Exchange 2010 Internal mail not going through smarthost

garryshape
garryshape used Ask the Experts™
on
Where are you supposed to check/verify how mail flow works in Exchange 2010 to check whether it goes through a smarthost or not?
I have 2 Exchange 2010 servers running Hub Transport/Client Access/Mailbox roles
and 1 Smarthost for testing protection.

If I send e-mail to test user internally, it doesn't appear to go through the Symantec protection server
but an inbound or outbound e-mail with someone on the outside, will.

The Send Connector in Exchange smart host is wildcard * for SMTP so I'm not sure where else this is configured or changed when desired to have e-mail internally go through smarthost...?
Comment
Watch Question

Do more with

Expert Office
EXPERT OFFICE® is a registered trademark of EXPERTS EXCHANGE®
StuartTechnical Architect - Cloud

Commented:
Internal email is routed by the client internal relay and will never hit your smart host, why are you wanting this behaviour?

Author

Commented:
My understanding is that routing through smart host would be a good protection for internal email. Like if someone in one department gets a virus and it starts sending through their e-mail client.

and the smart host could also protect internal emails with its Regulatory Compliance, URL Defense, etc.

Are smart hosts not typically used for internal?
StuartTechnical Architect - Cloud

Commented:
No external mail is typically routed via a smart host or is routes by DNS

Internal mail is routed internally within exchange, I would look at some av protection on your Hub transport servers, and create transport rules to deal with filtering your mail

Stuart
Ensure you’re charging the right price for your IT

Do you wonder if your IT business is truly profitable or if you should raise your prices? Learn how to calculate your overhead burden using our free interactive tool and use it to determine the right price for your IT services. Start calculating Now!

Author

Commented:
Ok. well my situation is I have 2 smart hosts. I thought maybe I could designate one for internet e-mail, and one for internal. Unless that's just overkill
Gaurav SinghSolutions Architect

Commented:
you can use it for internal emails. all is you need to create the new receive connector and configure it properly.  what smart hosts you are using?

Author

Commented:
This will be the Proofpoint Protection Server physical appliances.
Just trying to figure out how best to utilize 2 of them
We'll be getting rid of the existing single Symantec Messaging Gateway/brightmail

Author

Commented:
Now that you got me back looking at relays, I'm finding it interesting that on 2 Exchange servers, both in the same "Site", have relays that are the same in terms of General/Network/Authentication/Permission Groups settings.
How does one determine the precedence/priority of which relay is used given the same one is essentially configured on 2 different Exchange servers?
My concern here is that both servers are in physical locations far from each other.
Technical Architect - Cloud
Commented:
By default the same connectors are present on both servers. The routing connector used depends on which hub transport server the message was processed through. Are both your servers multirole?

I'm pretty sure by default exchange try's to route messages through a transport role where your mailbox does not reside. I presume the network link between your two network locations is pretty fast and reliable

Also back to the using a SH for internal relay, I would seriously consider not doing this. The last thing you want is to stop ALL mail flow should you have issues with your SH or Internet link

Author

Commented:
Yes both servers are multi-role.
The link is fine it seems, probably a 1ms difference in the extra hop.
As for testing the connector, I guess I'll need to send test messages from mailboxes on different servers and check the header as to what relay it uses.

For the SH for internal delay, I guess you're right. All I have right now though is Symantec Endpoint Protection, am not sure if that's good enough for the protection Exchange server protection as well as e-mail security for internal.

Do more with

Expert Office
Submit tech questions to Ask the Experts™ at any time to receive solutions, advice, and new ideas from leading industry professionals.

Start 7-Day Free Trial