This is an interesting post that I found quite interesting where a requirement came about where the goal was to redirect messages based on the email address to a different mail server, without using 3rd party or open source solutions (of which there is nothing wrong with this)
Review your email flow…
Firstly, we need to look at the current mail local configuration which in this example looks like this:
Internet → Exchange Online → Hybrid Connection → Internal Exchange
This is the normal configuration for hybrid mail flow between Exchange Online and your local Exchange services, if you are not in centralized mail flow mode, this mode also requires for the main receiving the email to be in InternalRelay mode.
Accepted Domain Types
Authoritative : When you set this, it means the Mail platform where this is set is authoritative for the whole domain so if this is EXO You are unable to have a hybrid mode with this option set, When this option is set, if email addresses don’t exist in EXO then the sender will get an NDR stating that there is no valid user on the email they have sent in with.
Internal relay : This indicates that in this instance, EXO is not authoritative, and if the mail address does not exist, Rather than just discarded it, it needs to look at it. Send connectors to see the next hop or email server.
Edge Transport
If you were looking to redirect messages, particularly emails for certain scenarios or In this case certain recipients, then it makes sense to do it with an edge transport server, however, if you review the flow below, you will notice that once the email is bound for the hybrid connection that is where the edge transport gets involved:
Mail → Exchange Online → Hybrid Connection → Edge Transport → Internal Exchange
If you are looking to deploy this topology, you will need a relevant name for your Edge server and a certificate to go with it, so, in this example, I will be using, The job of this server is to listen on TCP:25.
Edge transport security
Obviously, we need to make sure the servers are secured so only required infrastructure and communicate with them as below:
Edge Server Capacity
This is very custom based on your mail flow volumes, however, as a rough guide as a single Edge server can typically handle 5-10 messages per second comfortably
Then based on specification, I have been used these specifications:
- CPU: 16 cores (Intel Xeon or similar)
- RAM: 16 GB
- Disk: 200 GB SSD (OS + Logs)
- Network: 1 Gbps NIC
If you know your email volumes, you could use the data below to figure out if you need a single server or multiple servers:
Note : These are basic calculations that assume simple data messages with minimal content with an average message size of 75kb and normal anti-spam.
Per Server Capacity:
- ~10 messages per second sustained
- ~864,000 messages per day
- ~6 million messages per week
- ~25 million messages per month
With Two Servers:
- ~20 messages per second sustained
- ~1.7 million messages per day
- ~12 million messages per week
- ~50 million messages per month
Import-ExchangeCertificate -FileData ([Byte[]]$(Get-Content -Path "C:\Temp\Edge.pfx" -Encoding Byte -ReadCount 0)) -Password (ConvertTo-SecureString -String "*zMW*1CyOdW3z£-\J[uY4JW?M1Ye1v" -AsPlainText -Force)
New-EdgeSubscription -FileName "C:\EdgeSubscription-Edge1.xml"
New-EdgeSubscription -FileData ([byte[]]$(Get-Content -Path "C:\EdgeSubscription-Edge1.xml" -Encoding Byte -ReadCount 0)) -Site "BearHQ"
New-EdgeSubscription -FileData ([byte[]]$(Get-Content -Path "C:\EdgeSubscription-Edge2.xml" -Encoding Byte -ReadCount 0)) -Site "BearHQ"
Note : This will be unique to your requirements in this example we wish to send emails from payments@croucher.cloud to the server 10.24.22.1 on Port 25 so that example is below:
New-SendConnector -Name "Payments Redirect" `
New-TransportRule -Name "Payments Redirection" `