Email for More Than One Domain

I arranged to purchase and set up a domain name from Network Solutions for a colleague of mine some time ago. Now he's just acquired his first computer, so he's all ready to go setting up a Web site for his own company. He signed up with an ISP to get an email account, and (as seems to be the case these days) the user name he ended up with contained more extraneous letters and numbers than actual parts of his company name.

So I suggested we just redirect all email sent to his own root domain (we managed to get one that bears some acceptable relationship to his company name) to this email account at his new ISP. In Exchange 5.5 this was easy - you just created a suitable account, set the redirection email address to the one you wanted it delivered to, and told the Internet Mail Connector (IMC) that the root domain was to be treated as "inbound".

Not so easy, it appears, in Exchange 2000. The first part is figuring our how to do the redirection. You have to create a new "Contact" account in Windows "Active Directory Users and Computers" that points to the email address you want the mail delivered to. Then you create a normal "User" account and provide it with a mailbox, giving it a user name that is valid on the Exchange Server box (for example "fred"). This account then becomes "fred@your-own-domain.com".

Next, add the email addresses that you want this account to have for the root domain you intend to redirect mail for, such as "fred@the-other-domain.com". It's probably a good idea to add ones like "webmaster@ the-other-domain.com" and "postmaster@the-other-domain.com" as well, so that messages for these administrative addresses will also be redirected. Then, in the Exchange General tab of the Properties dialog for this account, specify that mail is to be delivered to the new "Contact" account that you created earlier (you get an extra mark if you use sticky-backed plastic).

Now (unless you're already an Exchange 2000 administrator) you'd probably expect all incoming mail for the root domain accounts named "fred", "postmaster" and "webmaster" (the ones "@the-other-domain.com") to be redirected automatically. Well, I would anyway. But, as the many postings on the Exchange newsgroups suggest, it's not that easy. Incoming mail is bounced with a "cannot relay for domain: the-other-domain.com" message.

It took a while to get my non-administrative head around this. Of course, the SMTP Service that handles the messages is situated between the Internet and the Exchange Server, and so is effectively relaying mail from one to the other, in both directions:

By default, Exchange Server accepts mail destined for your default domain, the Windows/DNS domain in which the Exchange Server resides (the one you use in your own email addresses such as "fred@your-own-domain.com"). However email addresses in all other domains are not considered to be local or "inbound", so the mail is rejected by Exchange Server - forcing the SMTP Service to try and re-route it to the target domain. But the SMTP Service (by default) does not permit mail to be relayed through to the Internet. You might be tempted to play with the Routing Restrictions in the SMTP Service - but don't. It's vital that you prevent any kind of anonymous mail relaying via the SMTP Service.

What you need to be able to do is specify that Exchange should treat these other domains as "inbound". But how? The Exchange Help files and while papers are extremely comprehensive, and after a while you get the feeling they are hinting that you need to do something clever with "Recipient Policies". However, they keep saying that these are really there to create appropriate email addresses automatically.

I finally figured it. Basically, it makes that final conceptual link between how the domain part of email addresses is automatically generated for accounts in Exchange Server, and the domain part of email addresses that are classed as "inbound".

Recipient Policies are designed to provide the appropriate "@domain-name.com" part for SMTP addresses (and addresses of other types if required) when a new account is created. When you define a new Recipient Policy, or edit an existing one, it can also be applied to existing accounts. However, you can define a policy and not have it applied to any accounts - yet it still controls which domains are treated as "inbound" and are therefore allowed to be relayed to Exchange Server from the Internet.

There's a single Default (Recipient) Policy, and you can add other domains to it instead of creating new policies for each one. After you add a new email address (in the form "@the-other-domain.com"), you set the checkbox to enable it. It probably doesn't make sense to set this as the default for new addresses unless you want all new accounts to have this as the default address format. And make sure, when you close the Properties dialog, that you click the "No" button when prompted to update all existing SMTP email accounts to the new domain:

Of course, you can do a lot more than this with Recipient Policies, including filtering by address so that different users have different policies applied. And email filtering is also supported within the SMTP Service, though the recommendation is that you do not use this approach.

References:

Email: feedback@daveandal.net         Privacy and Acceptable Use Policy