Centralized and Decentralized Mail Flow
In this blog you will learn how email flow works when Centralized and Decentralized mail flow is configured. We will learn few used case scenarios to understand what is the difference between Centralized and Decentralized mail flow.
Table of Contents
Watch the video
Watch this video and learn what is the difference between centralized and decentralized mail flow, how emails are routed in case of both the mail flow configurations.
What is Centralized and Decentralized Mail Flow
Centralized and Decentralized mail flow refer to how emails are routed within an Exchange organization. When you deploy Exchange Hybrid using Exchange Hybrid Configuration Wizard (HCW), you can enable Centralized mail flow on the Hybrid Configuration page of HCW as shown below.
When you enable centralized mail flow, the Hybrid Configuration Wizard (HCW) enables your on-premises Exchange server to function as a smart host. That means when centralized mail flow is enabled, all the inbound and outbound emails are managed by the on-premises Exchange server.
Let’s understand both centralized and decentralized mail flow configurations in detail.
What is Centralized Mail Flow / Centralized Mail Transport
Let’s assume we have deployed Exchange Hybrid, and MX record is pointing to Exchange Online. That means any email sent from Internet will be delivered to Exchange Online Protection, and then it will be delivered to the users. But our requirement is, whenever someone sends an email from Internet, that email should be received by EOP first, and then it should be processed by on-premises Exchange server before email is delivered to the recipient’s mailbox. So this is where we use centralized mail flow in Exchange Hybrid. Where every external incoming or outgoing email is processed by on-premises Exchange server and then it is delivered to the recipients.
Route all messages via On Premises
When we run Hybrid Configuration Wizard (HCW), it creates 2 connectors in Exchange Online, Inbound and Outbound. When we enable Centralized Mail Flow in Hybrid Configuration Wizard, it sets RouteAllMessagesViaOnPremise attribute to True in the Outbound Connector in Exchange Online. If you run Get-OutboundConnector in Exchange Online PowerShell, you will see below output.
Get-OutboundConnector | fl
Enabled : True
UseMXRecord : False
ConnectorType : OnPremises
ConnectorSource : HybridWizard
RecipientDomains : {*}
SmartHosts : {[192.168.0.1], [192.168.0.2]}
TlsDomain : mail.office365concepts.com
TlsSettings : DomainValidation
IsTransportRuleScoped : False
RouteAllMessagesViaOnPremises : True
CloudServicesMailEnabled : True
If Route All Messages Via OnPremise attribute is set to True, that means Centralized mail flow is enabled in your Exchange Hybrid environment. If this value is set to FALSE, that means centralized mail flow is disabled and you are using decentralized mail flow.
Mail Flow routing in Exchange Hybrid deployments
Now let’s discuss few used case scenarios to understand mail flow routing in Exchange hybrid deployments.
Scenario 1. Inbound email flow when MX is pointing to EOP and Centralized mail flow is enabled.
In this scenario we will understand how inbound emails will be routed in Exchange hybrid deployment when MX record is pointed to EOP and centralized mail transport is enabled.
We have one user mailbox in on-premises Exchange server with name John Smith, and one user mailbox is in Exchange Online with name Bob Ross. Someone from outside has sent an email to both John and Bob.
Since MX record is pointing to Exchange Online Protection (EOP), the email will be delivered to Exchange Online Protection.
EOP will scan this email and will route it to the on-premises Exchange server because centralized mail flow is enabled.
On-premises Exchange server will perform a lookup for each recipient, and will find that John’s mailbox is in on-premises, and Bob’s mailbox is in Exchange Online. So Exchange server will split the email in 2 copies because we have 2 recipients for the same email.
One copy of the email will be delivered to John’s mailbox, and the second copy of the email will be sent back to EOP using send connector on on-premises Exchange server, EOP will send the email to Exchange online and the email will delivered to Bob’s mailbox.
So this is how mail routing works in Exchange hybrid deployment when MX is pointing to EOP and centralized mail flow is enabled.
Scenario 2. Inbound email flow when MX is pointing to EOP and Centralized mail flow is disabled.
When centralized mail transport is disabled (default configuration) and MX is pointing to EOP, incoming Internet messages are routed as follows in a hybrid deployment:
We have one user in on-premises with name John Smith, and one user in Exchange Online with name Bob Ross. Someone from Internet has sent an email to both Bob and John. Since MX record is pointing to EOP, email will be delivered to Exchange Online Protection.
Exchange Online Protection will scan this email and will send this email to Exchange Online. Exchange online will do recipient lookup, and will find that John’s mailbox is located in on-premises, and Bob’s mailbox is located in Exchange Online. Exchange Online will split this email in two copies because this email is addressed to 2 recipients.
Exchange Online will deliver 1 copy of the email to Bob’s mailbox, and the other copy of the email will be sent back to EOP since John’s mailbox is not in Exchange Online.
Exchange Online Protection (EOP) will send the other copy of the email to on-premises Exchange server since John’s mailbox is hosted in on-premises. On-premises Exchange server will send this copy to the Mailbox server, and the email will be delivered to John’s mailbox.
So this is how email routing works in Exchange hybrid, when MX is pointed to EOP, and when you are using decentralized mail flow. That means centralized mail flow is disabled.
Scenario 3. Inbound email flow when MX is pointing to On-Premises Exchange Organization.
The following steps and diagrams illustrate the inbound Internet message path that will occur in your hybrid deployment if you decide to keep your MX record pointed to your on-premises organization.
We have one mailbox in on-premises with name John Smith, and one mailbox is in Exchange Online with name Bob Ross. Someone from Internet has sent an email to both John and Bob. Since MX record is pointing to on-premises, the email will be delivered to on-premises Exchange server.
On-premises Exchange server will perform recipient lookup using Global Catalog server. Through the recipient lookup, on-premises Exchange server will find that John’s mailbox is located in on-premises, and Bob’s mailbox is located in Exchange Online because Bob has a hybrid routing address [email protected]. On-premises Exchange server will split the email in 2 copies.
One copy of the email will sent to on-premises Exchange Mailbox server and it will be delivered to John’s mailbox.
Exchange server will send another copy of the email to EOP (Exchange Online Protection) using send connector over TLS.
EOP will scan the email and will send it to Exchange online, and the email will be delivered to Bob’s mailbox.
So this is how incoming email routing works in Exchange Hybrid deployment when MX record is pointing to on-premises Exchange server.
Scenario 4. Outbound email routing when centralized mail flow is enabled.
The below steps and diagrams illustrate the outbound message path for the emails sent from Exchange Online to Internet when centralized mail transport is enabled.
We have a user in Exchange Online with name Bob Ross. He is sending an email to an external user on Internet.
As soon as Bob will send email from his email application, the email will go to EOP. Exchange Online Protection will scan the email, it will apply outbound spam filter policies, and will route this email to on-premises Exchange server because the outbound connector in EOP has RouteAllMessagesViaOnPremises attribute set to True.
On-premises Exchange server will perform anti-virus checks and other compliance checks configured by the administrators. Then on-premises Exchange server will look for the MX record for the external domain, and will send the email to the external domain’s email server.
Scenario 5. Outbound email flow when Centralized mail transport is disabled.
The below steps and diagrams illustrate the outbound message path for the emails sent from Exchange Online to Internet when centralized mail transport is not enabled in Exchange Hybrid Configuration Wizard (HCW).
We have a user in Exchange Online with name Bob Ross, and he is sending an email to an external user.
As soon as Bob will send email from his email application, the email will be routed to Exchange Online Protection (EOP).
Exchange Online Protection will scan this email, it will perform MX lookup for external user’s domain, and EOP will send this email to the email server of the external domain.
So this is how outbound email flow will work in Exchange hybrid deployment when centralized mail transport is disabled.
Conclusion
In this blog you learnt what is centralized and decentralized mail flow in Exchange hybrid, you learnt how emails are routed between EOP and on-premises when centralized mail transport is enabled in Exchange Hybrid Configuration Wizard, and you learnt how incoming and outgoing email routing work in Exchange hybrid.
If you You might like our other article on Setup Email Flow in Exchange Server 2019.
If you found this article helpful and informative, please share it within your community and do not forget to share your feedback within the comments below. Please join us on our YouTube channel for the latest videos on Cloud technology and join our Newsletter for the early access of the blogs and updates.
Happy Learning!!