This browser is no longer supported.
Upgrade to Microsoft Edge to take advantage of the latest features, security updates, and technical support.
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(121.6, 52%, 21%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3EBP%3C/text%3E%3C/svg%3E)
I would like to perform a migration with CMT and a hosted spam service that currently handles all inbound and outbound email outside the organization. I would like to keep that in place until all mailboxes have been moved from EOP to EOL over a period of a few weeks.
Currently no one has a "forward" on their mailbox, so this is not a concern right now.
I read through this MS article: https://techcommunity.microsoft.com/t5/exchange-team-blog/demystifying-centralized-mail-transport-and-criteria-based/ba-p/2927777
Reading the article it mentions using CBR, but I am still not sure if I would be required to implement it. The article mentions that CMT might have some routing issues between EOL and EOP, or there might be issues with EOP emailing to EOP mailboxes.
Do I need CBR at all?
How does CMT route email for internal users? I believe it uses its own connector, is this correct?
I also saw mention of a certificate, I know it is recommended it be a 3rd party cert with the A record name of the mail server, are there any gothcas here?
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(137.6, 20%, 23%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3EMH%3C/text%3E%3C/svg%3E)
Hi,
The article you read mentions that CBR might be necessary in certain scenarios to avoid routing issues between Exchange Online (EOL) and Exchange On-Premises (EOP). CBR, also known as Conditional Mail Routing, is designed to route mail matching certain criteria through a specific outbound connector. If your setup involves complex routing requirements, implementing CBR could help manage these scenarios effectively. Based on my personal experience, it is suggested that not using CBR.
CMT routes emails by using its own connectors. It ensures that all messages from Exchange Online mailboxes are routed through Exchange On-Premises before being delivered to the Internet, and incoming Internet messages are routed through Exchange On-Premises before being delivered to an Exchange Online recipient. This setup helps maintain compliance and control over email flow.
It is recommended to use a third-party certificate with the A record name of the mail server. This ensures secure communication between servers. One potential gotcha is ensuring that the certificate is correctly configured and trusted by all involved parties to avoid any disruptions in mail flow.
Please feel free to contact me for any updates. And if this helps, don't forget to mark it as an answer!
@Mike Hu-MSFT I believe the CMT creates a separate send/receive connector on port 443 or 25. Is this connector locked down to MS servers? Or is it just open?
Regarding security, these connectors are generally locked down to Microsoft servers. This means they are configured to only communicate with specific Microsoft IP addresses and services, ensuring secure and controlled mail flow