As you are surely aware, the year 2011 ended on a high note with the release of Exchange Server 2010 SP2. This update includes support for service providers using the on-premises configuration from SP2 onwards in their hosted environment.

Along with this service pack, Microsoft released the document “Multi-Tenancy and Hosting Guidance, Exchange Server 2010 SP2”. This document highlights the considerations that must be addressed in multi-tenant hosting environments. Service Providers that want to deploy Exchange Server 2010 SP2 in a multi-tenant configuration should ensure that they have addressed these considerations through either an in-house approach, or through a third-party solution.

For those not interested in developing your own in-house solutions, Ricketts Corporation has developed a transport agent to address the transport-related considerations.

Their solution enables you to use either recipient\sender domain name matching or Active Directory lookups to correctly deliver external OOF messages between tenants hosted on the same platform. Without the agent, Exchange 2010 SP2 Enterprise treats mailboxes in different tenants that are hosted on the same Exchange platform as internal. This can produce a data leakage issue as internal OOF messages will be delivered between tenants even though the user would expect that Exchange would deliver the external OOF. This solution enables the Hub Transport server to determine whether or not the recipient is within the same Exchange tenant and then deliver the correct OOF message. 

Additionally, by inspecting message header information generated by an external SMTP gateway, it can establish whether messages processed by the Hub Transport server have been generated by local senders for local recipients. If a configured X-Header is not present it will override the next hop and route messages out of the Exchange platform to an external SMTP gateway such as an Ironport, Barracuda, Edge Server, cloud based AV/AS gateway, etc. When the message re-enters the Exchange platform, the X-Header is present and the message is delivered as normal. This enables the solution to:

  • Prevent name resolution of recipients and matching to directory entries from taking place when emails are sent between tenants
  • Route all mail through an external SMTP gateway to enable integration with external AV/AS systems
  • Handle issues with tenant mailbox moves between platforms or to the cloud

Please feel free to contact Ricketts Corporation directly for more information: info@rickettscorp.com.