Nav444
asked on
Final Destination and MX record
Hi
I just setup my MX record on DNS server to receive my emails on this new machine. It is running an Exchange server.
When I send an email, it reject it and says relay access denyed!!
How can I fix MS exchange 2000 to accept the email and know that it is the final destination for the email.
Thanks
Nav
I just setup my MX record on DNS server to receive my emails on this new machine. It is running an Exchange server.
When I send an email, it reject it and says relay access denyed!!
How can I fix MS exchange 2000 to accept the email and know that it is the final destination for the email.
Thanks
Nav
ASKER
Hi Bembi
Thanks for your reply. I did all you said, but still I get relay access rejected!!
any clue?
I have following on my DNS.
foo.com. MX 10 mail2.foo.com.
mail2 A 122.105.125.22
foo.com. A 122.105.125.28
www CNAME foo.com.
ftp CNAME foo.com.
mail CNAME foo.com.
As you see IP on second line and third line are not same. Because as I said before, the exchange server is on other remote machine.
Do you think this DNS setting is correct?
When I ping mail2.foo.com. I get responses and shows the correct IP.
[ps. foo.com and ip addresses are not real in my example]
I really appreciate it if you chould help.
Nav444
Thanks for your reply. I did all you said, but still I get relay access rejected!!
any clue?
I have following on my DNS.
foo.com. MX 10 mail2.foo.com.
mail2 A 122.105.125.22
foo.com. A 122.105.125.28
www CNAME foo.com.
ftp CNAME foo.com.
mail CNAME foo.com.
As you see IP on second line and third line are not same. Because as I said before, the exchange server is on other remote machine.
Do you think this DNS setting is correct?
When I ping mail2.foo.com. I get responses and shows the correct IP.
[ps. foo.com and ip addresses are not real in my example]
I really appreciate it if you chould help.
Nav444
You can check your server by:
Dos promt:
nslookup
set type=mx
foo.com
this should respond a MX record, which points to mail2.foo.com and an A Record pointing to 122.105.125.22
Yuur server (Exchange must have this IP and it must listen on port 25 for this ip.
Additionally you have to make sure, that mails are forwarded to this IP. Also make sure, that the same test from the internet shows the same results. As you must have a agreement with your provider to host your own (public DNS), your internal settings are irrelevant, as long as somewhere else exists a public MX record for your domain.
Make sure, your server is listening on port 25 on this IP (or all IPs = 0.0.0.0)
Go to your exchange server and type at the dos promt:
netstat -na
you should get either
TCP 0.0.0.0:25 - 0.0.0.0 - Listening
or
TCP 122.105.125.22:25 - 0.0.0.0 - Listening
DNS Settings:
the foo.com do not have an A Record, additionally CNAME never points to a domain.
I assume you mean:
superior folder ... which simply points to your local machine (the DNS server)
and a CNAME should be
mail CNAME myreallyservername.foo.com
Dos promt:
nslookup
set type=mx
foo.com
this should respond a MX record, which points to mail2.foo.com and an A Record pointing to 122.105.125.22
Yuur server (Exchange must have this IP and it must listen on port 25 for this ip.
Additionally you have to make sure, that mails are forwarded to this IP. Also make sure, that the same test from the internet shows the same results. As you must have a agreement with your provider to host your own (public DNS), your internal settings are irrelevant, as long as somewhere else exists a public MX record for your domain.
Make sure, your server is listening on port 25 on this IP (or all IPs = 0.0.0.0)
Go to your exchange server and type at the dos promt:
netstat -na
you should get either
TCP 0.0.0.0:25 - 0.0.0.0 - Listening
or
TCP 122.105.125.22:25 - 0.0.0.0 - Listening
DNS Settings:
the foo.com do not have an A Record, additionally CNAME never points to a domain.
I assume you mean:
superior folder ... which simply points to your local machine (the DNS server)
and a CNAME should be
mail CNAME myreallyservername.foo.com
ASKER
Thanks.
That is right. DNS server, a Mail server and web server are all on a Linux machine that is hosted in a remote location, and I have full administration access to it.
This machine was running for passed 3 years. We have about 20 different domains running on it and few of them using the same sendmail Mail server.
Now all I am trying is to move only the mail server for one of those domains to another location on a Exchange server, while the WebServer and rest are still on Linux machine.
The exchange server is also in running condition. We are using it over WAN between two offices. Two offices are connected with VPN.
Well, exchange is listening to port 25. and when type the domain name in here http://www.dnsstuff.com/, it can find MS and A record.
May be my problem is this: The IP of exchange server, does not have any Domain Name.
so I can not do what you said:
mail CNAME myreallyservername.foo.com
www.foo.com is domain of Linux Machine, where I want to hold the web server.
do you think I should create a domain name for IP address of Exchange? then only I can set everything?
also I do not understand this:
"Additionally you have to make sure, that mails are forwarded to this IP" after DNS server, there should be Exchange server. So no need of forwarding!!
I hope I am not very confusing. I really appreciate if you could help me with this problem.
Nav444
That is right. DNS server, a Mail server and web server are all on a Linux machine that is hosted in a remote location, and I have full administration access to it.
This machine was running for passed 3 years. We have about 20 different domains running on it and few of them using the same sendmail Mail server.
Now all I am trying is to move only the mail server for one of those domains to another location on a Exchange server, while the WebServer and rest are still on Linux machine.
The exchange server is also in running condition. We are using it over WAN between two offices. Two offices are connected with VPN.
Well, exchange is listening to port 25. and when type the domain name in here http://www.dnsstuff.com/, it can find MS and A record.
May be my problem is this: The IP of exchange server, does not have any Domain Name.
so I can not do what you said:
mail CNAME myreallyservername.foo.com
www.foo.com is domain of Linux Machine, where I want to hold the web server.
do you think I should create a domain name for IP address of Exchange? then only I can set everything?
also I do not understand this:
"Additionally you have to make sure, that mails are forwarded to this IP" after DNS server, there should be Exchange server. So no need of forwarding!!
I hope I am not very confusing. I really appreciate if you could help me with this problem.
Nav444
You mention your getting relay errors when sending mail.
Is this mail from your exchange clients to the outside world
or
Mail from the outside world to you exchange server
Is this mail from your exchange clients to the outside world
or
Mail from the outside world to you exchange server
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
ASKER
Thanks for your clear explanation, I think I should create the mailbox and recipient policy. But I do not know how to do it exactly.
This exchange already has a mail box that works internally. I want to have a different mailbox. Like first one works with username@myfirstsite.com and new one should work with username@foo.com
I just created a policy, and it did not worked. i think I should do some other settings too.
Can you give me some hint.
Thanks
Nav444
This exchange already has a mail box that works internally. I want to have a different mailbox. Like first one works with username@myfirstsite.com and new one should work with username@foo.com
I just created a policy, and it did not worked. i think I should do some other settings too.
Can you give me some hint.
Thanks
Nav444
The policy may need some time if it is applied. Dependend from your settings and configuration, it may take about 15 minutes.
Each policy has a filter, where you can filter the users / mailboxes, which should be affected by the policy, and an address space for SMTP like "@foo.com".
Within your filter (1st tab of the policy - button change) you have a "Search now" button to see the result of the filter
On the second tab (Email addresses) assign a name space for the affected users, you have seen before.
As you can not change the filter for the default policy (affects all users), you may have to create a new policy, if only a few users are affected. So you can i.e. create a policy for foo.com as well as for myfirstsite.com with different affected users.
If you want to assign both addresses to all users, you can add the second SMTP address to the default policy.
If you add an email address, there is a checkbox saying "This sever is responsible for all mails to this domain". This setting says, that the server is the only server, which is responsible for this email domain.
If both addresses should be reached from the internet, you have to provide a public mx record for each of your domains.
You can use http://www.checkdns.net/ to check your domain, if it can bee seen from the internet.
Each policy has a filter, where you can filter the users / mailboxes, which should be affected by the policy, and an address space for SMTP like "@foo.com".
Within your filter (1st tab of the policy - button change) you have a "Search now" button to see the result of the filter
On the second tab (Email addresses) assign a name space for the affected users, you have seen before.
As you can not change the filter for the default policy (affects all users), you may have to create a new policy, if only a few users are affected. So you can i.e. create a policy for foo.com as well as for myfirstsite.com with different affected users.
If you want to assign both addresses to all users, you can add the second SMTP address to the default policy.
If you add an email address, there is a checkbox saying "This sever is responsible for all mails to this domain". This setting says, that the server is the only server, which is responsible for this email domain.
If both addresses should be reached from the internet, you have to provide a public mx record for each of your domains.
You can use http://www.checkdns.net/ to check your domain, if it can bee seen from the internet.
Setup a recipient policy or change the existing default recipient policy for your domain and make sur than a SMTP and X400 entry exists and is activated.
As far as your recipient update service has run or as far as you have run it manually, every user in your domain should have a valid e-mail address.
Go to your virtual smtp server and click
- "Access" and "Relay" and activate "All computers on the list", leave the list empty and activate "all computers with have authenticated..." at the bottom of the dialog.
- "Access" and "Authentication" and activate "anonymous" and "windows integrated".
To receive e-mail from inside, just connect your clients to the "Exchange server". For clients using not exchange server but pop3 / smtp, you have to setup the server settings on the client and make sure, that the senders address is within the address space of your exchange server.
To receive e-mail from the internet, place your MX record on a public DNS, which can be found from servers at the internet (usually your provider). Also you should provide an DNS A-Record for your server on the same DNS.
Make sure, that no router or firewall blocks port 25 and you do not use a dial up connection or a dynamic IP address.