John sparks
asked on
Setting up Exchange 2013 to use a different External Domain
HI Experts.
I have a setup with Exchange running a important test environment using DomainA.co.uk This is used for internal testing and email works fine internally, but mail flow in/out of the domain has never been setup, also I haven't got ownership of an external DNS running this domain.
I now need to get it working so I can send/receive email externally using DomainB.co.uk, whilst not breaking the working internal mail using DomainA.co.uk
I am familiar with DNS and to an extent Certificates however I'm not sure how to configure the certificate and server so I don't break the internal mail flow, whilst allowing staff to send/receive using domain B externally.
They want to have the exchange server referred too as Mail.domainB.co.uk. Do I need to change anything on the exchange server or just create a Cname in the external DNS pointing to the external IP of server?
Can I setup a SAN cert with both domains? If so how?
Thanks All!
.
I have a setup with Exchange running a important test environment using DomainA.co.uk This is used for internal testing and email works fine internally, but mail flow in/out of the domain has never been setup, also I haven't got ownership of an external DNS running this domain.
I now need to get it working so I can send/receive email externally using DomainB.co.uk, whilst not breaking the working internal mail using DomainA.co.uk
I am familiar with DNS and to an extent Certificates however I'm not sure how to configure the certificate and server so I don't break the internal mail flow, whilst allowing staff to send/receive using domain B externally.
They want to have the exchange server referred too as Mail.domainB.co.uk. Do I need to change anything on the exchange server or just create a Cname in the external DNS pointing to the external IP of server?
Can I setup a SAN cert with both domains? If so how?
Thanks All!
.
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
The cert is only necessary for external connections. It seems like you're getting mail flow and client connectivity confused. You can secure email transport with a TLS certificate, but this is generally reserved for business partners and entities subject to compliance. As long as the MX records are properly configured mail flow will work out of the box with Exchange. Internal Autodiscover is facilitated with a Service Connection Point in AD, not DNS records.
ASKER
So in summary, to allow in/out mail flow of domainB.co.uk (and we don't need a TLS cert for our purposes.)
This right? If so I'll mark as done.
I guess there's some config in the Exchange server configuration but I'll leave that to another question.
Many thanks Jason.
- Don't need to do anything internally with regard to DNS, autodiscover records.
- Use Exchange to create a cert request for just the outside email domain mail.domainB.co.uk and autosync.domainb.co.uk (Aware we could get away with one)
This right? If so I'll mark as done.
I guess there's some config in the Exchange server configuration but I'll leave that to another question.
Many thanks Jason.
That's right
ASKER
Thanks very much
Glad I could help. Take care :)
ASKER
Happy to get a SAN cert as will go on to link to Office365 later, so if I use a SAN, get mail.domainB.co.uk and autodiscover.domainB.co.uk
We don't need inbound email on DomainA.co.uk, as long as the users on the local domain can send email to each other using that email. So don't need a MX record for domainA.
I was thinking that if I just put the cert in covering domainB then the internal servers/PCs will reject the connection. Or does the internal autodiscover SRV record somehow override the cert?
(currently using a self-signed cert for domainA.co.uk on the exchange server)