How Can We Help?
365 Hybrid Exchange Email Routing Notes
Narrative
Exchange On-Premise: EOP
Exchange Online: EXO
Inbound external email is directed via MX record to EXO. If the account exists there the message is delivered there. If the account does not exist there it is then sent through Barracuda and then redirected to EOP.
Email sent from EXO accounts to EOP accounts is sent directly to the recipient on EOP.
Outbound mail sent from EOP accounts to external addresses is sent through Barracuda then to the recipient.
Outbound mail sent from EXO account to external addresses is sent directly to the recipient.
EOP mail to EXO Method
- Honolulu
- Add domain by running through Hybrid Wizard
- Eaton
- Organization Configuration > Hub Transport > Remote Domains – EOP Remote Domain will be created. (Organization Configuration > Hub Transport > Remote Domains)
- Run this command in EOP Exchange Management Shell for each hybrid domain:
Set-RemoteDomain “Hybrid Domain – domainname.com” -IsInternal $TRUE -TNEFEnabled $TRUE -TrustedMailOutboundEnabled $TRUE -AllowedOOFType InternalLegacy -TargetDeliveryDomain $TRUE - Organization Configuration > Hub Transport > Send Connectors – Add or modify outbound to 365 connector
- Address Space tab: Add each domain
- Network: Use domain name system… (Make sure both internal and external DNS have MX records pointing to 365 servers.)
- 365
- Exchange Admin Center > Mail flow > Rules
- Configure rule Inbound External Email
- Apply this rule if: Is received from ‘Outside the organization’
- Do the following: “Route the message using the connector named ‘365 to Barracuda”
- Configure rule Inbound External Email
- Exchange Admin Center > Mail flow > Connectors
- Configure Inbound from connector to authenticate sent email ‘By verifying that the subject name on the certificate… equals “*.housingservices.com”
- NOTE: As a mailbox migration is ‘Completed’ the Azure AD Connect changes the appropriate account flags for the system to know where a specific account resides within the Hybrid system.
- Exchange Admin Center > Mail flow > Rules
EXO mail to EOP Method
- Exchange Admin Center > Mail flow > Connectors
- Add Connector “365 to Barracuda”
- Use of connector: For email messages sent to all accepted domains in your organization
- Routing: Add both Barracuda servers (See Barracuda web interface)
OR
Add eaton.housingservices.com to bypass Barracuda (Verify firewall holes are in place from 365 to Eaton.) - Security Restrictions: Always use Transport Layer Security (TLS) … and Issued by a trusted certificate authority (CA)
- Add Connector “365 to Barracuda”