You should post this to the Exchange list instead. :) I typically refer to the IIS SMTP service as a "basic SMTP remailer". Just FYI. :)
I would prefer to spend a few minutes fiddling in your DNS to be certain I understand what you are saying, because I can't grok it. You gave a lot of good detail, but I need to see all of internal DNS and your internal accepted zones. In general, the way SMTP routing works is as a follow: [1] If you are connected to an Exchange server - it doesn't. You always submit the email to Exchange. Period. Exchange deals with the SMTP routing. [2] You CAN create different accounts in Outlook such that accounts for specific domains route those messages to a specific host. [3] The mail-sender looks up the destination email domain in its local tables to determine if there is an override smarthost for that domain. If so, that is used. Otherwise proceed to the next step. [4] Otherwise, the mail-sender looks up the MX record for the destination email domain in DNS. If there are no MX records, proceed to the next step. All MX records are retrieved, in priority order. Lower priorities take precedence. Priority 0 is the highest possible priority. For a given priority, the hosts are tried in a random order until one accepts the message. If nothing accepts the message then the next highest priority is tried, etc. etc. until all MX records are exhausted. If no MX hosts accept the message, the message is re-queued if the message age is still within the queue threshold. If the message age is too high, an NDR is generated. [5] we only get here if there are no MX records for the email domain. In that case, we look up all "A" and "AAAA" records for the email domain and randomize them. If there are no "A" or "AAAA" records, the message is removed from the queue and an NDR is generated. In random order we attempt delivery to those IP addresses. If no hosts accept the message, the message is re-queued if the message age is still within the queue threshold. If the message age is too high, an NDR is generated. So, change your Outlook configuration to use fake fax accounts; update IIS SMTP to use multiple smarthosts, or something similar. Your problem definitely has a relatively simple solution, but it may not be light touch. From: [email protected] [mailto:[email protected]] On Behalf Of Richard McClary Sent: Friday, October 31, 2014 3:15 PM To: [email protected] Subject: [NTSysADM] Internal mail routing for company using hosted Exchange Greetings! We have an email-to-fax gateway system (Faxcore) which, when we have an internet connection, works wonderfully. When the internet goes down, it cannot receive fax requests via email the way things are currently configured. We use IIS as a simple (sorry for the redundancy) SMTP relay to our host "in the cloud". We can reroute most internet traffic during an outage through MPLS. Faxcore, unfortunately, sits in a DMZ and has no connection to our MPLS. We thought that by having an MX records in our AD DNS, our mail clients (currently Outlook2007) on "Send" would query first the local DNS for an MX record. If not found, it would use the SMTP relay. Our local DNS tables have an MX record, "faxcore1.aspca.local." (trailing dot), priority 15. For a test, we connected the Faxcore appliance to our LAN and changed the IP address to one in our LAN. We could ping it by name and even log into it remotely (it runs Windows 2013). I tried mailing a fax request to [number]@faxcore1. Another request to [number]@faxcore1.aspca.local. Within a few minutes, we got an "unable to deliver" message. So, thinking it over, I have concluded at least one of the following: 1. Should have given the MX a higher priority 2. Perhaps have had the MX record simply as "faxcore1" rather than "faxcore1.aspca.local." 3. Outlook will use an SMTP relay rather than query for an MX record 4. An Outlook client which uses hosted Exchange will send all its mail directly to the Exchange server at the host location. I have the strong feeling whatever we do with #1 and #2, #4 is a situation we will not be able to by-pass. NEXT QUESTION: Most of our faxes do not come from Outlook but rather a text-based mailer (something from Apache?). It sends out a couple hundred fax pages daily as medical cases are closed and finalized. Outlook is not used, but the SMTP relay involved as many records are sent by email rather than fax. So, would the Apache mailer first query DNS, then fall back on the SMTP relay if no MX record found? If so, then all mail sent to "[number]@faxcore1.aspca.local" would go directly to Faxcore; all other mail would be relayed to our Exchange host. (We do not yet have a good way to test this without disrupting the flow of medical reports.) When we first purchased Faxcore, our messaging was internal (Lotus Domino), and Domino would route anything "ASPCA" to local addresses, all else would go to the internet. If the presence of an SMTP over-rides local MX records, we would need to find an SMTP relay which could route. SUMMARY: 1. In a hosted Exchange/Outlook environment, all outbound mail goes to the Exchange host, ignoring the presence of a local MX record, right? 2. For a non-Outlook mailer, is local DNS queried for an MX record prior to using an SMTP relay (to the Exchange host)? Sorry for the length and rambling nature. We are looking to not only make our faxing gateway more resistant to internet failures but also to eliminate an external IP address ported through our firewall. Thank you... -- Richard D. McClary Jr Infrastructure Architect, Information Technology Group American Society for the Prevention of Cruelty to Animals 1717 S. Philo Rd, Ste 36 Urbana, IL 61802 Email: [email protected]<mailto:[email protected]> Phone: 217-337-9761 Cell: 217-417-1182 Fax: 217-337-9761 URL: www.aspca.org<http://www.aspca.org/> The information contained in this e-mail, and any attachments hereto, is from The American Society for the Prevention of Cruelty to Animals(r) (ASPCA(r)) and is intended only for use by the addressee(s) named herein and may contain legally privileged and/or confidential information. If you are not the intended recipient of this e-mail, you are hereby notified that any dissemination, distribution, copying or use of the contents of this e-mail, and any attachments hereto, is strictly prohibited. If you have received this e-mail in error, please immediately notify me by reply email and permanently delete the original and any copy of this e-mail and any printout thereof.
