Exchange 2010 Internal mail not going through smarthost

Where are you supposed to check/verify how mail flow works in Exchange 2010 to check whether it goes through a smarthost or not?
I have 2 Exchange 2010 servers running Hub Transport/Client Access/Mailbox roles
and 1 Smarthost for testing protection.

If I send e-mail to test user internally, it doesn't appear to go through the Symantec protection server
but an inbound or outbound e-mail with someone on the outside, will.

The Send Connector in Exchange smart host is wildcard * for SMTP so I'm not sure where else this is configured or changed when desired to have e-mail internally go through smarthost...?
Who is Participating?
I wear a lot of hats...

"The solutions and answers provided on Experts Exchange have been extremely helpful to me over the last few years. I wear a lot of hats - Developer, Database Administrator, Help Desk, etc., so I know a lot of things but not a lot about one thing. Experts Exchange gives me answers from people who do know a lot about one thing, in a easy to use platform." -Todd S.

StuartTechnical Architect - CloudCommented:
Internal email is routed by the client internal relay and will never hit your smart host, why are you wanting this behaviour?
garryshapeAuthor Commented:
My understanding is that routing through smart host would be a good protection for internal email. Like if someone in one department gets a virus and it starts sending through their e-mail client.

and the smart host could also protect internal emails with its Regulatory Compliance, URL Defense, etc.

Are smart hosts not typically used for internal?
StuartTechnical Architect - CloudCommented:
No external mail is typically routed via a smart host or is routes by DNS

Internal mail is routed internally within exchange, I would look at some av protection on your Hub transport servers, and create transport rules to deal with filtering your mail

Determine the Perfect Price for Your IT Services

Do you wonder if your IT business is truly profitable or if you should raise your prices? Learn how to calculate your overhead burden with our free interactive tool and use it to determine the right price for your IT services. Download your free eBook now!

garryshapeAuthor Commented:
Ok. well my situation is I have 2 smart hosts. I thought maybe I could designate one for internet e-mail, and one for internal. Unless that's just overkill
you can use it for internal emails. all is you need to create the new receive connector and configure it properly.  what smart hosts you are using?
garryshapeAuthor Commented:
This will be the Proofpoint Protection Server physical appliances.
Just trying to figure out how best to utilize 2 of them
We'll be getting rid of the existing single Symantec Messaging Gateway/brightmail
garryshapeAuthor Commented:
Now that you got me back looking at relays, I'm finding it interesting that on 2 Exchange servers, both in the same "Site", have relays that are the same in terms of General/Network/Authentication/Permission Groups settings.
How does one determine the precedence/priority of which relay is used given the same one is essentially configured on 2 different Exchange servers?
My concern here is that both servers are in physical locations far from each other.
StuartTechnical Architect - CloudCommented:
By default the same connectors are present on both servers. The routing connector used depends on which hub transport server the message was processed through. Are both your servers multirole?

I'm pretty sure by default exchange try's to route messages through a transport role where your mailbox does not reside. I presume the network link between your two network locations is pretty fast and reliable

Also back to the using a SH for internal relay, I would seriously consider not doing this. The last thing you want is to stop ALL mail flow should you have issues with your SH or Internet link

Experts Exchange Solution brought to you by

Your issues matter to us.

Facing a tech roadblock? Get the help and guidance you need from experienced professionals who care. Ask your question anytime, anywhere, with no hassle.

Start your 7-day free trial
garryshapeAuthor Commented:
Yes both servers are multi-role.
The link is fine it seems, probably a 1ms difference in the extra hop.
As for testing the connector, I guess I'll need to send test messages from mailboxes on different servers and check the header as to what relay it uses.

For the SH for internal delay, I guess you're right. All I have right now though is Symantec Endpoint Protection, am not sure if that's good enough for the protection Exchange server protection as well as e-mail security for internal.
It's more than this solution.Get answers and train to solve all your tech problems - anytime, anywhere.Try it for free Edge Out The Competitionfor your dream job with proven skills and certifications.Get started today Stand Outas the employee with proven skills.Start learning today for free Move Your Career Forwardwith certification training in the latest technologies.Start your trial today

From novice to tech pro — start learning today.