Hybrid Routing - Pointing your MX record to the Cloud

Hybrid Routing - Pointing your MX record to the Cloud

This post explains how to implement a new hybrid routing scenario where the MX record for your shared e-mail domain is configured to route e-mail to the Exchange Online cloud first. This configuration lets you use a single SMTP domain namespace for all mailboxes in both your on-premises Exchange organization and those in the cloud. This scenario is referred to as “MX record-to-cloud” routing. Want to learn more about Exchange hybrid deployments? See Exchange Online Hybrid Deployment and Migration with Office 365.

 

Why would you want to route e-mail through the cloud first?

The main benefit to routing your e-mail through the cloud first is to take advantage of the Forefront Online Protection for Exchange (FOPE) message hygiene process. When you point your MX record to the cloud, all messages sent to your domain namespace are filtered by FOPE at the cloud gateway and then they are filtered by Forefront Protection for Exchange (FPE) on the Exchange Online transport servers. This ensures that all messages that are relayed to your on-premises organization have been filtered for spam and viruses by Forefront.

 

Existing hybrid routing configurations

Until now, Exchange Online has supported the following two hybrid routing configurations:

A decentralized shared address space

  • The MX record for the shared address space is configured to send e-mail to the on-premises Exchange organization.
  • All e-mail to cloud-based recipients is relayed from the on-premise Exchange organization.
  • Outbound e-mail to Internet recipients is sent directly from the cloud or from the on-premises Exchange server, according to where the sending mailbox is homed.
  • All e-mail between the on-premises Exchange organization and the cloud is secured and treated as internal e-mail.

A centralized shared address space

  • The MX record for the shared address space is configured to send mail to the on-premises Exchange organization.
  • All e-mail to cloud-based recipients is relayed from the on-premise Exchange organization.
  • All outbound e-mail to Internet recipients is routed through the on-premises Exchange server, regardless of where the sending mailbox is homed. This outbound routing requirement is usually for compliance reasons.
  • All e-mail between the on-premises Exchange organization and the cloud is secured and treated as internal e-mail.

You can learn more about hybrid routing with Office 365 and Exchange at Coexistence with Hosted E-mail.

 

A new hybrid routing configuration: Pointing your MX record to the cloud

Now, we are supporting another hybrid routing configuration: shared address space where the MX record points to the cloud infrastructure. In this scenario, all inbound e-mail goes to the cloud first, where it is then routed to the appropriate recipients. In the case where recipients are in the on-premises Exchange organization, the mail is relayed to the recipient based on the target address of the corresponding mail-enabled user (MEU) object in the cloud.

As mentioned above, the main benefit to this routing scheme is to take advantage of FOPE message hygiene filtering for all of the mailboxes across your organization.

 

Important    The Office 365 licensing agreement includes FOPE protection only for the mailboxes that are hosted in Exchange Online. Therefore, if you deploy a shared address space where the MX record points to the cloud infrastructure, you must purchase FOPE licenses for all mailboxes in the on-premises organization. See Licensing for Forefront Online Protection for Exchange.

 

 

Can I set up MX-to-cloud routing for a centralized shared address space configuration?

Since the purpose of centralized shared address space is to route all inbound and outbound e-mail through the on-premises Exchange organization, routing all inbound mail to the cloud first does not make sense. Therefore, the MX-to-cloud routing scenario is only supported in a decentralized shared address space.

 

What’s mail flow look like?

The following diagram shows the MX-to-cloud mail flow for a decentralized shared namespace.

 

Make sure that outbound mail from the on-premises Exchange organization is scanned for viruses before it is sent to Internet recipients. Routing outbound mail from the on-premises organization back through the Office 365 FOPE infrastructure does not work and is not supported.

 

How do you set it up?

This scenario is supported by a similar configuration that is described in the Exchange Server Deployment Assistant. Specifically, to implement a shared address space where the MX record points to the cloud infrastructure, follow these steps:

  1. Run the Exchange Server Deployment Assistant to create guidance for the hybrid (referred to as “coexistence”) scenario. Follow the steps from the EDA.
  2. Change the scope your FOPE inbound connector.
  3. Change the accepted domain in the cloud for the shared domain to OutboundOnly=$False.
  4. Point your public-facing MX record to Exchange Online, instead of your on-premises Exchange server.
  5. Test mail flow.

 

The following sections provide detailed guidance for each of the four steps listed above.

Step 1   Run the Exchange Server Deployment Assistant and follow the guidance

  1. Launch the Exchange Server Deployment Assistant.
  2. On the opening page, select Coexistence (On-Premises + Cloud).
  3. Select your current on-premises Exchange version, and then click the next arrow.
  4. On the next page, be sure to select the following two options:
    • “Yes” for question 2, “Do you want both on-premises and cloud-based users to use the same domain for their e-mail addresses?”
    • “No” for question 3, “Do you want mail sent to the Internet from the cloud-based organization to go through the co-existence server first?”

    You can answer the other questions on this page to best suit your messaging needs. The wizard will generate a checklist that explains how to set up a functioning hybrid deployment where the MX record points to the on-premises Exchange organization.

    However, assuming you follow the rest of the procedures in this Wiki entry, the resulting guidance will work with a shared address space where the MX record points to the cloud infrastructure.

     

  5. Follow the checklist that the Exchange Deployment Assistant provides. After you have completed the steps and verified mail flow with the default routing instructions provided in the steps, then move on to Step 2 below.

     

Step 2    Change the scope on your FOPE connector

 

In this procedure, you’ll change the scope of your inbound FOPE connector from a wildcard (*.*) to the name of the shared domain. For example, contoso.com.

 

To change the inbound connector:

 

  1. Log onto the FOPE administration center.
  2. Click the Administration tab. In the Connectors section, click Edit next to the Inbound Connector.
  3. In the Edit Inbound Connector box, under Connector Scope, in Sender Domains, delete *.*, and then type the name of your shared domain. For example, contoso.com.
  4. Click Save.

 

Step 3   Change the accepted domain in the cloud for the primary domain to OutboundOnly=$False.

 

With this procedure, you’ll use Windows PowerShell to update the accepted domain for the shared domain (contoso.com) in Exchange Online. To learn how to install and configure Windows Powershell and connect to Exchange Online, see Use Windows PowerShell in Exchange Online.

 

Run the following command:

 

Set-AcceptedDomain "On-Premises Accepted Domain" -OutboundOnly $False

 

 

Step 4   Point your public-facing MX record to Exchange Online

The final configuration step is to configure the MX record for the shared domain to point to Exchange Online.

  1. Log onto the cloud-based service administration portal.
  2. Click Admin, and then click Domains.
  3. Click the SMTP namespace for the shared domain. For example, contoso.com.
  4. On the Domain properties page, verify that Yes is listed for the Exchange Online service. If No is listed, you must select Edit domain intent to assign Exchange services to the shared domain. In the Edit domain intent dialog box, select the Exchange Online check box for Select the services that you’ll use with this domain, and then click Save.
  5. Click DNS Settings.
  6. In the Exchange Online DNS records table, find the row where the Type equals MX. Use the value in the Points to address field, for example, <value>.mail.eo.outlook.com.

After you’ve found the FQDN to use with your MX record, edit the existing MX record in your DNS zone. For example, the MX record for contoso.com would be the following:

Delivery domain

DNS record type

MX priority

Cloud-based organization domain

contoso.com

MX

0

<value>.mail.eo.outlook.com

 

Step 5   Test mail flow

Send mail from an on-premises account to a mailbox in the cloud and to the Internet. Reply to the messages from the respective cloud-based and Internet accounts.

 

Verify that on-premises users resolve in the cloud-based address book and in the messages received in the cloud-based mailboxes.

 

 Inspect the headers to make sure that TLS is being used and that mail sent between on-premises and cloud-based users is being treated as internal.

 

For example, to verify TLS was used from the cloud to on-premises, look for the first received header from an outlook.com datacenter server to a FOPE server. FOPE servers in the datacenter are in the bigfish.com namespace. Here’s an example header where TLS has been used:

 

Received: from SN1PRD0302HT001.namprd03.prod.outlook.com (65.55.94.9) by VA3EHSMHS008.bigfish.com (10.7.99.18) with Microsoft SMTP Server (TLS) id 14.1.225.8; Tue, 5 Apr 2011 04:21:30 +0000

 

Note that “TLS” is parenthetically listed after “Microsoft SMTP Server.” This indicates that TLS was used for this message.

 

In the same message, you can see TLS was also used between FOPE and the on-premises server:

 

Received: from VA3EHSOBE007.bigfish.com (157.54.51.113) by mail.example.com (157.54.80.xx) with Microsoft SMTP Server (TLS) id 14.1.270.2; Mon, 4 Apr 2011 21:22:58 -0700

 

To verify that a given message was sent as an “internal” message, find the X-MS-Exchange-Organization-AuthAs header. It should be “Internal.”

 For messages from the Internet, the X-MS-Exchange-Organization-AuthAs header should be “Anonymous.”

 

Important: This applies when you have a shared domain and on-premises users. When you configure and run the Hybrid Routing – Pointing your MX record to the Cloud scenario, FOPE adds a specific X-Header to incoming spam messages and allows them to pass through to Office 365. Office 365 is configured to detect this header and move these spam messages to each user’s Junk Mail folder. However, when the recipient mailbox is located on-premises, Office 365 does not take any action on the spam messages and they are relayed to the on-premises mail server. To filter these spam messages, you must do one of the following:

  • Create a transport rule on your on-premises Exchange server to detect the spam messages and remove them – If you have Exchange Server 2007 or later on premises, you can create a transport rule on your on-premises mail server to detect FOPE’s X-Header and remove these spam messages. Create your transport rule using the Exchange Management Console. When you select conditions for the rule in the first step of the Exchange Transport Rule wizard, choose when the message header contains specific words. In step two of the wizard, choose the message header link. In the Specify message header dialog box, in the Message header field, type X-FOSE-spam (the X-Header added by FOPE). Following this, click the specific words link, and in the Specify words dialog, type This message appears to be spam. (See Create a Transport Rule in the Exchange Server 2010 TechNet documentation to find detailed steps for creating a transport rule.)
  • Change FOPE’s Spam Action behavior to quarantine the incoming spam messages, rather than relaying them through Exchange Online to the on-premises server – In the FOPE Administration Center, choose the Administration tab, and then choose Domains. Select your domain, and under Service Settings, choose the Edit link next to Spam Action. Change the Spam Action to Spam Quarantine and click Save.

If you do not take any of the above actions, users with on-premises mailboxes can receive many spam messages, especially in a situation where you do not have additional spam protection on-premises. If you plan to migrate all users to the cloud, you can revert this setting once all on-premise users are migrated and your shared domain is set to Hosted.

2 out of 4 people found this post helpful.

Comments
  • Great Article !

    Just I wonder if ... Is It possible to route mails from On-premise "to external recipients" (as shown in the mail flow schema above) through FOPE to make Office 365 responsible for all (inboung and outbound) mail flow for the shared domain?

    Thanks !

  • Great stuff! We have currently configured the "decentralized shared address namespace" and would like to route the mail via the cloud. How can we safely make this move with the minimal amount of downtime/undeliverable mail (with regard of the 72 hours dns ttl).

  • We are exploring this option for our company's migration (1,000 Mailboxes).  I'm hoping you can clarify the following:

    Question1.  What does the below really mean?  Most of the licenses we buy are going to be E1, perhaps a few E3.  Do we need to do anything special for FOPE licensing?  We're obviously doing the migration in stages ... due to the large number of users.  We're not buying all 1000 licenses right away, since it's a gradual migration, does this mean, this will not work if we buy 300 licenses first (and we have 1000 Exchange mailboxes on premise)?  

    Important    The Office 365 licensing agreement includes FOPE protection only for the mailboxes that are hosted in Exchange Online. Therefore, if you deploy a shared address space where the MX record points to the cloud infrastructure, you must purchase FOPE licenses for all mailboxes in the on-premises organization. See Licensing for Forefront Online Protection for Exchange.

    ------------------------------------------------

    Question 2:  We are running Exchange 2003, if I understand correctly, this Hybrid routing model requires the installation of Exchange 2010 in our environment?  Please clarify.

    And if so, does Microsoft give us a key for this?  I know the Exchange 2010 trial is 120 days ... i just don't want to be stuck in a situation where our migration lasts over 120 days and we're out of luck on the Exchange 2010 trial.

    ------------------------------------------------

    Question 3:  We also currently host our Blackberry Server, if we go with this migration model, will Blackberry devices remain working as they do today?  This doesn't affect any of that, correct?  It makes me nervous, since RIM doesn't yet have the Blackberry integration with Office 365 (I know it's in Beta).

    Hope someone can answer our questions.

    Many thanks.

    -Henry

  • Has anyone made this work yet?  I have spent two days with MS support attempt to make this work and they are now escalating to CTS.

    Bottom line is either there are steps missing or FOPE has changed since writing this article.  Step 2 above did not and does not match what was there because there was nothing to edit.

    All steps have been completed and the MX changed to O365, but the 1 mailbox that I have to leave on my on-prem 2K10 will not recieve email from external or internal (Office 365 mailboxes).  It appears to bounce around within FOPE and returns within a few minutes with the following error:

    DB3EHSMHS005.bigfish.com #554 5.4.6 Hop count exceeded - possible mail loop ##rfc822;

    The entire and length NDR is below:

    A problem occurred during the delivery of this message. Please try to resend the message later. If the problem continues, contact your helpdesk.

    The following organization rejected your message: DB3EHSMHS005.bigfish.com.

    Diagnostic information for administrators:

    Generating server: myserver.onmicrosoft.com

    mailbox@mydomain.com

    DB3EHSMHS005.bigfish.com #554 5.4.6 Hop count exceeded - possible mail loop ##rfc822;mailbox@mydomain.com

    Original message headers:

    Received: from mail38-tx2-R.bigfish.com (65.55.88.111) by

    SN2PRD0402HT010.namprd04.prod.outlook.com (10.27.90.178) with Microsoft SMTP

    Server (TLS) id 14.15.29.1; Fri, 20 Jan 2012 06:53:39 +0000

    Received: from mail38-tx2 (localhost [127.0.0.1]) by mail38-tx2-R.bigfish.com

    (Postfix) with ESMTP id D2C721002B5 for <mailbox@mydomain.com>; Fri, 20

    Jan 2012 06:53:37 +0000 (UTC)

    X-SpamScore: -13

    X-BigFish: ps-13(zzfadRc85fh13e6Kzz1202hzz8275bh8275dhz2fhc1bhc31hc1ahc1bhc31hc1ahc1bhc31hc1ah54h2a8h683h839h)

    X-Forefront-Antispam-Report: CIP:216.32.181.181;KIP:(null);UIP:(null);(null);(null)

    X-FOPE-CONNECTOR: Id$13373%Dn$MYDOMAIN.COM.COM%PF$1%SF$1%RO$0%

    Received-SPF: pass (mail38-tx2: domain of mydomain.com.com designates 216.32.181.181 as permitted sender) client-ip=216.32.181.181; envelope-from=Mailbox@externaldomain.com; helo=ch1outboundpool.messaging.microsoft.com ;icrosoft.com ;

    Received: from mail38-tx2 (localhost.localdomain [127.0.0.1]) by mail38-tx2

    (MessageSwitch) id 1327042412739816_17177; Fri, 20 Jan 2012 06:53:32 +0000

    (UTC)

    Received: from TX2EHSMHS039.bigfish.com (unknown [10.9.14.238]) by

    mail38-tx2.bigfish.com (Postfix) with ESMTP id 7280844004B for

    <mailbox@mydomain.com>; Fri, 20 Jan 2012 06:53:32 +0000 (UTC)

    Received: from ch1outboundpool.messaging.microsoft.com (216.32.181.181) by

    TX2EHSMHS039.bigfish.com (10.9.99.139) with Microsoft SMTP Server (TLS) id

    14.1.225.23; Fri, 20 Jan 2012 06:53:26 +0000

    Received: from mail1-ch1-R.bigfish.com (10.43.68.246) by

    CH1EHSOBE010.bigfish.com (10.43.70.60) with Microsoft SMTP Server id

    14.1.225.23; Fri, 20 Jan 2012 06:53:26 +0000

    Received: from mail1-ch1 (localhost [127.0.0.1]) by mail1-ch1-R.bigfish.com

    (Postfix) with ESMTP id 5CBC14C0446 for

    <mailbox@mydomain.com.FOPE.CONNECTOR.OVERRIDE>; Fri, 20 Jan 2012

    06:53:26 +0000 (UTC)

    X-FB-SS: 13,13,

    Received: from mail1-ch1 (localhost.localdomain [127.0.0.1]) by mail1-ch1

    (MessageSwitch) id 1327042405902642_28844; Fri, 20 Jan 2012 06:53:25 +0000

    (UTC)

    Received: from CH1EHSMHS025.bigfish.com (snatpool1.int.messaging.microsoft.com

    [10.43.68.241]) by mail1-ch1.bigfish.com (Postfix) with ESMTP id D75ED280043

    for <mailbox@mydomain.com>; Fri, 20 Jan 2012 06:53:25 +0000 (UTC)

    Received: from CH1PRD0402HT003.namprd04.prod.outlook.com (207.46.198.81) by

    CH1EHSMHS025.bigfish.com (10.43.70.25) with Microsoft SMTP Server (TLS) id

    14.1.225.23; Fri, 20 Jan 2012 06:53:25 +0000

    Received: from mail90-ch1-R.bigfish.com (216.32.181.170) by

    CH1PRD0402HT003.namprd04.prod.outlook.com (10.28.28.238) with Microsoft SMTP

    Server (TLS) id 14.15.29.1; Fri, 20 Jan 2012 06:53:26 +0000

    Received: from mail90-ch1 (localhost [127.0.0.1]) by mail90-ch1-R.bigfish.com

    (Postfix) with ESMTP id 234422020C for <mailbox@mydomain.com>; Fri, 20

    Jan 2012 06:53:25 +0000 (UTC)

    Received: from mail90-ch1 (localhost.localdomain [127.0.0.1]) by mail90-ch1

    (MessageSwitch) id 1327042402649190_24792; Fri, 20 Jan 2012 06:53:22 +0000

    (UTC)

    Received: from CH1EHSMHS015.bigfish.com (snatpool1.int.messaging.microsoft.com

    [10.43.68.251]) by mail90-ch1.bigfish.com (Postfix) with ESMTP id 9BCDB700052

    for <mailbox@mydomain.com>; Fri, 20 Jan 2012 06:53:22 +0000 (UTC)

    Received: from DB3EHSOBE006.bigfish.com (213.199.154.144) by

    CH1EHSMHS015.bigfish.com (10.43.70.15) with Microsoft SMTP Server (TLS) id

    14.1.225.23; Fri, 20 Jan 2012 06:53:22 +0000

    Received: from mail104-db3-R.bigfish.com (10.3.81.251) by

    DB3EHSOBE006.bigfish.com (10.3.84.26) with Microsoft SMTP Server id

    14.1.225.23; Fri, 20 Jan 2012 06:53:20 +0000

    Received: from mail104-db3 (localhost [127.0.0.1]) by

    mail104-db3-R.bigfish.com (Postfix) with ESMTP id 7FFDA32046E for

    <mailbox@mydomain.com.FOPE.CONNECTOR.OVERRIDE>; Fri, 20 Jan 2012

    06:53:20 +0000 (UTC)

    Received: from mail104-db3 (localhost.localdomain [127.0.0.1]) by mail104-db3

    (MessageSwitch) id 1327042399978572_32164; Fri, 20 Jan 2012 06:53:19 +0000

    (UTC)

    Received: from DB3EHSMHS005.bigfish.com (unknown [10.3.81.240]) by

    mail104-db3.bigfish.com (Postfix) with ESMTP id E928B6E004F for

    <mailbox@mydomain.com>; Fri, 20 Jan 2012 06:53:19 +0000 (UTC)

    Received: from SN2PRD0402HT006.namprd04.prod.outlook.com (207.46.4.139) by

    DB3EHSMHS005.bigfish.com (10.3.87.105) with Microsoft SMTP Server (TLS) id

    14.1.225.23; Fri, 20 Jan 2012 06:53:19 +0000

    Received: from mail36-va3-R.bigfish.com (216.32.180.111) by

    SN2PRD0402HT006.namprd04.prod.outlook.com (10.27.90.242) with Microsoft SMTP

    Server (TLS) id 14.15.29.1; Fri, 20 Jan 2012 06:53:19 +0000

    Received: from mail36-va3 (localhost [127.0.0.1]) by mail36-va3-R.bigfish.com

    (Postfix) with ESMTP id 43CD91600A9 for <mailbox@mydomain.com>; Fri, 20

    Jan 2012 06:53:07 +0000 (UTC)

    Received: from mail36-va3 (localhost.localdomain [127.0.0.1]) by mail36-va3

    (MessageSwitch) id 1327042385647449_1116; Fri, 20 Jan 2012 06:53:05 +0000

    (UTC)

    Received: from VA3EHSMHS028.bigfish.com (unknown [10.7.14.246]) by

    mail36-va3.bigfish.com (Postfix) with ESMTP id 8F5B880047 for

    <mailbox@mydomain.com>; Fri, 20 Jan 2012 06:53:05 +0000 (UTC)

    Received: from DB3EHSOBE001.bigfish.com (213.199.154.139) by

    VA3EHSMHS028.bigfish.com (10.7.99.38) with Microsoft SMTP Server (TLS) id

    14.1.225.23; Fri, 20 Jan 2012 06:53:14 +0000

    Received: from mail115-db3-R.bigfish.com (10.3.81.252) by

    DB3EHSOBE001.bigfish.com (10.3.84.21) with Microsoft SMTP Server id

    14.1.225.23; Fri, 20 Jan 2012 06:53:13 +0000

    Received: from mail115-db3 (localhost [127.0.0.1]) by

    mail115-db3-R.bigfish.com (Postfix) with ESMTP id 879143A04D0 for

    <mailbox@mydomain.com.FOPE.CONNECTOR.OVERRIDE>; Fri, 20 Jan 2012

    06:53:13 +0000 (UTC)

    Received: from mail115-db3 (localhost.localdomain [127.0.0.1]) by mail115-db3

    (MessageSwitch) id 1327042392960215_7844; Fri, 20 Jan 2012 06:53:12 +0000

    (UTC)

    Received: from DB3EHSMHS007.bigfish.com (unknown [10.3.81.253]) by

    mail115-db3.bigfish.com (Postfix) with ESMTP id E3B9C52025B for

    <mailbox@mydomain.com>; Fri, 20 Jan 2012 06:53:12 +0000 (UTC)

    Received: from SN2PRD0402HT007.namprd04.prod.outlook.com (207.46.4.139) by

    DB3EHSMHS007.bigfish.com (10.3.87.107) with Microsoft SMTP Server (TLS) id

    14.1.225.23; Fri, 20 Jan 2012 06:53:11 +0000

    Received: from mail36-tx2-R.bigfish.com (65.55.88.111) by

    SN2PRD0402HT007.namprd04.prod.outlook.com (10.27.91.24) with Microsoft SMTP

    Server (TLS) id 14.15.29.1; Fri, 20 Jan 2012 06:53:01 +0000

    Received: from mail36-tx2 (localhost [127.0.0.1]) by mail36-tx2-R.bigfish.com

    (Postfix) with ESMTP id 0FB251A01AF for <mailbox@mydomain.com>; Fri, 20

    Jan 2012 06:53:00 +0000 (UTC)

    X-Spam-TCS-SCL: 0:0

    Received: from mail36-tx2 (localhost.localdomain [127.0.0.1]) by mail36-tx2

    (MessageSwitch) id 1327042379460125_28304; Fri, 20 Jan 2012 06:52:59 +0000

    (UTC)

    Received: from TX2EHSMHS032.bigfish.com (unknown [10.9.14.249]) by

    mail36-tx2.bigfish.com (Postfix) with ESMTP id 5FFE84E025F for

    <mailbox@mydomain.com>; Fri, 20 Jan 2012 06:52:59 +0000 (UTC)

    Received: from DB3EHSOBE003.bigfish.com (213.199.154.141) by

    TX2EHSMHS032.bigfish.com (10.9.99.132) with Microsoft SMTP Server (TLS) id

    14.1.225.23; Fri, 20 Jan 2012 06:52:58 +0000

    Received: from mail7-db3-R.bigfish.com (10.3.81.241) by

    DB3EHSOBE003.bigfish.com (10.3.84.23) with Microsoft SMTP Server id

    14.1.225.23; Fri, 20 Jan 2012 06:52:56 +0000

    Received: from mail7-db3 (localhost [127.0.0.1]) by mail7-db3-R.bigfish.com

    (Postfix) with ESMTP id CCA3F660234 for

    <mailbox@mydomain.com.FOPE.CONNECTOR.OVERRIDE>; Fri, 20 Jan 2012

    06:52:56 +0000 (UTC)

    Received: from mail7-db3 (localhost.localdomain [127.0.0.1]) by mail7-db3

    (MessageSwitch) id 1327042376289567_19898; Fri, 20 Jan 2012 06:52:56 +0000

    (UTC)

    Received: from DB3EHSMHS008.bigfish.com (unknown [10.3.81.245]) by

    mail7-db3.bigfish.com (Postfix) with ESMTP id 4184648004A for

    <mailbox@mydomain.com>; Fri, 20 Jan 2012 06:52:56 +0000 (UTC)

    Received: from SN2PRD0402HT003.namprd04.prod.outlook.com (207.46.4.139) by

    DB3EHSMHS008.bigfish.com (10.3.87.108) with Microsoft SMTP Server (TLS) id

    14.1.225.23; Fri, 20 Jan 2012 06:52:55 +0000

    Received: from mail8-tx2-R.bigfish.com (65.55.88.111) by

    SN2PRD0402HT003.namprd04.prod.outlook.com (10.27.50.81) with Microsoft SMTP

    Server (TLS) id 14.15.29.1; Fri, 20 Jan 2012 06:52:55 +0000

    Received: from mail8-tx2 (localhost [127.0.0.1]) by mail8-tx2-R.bigfish.com

    (Postfix) with ESMTP id CFC2C6058C for <mailbox@mydomain.com>; Fri, 20

    Jan 2012 06:52:53 +0000 (UTC)

    Received: from mail8-tx2 (localhost.localdomain [127.0.0.1]) by mail8-tx2

    (MessageSwitch) id 1327042339966580_15413; Fri, 20 Jan 2012 06:52:19 +0000

    (UTC)

    Received: from TX2EHSMHS015.bigfish.com (unknown [10.9.14.245]) by

    mail8-tx2.bigfish.com (Postfix) with ESMTP id DEE5B40049 for

    <mailbox@mydomain.com>; Fri, 20 Jan 2012 06:52:19 +0000 (UTC)

    Received: from ch1outboundpool.messaging.microsoft.com (216.32.181.181) by

    TX2EHSMHS015.bigfish.com (10.9.99.115) with Microsoft SMTP Server (TLS) id

    14.1.225.23; Fri, 20 Jan 2012 06:52:17 +0000

    Received: from mail3-ch1-R.bigfish.com (10.43.68.245) by

    CH1EHSOBE001.bigfish.com (10.43.70.51) with Microsoft SMTP Server id

    14.1.225.23; Fri, 20 Jan 2012 06:52:17 +0000

    Received: from mail3-ch1 (localhost [127.0.0.1]) by mail3-ch1-R.bigfish.com

    (Postfix) with ESMTP id 8911A1806DE for

    <mailbox@mydomain.com.FOPE.CONNECTOR.OVERRIDE>; Fri, 20 Jan 2012

    06:52:17 +0000 (UTC)

    Received: from mail3-ch1 (localhost.localdomain [127.0.0.1]) by mail3-ch1

    (MessageSwitch) id 1327042337305924_5967; Fri, 20 Jan 2012 06:52:17 +0000

    (UTC)

    Received: from CH1EHSMHS023.bigfish.com (snatpool1.int.messaging.microsoft.com

    [10.43.68.252]) by mail3-ch1.bigfish.com (Postfix) with ESMTP id 46215500045

    for <mailbox@mydomain.com>; Fri, 20 Jan 2012 06:52:17 +0000 (UTC)

    Received: from CH1PRD0410HT004.namprd04.prod.outlook.com (157.56.244.181) by

    CH1EHSMHS023.bigfish.com (10.43.70.23) with Microsoft SMTP Server (TLS) id

    14.1.225.23; Fri, 20 Jan 2012 06:52:16 +0000

    Received: from CH1PRD0410MB357.namprd04.prod.outlook.com ([169.254.7.252]) by

    CH1PRD0410HT004.namprd04.prod.outlook.com ([10.255.147.39]) with mapi id

    14.16.0107.001; Fri, 20 Jan 2012 06:52:18 +0000

    From: "External or Internal" <Mailbox@externaldomain.com>

    To: On-Prem Mailbox <mailbox@mydomain.com>

    Subject: Testing

    Thread-Topic: Testing

    Thread-Index: AczXQK24cJqe4yuFSCqu0f4OiCDtKQ==

    Date: Fri, 20 Jan 2012 06:52:17 +0000

    Message-ID: <14B0A9830691C0429FAA5024C91C2190A54E2E@CH1PRD0410MB357.namprd04.prod.outlook.com>

    Accept-Language: en-US

    Content-Language: en-US

    X-MS-Has-Attach: yes

    X-MS-TNEF-Correlator:

    x-originating-ip: [173.10.194.145]

    Content-Type: multipart/related;

    boundary="_004_14B0A9830691C0429FAA5024C91C2190A54E2ECH1PRD0410MB357na_";

    type="multipart/alternative"

    MIME-Version: 1.0

    Return-Path: Mailbox@externaldomain.com

    X-OriginatorOrg: mydomain.com.com

    Anyway, I will continue my call with MS tomorrow with the escalation team and see if we cannot resolve.  Just wondering if anyone has made theirs work per the above instructions.

    Thanks again!

    Keith

  • i am interested to hear if anyone else has successfully setup this method, a very interesting article.

  • Keith- did you create your FOPE connectors with Exchange 2010 SP2? It appears the Hybrid inbound connector prevents you from attaching an internet mail connector in FOPE. You have to delete the Hybrid connectors that were auto created and manually create new ones. :(

  • I have the very same problem as Keith, no internal or external mail for on-premises users. Everything was done as commented in this article and I get:

    DB3EHSMHS019.bigfish.com #<DB3EHSMHS019.bigfish.com #5.4.6 smtp;554 5.4.6 Hop count exceeded - possible mail loop> #SMTP#

    So I think there are steps missing in this article. I opened a forum thread to talk about the issue:

    community.office365.com/.../108552.aspx

  • Anybody resolved this yet ? - I am getting the same problem as Keith

  • We have this working just fine.  Couple of things you need to verify, make sure you edit your domain intent in Office 365 Admin Portal by clicking on Domains and selecting edit domain intent, selecting Exchange Online, clicking OK, go to the DNS Settings and be sure to update your MX record with this information.  Additionally click Manage on Exchange in the Admin portal and be sure your shared namespace domain is set to shared vs. hosted, to verify this click on Mail Control and then Domains and Protection, there you should see Shared next to your shared namespace, if you don't click on it and change the domain from hosted to shared.  One other thing we had to do is run the following commands in order waiting 40 minutes between each command, until we ran them we had the same issue you mention below.

    Set-AcceptedDomain "domain.com" -OutboundOnly $True

    Wait 40 Minutes

    Set-AcceptedDomain "domain.com" -OutboundOnly $False

    Wait 40 Minutes

    This resolved our issue.  Hope it helps.

  • We've got the same issue as Keith does. Sending to and from O365-mailboxes works fine, but sending an email to any On-Premise account results in a bounce due to a mail loop (Diagnostic-Code: smtp;554 5.4.6 Hop count exceeded - possible mail loop).

    I can't seem to find any step of the tutorial I've missed, yet the problem continues to persist. I've tried the steps proposed by Jerod, but no success.

Page 1 of 1 (10 items)