Exchange SMTP high availability with Kemp load balancer

If you have more than one Exchange Server running in the organization, you want to load balance Exchange SMTP for high availability. An excellent load balancer that we do recommend is Kemp. This article will teach you how to load balance Exchange SMTP for high availability with Kemp load balancer.

Table of contents

Introduction

HTTPS and SMTP are both network layer protocols to transfer information between hosts. SMTP will transfer emails between mail servers, while HTTPS is used to transfer secure communication over a network.

We will load balance Exchange Server for the protocols:

Important: Read the article Exchange high availability namespace design and planning before proceeding.

An architecture view of Exchange SMTP high availability is shown below in the diagram. It’s divided between External and Internal.

External

How it works if we send messages (emails) to an @exoip.com mailbox:

  1. The public DNS/External DNS will retrieve the MX record for domain exoip.com
  2. It will resolve to the cloud spam filter SpamBull.com MX records
  3. The cloud spam filter SpamBull.com will scan the message for malware, spyware, viruses, and spam
  4. SpamBull.com delivers only clean messages to the firewall’s public IP address
  5. The firewall forwards the messages to the Kemp load balancer
  6. Kemp load balancer distributes the messages load between the Exchange Servers

Note: Always use a spam filter to protect your Exchange Server organization from incoming and outgoing spam. The one we recommend is the SpamBull cloud spam filter.

Internal

If we send messages from internal it will directly go through the Exchange Servers and not through the load balancer. Only SMTP relay will send the messages through the Kemp load balancer.

How it works if we send messages (emails) from internal applications and printers:

  1. The internal DNS will retrieve the A record for relay.exoip.com
  2. It will resolve to the Kemp load balancer internal IP address
  3. Messages are sent to the Kemp load balancer
  4. Kemp load balancer distributes the messages load between the Exchange Servers

Before you start, read the articles:

Configure Exchange SMTP high availability

To configure Exchange SMTP high availability on the Kemp LoadMaster, follow the below steps.

1. Check Kemp LoadMaster Exchange templates

Sign in to Kemp LoadMaster load balancer to start.

Exchange SMTP high availability with Kemp load balancer 1

In the menu, go to Virtual Services > Manage Templates.

We can see the Exchange templates we installed in the previous article.

Exchange SMTP high availability with Kemp load balancer 2

2. Create new virtual service

Click on Add New in the menu.

Start first by selecting from the dropdown menu Exchange 2016 SMTP.

Specify the Virtual Address. In our example, it’s 192.168.1.54.

Click Add this Virtual Service.

Make sure that another device didn’t take that IP address. If you already have an old load balancer and want to replace it with Kemp LoadMaster, you can keep using the same IP address. The SMTP mail transfer will go through Kemp LoadMaster.

Exchange SMTP high availability with Kemp load balancer 3

Click on Real Servers and then on Add New.

Exchange SMTP high availability with Kemp load balancer 4

Add the Exchange Server IP address.

Click on Add This Real Server.

Exchange SMTP high availability with Kemp load balancer 5

Add the second Exchange Server IP address.

Click on Add This Real Server.

If you have more than two Exchange Servers, add them with the same steps.

You can see which Exchange Servers you did add.

Exchange SMTP high availability with Kemp load balancer 7

Click in the menu View/Modify Services to verify the virtual IP address with port 25 (SMTP). Both the Exchange Servers will show as Real Servers with the status Up.

Exchange SMTP high availability with Kemp load balancer 8

3. Edit firewall VIP

In the firewall, change the VIP with protocol SMTP (25) to the Kemp virtual address. In our example, the IP address 192.168.1.54.

4. Check real time statistics

Click Statistics > Real Time Statistics in the menu.

Click Virtual services.

The Exchange Service SMTP shows the status Up, including the Exchange Servers.

Exchange SMTP high availability with Kemp load balancer 9

Test and verify that it works

It’s always good to test the load balancer and check if it works as expected.

Disable the network card on one of the Exchange Server and check the statistics. The real time statistics will show the Exchange Server status Down.

Exchange SMTP high availability with Kemp load balancer 10

Go to Microsoft Remote Connectivity Analyzer (MRCA).

Click in the menu on Exchange Server > Inbound SMTP Email.

Exchange SMTP high availability with Kemp load balancer 11

Create a test user account with a mailbox and fill in the email address.

Note: You will receive messages from Microsoft Remote Connectivity Analyzer on that email after the test completes.

Enter the verification code and click on Perform Test.

Note: Don’t use an account with administrator rights.

The test is being performed. It will not take long.

The connectivity test is successful. The test did the following:

  1. Attempt to retrieve DNS MX records for domain exoip.com
  2. Retrieved MX records mx1.spambull.com, mx2.spambull.com, mx3.spambull.com, and mx4.spambull.com
  3. Attempting to resolve the hostname mx1.spambull.com in DNS
  4. IP address returned IPv4 132.117.53.188/IPv6 2001:978:2:2f::5:100
  5. Testing TCP port 25 on host mx1.spambull.com to ensure it’s listening and open
  6. Banner received from host mx54.spambull.com ESMTP

We can’t see the Exchange Server hostname because the SpamBull spam filter protects it.

Exchange SMTP high availability with Kemp load balancer 14

Suppose you don’t have a spam filter for inbound mail, which we don’t recommend. The test will look as follows.

Exchange SMTP high availability with Kemp load balancer 15

We did successfully configure Exchange SMTP high availability with Kemp load balancer. Don’t forget to enable the network card on the Exchange Server to bring it back up.

In the next article, we will configure Exchange outbound SMTP high available.

Keep reading: Add second domain to Exchange Server »

Conclusion

You learned how to configure Exchange SMTP high availability with Kemp load balancer. The templates are great that Kemp provides. Follow the steps to load balance Exchange inbound SMTP with Kemp LoadMaster. As of last, test the SMTP flow with Microsoft Remote Connectivity Analyzer (MRCA) or send an email and analyze the headers.

Did you enjoy this article? You may also like Mailbox still visible in Outlook after removing permission. Don’t forget to follow us and share this article.

ALI TAJRAN

ALI TAJRAN

ALI TAJRAN is a passionate IT Architect, IT Consultant, and Microsoft Certified Trainer. He started Information Technology at a very young age, and his goal is to teach and inspire others. Read more »

X TwitterLinkedIn

What Others Are Reading

This Post Has 6 Comments

  1. Hello Ali.
    I configured 4 Mailbox servers in DAG. For Load Balancing Https request we use WAF Forti Web. Do we need load balancing for SMTP?

    Reply

  2. Hello Ali,

    i have configured this topic on my Organisation. I can say your courses are awesome. Thank you !

    After the processes were finished, I found that the smtp configuration was not completely correct due to the template. In template of SMTP , in Standard Options “Subnet Originating Requests” was enabled instead of “Use Address for Server NAT” and therefore my LB couldn’t answer correctly some smtp request, specially smtp relay requests. After i changed this, my LB can work correct.

    Thank you for your courses

    Reply

  3. Hello Ali
    thank you very much for your courses. They are very useful.
    I have a problem with SMTP Relay. I configured Kemp Load Master in my organisation.
    We have Ex2016 and i have two new Ex2019 installed and configured and with Kemp LB balanced. I have direct Receive Connectors(Anonymous Relay) copied from old Ex2016 to news. But i have Problem with internal Applications and any services they can not authenticate and send any emails from their servers . Source Ip addresses are right. Could you please any advice for me ? Should i make new dns records in dns server.For example relay.exoip.com or anothers ? How can resolves dns internal Users without any dns to bypass KempLB?

    Thanks advance for your answers.

    Emre

    Reply

  4. Thanks Ali
    I know this has nothing to do with DAG.
    But by implementing DAG, how does Kemp detect which database is active on which server so that it can deliver the email to it?
    For example
    Kemp receive an Email:
    active Database on EX01: DB01, DB03, DB05
    active Database on EX02: DB02, DB04, DB06

    Reply

    1. After the message arrives at a Mailbox server in the DAG, the Transport service routes the message to the Mailbox Transport Delivery service on the DAG member that holds the active copy of the destination mailbox database.

      Reply

Leave a Reply

Your email address will not be published. Required fields are marked *