How to Configure Exchange Server 2016 After Installation for Mail Flow

Updated on September 11, 2017


After a new Exchange server has been installed, there are necessary post-installation tasks that need to be performed to enable mail flow, Outlook Web Access, Autodiscover, and Outlook Anywhere access.

This tutorial will show what is required to configure mail flow and make the Exchange server able to send and receive e-mails from external organizations.

Post-Installation Tasks

The list of Post-Installation Tasks can be seen from the following link from Microsoft :

Once you go to the link, it will show the Exchange 2013 post-installation tasks. Click on the Other Versions drop down box and select Exchange 2016.

This tutorial will go through the following steps for configuring mail flow:

1. License Exchange Server 2016
2. Create a Send Connector
3. Add additional accepted domains
4. Configure the Default Email Address Policy
5. Configure the Public DNS for Mail Flow (MX record) and Outlook Web Access
6. Modifying Firewall Rules
7. Test Sending and Receiving e-mails

License Exchange 2016

Login into the Exchange Administration Center and click on Servers from the left hand pane.

Click on Enter Product Key

Click on Continue to this website (not recommended)

Enter the Administrator account that you used to install the Exchange server

Configure the Language and Time Zone

Enter the Exchange 2016 Product Key, then click Save

Create a Send Connector

Click on mail flow on the left hand pane, then click on send connectors.

Enter a name for the Send Connector i.e. SMTP Mail Send. Choose Internet for the Type of connector. Click next.

In the next window, we will select MX record associated with recipient domain then click next.

In most cases, business Internet Service Providers don’t have outbound restrictions for SMTP traffic. This means the Exchange server can do a lookup of the MX record for a domain that you wish to send e-mails to, and will be able to send SMTP traffic directly to the recipient’s mail server.

If your Exchange server is hosted in AWS, an EC2 instance (virtual machine) with Exchange installed must be enabled by AWS to be able to send traffic out on TCP Port 25 (SMTP). Otherwise, you can use another EC2 instance that has SMTP outbound allowed, to be a smart host. To request AWS to allow outbound TCP Port 25 on your EC2 instance, you need to lodge a request form. This can be done by logging into your AWS Portal, then going into the Support Center via the Support menu. Select Create Case , choose Regarding Service Limit Increase, and Limit Type : EC2 Email. Then follow the instructions from there.

Using a Smart Host

Some ISPs have a rule that you cannot send SMTP directly out from your network, but must use their SMTP server as a smart host. In this instance, you would have to choose Route mail through smart hosts.

If your Exchange server is hosted in Microsoft Azure, you will need to use a smart host for sending e-mails. Microsoft has the Exchange Online Protection service which you can utilise as the smart host. Alternatively, you can sign up to third party providers.

You might also have one server setup as the SMTP smart host in your organisation, and all Exchange servers has to use this SMTP smart host to relay mail outside the organisation.

Click the + sign to add a new address space to which this connector will route mail. The following window will appear.

We will add an SMTP type, and use the * symbol to represent all domains and leave the cost as 1. Click save.

If you have multiple send connectors configured which is also routing * domains, then adjust the cost settings so that the smaller cost settings is the more preferred connector.

Click next as we won’t add any more address space.

In the following window, click the + symbol. A Select a Server window will appear.

Highlight our Exchange server, click add, and then click OK.

Click Finish on the following window.

Add Additional Accepted Domains

By default, when you deploy a new Exchange 2016 organization in an Active Directory forest, Exchange uses the domain name of the Active Directory domain where Setup /PrepareAD was run.

We want this server to be able to receive e-mails from the internet, so we need to add a domain name for which we have owned and registered through a public DNS registrar. This domain name will be used for the @domainname portion of the e-mail addresses which will be sent to this e-mail server from the outside world.

Click on mail flow on the left pane and click on accepted domains

Enter a name for the Accepted Domain and enter the domain name that will be used to receive e-mails.

Choose Authoritative: Email is delivered only to valid recipients in this Exchange organization. All email for unknown recipients is rejected.

Click on Save.

Configure the Default Email Address Policy

Click on mail flow on the left hand pane and then select email address policies. Then double-click on Default Policy.

Click on email address format. Then click on the + symbol.

Click Select an accepted domain, and then click the drop down arrow.

Highlight and select the accepted domain that was added previously.

Then select a format from the list in which to derive an email address automatically for the new mailbox that gets created for a user.

Then tick Make this format the reply email address.

Click Save.

Click Save again.

Click OK to the Warning.

Click Apply.

There is a warning saying that applying the policy may take a long time to finish. Click Yes to continue.

Click close.

Configure the Public DNS for Mail Flow (MX record) and Outlook Web Access

Some DNS registrars allow the creation and modification of DNS entries for the domain name which is purchased through them via your account’s portal.

In any case, you need to organize to have the following created:

DNS Record Type
External IP address of your Exchange Server

With regards to the values, you should only enter an IP address for the A record. The MX record and the CNAME (alias) should point to the DNS name of the A record for the Exchange server. In this way, if your IP address changed due to changing Internet Service Providers, you would only need to update the A record.

Modifying Firewall Rules

You need to allow inbound and outbound traffic on the following ports on your firewall device to enable the Exchange server to communicate with other mail servers outside your organisation.

TCP Port
443 (SSL)
Exchange Server
25 (SMTP)
Exchange Server
25 (SMTP)

Testing Mail Flow

NOTE: We haven’t installed a valid SSL certificate so we will get a warning about the SSL certificate. However, this does not affect the functionality of Exchange or the client connecting to Exchange.

Let’s use Outlook Web Access to start sending and receiving e-mails.

From the internet:

Go to :

At the warning screen, choose to continue to the site. In the case that you are using Chrome, click on ADVANCED, then choose Proceed to sitename (unsafe) .

Log in as the administrator account that was used during the Exchange installation.

Testing External Mail Flow

Click on New to create a new email message.

Add the recipient e-mail address in the To field. Type something in the subject field and the body of the message. Click Send.

Your message should reach the intended recipient.

Testing Internal Mail Flow

From an external email account such as Gmail, Hotmail, or Yahoo, send a test e-mail to .

You should have received the test e-mail.


We have now configured our Exchange server to be able to send and receive emails from outside the organisation.

Here is a link to the tutorial on How To Install Exchange Server 2016.

Here is a link to a tutorial on How to Migrate Mailboxes from Exchange 2010 to Exchange 2016 Using Powershell.

This article is accurate and true to the best of the author’s knowledge. Content is for informational or entertainment purposes only and does not substitute for personal counsel or professional advice in business, financial, legal, or technical matters.

© 2016 sengstar2005


    0 of 8192 characters used
    Post Comment
    • profile image


      15 months ago

      Hi sir car you please help me i want my exchange server to be able to communicate outside and im not how to do that

    • sengstar2005 profile imageAUTHOR


      18 months ago from Sydney

      Hi Damian, it's the way you setup your DNS if you want to use the from your LAN i.e. you can use "split" DNS. If accessing from the outside world, make sure you setup a CNAME record for to point to the internet IP address of your Exchange server ( in most cases it is the same IP address of your firewall). On the firewall, forward TCP Port 443 (HTTPS) to the Exchange server's internal IP address. If you already have port 443 point to some other service on that internet IP address, the easiest way to get around this is to get/purchase an additional IP address from your Internet Service Provider.

    • profile image


      18 months ago


      I followed the Instructions you created and when I enter from a computer on my LAN I get "server IP address could not be found." but when I try to access it from a device in the outside world I get "..... took too long to respond" Any idea?



    • sengstar2005 profile imageAUTHOR


      20 months ago from Sydney

      Hi Abhishek, do you mean you can't get Outlook Web Access to work or you can't get Outlook to connect to the Exchange server? And if using Outlook, are you configuring Outlook from inside your network or from the internet ?

    • profile image


      20 months ago


      I had followed the steps as per the article but still unable to get outlook access. Do i also need to configure internal DNS?


    This website uses cookies

    As a user in the EEA, your approval is needed on a few things. To provide a better website experience, uses cookies (and other similar technologies) and may collect, process, and share personal data. Please choose which areas of our service you consent to our doing so.

    For more information on managing or withdrawing consents and how we handle data, visit our Privacy Policy at:

    Show Details
    HubPages Device IDThis is used to identify particular browsers or devices when the access the service, and is used for security reasons.
    LoginThis is necessary to sign in to the HubPages Service.
    Google RecaptchaThis is used to prevent bots and spam. (Privacy Policy)
    AkismetThis is used to detect comment spam. (Privacy Policy)
    HubPages Google AnalyticsThis is used to provide data on traffic to our website, all personally identifyable data is anonymized. (Privacy Policy)
    HubPages Traffic PixelThis is used to collect data on traffic to articles and other pages on our site. Unless you are signed in to a HubPages account, all personally identifiable information is anonymized.
    Amazon Web ServicesThis is a cloud services platform that we used to host our service. (Privacy Policy)
    CloudflareThis is a cloud CDN service that we use to efficiently deliver files required for our service to operate such as javascript, cascading style sheets, images, and videos. (Privacy Policy)
    Google Hosted LibrariesJavascript software libraries such as jQuery are loaded at endpoints on the or domains, for performance and efficiency reasons. (Privacy Policy)
    Google Custom SearchThis is feature allows you to search the site. (Privacy Policy)
    Google MapsSome articles have Google Maps embedded in them. (Privacy Policy)
    Google ChartsThis is used to display charts and graphs on articles and the author center. (Privacy Policy)
    Google AdSense Host APIThis service allows you to sign up for or associate a Google AdSense account with HubPages, so that you can earn money from ads on your articles. No data is shared unless you engage with this feature. (Privacy Policy)
    Google YouTubeSome articles have YouTube videos embedded in them. (Privacy Policy)
    VimeoSome articles have Vimeo videos embedded in them. (Privacy Policy)
    PaypalThis is used for a registered author who enrolls in the HubPages Earnings program and requests to be paid via PayPal. No data is shared with Paypal unless you engage with this feature. (Privacy Policy)
    Facebook LoginYou can use this to streamline signing up for, or signing in to your Hubpages account. No data is shared with Facebook unless you engage with this feature. (Privacy Policy)
    MavenThis supports the Maven widget and search functionality. (Privacy Policy)
    Google AdSenseThis is an ad network. (Privacy Policy)
    Google DoubleClickGoogle provides ad serving technology and runs an ad network. (Privacy Policy)
    Index ExchangeThis is an ad network. (Privacy Policy)
    SovrnThis is an ad network. (Privacy Policy)
    Facebook AdsThis is an ad network. (Privacy Policy)
    Amazon Unified Ad MarketplaceThis is an ad network. (Privacy Policy)
    AppNexusThis is an ad network. (Privacy Policy)
    OpenxThis is an ad network. (Privacy Policy)
    Rubicon ProjectThis is an ad network. (Privacy Policy)
    TripleLiftThis is an ad network. (Privacy Policy)
    Say MediaWe partner with Say Media to deliver ad campaigns on our sites. (Privacy Policy)
    Remarketing PixelsWe may use remarketing pixels from advertising networks such as Google AdWords, Bing Ads, and Facebook in order to advertise the HubPages Service to people that have visited our sites.
    Conversion Tracking PixelsWe may use conversion tracking pixels from advertising networks such as Google AdWords, Bing Ads, and Facebook in order to identify when an advertisement has successfully resulted in the desired action, such as signing up for the HubPages Service or publishing an article on the HubPages Service.
    Author Google AnalyticsThis is used to provide traffic data and reports to the authors of articles on the HubPages Service. (Privacy Policy)
    ComscoreComScore is a media measurement and analytics company providing marketing data and analytics to enterprises, media and advertising agencies, and publishers. Non-consent will result in ComScore only processing obfuscated personal data. (Privacy Policy)
    Amazon Tracking PixelSome articles display amazon products as part of the Amazon Affiliate program, this pixel provides traffic statistics for those products (Privacy Policy)
    ClickscoThis is a data management platform studying reader behavior (Privacy Policy)