Microsoft released Cumulative Update 14 for Exchange Server 2019 (KB5035606) on February 13, 2024. Also…
Exchange SMTP high availability with Kemp load balancer
If you have more than one Exchange Server running in the organization, you want to load balance Exchange SMTP for high availability. An excellent load balancer that we do recommend is Kemp. This article will teach you how to load balance Exchange SMTP for high availability with Kemp load balancer.
Table of contents
Introduction
HTTPS and SMTP are both network layer protocols to transfer information between hosts. SMTP will transfer emails between mail servers, while HTTPS is used to transfer secure communication over a network.
We will load balance Exchange Server for the protocols:
- SMTP (Simple Mail Transfer Protocol) (this article)
- HTTPS (Hypertext Transfer Protocol Secure)
Important: Read the article Exchange high availability namespace design and planning before proceeding.
An architecture view of Exchange SMTP high availability is shown below in the diagram. It’s divided between External and Internal.
External
How it works if we send messages (emails) to an @exoip.com mailbox:
- The public DNS/External DNS will retrieve the MX record for domain exoip.com
- It will resolve to the cloud spam filter SpamBull.com MX records
- The cloud spam filter SpamBull.com will scan the message for malware, spyware, viruses, and spam
- SpamBull.com delivers only clean messages to the firewall’s public IP address
- The firewall forwards the messages to the Kemp load balancer
- Kemp load balancer distributes the messages load between the Exchange Servers
Note: Always use a spam filter to protect your Exchange Server organization from incoming and outgoing spam. The one we recommend is the SpamBull cloud spam filter.
Internal
If we send messages from internal it will directly go through the Exchange Servers and not through the load balancer. Only SMTP relay will send the messages through the Kemp load balancer.
How it works if we send messages (emails) from internal applications and printers:
- The internal DNS will retrieve the A record for relay.exoip.com
- It will resolve to the Kemp load balancer internal IP address
- Messages are sent to the Kemp load balancer
- Kemp load balancer distributes the messages load between the Exchange Servers
Before you start, read the articles:
- Install Kemp virtual load balancer on VMware
- Configure Kemp virtual load balancer
- Exchange HTTPS high availability with Kemp load balancer
Configure Exchange SMTP high availability
To configure Exchange SMTP high availability on the Kemp LoadMaster, follow the below steps.
1. Check Kemp LoadMaster Exchange templates
Sign in to Kemp LoadMaster load balancer to start.
In the menu, go to Virtual Services > Manage Templates.
We can see the Exchange templates we installed in the previous article.
2. Create new virtual service
Click on Add New in the menu.
Start first by selecting from the dropdown menu Exchange 2016 SMTP.
Specify the Virtual Address. In our example, it’s 192.168.1.54.
Click Add this Virtual Service.
Make sure that another device didn’t take that IP address. If you already have an old load balancer and want to replace it with Kemp LoadMaster, you can keep using the same IP address. The SMTP mail transfer will go through Kemp LoadMaster.
Click on Real Servers and then on Add New.
Add the Exchange Server IP address.
Click on Add This Real Server.
Add the second Exchange Server IP address.
Click on Add This Real Server.
If you have more than two Exchange Servers, add them with the same steps.
You can see which Exchange Servers you did add.
Click in the menu View/Modify Services to verify the virtual IP address with port 25 (SMTP). Both the Exchange Servers will show as Real Servers with the status Up.
3. Edit firewall VIP
In the firewall, change the VIP with protocol SMTP (25) to the Kemp virtual address. In our example, the IP address 192.168.1.54.
4. Check real time statistics
Click Statistics > Real Time Statistics in the menu.
Click Virtual services.
The Exchange Service SMTP shows the status Up, including the Exchange Servers.
Test and verify that it works
It’s always good to test the load balancer and check if it works as expected.
Disable the network card on one of the Exchange Server and check the statistics. The real time statistics will show the Exchange Server status Down.
Go to Microsoft Remote Connectivity Analyzer (MRCA).
Click in the menu on Exchange Server > Inbound SMTP Email.
Create a test user account with a mailbox and fill in the email address.
Note: You will receive messages from Microsoft Remote Connectivity Analyzer on that email after the test completes.
Enter the verification code and click on Perform Test.
Note: Don’t use an account with administrator rights.
The test is being performed. It will not take long.
The connectivity test is successful. The test did the following:
- Attempt to retrieve DNS MX records for domain exoip.com
- Retrieved MX records mx1.spambull.com, mx2.spambull.com, mx3.spambull.com, and mx4.spambull.com
- Attempting to resolve the hostname mx1.spambull.com in DNS
- IP address returned IPv4 132.117.53.188/IPv6 2001:978:2:2f::5:100
- Testing TCP port 25 on host mx1.spambull.com to ensure it’s listening and open
- Banner received from host mx54.spambull.com ESMTP
We can’t see the Exchange Server hostname because the SpamBull spam filter protects it.
Suppose you don’t have a spam filter for inbound mail, which we don’t recommend. The test will look as follows.
We did successfully configure Exchange SMTP high availability with Kemp load balancer. Don’t forget to enable the network card on the Exchange Server to bring it back up.
In the next article, we will configure Exchange outbound SMTP high available.
Keep reading: Add second domain to Exchange Server »
Conclusion
You learned how to configure Exchange SMTP high availability with Kemp load balancer. The templates are great that Kemp provides. Follow the steps to load balance Exchange inbound SMTP with Kemp LoadMaster. As of last, test the SMTP flow with Microsoft Remote Connectivity Analyzer (MRCA) or send an email and analyze the headers.
Did you enjoy this article? You may also like Mailbox still visible in Outlook after removing permission. Don’t forget to follow us and share this article.
Hello Ali.
I configured 4 Mailbox servers in DAG. For Load Balancing Https request we use WAF Forti Web. Do we need load balancing for SMTP?
Yes, you must configure inbound SMTP load balancing on the load balancer or the firewall.
Hello Ali,
i have configured this topic on my Organisation. I can say your courses are awesome. Thank you !
After the processes were finished, I found that the smtp configuration was not completely correct due to the template. In template of SMTP , in Standard Options “Subnet Originating Requests” was enabled instead of “Use Address for Server NAT” and therefore my LB couldn’t answer correctly some smtp request, specially smtp relay requests. After i changed this, my LB can work correct.
Thank you for your courses
Hello Ali
thank you very much for your courses. They are very useful.
I have a problem with SMTP Relay. I configured Kemp Load Master in my organisation.
We have Ex2016 and i have two new Ex2019 installed and configured and with Kemp LB balanced. I have direct Receive Connectors(Anonymous Relay) copied from old Ex2016 to news. But i have Problem with internal Applications and any services they can not authenticate and send any emails from their servers . Source Ip addresses are right. Could you please any advice for me ? Should i make new dns records in dns server.For example relay.exoip.com or anothers ? How can resolves dns internal Users without any dns to bypass KempLB?
Thanks advance for your answers.
Emre
Thanks Ali
I know this has nothing to do with DAG.
But by implementing DAG, how does Kemp detect which database is active on which server so that it can deliver the email to it?
For example
Kemp receive an Email:
active Database on EX01: DB01, DB03, DB05
active Database on EX02: DB02, DB04, DB06
After the message arrives at a Mailbox server in the DAG, the Transport service routes the message to the Mailbox Transport Delivery service on the DAG member that holds the active copy of the destination mailbox database.