After a new Exchange server has been installed, there are necessary post-installation tasks that need to be performed to enable mail flow, Outlook Web Access, Autodiscover, and Outlook Anywhere access.
This tutorial will show what is required to configure mail flow and make the Exchange server able to send and receive e-mails from external organizations.
The list of Post-Installation Tasks can be seen from the following link from Microsoft :
Once you go to the link, it will show the Exchange 2013 post-installation tasks. Click on the Other Versions drop down box and select Exchange 2016.
This tutorial will go through the following steps for configuring mail flow:
1. License Exchange Server 2016
2. Create a Send Connector
3. Add additional accepted domains
4. Configure the Default Email Address Policy
5. Configure the Public DNS for Mail Flow (MX record) and Outlook Web Access
6. Modifying Firewall Rules
7. Test Sending and Receiving e-mails
License Exchange 2016
Login into the Exchange Administration Center and click on Servers from the left hand pane.
Click on Enter Product Key
Click on Continue to this website (not recommended)
Enter the Administrator account that you used to install the Exchange server
Configure the Language and Time Zone
Enter the Exchange 2016 Product Key, then click Save
Create a Send Connector
Click on mail flow on the left hand pane, then click on send connectors.
Enter a name for the Send Connector i.e. SMTP Mail Send. Choose Internet for the Type of connector. Click next.
In the next window, we will select MX record associated with recipient domain then click next.
In most cases, business Internet Service Providers don’t have outbound restrictions for SMTP traffic. This means the Exchange server can do a lookup of the MX record for a domain that you wish to send e-mails to, and will be able to send SMTP traffic directly to the recipient’s mail server.
If your Exchange server is hosted in AWS, an EC2 instance (virtual machine) with Exchange installed must be enabled by AWS to be able to send traffic out on TCP Port 25 (SMTP). Otherwise, you can use another EC2 instance that has SMTP outbound allowed, to be a smart host. To request AWS to allow outbound TCP Port 25 on your EC2 instance, you need to lodge a request form. This can be done by logging into your AWS Portal, then going into the Support Center via the Support menu. Select Create Case , choose Regarding Service Limit Increase, and Limit Type : EC2 Email. Then follow the instructions from there.
Using a Smart Host
Some ISPs have a rule that you cannot send SMTP directly out from your network, but must use their SMTP server as a smart host. In this instance, you would have to choose Route mail through smart hosts.
If your Exchange server is hosted in Microsoft Azure, you will need to use a smart host for sending e-mails. Microsoft has the Exchange Online Protection service which you can utilise as the smart host. Alternatively, you can sign up to third party providers.
You might also have one server setup as the SMTP smart host in your organisation, and all Exchange servers has to use this SMTP smart host to relay mail outside the organisation.
Click the + sign to add a new address space to which this connector will route mail. The following window will appear.
We will add an SMTP type, and use the * symbol to represent all domains and leave the cost as 1. Click save.
If you have multiple send connectors configured which is also routing * domains, then adjust the cost settings so that the smaller cost settings is the more preferred connector.
Click next as we won’t add any more address space.
In the following window, click the + symbol. A Select a Server window will appear.
Highlight our Exchange server, click add, and then click OK.
Click Finish on the following window.
Add Additional Accepted Domains
By default, when you deploy a new Exchange 2016 organization in an Active Directory forest, Exchange uses the domain name of the Active Directory domain where Setup /PrepareAD was run.
We want this server to be able to receive e-mails from the internet, so we need to add a domain name for which we have owned and registered through a public DNS registrar. This domain name will be used for the @domainname portion of the e-mail addresses which will be sent to this e-mail server from the outside world.
Click on mail flow on the left pane and click on accepted domains
Enter a name for the Accepted Domain and enter the domain name that will be used to receive e-mails.
Choose Authoritative: Email is delivered only to valid recipients in this Exchange organization. All email for unknown recipients is rejected.
Click on Save.
Configure the Default Email Address Policy
Click on mail flow on the left hand pane and then select email address policies. Then double-click on Default Policy.
Click on email address format. Then click on the + symbol.
Click Select an accepted domain, and then click the drop down arrow.
Highlight and select the accepted domain that was added previously.
Then select a format from the list in which to derive an email address automatically for the new mailbox that gets created for a user.
Then tick Make this format the reply email address.
Click Save again.
Click OK to the Warning.
There is a warning saying that applying the policy may take a long time to finish. Click Yes to continue.
Configure the Public DNS for Mail Flow (MX record) and Outlook Web Access
Some DNS registrars allow the creation and modification of DNS entries for the domain name which is purchased through them via your account’s portal.
In any case, you need to organize to have the following created:
|DNS Record Type||Name||Value|
External IP address of your Exchange Server
With regards to the values, you should only enter an IP address for the A record. The MX record and the CNAME (alias) should point to the DNS name of the A record for the Exchange server. In this way, if your IP address changed due to changing Internet Service Providers, you would only need to update the A record.
Modifying Firewall Rules
You need to allow inbound and outbound traffic on the following ports on your firewall device to enable the Exchange server to communicate with other mail servers outside your organisation.
Testing Mail Flow
NOTE: We haven’t installed a valid SSL certificate so we will get a warning about the SSL certificate. However, this does not affect the functionality of Exchange or the client connecting to Exchange.
Let’s use Outlook Web Access to start sending and receiving e-mails.
From the internet:
Go to :
At the warning screen, choose to continue to the site. In the case that you are using Chrome, click on ADVANCED, then choose Proceed to sitename (unsafe) .
Log in as the administrator account that was used during the Exchange installation.
Testing External Mail Flow
Click on New to create a new email message.
Add the recipient e-mail address in the To field. Type something in the subject field and the body of the message. Click Send.
Your message should reach the intended recipient.
Testing Internal Mail Flow
From an external email account such as Gmail, Hotmail, or Yahoo, send a test e-mail to firstname.lastname@example.org .
You should have received the test e-mail.
We have now configured our Exchange server to be able to send and receive emails from outside the organisation.
Here is a link to the tutorial on How To Install Exchange Server 2016.
Here is a link to a tutorial on How to Migrate Mailboxes from Exchange 2010 to Exchange 2016 Using Powershell.
This article is accurate and true to the best of the author’s knowledge. Content is for informational or entertainment purposes only and does not substitute for personal counsel or professional advice in business, financial, legal, or technical matters.
© 2016 sengstar2005
Siphiwe on April 02, 2019:
Hi sir car you please help me i want my exchange server to be able to communicate outside and im not how to do that
sengstar2005 (author) from Sydney on January 07, 2019:
Hi Damian, it's the way you setup your DNS if you want to use the owa.mydomain.com from your LAN i.e. you can use "split" DNS. If accessing from the outside world, make sure you setup a CNAME record for owa.mydomain.com to point to the internet IP address of your Exchange server ( in most cases it is the same IP address of your firewall). On the firewall, forward TCP Port 443 (HTTPS) to the Exchange server's internal IP address. If you already have port 443 point to some other service on that internet IP address, the easiest way to get around this is to get/purchase an additional IP address from your Internet Service Provider.
Damian on December 31, 2018:
I followed the Instructions you created and when I enter https://owa.mydomain.com from a computer on my LAN I get "server IP address could not be found." but when I try to access it from a device in the outside world I get "..... took too long to respond" Any idea?
sengstar2005 (author) from Sydney on November 14, 2018:
Hi Abhishek, do you mean you can't get Outlook Web Access to work or you can't get Outlook to connect to the Exchange server? And if using Outlook, are you configuring Outlook from inside your network or from the internet ?
Abhishek on November 14, 2018:
I had followed the steps as per the article but still unable to get outlook access. Do i also need to configure internal DNS?