Exchange 2010 Multi-Tenant Mail Delivery
What I want to discuss is how to get mail delivery to work in your Exchange Multi-Tenant Environment. Just like you’re On Premise Exchange environment you will have to create a Send connector for out bound mail delivery to work in addition you will also need to configure your Receive connector to accept inbound mail for your inter-Tenant and internet messages. When configuring your mail flow in your Multi-tenant environment ideally you should configure it as the following the following choices:
ROUTING INTERNET AND INTRA-TENANT MAIL
Configure Inter-Tenant Mail Flow
http://technet.microsoft.com/en-us/library/ff952753.aspx
Configure Internet Mail Flow Directly Through a Hub Transport Server
http://technet.microsoft.com/en-us/library/bb738138.aspx
Configure Internet Mail Flow through Exchange Hosted Services or an External SMTP Gateway
http://technet.microsoft.com/en-us/library/bb738161.aspx
With the above articles you have multiple options on how to design your mail routing for both intra-Tenant and Internet recipients. Which options is up to you based on how you plan on designing your Routing environment?
**SmartHost Option
**
We recommend that you utilize a SMTP Gateway to handle your inter-tenant and internet mail delivery. In reality the SMTP Gateway is where you want to perform your message hygiene and off load the resources off of your Exchange server compared to a regular on premise server. There are multiple choices of a smtp gateway such as a hardware, software that will perform all your Antivirus and spam filtering. You can also use an online Service Provider for Message Hygiene such as our Forefront Online Protection and offer that as a bundled offering for your users.
Note: you can use Edge Transport Server as the SMTP Gateway but Edge Synchronization is not support.
**DNS Option
**
This configuration you can create one send connector to process your inter-tenant and internet mail delivery. The send connector will be configured to send mail using MX records for both inter-tenant and internet recipients. This is simplest configuration between all the options. Inbound mail into the Exchange Organization will use the same inbound hub server. This can be a single point of failure for both intra-tenant and internet mail.
Multi Send Connector
**
**
This configuration is another option which you can separate your internet and intra-tenant traffic. The first connector will be used to deliver mail to internet recipients. The second connector will be used for your inter-tenant ti deliver mail directly back to a hub server. To add some redundancy you can separate your intra-tenant and internet mail to use different hub servers. This will prevent a single point of failure if having a problem with your inbound hub server..
HOW DOES MAIL DELIVERY WORK
Let’s talk about how mail delivery works in a multi-tenant environment. In Exchange Multi-Tenant environment there are 3 types of recipients
Scenario 1: Internet Recipient
Scenario 2: Local Tenant (A Mailbox User who exist in the same Tenant Organization)
Scenario 3: Inter-Tenant (A Mailbox User who is a member of another Tenant Organization)
Mail delivery between mailbox and hub server roles are still performed via MAPI/RPC just like On-Premise Exchange Server. The only difference is how mail is delivery from one user in one Tenant Organization to another Tenant Organization. Let me give you a visual of all three scenarios.
Scenario 1 (Internet)
When a tenant sends a message to an internet user. Your Exchange Organization will require a Send connector and will be delivered to your internet smart host or directly to the internet depending on your configuration.
Scenario 2 (Local Tenant same Organization)
When a Tenant user sends a message to him/her self or to another tenant user that resides in the same Tenant Organization the messages will get delivered from the Mailbox Server to the Hub Server then back to the mailbox server. The communication is done via MAPI/RPC just like regular Exchange 2010 server.
In this example I logged in as administrator@tenantOrg1.org and sent a message to myself. I then used message tracking to track the message to myself. As you can see we get the following events
Submit = Submitted from Store
Received = Received from Hub
Delivered = Delivered to Store
Scenario 3 (Inter-Tenant)
This scenario is new with Exchange Multi-tenant environments. I logged in as administrator@testorg1.org and sent a message to userone@testorg2.org, who is a mailbox user in another Tenant Organization. As you can see we get the following events
Submit = Submitted from Store
Received = Message received via SMTP
Transfer = Goes through Content Conversion
Send = Sent through SendConnector via SMTP
Received = Received via SMTP
Delivered = Delivered to Store
So as you can see when sending mail from one tenant to another tenant in another organization the message will be converted to MIME and be delivered via Send Connector. You might ask why we send mail through a send connector when the recipient is hosted on the exchange server.
There are many reasons this is a great idea
- This creates a more complete segregation between your tenants
- If you utilize an smtp gateway, then mail between your tenants will also be can be treated as external mail
- When reviewing messages delivered between Inter-Tenants the mail will get delivered via SMTP. This will make reading the header of the message more difficult for users to determine which other users are hosted on the same server.
This article is in reference to Exchange 2010 Multi-tenant deployments when the Exchange organization was installed with the /hosting switch. Please reference Exchange Server 2010 Hosting Deployment to determine if your Exchange organization has been deployed in /hosting mode.