Do I need to setup Exchange to be a Relay Server to do this?

I have a client that has an old Exchange 2003 server that they are nursing until January at which point it will go away when they retire and close their doors.  One person is starting their own business and has setup another domain for her email.  She would like to setup external incoming emails to come into her mailbox and immediately get forwarded to her new external email.  We setup a Contact on the exchange server for her new address.  All internally sent emails will forward to her new account but no new external emails will forward on to the new email account.  In doing some research, it appears that I would have to change the server into a relay server (setting options) but I believe this opens up the server to further exposure.  Can anyone suggest another way to get this done?
Who is Participating?

[Product update] Infrastructure Analysis Tool is now available with Business Accounts.Learn More

I wear a lot of hats...

"The solutions and answers provided on Experts Exchange have been extremely helpful to me over the last few years. I wear a lot of hats - Developer, Database Administrator, Help Desk, etc., so I know a lot of things but not a lot about one thing. Experts Exchange gives me answers from people who do know a lot about one thing, in a easy to use platform." -Todd S.

Brian MurphyIT ArchitectCommented:
SMTP relay.  Server 2008 R2 or 2012.  

Host it internal and you will need a F5 or Firewall or something to use for your external IP and change the SMTP for that domain, the MX Records, to that IP listening on port 25 and send it to the SMTP Relay and it can take from Exchange 2003 or just receive external email and forward it to your Exchange Server.

And it sounds easy but it really depends on what you mean by external email.  If she signed up for Office 365 account they give you that information at sign up and it does not support a 2003 Exchange SMTP relay but does support SMTP Appliance like Ironport of free SMTP Relay on Windows Server, just enable the relay and don't install Exchange.

I would not do anything with the Exchange 2003 server because your limited using it as SMTP Relay.

All you need is a MX record that points to something that points to your Exchange Server.

If she setup a Google Business account or Microsoft Online for this to work you would need a valid domain.  It won't work unless you register a domain external that matches the suffix of your internal users.  You cannot forward SMTP email to a domain that does not exist.  You can only tell it to forward email to my other email having a different suffix.

So if she is using GMAIL.  The answer is no, must have a registered domain.  Office 365 for Business is the same thing.  They want you to change your DNS and MX records to their MX records and anything goes to Microsoft or Google.  

The only way to change that is have your own domain and you get to control your own DNS entries.  

But, that can get really dirty.  It can only due SMTP.  So there are no shared calendars, free-busy, GAL, et cetera.  It is basically you own a domain and point MX to your IP address.  

Cannot have the cake and eat it.  Anything incomming goes to your SMTP relay then Exchange.  Not her external account.  

Some companies like Mimecast support journal connectors.  Microsoft requires a Federated Services connection, in AD the UPN and the SMTP suffixes must match 100% and you are basically moving Exchange to the cloud so no more Exchange Servers.

Your workaround is to build the SMTP Relay, buy a domain that represents the primary SMTP address suffix.  Enable forwarding for Exchange and her mailbox so she can forward mail to her external account after it hits her Inbox using Outlook Rules.

If I remember correctly you might be able to set this up in Exchange as well but that sends everything and nothing hits her Inbox.  Maybe she wants that, who am I to judge?

If she wants mail in both places she is basically forwarding back to the SMTP relay.  The trick there is to be specific which domains to forward.  Same on her Outlook, create rules to forward using her external email which you can define in Exchange as just her SMTP address not a mailbox assigned.

That is a Swag at best because don't know where her external mail is at but the concept is same.

If all you want is SMTP relay, 2008 R2 works great.  You just need a domain, DNS management, and hopefully have have IP's that are routable external.  Then you bind one of those to a VIP or NAT and point DNS to that IP and the NAT goes to the SMTP Relay.

You just took the external mail vendor out of the equation.

And I have a lot more where that came from.....
Mal OsborneAlpha GeekCommented:
Nope, you  don't need to set this up as a relay.

There is a security setting somewhere that enables users to redirect externally via a rule, but I don't recall exactly where it is.
Brian MurphyIT ArchitectCommented:
So, maybe to summarize.

If you get external mail today then you must have a domain already.  Or, you have internal mail only which most people cannot live with so your 2003 server is pointing to something that acts like a SMTP relay for those domains.  

That doesn't need to change.  Sending to external domains is one thing but for them to reply there must be a domain registered already and pointing to an external IP and your external DNS has MX records pointing to that IP.  Otherwise, no one can reply to an email you send external.

And that is possible, if it is a really small company.  If it were me, I would flip everyone to Office 365.

That takes everything out of the equation.  At that point, it doesn't matter what your internal AD domain is your setting up a new external domain just for Office 365.  You don't need Active Directory, just a computer connected to a network and a internet connection.  Login, create the user, they logon to the portal external and install their assigned applications.

That is what I use for home, now.

I've also done the whole migration thing and even did a Exchange 5.5 migration to Office 365 where I had no only 15 domains but 5 Organizations.

I shifted all SMTP to Mimecast Cloud.

It is a SMTP redundant cloud.  It does not replace exchange.  Any email you send or is sent to you hits Mimecast first and gives Attorneys, for one example, a single interface to search every email sent and received.

So what about internal mail.  Journaling.  I had journaling configured to send or "sync" to Mimecast cloud as well.  

I did that because they were on Exchange 5.5 and just needed to CYA.  They wanted off Exchange.  No more Exchange, no more OWA servers.  And that is rough because of the ADFS, bunch of other stuff required to switch from that to a Office 365 and if anything happens if one backup fails or export to PST they were going to hurt bad.  Really bad.

If you have a lot of users I would look at Mimecast cloud as your relay.  If you have a few, SMTP Relay on 2008R2.
IT Pros Agree: AI and Machine Learning Key

We’d all like to think our company’s data is well protected, but when you ask IT professionals they admit the data probably is not as safe as it could be.

dstewart83161Author Commented:
Let me describe it a bit more clearly.  Company is winding down and will keep an already existent exchange 2003 server until the company is done in April 2016.  it services a domain, let's call it  One person is ready to start their own company and has setup another domain (and email account there) that is called

we can get email to go from anyone on the current exchange system to the one person's account at by setting up a contact for and did a forward in the Exchange AD for to that contact.  this works just fine.

the issue comes when people outside of the autocar organization send emails to  They get failures indicating that the server is not an open relay.  so to be more specific, sends an email to and gets the server is not an open relay message.  The mailbox for gets the message but it never forwards on to

Any suggestions?
Brian MurphyIT ArchitectCommented:
Well, that is proper.  Contacts in Exchange are nothing more than a SMTP pointer.

You hide that from internal and you have to keep the mailbox and the account and in exchange you can forward mail from that mailbox to her new one and that has nothing to do with the pointer.

Internal mail and MAPI clients use RPC by default and SMTP is never used with a MAPI Client like Outlook.  It is a client server RPC style application with a mailbox that can except external SMTP mail but internal is bound to the Site or Organization which is a real user, bound to a mailbox.

I don't know of another option.  And I've done this a lot of times for people that worked part time somewhere or I've done it for people that have gmail accounts.

All you do is not disable her account that is on the mailbox.  At that mailbox level you forward mail to a SMTP Address that goes out using MX Record just like anything else.  

You open AD users and Computers, find her ID, reset the password and set it to must change at next logon and user cannot change password.  No way to use it but still enabled.

I had OU in AD where I put those accounts.  Everyone in that OU internal people get to send email to her real mailbox like she never left and it is set to forward all mail out using standard MX record lookup, SMTP message outgoing.

That is one scenario.  If the only focus is external users you lost me unless that domain doesn't exist.

You cannot make up a email address, not pay to own that domain, then create MX records or with Gmail or something similar you get

Or you do what I did and pay 3 dollars a month for a Google Business account and register the domain and manage DNS using eDOM.

I mean, did she start her own company and hosting everything with the old?  

The only way to get external mail using your email server is if you own that domain.  You cannot create a MX record and tell it to send all to your email server and that email is not bound to a mailbox.

Now you can add as many SMTP suffixes that you want.  I had one company that marketed things and they had 50 SMTP address per mailbox and they bought every single domain and every domain pointed to their external SMTP relay.  And that pointed to exchange.

Then, that email goes to the mailbox where you see

They have a primary suffix regardless.  Users internal, don't care or use any of those SMTP information.  They use a Global Address List, MAPI Client, RPC.

An internal user, pointing to a Contact is a shortcut to not having a SMTP relay.

If they tried to do that from home with personal mail will never work.

No other company can send to that and it work.

They would send to her normal mailbox and if you buy that domain, register that domain, you can BIND that SMTP suffix to her mailbox and she will get it - you have my word.

So, if your open to other suggestions I can only tell you that I cannot make what you have right now work.

I can only suggest maybe some other options and perspectives.
Brian MurphyIT ArchitectCommented:
A simpler version is you cannot host email you don't own.

If you could, I would just move my gmail account so that instead of having rules that forward to my work email that is taking ownership of as a dns name space.  

You can add to her mailbox, but if you somehow manage to hack Google DNS to tell their MX records to point to you.....I'd like to see that one.

It is really that simple.  it is all about the domain.  SMTP is DNS not UPN like with AD.  UPN and SMTP can match but it is not required.

And you can only add domains to the suffix in exchange that you own.

I've managed hundreds of domains and used ULTRADNS online and they all pointed to a single IP on Netscaler called a content switch on TCP 25.

I had to buy the domains, they had to exist if you did Whois Lookup, but then I moved them to ULTRADNS and that was my SOA for all of those domains.

If anyone sent a email to any 50 of those domains they all got back to the Exchange server and the User ID in Active Directory with Exchange Tools insatlled in user and computers had a

And I had a MX record for every single domain.
Brian MurphyIT ArchitectCommented:
The issue now is concern.  That message is a result of what use to happen.  If I had access to that server right now I can telnet to port 25 and issue a few commands to bypass relay and send an email to anyone I want and put your return email address on it and it will come from your server.

That message is stating that I don't have a mailbox with that SMTP address.  And something else is going on where it knows it doesn't own that domain.

It is telling you flat out, I'm not going to be your relay and get blacklisted so you can bounce millions of email marketing stuff out and make it look like I sent it.  That is a protection mechanism.

I have an obligation to tell you that is a problem.

You should never get mail for a domain you do not own.  Exchange will look at that and in the past would relay it and the return address and domain is fake.  They don't need to exist.

Hence, we cannot create domains out of thin air outside our company.  Your lucky if someone doesn't already own that domain.

But what your asking can easily be achieved with a Google Business Account for 1 user, domain registration fee I paid was $15 dollars.  You cannot go anywhere and get that price.  I pay 4 dollars a month and have 1 TB of storage for Google Mail and Google Drive.

The only reason I keep it is to have a secondary email that has my original branding and I get to control other factors.  If I want to add other type of records or do OPENID or other type things I can.

If I want to create a I can.

If I want to forward an email from someone to the mailbox you host I create a rule but I have to give a valid email address.  Those get validated these days.  She would get that email and approve it to say this is my mailbox at your company.  

I prefer it that way.  I would focus on finding out how mail is being sent to you as SMTP incomming.

If some company made static MX record changes to point at your SMTP facing IP, they should have known better.

Exchange did its job in this case.  I just hope you take it serious.

Experts Exchange Solution brought to you by

Your issues matter to us.

Facing a tech roadblock? Get the help and guidance you need from experienced professionals who care. Ask your question anytime, anywhere, with no hassle.

Start your 7-day free trial
dstewart83161Author Commented:
Eventually the question was answered that stated it could not be done.  The external domain is not something we own so this behavior is not allowed.
It's more than this solution.Get answers and train to solve all your tech problems - anytime, anywhere.Try it for free Edge Out The Competitionfor your dream job with proven skills and certifications.Get started today Stand Outas the employee with proven skills.Start learning today for free Move Your Career Forwardwith certification training in the latest technologies.Start your trial today
Email Servers

From novice to tech pro — start learning today.