Avatar of jmpriest
jmpriest
 asked on

Having problems with DNS and kicked back messages

We have a bit of a strange setup and I need some help/advice!

Our Exchange is part of SBS 2003. It's the only server for this company...

We're using the built-in POP Connector to pull down email from their host (mail.xyz.com) because we didn't want to purchase a bunch of spam protection and a backup mx subscription. Their mail host is providing email for free and do all the spam/virus scanning before it hits the server.

However, we can't use SMTP forwarding because our provider requires SMTP authentication.

So... I setup exch.xyz.com and pointed it to our static IP. The MX record points to mail.xyz.com.

Right now, I have the SMTP virtual server setup like this:

Masquerade domain: mail.xyz.com
Fully qualified domain name: exch.xyz.com

I have the external DNS addresses set to the ones our ISP provided.

At first we were getting kickbacks because I hadn't setup exch.xyz.com yet and was trying to totally masquerade as mail.xyz.com (including putting that into the FQDN field), but servers that did a reverse DNS lookup wasn't liking that the IP of the sender wasn't actually the IP address of mail.xyz.com. Lesson learned. That is when I added the exch.xyz.com and had the ISP make the lookup correct. I've verified that it works at www.DNSSTUFF.com... a reverse lookup now gives our static IP.

We still seem to get kickbacks from a few certain domains. Is it bad to have a message coming from exch.xyz.com when the MX record points to mail.xyz.com? I didn't think it would matter, but I need the advice of an Expert.

If you need any other information, don't hesitate to ask... I will provide any details you may need!

Thank you very much in advance, Experts!
Exchange

Avatar of undefined
Last Comment
jmpriest

8/22/2022 - Mon
ASKER CERTIFIED SOLUTION
Sembee

Log in or sign up to see answer
Become an EE member today7-DAY FREE TRIAL
Members can start a 7-Day Free trial then enjoy unlimited access to the platform
Sign up - Free for 7 days
or
Learn why we charge membership fees
We get it - no one likes a content blocker. Take one extra minute and find out why we block content.
Not exactly the question you had in mind?
Sign up for an EE membership and get your own personalized solution. With an EE membership, you can ask unlimited troubleshooting, research, or opinion questions.
ask a question
jmpriest

ASKER
I think for now I'll try to get the SMTP connector working with authentication.

I understand that in a perfect world, a "vanilla" Exchange configuration would probably be best, but the company is pretty much dead set against opening up the server to accept email directly. They feel safer behind the POP Connector, so while my thoughts about it may have been flawed, for now it's in their interest to keep email coming as is.

I removed the incorrect Masquerading information that you pointed out, and using SMTP forwarding should put any email delivery problems in the hands of the host... providing that the connector is working, of course!

Thanks for your links and information!
I started with Experts Exchange in 2004 and it's been a mainstay of my professional computing life since. It helped me launch a career as a programmer / Oracle data analyst
William Peck