Share via

Exchange Edge Address rewriting for Exchange Online?

Fernando Crespo 1 Reputation point
2020-09-22T09:51:16.443+00:00

I've configured my edge server to rewrite the email address for some users, the user's mailbox are on Exchange Server and it works fine.
Later, I've migrated that user mailbox to Exchange Online and the rewrite function stopped doing it´s job.
The email flow from Office 365 to the internet it's routed through the on premises infrastructure. So, should it work? Is this an unsupported scenario?

Regards

Exchange | Exchange Server | Management

4 answers

Sort by: Most helpful
Most helpful Newest Oldest
  1. Andy David - MVP 157.8K Reputation points MVP Volunteer Moderator
    2020-09-22T12:12:29.283+00:00

    It only works if the messages are seen as authenticated.

    the Address Rewrite Outbound agent will work only when the sender’s SMTP address is internal, and the session is authenticated

    You can force Exchange to treat the message as submitted from an authenticated source by creating a Receive Connector with the “ExternalAuthoritative” Authentication mechanism. Make sure you only have the IP address of the application or third-party source under the remote IP Address range in this receive connector. This is important, since when you select ExternalAuthoritative for authentication, you’re telling Exchange to completely trust the IP address(es) or subnets specified in the RemoteIPRanges parameter of that connector, allowing those IP addresses to relay through your server. You can run the below commands to create a connector with ExternalAuthoritative Authentication enabled:

    https://techcommunity.microsoft.com/t5/exchange-team-blog/why-is-my-address-rewriting-not-working-as-expected/ba-p/607458

    3 people found this answer helpful.
  2. Joyce Shen - MSFT 16,701 Reputation points
    2020-09-23T02:14:07.78+00:00

    Hi @Fernando Crespo , agree with the reply above from Andy.

    You could refer to the link here discussed the similar issue as yours: Microsoft Exchange Edge Address Rewrite with Exchange Online

    I configured a new receive connector on the Edge server that set Exchange Online Protection IP addresses as authoritative and this enabled the rewrite to work as expected. The below command is an example of what I ran: 

    New-ReceiveConnector -Name “Exchange Online Protection” -RemoteIPRanges 23.103.132.1-23.103.159.254,23.103.198.1-23.103.203.254 -Usage Custom -AuthMechanism Tls -PermissionGroups AnonymousUsers, ExchangeServers, Partners -Bindings 0.0.0.0:25  
Get-ReceiveConnector *Exchange* | Set-ReceiveConnector -AuthMechanism ExternalAuthoritative, Tls -RequireTls:$true -TlsDomainCapabilities mail.protection.outlook.com:AcceptOorgProtocol -Fqdn “mail.domain.co.uk” -TlsCertificateName “<I>CN=GlobalSign Organization Validation CA – SHA256 – G2, O=GlobalSign nv-sa, C=BE<S>CN=hybrid.domain.co.uk, O=Company L=Town, S=County, C=GB”

    If an Answer is helpful, please click "Accept Answer" and upvote it.

    Note: Please follow the steps in our documentation to enable e-mail notifications if you want to receive the related email notification for this thread.
     

    3 people found this answer helpful.
  3. Fernando Crespo 1 Reputation point
    2020-09-28T16:54:37.183+00:00

    Hi,
    The txt file with the header its in atach28832-header.txt

    0 comments
  4. Fernando Crespo 1 Reputation point
    2020-10-22T08:46:55.607+00:00

    Hi,
    After opening a case with Microsoft Support, the answer was that this is an unsupported configuration, so the case is closed.
    The Office 365 team is developing an alternative for Office 365.
    https://techcommunity.microsoft.com/t5/exchange-team-blog/sender-rewriting-scheme-srs-coming-to-office-365/ba-p/607932
    There is no release date at this point.

    Thanks for all the help

Your answer

Answers can be marked as Accepted Answers by the question author, which helps users to know the answer solved the author's problem.