Configure external inbound and outbound email flow in Exchange Server 2019 organization

Video Statistics and Information

Video
Captions Word Cloud
Reddit Comments
Captions
hi guys i hope you all are doing well and welcome to the next video of this entire series of exchange server 2019 in the last video we talked about transport pipeline in exchange 2019. in this particular video we will configure external email flow in exchange 2019 organization first we will understand what prerequisites you need to met before you receive or send an email to the internet and then we will test the external email flow before we start our today's session i would like to discuss couple of important things that you should consider if you want to set up a fully functional exchange organization there are multiple platforms where you can create virtual machines and you can host exchange server you can use azure you can use google cloud platform or if you have your own machine with a good configuration you can install a virtualization software for example hyper-v or vmware and you can host your vms there if you're planning to use azure or google cloud as a trial subscription or pay as you go subscription with azure you will not be able to send emails from your exchange organization to the internet and you will not be able to receive emails from internet to your exchange organization because both azure and google cloud block port 25. you can still publish your exchange urls to the internet you can perform mailbox migration from your exchange server you can even use free busy or premises permissions biggest port 80 and 443 can be opened on both platforms but port 25 will be blocked and if you have a paid subscription with azure or google cloud you will get port 25 opened on all the virtual machines next is virtualization application you can install a virtualization application on your own machine or a server and you can set up an exchange server environment but here also you need to consider few things if you want to deploy a fully functional exchange organization let's assume this is your own machine or a server where you have installed either hyper-v or vmware and you have two virtual machines one for domain controller and one for exchange server and this is the isp who is providing you the internet now every isp provides dynamic public ip addresses to your router and when your router has a dynamic public ip address assigned all of the ports are blocked on the router by default also with dynamic ip address you cannot do port forwarding port forwarding is you can forward the traffic from the router to your host machine or to the virtual machine that is running on the virtualization application but with dynamic ip address port forwarding is not possible that means you will not be able to send or receive any traffic from your virtual machine to or from the internet in short your exchange organization will not be accessible from the internet so to overcome this situation you need to purchase a static public ip address from your isp depending on your isp you can either pay monthly or annually and you can get a static public ip address and once you have a static public ip address all of the ports can be opened on your router and you can forward the traffic from the router to your virtual machine using port forwarding so these are couple of important things that you need to consider if you are planning to set up a fully functional exchange server environment so let's start our today's session that is how to configure exchange server organization for external inbound and outbound email flow if you want to send emails to the internet or you want to receive emails from the internet in that case you need to meet certain prerequisites first you need to make sure that port 25 is open and your exchange server can send and receive traffic from the internet on port 25 then you need to create dns records in public dns we will create a record mx record and spf record to receive email from the internet you do not have to create a connector in your exchange server but to send emails to the internet yes you need to create a send connector and once you have confirmed port 25 is open you have created dns records and you have created outbound connector you can test the email flow using test connectivity tool so now let's move to the exchange server and let me show you practically how to meet all these prerequisites and how to configure external inbound and outbound email flow for your exchange organization so first we will open port 25 on mailbox server we will go to firewall of mailbox server advanced settings and in advanced settings we will go to inbound rules and here we will create new rule for port 25 we will select port next type 25 next make sure allow the connection is checked and all these three options are checked as well go next and give this a name and click finish support 25 is open on the mailbox server the next thing that we need to do is we need to enable port forwarding on router so that we can route traffic on port 25 from internet to this virtual machine so let me login to the router so i'm logged into the router here i'll create one rule for port 25 and i'm going to route the traffic from internet to the virtual machine where exchange server is hosted so this is the internal ip address of the virtual machine where the exchange server is hosted and i'm creating this rule for port 25 click save so port forwarding is enabled now we can check if port 25 is open for the exchange server or not to check if ports are open or not you can go to browser and in browser you can type port checker open the online tool this will show you your current public ip address and here you can type the port number click check and it says port 25 is open on this ip address now this is the ip address that i'm using for the exchange server this is the exchange machine and if i type what is my ip it will return the same ip ends with 1 2 3 22 so this is the current ip address so port 25 is open there is another way to check if exchange server is listening to the traffic on a particular port or not and for that you can go to powershell and in powershell you will type net stat space hyphen a b press enter let me stop this and let's go at the top now here you can see tcp port 25 listening i'm running this command on the exchange server port 80 listening 443 listening so that means these ports are open and exchange server is listening to the traffic on these ports as of now we are concentrating only on 25 because we are working on mail flow support 25 is open the next prerequisite is to update dns records the domain that i'm using in on-premise exchange server or in my on-premise organization office 365 concepts dot com i have purchased that domain from godaddy so that means if i have to create any public dns racket for my domain i'll have to log into the dns provider portal that is godaddy portal and from there i'll have to create all the dns records so let me log into the portal and then i'll show you how to create these records so i'm logged into godaddy portal and i am under dns management for office 365concepts.com this is the domain that i'm using in my on-premise and as of now i do not have any custom dns record these are the default dns records so first we will create a record for our exchange server now if you remember when we talked about exchange server configuration post installation we created a record for mail.office365concepts.com but that time we pointed mail.office365concepts.com to the internal ip address or the private ip address of the exchange server now whenever internal user will try to access this service this service will be resolved on this particular server but what if a user is trying to access mail.office365concepts.com from internet or from external network so in that case my local dns will not be able to resolve that query for that i need to create a dns record in my public dns so we will click on add we will select a record here we will type mail and this will be considered as mail.office365concepts.com now here we will type the external ip address of the exchange server now if you are using azure or google cloud you will get external ip address associated with that particular virtual machine so you can copy it from that and you can paste it here but if you are not sure what is your external ip address you can go to browser and you can type what is my ip so this will give you your external ip address you can type it in your exchange server so that you can get the correct ip address and then you will select ttl value or time to live value and then click add record so the a record has been created for mail.office365concepts.com let me refresh the page so here we can see a record for public ip address and this is for mail.office365concepts.com the next dns record that we will create is mx record because mx record is responsible to receive emails under name you will type at which denotes the domain name and under value you will type mail.office365concepts.com and you will select ttl value and click add record so we have created a record and mx record the third dns record is spf for spf dns type is txt or text record under name you will type at under value you need to mention a correct syntax for spf record for spf record you can mention v equal spf 1 ip4 and next to ip4 you will mention the external ip address of your exchange server and then hyphen all if you are not sure whether this record is correct or not whether this value is correct or not you can use online tool that is getter man go to this tool under is this spf record valid here you can type your domain name and then paste the value and click check spf record it says spf record passed validation test that means the value that you have created is correct so go to dns manager and under value paste the value and then select ttl value and add record now we will verify the dns records if these records are published or not and for that you can go to mx toolbox or you can do ns lookup as well from command prompt and first dns record that we will check is a record for mail.office365concepts.com and this dns record should resolve to the public ip address of the exchange server so it is resolving the next dns record we will verify mx record mx record for our domain press enter this is also resolving to mail.office365concepts.com and this is the external ip and now we will check the txt record because we have created one spf record as well and this is published as well now we will test the email flow first we will test the internal email flow because for internal email flow we do not have to make any changes within the exchange server so let's go to exrc tool that is remote connectivity analyzer from here you will go to exchange server and then select inbound smtp email under email address you need to mention an email address of any user that is available in your on-premise so for this demo i will be using administrator email address of my exchange server so let's test the inbound email flow in the meantime let me login to exchange server so let's go back to test results and let's expand this so first this test will check the mx record for your domain it says mx record was found next it will check if port 25 is open on mail.office365concepts.com the port was opened and finally it will send an email to the email address that you used within this test so remote connectivity analyzer will send an email to this email address to check if the email can be delivered to this mailbox or not now let's go to owa for this user so here you can see the email and let's take a look on this email it says this message is a test message from remote connectivity analyzer this mail message was sent as part of the inbound smtp test at test exchange connectivity.com so this was a test email sent from this tool to check if email can be delivered successfully to exchange server or not now let's do a test let's go to gmail and let me login with a gmail user and we will send one email from gmail to this exchange server so let's compose the email and let's send this email to administrator at office365concepts.com this is a test email from gmail account send let's go back to owa and delete this email so we have received the email from gmail now for inbound email flow for inbound external email flow we didn't make any changes in receive connectors in exchange server there is a default receive connector you will find lots of connectors in received connectors but to receive emails from the internet this default front-end exchange connector is responsible you do not have to make any changes within this particular connector by default this connector is configured to receive emails from the internet but in send connectors you will not see any send connector so to send emails to the internet you will have to create a connector so let's create one sent connector we will select internet because we are going to create this connector to send emails to the internet give it a name for example to internet next here you will select mx record associated with recipient domain go next under address space click plus and here you will type astric that indicates that you will be sending emails to all of the external domains click save go next under source server you will select your exchange server if you have multiple exchange server you can select one of these servers who are responsible to send emails once you have added the server click ok and click finish now let's go back to exrc tool and let's test outbound email flow under outbound ip address you will use the public ip address of your exchange server from here you can select what checks you want to run on this test like reverse dns check rbl check rbl check will check the ip reputation your ip address reputation and it will check sender id check as well so i'll uncheck this because i do not have reverse dns so this test will fail and here you will type an email address of any user who belongs to your on-premise exchange organization and remember this user has to be a mailbox do not use a user who has only user account in your active directory and it doesn't has a mailbox perform test so this test is completed successfully and so that means you are ready to send emails to the internet let's expand all here you can see this test is checking the ip address reputation if your ip address is blocked on the internet or not and then it will check the spf record for your domain if you have spf record published or not so let's go to owa for on-premise user and let's send an email to gmail user click send let's go to gmail account so here we can see the email is received test email from onpremise spelling is incorrect so if we check the header of this email let me copy this email header and let's go to exrga message analyzer tool and paste it here analyze header so here we can see this email was sent from exchange.office365concepts.com that is the fully qualified domain name of my exchange server and this is the internal ip address of the exchange server and this is the external ip address of exchange and from exchange server this email was delivered to the google.com email server so this is how you can configure your exchange server for external inbound and outbound email flow in the next video we will talk about certificates and we will install ssl certificate on our exchange server so that is all for now i will see you all in the next video thank you guys thank you for your time take care
Info
Channel: Office365Concepts
Views: 26,785
Rating: undefined out of 5
Keywords: learn exchange server step by step, exchange server all videos, exchange server tutorials, email flow in exchange server, configure email flow in exchange server, email flow not working in exchange server, troubleshoot email flow in exchange server, queue viewer in exchange server, track emails in exchange server
Id: MjXCzV_wL1I
Channel Id: undefined
Length: 21min 30sec (1290 seconds)
Published: Thu Mar 24 2022
Related Videos
Note
Please note that this website is currently a work in progress! Lots of interesting data and statistics to come.