Configure Exchange to Send Outbound Email via Symantec Email Security.Cloud Service

book

Article ID: 179088

calendar_today

Updated On:

Products

Email Security.cloud

Issue/Introduction

 

Resolution

Configuring Exchange 2016

  1. In the EAC, navigate to Mail flow > Send connectors, and then click Add Add icon. This starts the New Send connector wizard.

  2. On the first page, enter the following information:

    • Name   Enter a descriptive name for the Send connector, for example, Smart host to Internet.

    • Type   Select a descriptive value. For example, Internet or Custom.

    When you are finished, click Next.

  3. On the next page, select Route mail through smart hosts, and then click Add Add icon. In the Add smart host dialog box that appears, identify the smart host by using the following value:

    • Fully qualified domain name (FQDN)   For example, securitydevice01.contoso.com. Note that the Exchange source servers for the Send connector must be able to resolve the smart host in DNS by using this FQDN.

    When you are finished, click Save.

  4. You can enter multiple smart hosts by repeating Step 3. When you are finished, click Next.

  5. On the next page, in the Route mail through smart hosts section, select the authentication method that's required by the smart host. Valid values are:

     

    Authentication mechanism Description

    None

    No authentication. For example, when access to the smart host is restricted by the source IP address.

    Basic authentication

    Basic authentication. Requires a user name and password. The user name and password are sent in clear text.

    Offer basic authentication only after starting TLS

    Basic authentication that's encrypted with TLS. This requires a server certificate on the smart host that contains the exact FQDN of the smart host that's defined on the Send connector.

    Exchange Server authentication

    Generic Security Services application programming interface (GSSAPI) and Mutual GSSAPI authentication.

    Externally secured

    The connection is presumed to be secured by using a security mechanism that's external to Exchange. The connection may be an Internet Protocol security (IPsec) association or a virtual private network (VPN). Alternatively, the servers may reside in a trusted, physically controlled network.

    When you are finished, click Next.

  6. On the next page, in the Address space section, click Add Add icon. In the Add domain dialog box that appears, enter the following information:

    • Type   Verify SMTP is entered.

    • Fully Qualified Domain Name (FQDN)   Enter an asterisk (*) to indicate the Send connector applies to messages addressed to all external domains. Alternatively, you can enter a specific external domain (for example, contoso.com), or a domain and all subdomains (for example, *.contoso.com).

    • Cost   Verify 1 is entered. A lower value indicates a more preferred route for the domains you specified.

    When you are finished, click Save.

  7. Back on the previous page, the Scoped send connector setting is important if your organization has Exchange servers installed in multiple Active Directory sites:

    • If you don't select Scoped send connector, the connector is usable by all transport servers (Exchange 2016 Mailbox servers, Exchange 2013 Mailbox servers, and Exchange 2010 Hub Transport servers) in the entire Active Directory forest. This is the default value.

    • If you select Scoped send connector, the connector is only usable by other transport servers in the same Active Directory site.

    When you are finished, click Next.

  8. On the next page, in the Source server section, click Add Add icon. In the Select a Server dialog box that appears, select one or more Mailbox servers that you want to use to send outbound mail to the smart host. If you have multiple Mailbox servers in your environment, select the ones that can route mail to the smart host. If you have only one Mailbox server, select that one. After you've selected at least one Mailbox server, click Add, click OK, and then click Finish.

After you create the Send connector, it appears in the Send connector list.

How do you know this worked?

To verify that you have successfully created a Send connector to route outbound email through a smart host, send a message from a user in your organization to an external domain that's serviced by the Send connector.

 

Configuring Exchange 2013

Use the EAC to create a Send connector that uses smart host routing

  1. In the EAC, navigate to Mail flow > Send connectors, and then click Add Add Icon.

  2. In the New send connector wizard, specify a name for the send connector and then select Custom for the Type. You typically choose this selection when you want to route messages to computers not running Microsoft Exchange Server 2013. Click Next.

  3. Choose Route mail through smart hosts, and then click Add Add Icon. In the Add smart host window, specify the the fully qualified domain name (FQDN), such as cluster8out.eu.messagelabs.com. Click Save. (Note that the correct smarthost to use will have been provided in your welcome documentation)

    For Smart host authentication, choose the type of authentication required by the smart host. If you choose Basic authentication, you must provide a user name and password.

    NoteNote:
    If you choose Basic authentication, we recommend that you use an encrypted connection because the user name and password are sent in clear text.
  4. Under Address space, click Add Add Icon. In the Add domain window, make sure SMTP is listed as the Type. For Fully Qualified Domain Name (FQDN), enter * to specify that this send connector applies to messages sent to any domain. Click Save.

  5. For Source server, click Add Add Icon. In the Select a server window, choose a server and click Add Add Icon. Click OK.

  6. Click Finish.

Once you have created the send connector, it appears in the Send connector list.

How do you know this worked?

To verify that you have successfully created a Send connector to route outbound email through a smart host, send a message from a user in your organization (you can use the Outlook Web App) to the domain you specified for the Address space. If the recipient receives the message, you've successfully configured the send connector.