English
Chinese (Simplified)
French
German
Italian
Japanese
Russian
Spanish
Vietnamese
Running MDaemon as a transition alongside Exchange (+Online).
-
Edit: Translated to english - my browser translated everything to germa, so I thought it is a german spoken community...
Hello everyone
Here's the scenario:
We currently run an on-premises Exchange 2019 server in a hybrid configuration with Exchange Online.
Some mailboxes are already in the cloud, others are still on-premises.
We now want to gradually migrate some "process mailboxes" to MDaemon and host them there, meaning the mailboxes will no longer be part of Active Directory/Exchange.
The email addresses (and therefore the mail domain) should remain the same.
I've currently set up a domain and mailbox in MDaemon for testing purposes.
In Exchange, this domain is defined as an "Internal Relay."
The email address itself is still present as a contact in Exchange (and Exchange Online).
Outbound mail flow is working: emails from "outside" arrive at MDaemon, and I can also send emails to "outside."
But I can't access the MDaemon mailbox internally, and I can't send anything internally either:
Exchange => MDaemon: 550 5.7.1 Sender unknown
ExchangeOnline => MDaemon: 550 5.1.10 RESOLVER.ADR.RecipientNotFound
MDaemon => Exchange: 5.1.1 Recipient unknown
MDaemon => Exchange Online: 5.1.1 Recipient unknownDoes anyone have any ideas?
Thanks!
-
I can't help with exchange configurations, but I can help with MDaemon. If you have a domain configured in MDaemon (domain.com), by default it thinks all mailboxes for that domain exist locally. This means that if you have an account configured in MDaemon (user1@domain.com), and you attempt to send a message from user1@domain.com to user2@domain.com, MDaemon will fail to delivery the message because user2@domain.com does not exist locally. To deal with this you can configure MDaemon to send messages for unknown local users to a specific server (Setup | Server Settings | Unknown Mail). Uncheck the boxes for "return to sender..", "sent to the postmaster alias", and "sent to the bad message folder." Then check the box for "forward to another mail server" and enter the details for your exchange server. Then go to Security | Security Settings | Relay Control and configure the Account Verification settings so that MDaemon will accept mail for users @ domain.com that do not exist. This typically means you have to uncheck "SMTP MAIL address must exist if it uses a local domain" and "SMTP RCPT" address must exist if it uses a local domain". The problem with doing this is that MDaemon will now accept all mail for domain.com, because it no longer knows which accounts on the domain.com domain are valid and which ones are not. As long as you don't have MDaemon accepting mail from the internet this should be fine. Depending on your situation you may be able to use the unless authenticated or unless from trusted IP options, which is more secure and preferred if your environment allows it.
Another option is to create all accounts that exist for domain.com in MDaemon, and any accounts that need their mail passed to exchange can be configured to forward to the exchange server. The problem with doing this is that each account requires a user license.
-
Edit: Translated into English; the settings might be called slightly different.
@Arron
Thanks – it's working perfectly on the MDaemon side now.
I can now send from the MDaemon mailbox to both the local Exchange server and Exchange Online.
However, email addresses unknown to both Exchange and MDaemon still result in a "550 5.1.1 Recipient unknown" error.
I adjusted the following settings on MDaemon (Original German Settings below):- "Settings" => "Server Settings" => "Bound Messages"
- Check "Forward to another mail server only"
- Remote server: Exchange IP
- TCP Port: 25
- "Security" => "Security Settings"
- Account Verification
- "SMTP Mail Address..."
- Check "Except for messages from authenticated SMTP connections"
- Check "Except for messages from trusted IPs"
- "SMTP RCPT Address..."
- Check "Except for messages from authenticated SMTP connections"
- Check "Except for messages from trusted IPs"
- "SMTP Mail Address..."
- Account Verification
Now I just need to get Exchange working properly ;-)
====================================================================
Settings in German GUI of MDaemon:"Einstellungen" => "Server-Einstellungen" => Unzustellbare Nachrichten"- ausschließlich "an einen anderen Mailserver weiterleiten" anhaken
- Gegenstelle: Exchange IP
- TCP Port: 25
"Sicherheit" => "Sicherheits-Einstellungen"- Kontenprüfung
- "SMTP-MAIL-Adresse..."
- "außer bei Nachrichten aus echtheitsbestätigten SMTP-Verbindungen" anhaken
- "außer bei Nachrichten von vetrauten IPs" anhaken
- "SMTP-RCPT-Adresse..."
- "außer bei Nachrichten aus echtheitsbestätigten SMTP-Verbindungen" anhaken
- "außer bei Nachrichten von vetrauten IPs" anhaken
- "Settings" => "Server Settings" => "Bound Messages"
-
I got it working:
Adjustments on the Exchange server (on-premises):
- Create a MailUser (not a mailbox!) with the desired email address.
Ensure that the MailUser is in an Organizational Unit (OU) that is synchronized with Azure AD!
Adjustments in MDaemon (German GUI settings below):
- "Security" => "Security Settings"
- "Trusted IPs"
- Add the IP address of the local Exchange server
- "Trusted IPs"
- "Security" => "Sender Authentication"
- "IP Shielding"
- Add the IP address of the local Exchange server
- "SMTP Authentication"
- Do not check "Message sending from local IPs always requires authentication"
- "IP Shielding"
====================================================================
Settings in German GUI of MDaemon:- "Sicherheit" => "Sicherheits-Einstellungen"
- "Vertraute IPs"
- IP des lokalen Exchange Servers zufügen
- "Vertraute IPs"
- "Sicherheit" => "Echtheitsbestätigung für Absender"
- "IP-Abschirmung"
- IP des lokalen Exchange Servers zufügen
- "SMTP-Echtheitsbestätigung"
- "Nachrichtenversand durch lokale IPs erfordert immer Echtheitsbestätigung" nicht anhaken
- "IP-Abschirmung"
- Create a MailUser (not a mailbox!) with the desired email address.
-
I'm glad you were able to get it working and thank you for sharing the changes you needed to make!
