Awards
- Community Pick
- Experts Exchange Approved
I have seen a number of questions over the past few months regarding DNS configuration for an Exchange Server. Incorrectly configured DNS can cause your server to be rejected by receiving servers that are performing certain types of checks on the mail it receives.
One of the most common of these is the rDNS lookup which basically checks that the server sending the message actually exists.
I will try to cover the correct configuration here for hosting your own mail server and sending mail out via DNS rather than a smart host. This configuration is not as important if you send via a 3rd party relay.
MX Configuration
The MX record(s) for your domain provide systems sending you e-mail with the correct path for your mail server. If you're using a relay/SPAM service then your MX record will be configured to use their servers' host names. If you host your own server, the MX record will be configured with your server's IP address.
Step 1
Confirm the External IP address your server is using. This can be achieved by simply going to http://whatsmyip.org from your Exchange Server. At the very top of the screen this will provide you with your IP address.
Step 2
Create an A record in the DNS that controls your EXTERNAL domain name. This is the DNS for the part after the @ in your e-mail address. I always use mail.domainname.com but you don’t have to. It doesn’t matter what you use as long as it’s consistent.
Step 3
You now need to configure the MX record for your main domain -- the one after the @ sign for which you want to receive email. To do this, edit the DNS settings for that domain and set the MX record to use the A record you have configured in Step 2.
Do not use IP addresses or CNAME records for the MX entry as this can throw up errors on DNS lookups and is also against RFC standards. See RFC2181: http://tools.ietf.org/htm
Extract: "This domain name must have as its value one or more address records. Currently those will be A records, however in the future other record types giving addressing information may be acceptable. It can also have other RRs, but never a CNAME RR."
If you only have a single connection to the internet then only setup 1 MX record, and avoid giving it a value of 0 - use 5 or 10. This will be your PRIMARY MX.
If you have a second connection to the internet that has a different IP address that you use for backup purposes in case your main line goes down then add a secondary MX with an A record that is configured for this IP address with a higher value, of say 20.
If you only have a single server, avoid the temptation to setup multiple MX records either setting up two MX records pointing to the same IP address as this is a complete waste of time, or one pointing to your own server and one pointing to a backup MX server hosted for you as this will get targeted by spammers and you will be forwarding spam from your secondary MX to your Exchange server.
Step 4
Contact your ISP as you will need to configure a Reverse DNS, also referred to as a PTR (pointer) record. This is against your IP address so can only be done by the company that provide your internet connection. Whilst a generic rDNS record will work, any systems doing strict lookup will fail your server if it doesn’t match the A record configured in Step 2 so, therefore, it is best practice to configure your rDNS to use mail.domainname.com (A record configured in Step 2)
Step 5
Modify your send connector/SMTP Connector. Depending on which version of Exchange Server you are using this process will be different.
In Exchange 2007 & 2010 the Send Connector will need to be modified.
Open Exchange Management Console, navigate to Organisation Configuration > Hub Transport > Send Connector and right click on the send connector configured for internet usage and select properties.
One of the most common of these is the rDNS lookup which basically checks that the server sending the message actually exists.
I will try to cover the correct configuration here for hosting your own mail server and sending mail out via DNS rather than a smart host. This configuration is not as important if you send via a 3rd party relay.
MX Configuration
The MX record(s) for your domain provide systems sending you e-mail with the correct path for your mail server. If you're using a relay/SPAM service then your MX record will be configured to use their servers' host names. If you host your own server, the MX record will be configured with your server's IP address.
Step 1
Confirm the External IP address your server is using. This can be achieved by simply going to http://whatsmyip.org from your Exchange Server. At the very top of the screen this will provide you with your IP address.
Step 2
Create an A record in the DNS that controls your EXTERNAL domain name. This is the DNS for the part after the @ in your e-mail address. I always use mail.domainname.com but you don’t have to. It doesn’t matter what you use as long as it’s consistent.
Step 3
You now need to configure the MX record for your main domain -- the one after the @ sign for which you want to receive email. To do this, edit the DNS settings for that domain and set the MX record to use the A record you have configured in Step 2.
Do not use IP addresses or CNAME records for the MX entry as this can throw up errors on DNS lookups and is also against RFC standards. See RFC2181: http://tools.ietf.org/htm
Extract: "This domain name must have as its value one or more address records. Currently those will be A records, however in the future other record types giving addressing information may be acceptable. It can also have other RRs, but never a CNAME RR."
If you only have a single connection to the internet then only setup 1 MX record, and avoid giving it a value of 0 - use 5 or 10. This will be your PRIMARY MX.
If you have a second connection to the internet that has a different IP address that you use for backup purposes in case your main line goes down then add a secondary MX with an A record that is configured for this IP address with a higher value, of say 20.
If you only have a single server, avoid the temptation to setup multiple MX records either setting up two MX records pointing to the same IP address as this is a complete waste of time, or one pointing to your own server and one pointing to a backup MX server hosted for you as this will get targeted by spammers and you will be forwarding spam from your secondary MX to your Exchange server.
Step 4
Contact your ISP as you will need to configure a Reverse DNS, also referred to as a PTR (pointer) record. This is against your IP address so can only be done by the company that provide your internet connection. Whilst a generic rDNS record will work, any systems doing strict lookup will fail your server if it doesn’t match the A record configured in Step 2 so, therefore, it is best practice to configure your rDNS to use mail.domainname.com (A record configured in Step 2)
Step 5
Modify your send connector/SMTP Connector. Depending on which version of Exchange Server you are using this process will be different.
In Exchange 2007 & 2010 the Send Connector will need to be modified.
Open Exchange Management Console, navigate to Organisation Configuration > Hub Transport > Send Connector and right click on the send connector configured for internet usage and select properties.
On the first screen you will see a FQDN box. This should match the A record you created in Step 2. For consistency you may also want to do the same on the Internet Receive Connector which is located under Server Configuration > Hub Transport and by default it will be the one that starts with Default.
In Exchange 2003 you will need to modify the properties of the SMTP Virtual Server.
Open Exchange System Manager, navigate to Administrative Groups > First Administrative Group > Servers > Servername > Protocols > SMTP and right click on the Default SMTP Virtual Server select properties.
Under the delivery tab click Advanced and enter the A record you created in Step 2 for the Fully Qualified Domain Name
Summary
In summary then your DNS configuration should look like this:
•A record mail.domainname.com configured for IP address of your server
•MX record for domainname.com configured to use A record mail.domainname.com
•rDNS configured to use mail.domainname.com
•Send Connector/Receive Connector in Exchange 2007 FQDN set to: mail.domainname.com
•SMTP Virtual Server in Exchange 2003 FQDN set to: mail.domainname.com
by: mboppe on 2010-02-03 at 22:04:20ID: 9100
Couldn't understand the below
"If you only have a single server, avoid the temptation to setup multiple MX records either setting up two MX records pointing to the same IP address as this is a complete waste of time, or one pointing to your own server and one pointing to a backup MX server hosted for you as this will get targeted by spammers and you will be forwarding spam from your secondary MX to your Exchange server"