The CloudPanel Transport Agent will handle routing messages between tenants on your Exchange environment. Exchange by default will not send any emails to the send connector when the domain you are sending to is an accepted domain on the same Exchange environment.
Even though Microsoft released Address Book Policies it doesn’t take care of some things and could still potentially leak information between tenants. For example, internal Out of Office messages will be leaked between tenants because as far as Exchange is concerned the other tenant is on the same environment… which in turn sends the internal out of office message back instead of the external out of office.
There are three things this transport agent will do for you:
Installing this transport agent is easy but there are some steps you need to follow before you can implement it in your environment:
Next you will need to copy all the files and the resources folder to each Hub Transport server you have:
Next open Exchange Powershell (be sure to run as administrator) on each hub transport server and:
You will notice there are three options in this configuration file:
<add key=”DebugOn” value=”False” />
If you are having any issues or need support from KnowMoreIT you change the value=”False” to value=”True”. This will generate some messages in the event viewer to assist with troubleshooting. Be sure to always turn this back off because it will cause more of a load and generate additional processing time
<add key=”RoutingDomain” value=”nexthopdomain.com” />
This is the DEFAULT domain that must be on your send connector (see below).
<add key=”BlockInternalOutOfOffice” value=”True”/>
If you choose to not block internal out of office messages between tenants you can change this to False
<add key=”InternalRoutingOn” value=”True”/>
This will enable or disable internal routing for the entire server. What this means is the CloudPanel Transport Agent won’t process any messages UNLESS you add the domain to the list.
<add key=”GlobalRouteSameDomainOn” value=”False”/>
This will force all emails out through the send connector even if they are from and to the same domain.
<add key=”tenantdomain.com” value=”fake-tenantdomain.com;false”/>
If you need to route a specific domain out a certain send connector. This example routes all emails from tenantdomain.com out to a send connector with the address under Address Space fake-tenantdomain.com. This does not process if the email is from and to the same domain. You can add one for each domain you have. If one is not specified then it will route to the value specified for the “RoutingDomain” key.
The value after the semi-colon is used to specify if you are routing emails from and to the same domain outbound. By default this is false. An example would be if this is set to true then emails from knowmoreit.com and to knowmoreit.com would be forced outbound. This is a GREAT way to avoid having to use journaling as long as your archiver supports reading winmail.dat files.
nexthopdomain.com is the default in the TransportAgent.dll.config file. You can change this.