Learn how to a build a cloud-first strategyRegister Now

x
?
Solved

How SMTP and MX records related?

Posted on 2006-05-04
19
Medium Priority
?
4,226 Views
Last Modified: 2009-11-18
I have an interesting situation which i would like to share. A few days ago i had to close the port 25 on the firewall for one of the servers due to SPAM. Though i changed the configuration of the sendmail server, i wasn't sure so i closed the port. Yesterday one of our clients complained that they got a few messages stuck in their mail queue for a while which were destined to one of our servers. He told me that i need to open port 25 on our firewall since i don't have an MX record for that server. I just want to mention that this server is not our email server. We run a software on this server which needs SMTP to relay emails. We have an MX record for our mail server.  So i looked at the firewall settings for our mail server and i found out that it doesn't have an SMTP port opened for it and only pop3 was open. It didn't strike me at first why should i have to open SMTP on the server for receiving emails when pop3 is already open and SMTP is meant only to send and pop3 or IMAP for receiving. I started googling and came to know that during the mainframes era SMTP was used both for sending and receiving emails and there was no pop3. Though it didn't make any sense to me, i made a small point out of it that if your server doesn't have an MX record you need to open port 25 on your firewall or if it has an MX record you don't have to open SMTP, pop3 works just fine.

So now i am not fully confused but a little confused about the relationship between SMTP and MX record.
Can anyone of you come up with a good explanation of what an MX record is? what role does it play on a server which has SMTP service running and pop3 running? Hope it makes sense
0
Comment
Question by:zkaiserm
  • 5
  • 4
  • 3
  • +6
19 Comments
 
LVL 10

Assisted Solution

by:Walter Padrón
Walter Padrón earned 400 total points
ID: 16610286
Hi zkaiserm,

I hope this article explain the relation
http://www.petri.co.il/configure_mx_records_for_incoming_smtp_email_traffic.htm

cheers
0
 
LVL 34

Expert Comment

by:PsiCop
ID: 16611195
SMTP, or Simple Mail Transfer Protocol, defines the communications protocol for mail systems to transfer E-Mail between them.

An MX record is a type of DNS record that defines the Mail eXchanger for a DNS zone.

SMTP is a communications protocol, an MX record is a type of DNS record.
0
 
LVL 18

Assisted Solution

by:Sam Panwar
Sam Panwar earned 400 total points
ID: 16611915
Hi,

MX record and SMTP

1. MX record is very essential for connect to mail server , Mx record is a dns entry it is just like a www record which is point to the mail server through the SMTP service or port of the local computer.

2. MX record is looks like

mail    IN       A      69.72.31.1

Here

mail               is your MX
69.72.31.1     your mail server ip

3. SMTP is service which is run on the

secure port for smtp 465
NOn secure                25

WIKI definition for SMTP
 (pronounced as separate letters) Short for Simple Mail Transfer Protocol, a protocol for sending e-mail messages between servers. Most e-mail systems that send mail over the Internet use SMTP to send messages from one server to another; the messages can then be retrieved with an e-mail client using either POP or IMAP. In addition, SMTP is generally used to send messages from a mail client to a mail server. This is why you need to specify both the POP or IMAP server and the SMTP server when you configure your e-mail application.

4. SMTP is used for relay your mail.

5. MX record is

 Short for mail exchange record, an entry in a domain name database that identifies the mail server that is responsible for handling e-mails for that domain name.

When more than one MX record is entered for any single domain name that is using more than one mail server, the MX record can be prioritized with a preference number that indicates the order in which the mail servers should be used. This enables the use of primary and backup mail servers.

0
Industry Leaders: We Want Your Opinion!

We value your feedback.

Take our survey and automatically be enter to win anyone of the following:
Yeti Cooler, Amazon eGift Card, and Movie eGift Card!

 

Expert Comment

by:Ibmg
ID: 16611921
All mail servers require SMTP to communicate with one another. In order to send and receive mails (even in this day and age) you need SMTP to communicate with a mail server.

POP is used only to retrive Mail from the mail server to your Mailbox (email client). It's like taking letters out of a mailbox.

Let's see if this makes it easier to see :

Eg. You are sending mail to me
You --SMTP--> Your Mail Server --SMTP-> My Mail Server --POP-> Me

0
 
LVL 7

Assisted Solution

by:sunilcomputer
sunilcomputer earned 200 total points
ID: 16612986
0
 
LVL 10

Expert Comment

by:Walter Padrón
ID: 16615363
Hi zkaiserm,

I re-read your post today

1- SMTP is for sending and for receiving, you send through SMTP to external domains and receive messages from external domains. You need to permit connections on port 25/tcp in the firewall to your mailserver.

2- You also need POP3 or IMAP in order to your clients be able to read mails (if you don't have external clients don't open port 110/tcp in the firewall)

3- Regarding your user complaints, usually email clients don't use MX records they have smtp/pop3 manually configured you should check if your user is still accessing your old mailserver. Also some email clients make a POP3 connection before sending mail just to authorize the user to send.

cheers
0
 

Author Comment

by:zkaiserm
ID: 16617116
How come we are still receiving emails even though the SMTP port is not open on the firewall? The only port open on our firewall is pop3? how are other email servers able to communicate with our email server?
0
 

Author Comment

by:zkaiserm
ID: 16617857
I get these and they sit in our mail queue for a long time. Any ideas what they are


JAA26716      500 Fri May  5 09:44 <postmaster@customlot.com>
                 (Deferred: 452 ... temporary failure)
                                   absk@cox.net
JAA26721      500 Fri May  5 09:44 <postmaster@customlot.com>
                 (Deferred: 452 ... temporary failure)
                                   jaskr1@cox.net
IAA12493      490 Fri May  5 08:29 <postmaster@bluecustom.com>
                 (Deferred: 452 ... temporary failure)
                                   absk@cox.net
IAA14871      511 Fri May  5 08:38 <postmaster@customcyber.com>
                 (Deferred: 452 ... temporary failure)
                                   absk@cox.net
0
 
LVL 10

Expert Comment

by:Walter Padrón
ID: 16618003
> set type=mx
> cox.net

Non-authoritative answer:
cox.net MX preference = 100, mail exchanger = mx.east.cox.net
cox.net MX preference = 100, mail exchanger = mx.west.cox.net
cox.net MX preference = 100, mail exchanger = mx.central.cox.net
cox.net MX preference = 100, mail exchanger = mx1.west.cox.net

Maybe they blacklisted you.

0
 
LVL 31

Expert Comment

by:rid
ID: 16618672
If you close the standard SMTP port (25) you will not receive any mail UNLESS you open another port for SMTP, and you agree with the sender to use that port. SMTP is a protocol and the interaction between parties doing SMTP usually runs on port 25, but that is not a requirement. It is assumed, though.

Things in the mail queue are outbound. As has been suggested, you may be blacklisted.... or the addresses are bad.
/RID
0
 

Author Comment

by:zkaiserm
ID: 16622637
I don't see any other port open on our firewall for SMTP.
0
 
LVL 18

Expert Comment

by:carl_legere
ID: 16622803
then your server is poping or etrning the mail from another server, or you have a dmz?
0
 
LVL 3

Accepted Solution

by:
RiDo78 earned 1000 total points
ID: 16625014
Let's start over again and I will explain some things from the beginning. Even issues that other posters have already answered. Just to make one readable explanation. As the basics of Email are very easy to understand. But configuring your mailserver properly is something completely different.

It seems that a mailserver has 3 tasks:
- Receiving mail
- Sending mail
- Generating administrative emails

But actually a mailserver has 2 tasks as sending and receiving mail are the same:
- Accept the connection
- Check if the sender is allowed to send at all
- Check the receipient-address. If the server does not serve it, is the server allowed to relay? If not, is the sender allowed to send to 'the world'?
- Place the message to the correct queue
- Deliver the message if it's not for a local receipient

You can run a stand alone mailserver and use any possible protocols between your clients and server. Think of the Exchange environment. But if you want to communicate with the outside world you need the SMTP protocol, for incoming and outgoing mail. Although there are exceptions like X400. POP3 has nothing to do with the mailserver itself. Once the mailserver has delivered the message to your queue it's done. You can pick it up with POP3 if you need it.


To RECEIVE mail, you need to have the SMTP port 25 open and available to the entire world. An MX-record is not required but STRONGLY recommended. Because the sending mailserver must be able to find you. Just as an www A-record for a website. Without this record you can still reach the webserver on the IP-address. Anyway, you can setup multiple MX-records in the DNS and assign them a preference. Email is usually delivered to the mailserver with the lowest preference. If the mailserver is unavailable, the sender will try to deliver to the server with the second-lowest preference.

Of course you want all the email to reach one and the same server, so there is a way that the mailserver can ask a higher-preference server if it has received any mail for it. This is archieved with the ETRN command. The mailserver will contact another SMTP server and issue the ETRN command. This way the server 'asks' the other server if there are messages queued. This is nothing more than polling for messages. Some mailservers can also use the POP protocol to archieve the same. Downside of both ways is that you cannot poll every mailserver on the entire internet. So the server you use as backup is usually one of your own servers on a seperate (failover) location or your ISP's mailserver.

Once a message is delivered to your mailserver, the mailserver will check if the destination-address is one of the addresses it serves. If so, it will deliver the message to the receipents mailqueue. If not, it will check if it is allowed to relay the message to another mailserver. This depends on the sending-mailservers identity (name and/or IP-address) and the mailserver to which the message has to be relayed. If the mailserver is not able to deliver or relay the message, it will generate an administrative message to the sender of the original message and put it in the delivery-queue. It is also possible that the mailserver refuses the incoming message and the sending-server has to generate this administrative-message.


To SEND mail, the SMTP-server maintains a delivery-queue. Once a message is received it is checked if the sender is allowed to use this server for outgoing mail. This depends on the username/password and/or the senders IP-address. If the sender is allowed to use this SMTP server, the mail is put in the delivery-queue. Now the server will try to find the mailserver that serves the receipients mailbox. This is where the MX-record comes in. The server will first search the domain-server of the receipients domain, contact that domainserver and ask for the MX-records. It will take one of the servers with the lowest preference number and attempts to contact that server. If the server responds, it will try to deliver the message. If the server accepts the message, it is considered to be delivered (although the receiving server may reply with an administrative message later). If the receiving server does not accept the message, your server will generate the administrative message itself. And at last, if the receiving server does not answer at all, your server will try another server with the lowest preference (if available), try another server with second-lowest preference. If no servers are responding, the message will be left in queue for later delivery. If there is no delivery possible after a certain time, the message is discarded and an administrative message is generated.


Now imagine if I send a mail from sender@non-existent-domain1 to receipient@non-existent-domain2. Normally the mailserver would refuse the message, because it does not serve non-existent-domain2 and I should not be able to send a message from sender@non-existent-domain1. But if the message-accept-rules allowed me to send this message it will end-up in the delivery-queue. Now one or more administrative-messages to sender@non-existent-domain1 will be placed in queue. But as they can't be delivered, they also remain in queue and it is possible that administrative-messages will be generated. NOW, THOSE messages would be directed to the postmaster on your own domain, so they should be delivered to postmaster@yourdomain and afer a few days the original message, and all the generated messages should be discarded from the delivery-queue. However, if your server is so heavily misconfigured that postmaster@yourdomain is not a valid mailbox, those messages will buildup in your delivery-queue and will cause a huge problem after a couple of days as the queue gets full.


Last not least, I want to stop the misunderstanding of POP3 vs. SMTP. POP3 is NOT a mail-delivery protocol and SMTP is. If you send a message, you send it using an SMTP connection to the mailserver. If the mailserver does not serve the receipient it will forward the message to another server using SMTP. If the receiving SMTP server does not serve the receipient it has to relay the message to the correct server. Until a server is found who does serve the receipient. This server places the message in the receipients message-queue. What happens next with the message depends on the mailserver and the settings. Exchange takes care for the receipients message-que by itself. But usually (with ISP's and so) there is an POP-server running on the server that allowes people to download and remove the emails from the queue. The big difference with SMTP is that SMTP initiates the connection on it's own, and POP3 waits for a connection to setup from the POP3-client. (Although there is a way to force SMTP to deliver messages in the queue)

And to prove that SMTP between servers is 100% the same as the SMTP between a client and a server, you might want to find out the mailserver of the receipient by hand (using MX-records) and set that mailserver as sending-server in your mailclient. Now simply send a message and see that it gets delivered. Now send a message to someone in another domain without changing the mailserver. If the mailserver is correctly configured, your message will be refused because you should not be allowed to send messages to users that are not served by that server. Except when your IP address is in the 'local'-list of the mailserver, in that case the server should allow you. But that's usually the case with your own mailserver only.
0
 

Author Comment

by:zkaiserm
ID: 16627360
RiDo78,
       I really appreciate for taking so much time to respond to my question.  The only jinx, i have right now is ,how in god's name we are getting emails when there is no port 25 open on our firewall. The following are the only ports open to the outside world except SMTP on our firewall.
https, https, dns, ftp, ping, ntp, pop3. Any ideas.

We have only one email server with no other relay servers and all the above ports are open to that server except smtp.
0
 
LVL 31

Expert Comment

by:rid
ID: 16628293
This sounds highly unnatural... By "getting mail", do you mean you get proper incoming mail that goes to your server and you can fetch it from there (with POP3 or something)? Or are you referring to the queue building up? The latter can be a result of an infected machine on the network, sending a lot of meaningless things and not in itself indicating that you get anything from the outside.

If you are in doubt of your firewall, you should try reaching in to the mail server from an outside IP. Run a telnet session on port 25 against your mail server. If all is as you seem to expect, the session should fail.
/RID
0
 
LVL 3

Expert Comment

by:RiDo78
ID: 16629460
There are still ways messages can build up on the server.

The messages you mentioned are dated on the day you posted them, so they are probably new. They look like server-generated messages, send to different @cox adresses to report a temporary delivery-failure for some unknown message (SPAM?). I guess those messages are generated to let the sender of the original message know that the message has not been delivered yet.

And as long as you block outgoing SMTP traffic, those messages can't be delivered, so notification-messages are genereted to report the failure. However those notification-messages are also put in the queue, and they also cannot be delivered. So probably you'll get autogenerated messages on the postmaster account on your server, telling you that the notification-messages couldn't be delivered.

To solve this issue, either empty the deliveryqueue or reenable sending SMTP. As long as you keep the receiving-rule in place, your server should not receive any new messages and should get rid of the already queued messages.
0
 
LVL 31

Expert Comment

by:rid
ID: 16629520
I couldn't tell fromthe thread  if the firewall also blocks outgoing port 25 traffic... but that may explain the queue build-up...
/RID
0
 
LVL 10

Expert Comment

by:Walter Padrón
ID: 16632572
Hi zkaiserm,

At this point, IMO you should look on the firewall console what connections are established (or dropped) on port 25 from/to your servers. That must give you some clues about the mail flow.

good luck!
0
 

Author Comment

by:zkaiserm
ID: 16664332
Hello EveryOne,
    I figured out how it actually works. We have a spam filter which is hosted at a different site. All our Mail traffic comes through that site. So our SMTP port is open only to that site and not to the whole world. Thanks any way for all your help.



Kaiser



 
0

Featured Post

Industry Leaders: We Want Your Opinion!

We value your feedback.

Take our survey and automatically be enter to win anyone of the following:
Yeti Cooler, Amazon eGift Card, and Movie eGift Card!

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Occasionally Windows/Microsoft Updates will fail to update. We have found a code that will delete all temporary files and re-register all dll's related to Windows/Microsoft Updates! This works 99% of the time to get the updates working again! The…
I have written articles previously comparing SARDU and YUMI.  I also included a couple of lines about Easy2boot (easy2boot.com).  I have now been using, and enjoying easy2boot as my sole multiboot utility for some years and realize that it deserves …
This is used to tweak the memory usage for your computer, it is used for servers more so than workstations but just be careful editing registry settings as it may cause irreversible results. I hold no responsibility for anything you do to the regist…
Hi friends,  in this video  I'll show you how new windows 10 user can learn the using of windows 10. Thank you.
Suggested Courses

810 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question