Announcement

Collapse
No announcement yet.

Force outbound to be from specific address

Collapse
X
  • Filter
  • Time
  • Show
Clear All
new posts

  • Force outbound to be from specific address

    I have two email addresses: @company.com and @tls.company.com.

    I have one client that is requiring tls and due to 3rd party filtering and queuing, it seems impossible to convert the main domain. We made tls.company.com.

    Is it possible, at the Exchange level to force any email going to this client (@client.com) domain to be from "@tls.company.com"? no matter how it is sent from Outlook? I have already set up an SMTP connector just for outbound mail to this client.

    Thank You,

    Marc
    Thank you,

    Marc

  • #2
    Re: Force outbound to be from specific address

    There is no way that I am aware of to use a different address. As far as Exchange is concerned all users have a single email address - the default SMTP address on their account. All other email addresses are just aliases that are used for inbound email only.

    I am surprised that your spam filtering service is causing a problem. If you have to route your outbound email out through their service, then you should be using a smart host for that. If you have set the smart host on an SMTP Connector then simply add another connection for the client requiring TLS and adjust the values so that the TLS connector is tried first.

    You have to ensure that there is NOT a smart host set on the SMTP virtual server, which I know some spam filtering companies tell you to do in their instructions.

    Simon.
    --
    Simon Butler
    Exchange MVP

    Blog: http://blog.sembee.co.uk/
    More Exchange Content: http://exchange.sembee.info/
    Exchange Resources List: http://exbpa.com/
    In the UK? Hire me: http://www.sembee.co.uk/

    Sembee is a registered trademark, used here with permission.

    Comment


    • #3
      Re: Force outbound to be from specific address

      Originally posted by Sembee View Post
      There is no way that I am aware of to use a different address. As far as Exchange is concerned all users have a single email address - the default SMTP address on their account. All other email addresses are just aliases that are used for inbound email only.
      That is what I figured

      [QUOTE=I am surprised that your spam filtering service is causing a problem. If you have to route your outbound email out through their service, then you should be using a smart host for that. If you have set the smart host on an SMTP Connector then simply add another connection for the client requiring TLS and adjust the values so that the TLS connector is tried first. [/QUOTE]

      My service provider says that their Canit spam filter servers do the handshake on all incoming email. They do not provide TLS support. They do not seem very bright, so I take what they say with a grain of salt. So the only way I can see to get around that (and still have off-site email queuing for the bulk of our email) is to create another email address that won't go through their service and will come straight in.

      All outbound goes straight out, not through them.

      Since I can not force outbound email to that domain to use a specific smtp from address, I guess this work around isn't going to work. If a user sends an email with @company, anyone replying will go to through the non-secure pipe.

      Any other thoughts? Is my service provider nuts?

      Thanks,

      Marc
      Thank you,

      Marc

      Comment


      • #4
        Re: Force outbound to be from specific address

        If you have another site who is insisting on using TLS, then they must have the facilities to do that connection. They need to setup a custom connection in whatever their email service is, which points at your server directly, bypassing the MX records. Exchange can do this with an SMTP Connector, so it should be possible in other packages.

        The antispam provider is basically saying that they cannot do a TLS connection. That doesn't surprise me one little bit. You need to inform the other site of that fact and ask them if they can bypass the MX records and make a direct connection.

        Just saying "you must use TLS" and leaving it at that isn't really good enough. If they want to do something that isn't standard (which it isn't - TLS connections may be in the RFCs, it is not a normal connection type of probably 99% of email servers) then they will have to assist in making that connection work.

        If they will not, then you will have to take it to your management and either that site will have to be dropped or your outsourced antispam solution will have to be dropped. It depends on which is most critical to the business.

        However you may find that when your management talks to the management of the other site who want to require TLS that things could change and they become more cooperative. It depends on the kind of relationship between the companies.
        While you have a technical problem, finding a way of using office politics to fix the problem might be the only way.

        Simon.
        --
        Simon Butler
        Exchange MVP

        Blog: http://blog.sembee.co.uk/
        More Exchange Content: http://exchange.sembee.info/
        Exchange Resources List: http://exbpa.com/
        In the UK? Hire me: http://www.sembee.co.uk/

        Sembee is a registered trademark, used here with permission.

        Comment


        • #5
          Re: Force outbound to be from specific address

          Thank you very much for your attention. I see what you are saying about just setting up an SMTP connector between the sites. I do not know how to get around the MX record though. Can you set up a connector with just an IP address?

          The politics are what is running this. It is actually a very big client which we have very little business with. SO......if we bend over backwards and do stupid pet tricks, we could get more of their business.

          If I can do what you are saying, I might be a hero around these parts. How do I pass on props to where they belong? I am new as of today to this site.

          Thanks,

          Marc
          Thank you,

          Marc

          Comment


          • #6
            Re: Force outbound to be from specific address

            It isn't you who has to bypass the MX records, but the sending party for the inbound email. They need to do the work not you.

            Setting your SMTP connector to send email directly to them isn't an issue as you delivering your email directly anyway.

            Simon.
            --
            Simon Butler
            Exchange MVP

            Blog: http://blog.sembee.co.uk/
            More Exchange Content: http://exchange.sembee.info/
            Exchange Resources List: http://exbpa.com/
            In the UK? Hire me: http://www.sembee.co.uk/

            Sembee is a registered trademark, used here with permission.

            Comment


            • #7
              Re: Force outbound to be from specific address

              Originally posted by Sembee View Post
              It isn't you who has to bypass the MX records, but the sending party for the inbound email. They need to do the work not you.

              Setting your SMTP connector to send email directly to them isn't an issue as you delivering your email directly anyway.

              Simon.
              I understand they have to build the connector on their end, but how do they point the connector? To an IP address? Do you put the IP in the address space?

              I guess I just don't understand how the email can get to me without the MX record unless it is by IP.

              Thanks,

              Marc
              Thank you,

              Marc

              Comment


              • #8
                Re: Force outbound to be from specific address

                It could be an IP address or a host name. It depends what you have available. You may want to use a host name if you have one setup, then if you have to make a change to the IP addresses you don't have to think to tell them to change the IP on a certain date.

                Simon.
                --
                Simon Butler
                Exchange MVP

                Blog: http://blog.sembee.co.uk/
                More Exchange Content: http://exchange.sembee.info/
                Exchange Resources List: http://exbpa.com/
                In the UK? Hire me: http://www.sembee.co.uk/

                Sembee is a registered trademark, used here with permission.

                Comment


                • #9
                  Re: Force outbound to be from specific address

                  Thank you. I guess I am over my head. my hostname would have to be in a public DNS record correct?

                  Marc
                  Thank you,

                  Marc

                  Comment


                  • #10
                    Re: Force outbound to be from specific address

                    For an external server that isn't on your LAN, the host would need to be in public DNS to resolve correctly.

                    Simon.
                    --
                    Simon Butler
                    Exchange MVP

                    Blog: http://blog.sembee.co.uk/
                    More Exchange Content: http://exchange.sembee.info/
                    Exchange Resources List: http://exbpa.com/
                    In the UK? Hire me: http://www.sembee.co.uk/

                    Sembee is a registered trademark, used here with permission.

                    Comment


                    • #11
                      Re: Force outbound to be from specific address

                      Well, I just found out that they won't build a connecter on their end.

                      My options now are loose my offsite spooling/spam/virus, or find a service provider that supports TLS. I have only found two and they want thousands per month as opposed to my $60/mo right now.

                      Or buy another exchange server, put it at another site and point a backup MX record to that server.
                      Thank you,

                      Marc

                      Comment


                      • #12
                        Re: Force outbound to be from specific address

                        If this was me, I would escalate it. This isn't a decision that you can take.

                        Using alternative MX records will not help, because you are still at the mercy of the DNS lookups trying to connect to spam filtering software.

                        Therefore if this client is insisting on using TLS and will not deal with you unless you do, the external antispam filtering service will have to go or be replaced with another one who supports TLS.

                        Escalate the decision, you will feel much better for it, as it is now a business decision, not a technical decision.

                        Simon.
                        --
                        Simon Butler
                        Exchange MVP

                        Blog: http://blog.sembee.co.uk/
                        More Exchange Content: http://exchange.sembee.info/
                        Exchange Resources List: http://exbpa.com/
                        In the UK? Hire me: http://www.sembee.co.uk/

                        Sembee is a registered trademark, used here with permission.

                        Comment

                        Working...
                        X