Last Update: Sep 24, 2024 | Published: Jan 06, 2009
Exchange 2007 will only accept e-mail traffic for the e-mail domain that is identical to the name of your Active Directory domain. However, in some cases, we would like to allow our Exchange server to also receive e-mail for domains other than our own, internal domain name. On my “Configure Exchange 2000/2003 to Receive E-Mail for other Domains” article. I have explained how to configure previous versions of Exchange to receive e-mail for domains other than the ones configures as their internal Active Directory domain. In Exchange 2007 things are a bit more complex since it does not natively accept ANY sort of incoming mail from the external world, therefore we need to go through some more steps to get things rolling.
For example, if you have an AD domain called PETRI.LOCAL and you’ve installed Exchange 2007 on it, each recipient you have will automatically have an e-mail address of ALIAS@PETRI.LOCAL, and the Exchange organization will treat the PETRI.LOCAL SMTP domain name as an internal domain. To follow on the example, let’s say that one day you’ve decided that you’d like to have an Internet presence, so you bought PETRI.CO.IL and you’d like to begin using it on your Exchange server. Luckily, you don’t need to rename your AD domain for that, but you DO need to configure Exchange to receive e-mail for the new domain, along with any traffic you might have had for the old domain name.
This example can also be extended to instances where a company has had its Internet domain name changed, or when one Exchange server is used to host mailboxes for more than one company.
In Exchange 2007, in order to allow your Exchange servers to treat any other SMTP domain as internal, you need to configure an Accepted Domain entry for that SMTP domain name.
An accepted domain is any SMTP domain name for which the Exchange organization sends or receives e-mail. Accepted domains include those domains for which the Exchange organization is authoritative. An Exchange organization is authoritative when it handles mail delivery for recipients in the accepted domain. BTW, accepted domains also include domains for which the Exchange organization receives mail and then relays to an e-mail server that is outside the Active Directory forest for delivery to the recipient.
You must configure an accepted domain before that SMTP namespace can be used in an e-mail address policy. The accepted domain is automatically populated to the e-mail address policy editor. Each domain or sub-domain that you want to use as part of an e-mail address policy must have an explicit accepted domain entry. To read more about E-mail address policies please look at my “Configure Specific E-Mail Addresses for Specific Exchange 2007 Recipients” article.
There are three types of accepted domains: authoritative, internal relay, and external relay.
When dealing with e-mail destined for external SMTP domain names, we must configure the Exchange servers to “know” that they should accept incoming e-mail for these external domains, and perform a relay action on them. Needless to say, if we allow relaying of ALL external SMTP domains, spammers will soon find this out and begin using our servers as open relays, spamming the world through our servers. We can prevent this open relay by rejecting all e-mail that is not addressed to a recipient in the organization’s authoritative domains. However, there are scenarios where an organization wants to let partners or subsidiaries relay e-mail through the Exchange servers. You can allow this by configuring accepted domains as relay domains. The Exchange organization receives the e-mail and then relays the messages to another e-mail server.
There are 2 options for configuring external domains: Either as an internal relay domain or as an external relay domain.
When you create an accepted domain, you can use a wildcard character in the address space to indicate that all sub-domains of the SMTP address space are also accepted by the Exchange organization. For example, to configure PETRI.CO.IL and all its sub-domains as accepted domains, you will need to enter *.PETRI.CO.IL as the SMTP address space.
Accepted domains are configured on the Organization level, on Exchange servers that have the Hub Transport server role installed, or on servers that have the Edge Transport server role installed on them. When working with Edge servers, the best approach towards Accepted Domains would be to configure them only on the Hub Transport server role, and then populate that data on the Edge Transport server by using the Edge Subscription process. When the Edge Subscription process runs, the accepted domain configuration information is replicated to the subscribed Edge Transport server.
Note: To configure Accepted Domains you use must be delegated the with an Exchange Organization Administrator role. To perform the task on servers that have the Edge Transport server role installed, you must log on by using an account that is a member of the local Administrators group on that computer.
As always, you can do this in one of two ways:
Using Exchange Management Console (EMC):
Using Exchange Management Shell (PowerShell prompt):
Open the Exchange Management Shell prompt, then type:
New-AcceptedDomain -Name "Petri.co.il" -DomainName petri.com -DomainType Authoritative
To create an internal relay domain type:
New-AcceptedDomain -Name "Dpetri.net" -DomainName dpetri.net -DomainType InternalRelay
To create an external relay domain type:
New-AcceptedDomain -Name "Message-Pro.com" -DomainName message-pro.com -DomainType ExternalRelay
You cannot modify the default accepted domain. To change which accepted domain is the default accepted domain, you must create a new accepted domain, and then set the new accepted domain as the default by using the Exchange Management Shell.
If you try to remove the default accepted domain from the list without configuring a different default accepted domain you will get an error:
In order to find out which of the accepted domains is the default one, you MUST use the Management Shell (PowerShell prompt) and run the following command:
Get-AcceptedDomain
For example, in case you would like to totally remove the PETRI.LOCAL domain from the list of accepted domains, you will first need to create the PETRI.CO.IL accepted domain (see above example), then run the following command in the PowerShell prompt:
Set-AcceptedDomain -Identity petri.com -MakeDefault:$true
Next, if you want to, you need to delete the old accepted domain from the list of accepted domains:
Using Exchange Management Console (EMC):
Using Exchange Management Shell (PowerShell prompt):
Open the Exchange Management Shell prompt, then type:
Remove-AcceptedDomain –Identity petri.local
Summary
Accepted Domains are Exchange 2007’s implementation of Recipient Policies meaning they allow the Exchange organization to “know” which SMTP domains should be accepted by the Exchange servers (either the Edge Transport role holders, or the Hub role holders), and what they should do with them after receiving them. We need to create additional accepted domains in order to allow usage of additional SMTP domain names that we own and want to use in addition the the defauld accepted domain.
Related Articles