTP flow for Hybrid environment

Hi Jason,

 

I think the problem could be that you are pointing to the connector directly.

 

You can create a receive connector on Office 365 that receives from your Public IP and then you can point your Netscaler to your MX Record that will connect to your connector.

 

See option 2 on this article - https://support.office.com/en-us/article/How-to-set-up-a-multifunction-device-or-application-to-send...

0 Likes
Reply
Jason Hopp

‎Jul 06 2017 09:35 AM

‎Jul 06 2017 09:35 AM

Re: External SMTP flow for Hybrid environment

Nuno,

 

Thanks for the fast response.  Let me see if I get this right:  Since my hybrid has a NAT to an external IP (example:  1.1.1.17), and that IP is in my SPF record, and the receive connector in 365 has the cert which has the SAN that points to that IP:  all I would need to do is point the Netscaler to our MX record, and it will go through the hybrid?

 

Questions:

1. Would I need to change the connector in 365 to accept by IP or does the cert work?

2. Can I NAT the netscaler out, and add the IP and be able to remove the hybrid from the equation?  

 

Thanks,

Jason H

0 Likes
Reply
best response confirmed by Jason Hopp (Brass Contributor)
Nuno Silva

‎Jul 06 2017 10:35 AM

‎Jul 06 2017 10:35 AM

Solution

Re: External SMTP flow for Hybrid environment

Hi Jason,

 

You can chose the 2 options, it always depends what you need. For me I always prefer to keep hybrid because the management, but you can have your scanners pointed directly to your MX with the connector created like the article says.

 

You can keep the connetor for the hybrid and create a new one.

1 Like
Reply
Jason Hopp

‎Jul 06 2017 12:05 PM

‎Jul 06 2017 12:05 PM

Re: External SMTP flow for Hybrid environment

Thanks Nuno for your help.  This might get me closer to our overall end goal of no exchange environment.  But the following article got me going by changing up the receive connector a little bit.  Now both internal and external emails are sending out through the hybrid to 365 EOP.

 

http://www.sunilchauhan.info/2016/05/setting-up-anonymous-relay-on-exchange.html

 

Jason H

1 Like
Reply
1 best response

Accepted Solutions
best response confirmed by Jason Hopp (Brass Contributor)
Nuno Silva

‎Jul 06 2017 10:35 AM

‎Jul 06 2017 10:35 AM

Solution

Re: External SMTP flow for Hybrid environment

Hi Jason,

 

You can chose the 2 options, it always depends what you need. For me I always prefer to keep hybrid because the management, but you can have your scanners pointed directly to your MX with the connector created like the article says.

 

You can keep the connetor for the hybrid and create a new one.

View solution in original post

1 Like
Reply