Export (0) Print
Expand All

Outbound Smart Host Scenario

 

Applies to: Office 365 for enterprises, Live@edu, Forefront Online Protection for Exchange

Topic Last Modified: 2012-10-30

A smart host is a redirecting host server that acts as an intermediate gateway before sending messages to their final destination. Organizations can set up a scenario where Forefront Online Protection for Exchange (FOPE) directs all or part of their outbound mail to flow through an on-premises server that applies additional processing before delivering mail to its final destination. In this scenario, FOPE is acting as the smart host. An organization might want to do this when they have an on-premises appliance or other compliance solution, and they also want the benefits of FOPE edge, virus, policy, and spam filtering.

In this sample scenario, Contoso has set up a smart host that receives mail from their Microsoft Exchange Online mail host. Mail travels through the FOPE service to their on-premises server for further processing prior to delivery to the final destination.

The following video describes the Outbound Smart Host scenario and demonstrates the configuration steps for the FOPE connector:

Your browser does not support video. Install Microsoft Silverlight, Adobe Flash Player, or Internet Explorer 9.

When using FOPE as a smart host that redirects outbound mail to an on-premises server, the mail flow is as follows:

Outbound smart host scenario

With this scenario, mail flowing from Contoso’s Exchange Online organization first passes through the FOPE service. Acting as a smart host, FOPE redirects mail to the on-premises server where additional processing is applied before the mail is delivered to the Internet.

In order to configure an outbound smart host, you must create an outbound FOPE connector to your organization. In this scenario, Contoso is using FOPE as a smart host to redirect outbound mail through an on-premises server prior to delivery to the Internet.

To configure a FOPE outbound connector for an outbound smart host mail flow scenario
  1. In the FOPE Administration Center, click the Administration tab, and then click the Company tab.

  2. In the Connectors section, for the Outbound Connectors, click Add. The Add Outbound Connector dialog box opens.

    The following image shows outbound connector settings for the outbound smart host mail flow sample scenario.

    Outbound Smart Host Outbound Connector
  3. In the Name field, enter a descriptive name for the outbound connector.

  4. In the Description field, enter additional descriptive information about the outbound connector.

  5. In the Recipient Domains field, type the *.* wildcard characters to signify that this outbound connector will be applied to all domains to which FOPE sends email.

  6. Select the Deliver all messages to the following destination check box, and then specify one of the following options:

    • IP address—Specify FOPE to route email to a single IP address (for example, the IP address of the Contoso on-premises email server).
    • Fully Qualified Domain Name—Specify the fully qualified domain name to which FOPE should send email (for example, contoso.com).
    • Mail Server Multi-SMTP Profile—Using the drop-down list, select the outbound profile if you have previously created one. Outbound multi-SMTP profiles enable you to deliver mail to multiple mail servers in your network by using round-robin load balancing.
      Outbound multi-SMTP profiles work in the same manner, and can be created in a similar way, as inbound multi-SMTP profiles. For more information, see Configuring Inbound Multi-SMTP Profiles.
  7. In the Transport Layer Security (TLS) Settings section, you can select Opportunistic TLS (FOPE attempts a TLS connection, but automatically rolls over to a SMTP connection if the receiving email server is not configured to use TLS) or one of several TLS certificate options:

    • Validation against self-signed certificate—Created within an organization, this certificate is used to encrypt the channel.
    • The issuing certificate authority (CA) is trusted by Microsoft—Validates that the recipient certificate is issued by an authorized certificate authority. For example, it validates that the certificate is not expired, and that it is authentic.
    • The recipient certificate matches the destination domain—This takes The issuing certificate authority (CA) is trusted by Microsoft option one step further by also validating that the subject alternative name on the certificate matches the recipient domain name.
    • The recipient certificate matches—This takes The issuing certificate authority (CA) is trusted by Microsoft option one step further by also validating that the subject alternative name matches what you enter in the text box.
  8. Click Save.

The connector is now listed under Outbound Connectors. You can expand the connector to view its settings. You can click Edit to change the configuration settings for this connector.

To apply this connector configuration to your entire company or for specific domains in your company, or to remove this connector, see Enforcing and Removing FOPE Connector Associations.

 
Was this page helpful?
(1500 characters remaining)
Thank you for your feedback

Community Additions

ADD
Show:
© 2014 Microsoft