?
Solved

How do I configure MX records for a new domain email address?

Posted on 2006-05-25
12
Medium Priority
?
495 Views
Last Modified: 2010-03-06
This one is definately worth 500 points!

We have a primary email domain that handles the bulk of our email. We also have an internal exchange server 2003 that is our email server. On our email accounts internally, I have set up each user to also accept mail from a total of four additional domain suffixes that we own. All of those MX records are hosted by Choiceone DNS servers in Ohio somewhere. They all point to our outside IP (firewall) and when that traffic hits that IP address it is NAT'd on through to our exchange server and delivered internally. A while ago we decided to se a hosted, off-site SPAM filter so we changed things to relay from ChoiceOne to our off-site SPAM filter and then on to us. So currently the mail goes like this:

choiceOne>>Off-siteSpamFilter>>Firewall>>Exchange

Outgoing goes like this:

Exchange>>Firewall>>Off-SiteSPAMFilter>>Internet(I guess)
               
Well now we have purchased two new domains, "newdomain.biz" and "newdomain.com". They are through an outfit called, "CheapDomainRegistration.com". I can log into their server and configure the A record, CNames and Mail Exchanger records for each new domain. I thought I had it configured correctly, but when I had someone off-site send an email to me @newdomain.biz and also ".com" it failed to deliver to me. The sender got this failure notification:

"The e-mail account does not exist at the organization this message was sent to.  Check the e-mail address, or contact the recipient directly to find out the correct address.
            < slot95.h-pmx-msn-6.binc.net #5.1.1 SMTP; 550 5.7.1 Unable to relay for dwielgosz@newdomain.biz>"

The  "slot95.h-pmx-msn-6.binc.net" is the off-site spam filer, server that relays our mail for our old email domain(exchange)

What I configured  was this:

A Record I configged as:
host = "@"
points to= IP address of our firewall (our external IP) This is not the IP used to connect to our Outlook web access though

CNAME records I left as is with their configuration for E, pop, mail, imap, email,  smtp,  mobilemail, pda and webmail all pointing to their default servers and "www" and  "ftp" which had "@" as the configuration.

MX (Mail Exchanger)
I configured as:
priority=0
Host="@"
Goes to=" server address furnished to me by our off-site SPAM Filter provider" actually two of them for redundancy I was told.
Two Text Records One is our business owners name and business address and the second is named "@" and contains a string with the mx record and ending in a minus A

What I got from our spam filter relay provider were two server names for each new domain(two each for redundancy) each one started with the letters "MX" tnen a space then the number "10" for the primary server(number "20" for the redundant, second server) a space and then a continuous string ending in ".net". The interface would not allow spaces in the server names(addresses) so I ended up dropping the "MX 10" or "MX 20" prefix from each server, but I don't think that's the problem.  

What am I doing wrong?
0
Comment
Question by:dwielgosz
  • 6
  • 6
12 Comments
 
LVL 35

Expert Comment

by:Bembi
ID: 16762868
I assume, taht you external SPAM-Filter denies realy for your new domains. As your new domains are unknown by the spam filter server, this server handles the sender and teh recipient as external and therefore as foreign relay.

Talk to the provider / administrator, who is responsible for the spamfilter, so that he can change the settings on this server to accept your new domains as internal recipients. Also your exchange server must accept the new domains, otherwise the exchange server will send them back (same procedure, senders and recipient domain are handled as external).
0
 

Author Comment

by:dwielgosz
ID: 16763070
I did contact the provider that we relay our mail through for the purpose of spam filtering. Actually we relay through him coming in and going out. I already had that configured on the exchange server to relay through that server. from the original domains.

MX (Mail Exchanger)
I configured as:
priority=0
Host="@"
Goes to=" server address furnished to me by our off-site SPAM Filter provider" actually two of them for redundancy I was told.

What do you mean by:

"Also your exchange server must accept the new domains, otherwise the exchange server will send them back (same procedure, senders and recipient domain are handled as external)."

Where would I do this configuration?
0
 
LVL 35

Expert Comment

by:Bembi
ID: 16763594
For your configuration, you have to do for a new maildomain, to reach your exchange:

- The public MX record for your new domain should point to your SPAM filter Server(s).
- On your spam filter server, you have to add the new domain, so that the spam server knows, that these mails are internal and have to be forwarded to exchange (instead of rejected).
- On your exchange server, you should add the new domain to the recipient policy for your domain (where all your other domains should reside). Doing this tells your exchange, that it is responsible for this domain. Also this policy assigns an email address for this domain to your users.

Within the mail header of the NDR, you can see, which server is sending the NDR, there you have to locate the problem.
0
Problems using Powershell and Active Directory?

Managing Active Directory does not always have to be complicated.  If you are spending more time trying instead of doing, then it's time to look at something else. For nearly 20 years, AD admins around the world have used one tool for day-to-day AD management: Hyena. Discover why

 

Author Comment

by:dwielgosz
ID: 16764458
This has all been done and it didn't work. I'm thinking that instead of pointing to our external IP on the firewall I should have it pointing at the actual IP address of our exchange server. I'm going to try that and test tomorrow.
0
 
LVL 35

Expert Comment

by:Bembi
ID: 16764574
In general, the configuration should be the same than for all other domains. If they are pointing to the firewall (what is your external IP Address and public), the new domain should also point to it.

Nevertheless, have a look at the mail header of the NDR, also the NDR itself is pointing to the spam filter as source. That means, the spam filter gets the mail, but do not forward it to your exchange.
0
 

Author Comment

by:dwielgosz
ID: 16764699
The address on the NDR is the same server address of the server that normally relays the email in to us. It appears that things are functioning correctly up until the relay tries  to hand off the mail to our exchange server.  I configured the address into my email addresses in my U&C user account. So why is exchange telling the relay that it's not a valid email address then?
0
 
LVL 35

Accepted Solution

by:
Bembi earned 2000 total points
ID: 16764832
You mean, your exchange is dening the delivery?
Enable the SMTP log of the exchange server (virtual SMTP server), there you can verify, that there is a connection request between your spam server and your exchange. Send a mail to your server (with the new domain) and have a look at the log, if there is any try of the spam server to submit the mail. If you find something, there should be also a line in the log with some more information about the reason.

If you find something pointing to a relay issue, make sure, the new domain is part of your (a new) recipient policy, and the recipient policy service has run at least once (you can start it manually). After the recipient policy service has run, the users, covered by this policy should have a new email-address with the new domain. This is necessary to put the new domain into the metabase.

On the prorperty pages of your virtual SMTP server, make sure, that the settings for relay are not dedicated set to your old domains instead of using more general settings. Usually the setting is set to "Deny all in the list" with an empty list with the option "Allow als clients which successfully authenticated" enabled. Maybe that your server is setup only to accept mails for your old domains. Also check the EX 2003 spam filter settings, if there is anything resticted.
0
 

Author Comment

by:dwielgosz
ID: 16768922
"If you find something pointing to a relay issue, make sure, the new domain is part of your (a new) recipient policy, and the recipient policy service has run at least once (you can start it manually). After the recipient policy service has run, the users, covered by this policy should have a new email-address with the new domain. This is necessary to put the new domain into the metabase"  

Where and how is the Recipient Policy started/set? I have added that domain-suffix as a valid smtp mail address for the user that I had tested and got the NDR, is that how you set the recipient policy?

A week or so ago I turned up the logging parameters on exchange and smtp. Having done that, how do I open them to examine them and where are they located/what are their names?
0
 
LVL 35

Expert Comment

by:Bembi
ID: 16769117
> Where and how is the Recipient Policy started/set?
Goto ESM - Recipients - Recipient Policies
Within this folder, you find at least then "default policy"
Open this default policy (which is valid for all users), or crete a new policy which a filter for users
Click on E-Mail Address (Policy) and add your domain there, i.e. @mydomain.com
Click OK

Goto ESM - Recipients - Recipient Update Services
There you find two recipient update services (one enterprise, one domain)
Right click the policies and select recreate

Adding simply a mail address to a user will not change something.

> Having done that, how do I open them ...
The default folder is C:\Windows\System32\logfiles as long as not changed in the log configuration
There you find a folder SMTPSVCx, where x starts with 1 for each Virtual SMTP server you have.
Within this folder, you find the logfiles as text files. Open the newest file for the newest log.
0
 

Author Comment

by:dwielgosz
ID: 16769230
I found the policy. I created it a while ago and added other domains (that we own) at that time, it's been awhile and just forgot about it. I definately added the two new domains this AM and applied the policy.  

In the Update policy I have a choice between "update" and "rebuild" what's the difference?

What about the logs in, Program Files\ExchSrvr\serverName.log\20060526.txt?
0
 
LVL 35

Expert Comment

by:Bembi
ID: 16770086
Rebuild command to recalculate address list memberships and the recipient policy settings of all recipients in a domain at the next scheduled interval.
Update Now command to perform this processing immediately.

What about the logs in...
These logs are the transaction logs. If enabled, you can follow up the mail flow via the search option. There is a folder called "message status", where you can see all mails and how they are routed. In comparison with the SMTP log, which only collects information on the SMTP gateway, the transaction log shows also the internla routing. Sometimes good to have.

0
 

Author Comment

by:dwielgosz
ID: 16770195
I looked at the relay options and everything is set correctly. I have a high degree of confidence that our exchange server is configured correctly. I have tested the new domain addresses again today and have received the emails addressed to me at the new domain-suffix that was not working yesterday. So, therefore it is "fixed". I don't know what it was but I'm thinking that it has to be either the recipient policy setting that I did this AM, or the fact that I changed the configuration of the DNS records (MX) on the big DNS servers (CheapDomainRegistration.COM) that host these domains out on the NET. I changed the IP address from our external firewall IP addy to the IP addy of our exchange server(on the firewall), or both.

It does work now though and that's all that counts. Thank you for your help.
0

Featured Post

Technology Partners: We Want Your Opinion!

We value your feedback.

Take our survey and automatically be enter to win anyone of the following:
Yeti Cooler, Amazon eGift Card, and Movie eGift Card!

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

The main intent of this article is to make you aware of ‘Exchange fail to mount’ error, its effects, causes, and solution.
Here in this article, you will get a step by step guidance on how to restore an Exchange database to a recovery database. Get a brief on Recovery Database and how it can be used to restore Exchange database in this section!
In this video we show how to create a mailbox database in Exchange 2013. We show this process by using the Exchange Admin Center. Log into Exchange Admin Center.: First we need to log into the Exchange Admin Center. Navigate to the Servers >> Data…
This video demonstrates how to sync Microsoft Exchange Public Folders with smartphones using CodeTwo Exchange Sync and Exchange ActiveSync. To learn more about CodeTwo Exchange Sync and download the free trial, go to: http://www.codetwo.com/excha…
Suggested Courses
Course of the Month14 days, 18 hours left to enroll

839 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question