martynwolf32
asked on
How do I enable a legitimate second domain?
At work we have one server running Windows Server 2003 SBS. This server is used as a proxy for Internet access; it also runs AD and Exchange.
We use a hosting company for our domain and they also collect our public email (POP 3) which is periodically collected by Exchange. Outbound email is relayed to BT. We do use OWA for external access to Exchange and this is achieved by a public IP address provided by BT. The FQDN of the internal server is simply a private local name.
My company has recently been purchased by another company who want us to use their domain name immediately. Thus I need a quick and safe solution. We have set up their new domain to relay email to our POP 3 provider in terms of relaying appropriate incoming email under their domain. This works fine.
However, it gets more complicated when setting the new domain as the primary email address for my internal users, as many spam filters do not like receiving email from one domain which originated from another and this is bad practice.
My question is how do I solve this in the interim? We will be fully integraing with their domain over the next few months but I need my users to be able to email from the internal network under the new domain domain quickly.
We use a hosting company for our domain and they also collect our public email (POP 3) which is periodically collected by Exchange. Outbound email is relayed to BT. We do use OWA for external access to Exchange and this is achieved by a public IP address provided by BT. The FQDN of the internal server is simply a private local name.
My company has recently been purchased by another company who want us to use their domain name immediately. Thus I need a quick and safe solution. We have set up their new domain to relay email to our POP 3 provider in terms of relaying appropriate incoming email under their domain. This works fine.
However, it gets more complicated when setting the new domain as the primary email address for my internal users, as many spam filters do not like receiving email from one domain which originated from another and this is bad practice.
My question is how do I solve this in the interim? We will be fully integraing with their domain over the next few months but I need my users to be able to email from the internal network under the new domain domain quickly.
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
ASKER
Let me expand on my last remark. Is it the ISP or host of the domain who needs to sort out the DNS/PTR entries for the FQDN of the Exchange server?
Forward name resolution is what is the ip address of mail.mydomain.com where mail.mydomain.com is the host name of your mx record. This record is held by your DNS hosting company.
For the reverse DNS entry of the public FQDN it is always the ISP who gives you internet access.
e.g. the reverse lookup domain name corresponding to the IPv4 address 10.12.13.140 is 140.13.12.10.in-addr.arpa
Your ISP hosts this zone (essentially ptr records). As such they can change 140.13.12.10.in-addr.arpa to say mail.mydomain.com where mail.mydomain.com is the host name of the mx record also used for forward name resolution.
So the name matches on forward and reverse name resolution. Some consider it strong weighting in terms of domain legitamacy if you have both matching and use it as an anti-spam feature.
For the reverse DNS entry of the public FQDN it is always the ISP who gives you internet access.
e.g. the reverse lookup domain name corresponding to the IPv4 address 10.12.13.140 is 140.13.12.10.in-addr.arpa
Your ISP hosts this zone (essentially ptr records). As such they can change 140.13.12.10.in-addr.arpa to say mail.mydomain.com where mail.mydomain.com is the host name of the mx record also used for forward name resolution.
So the name matches on forward and reverse name resolution. Some consider it strong weighting in terms of domain legitamacy if you have both matching and use it as an anti-spam feature.
ASKER
Thanks for that, I think I am starting to see the full picture.
Can I just list what I need to do?
Change the FQDN on my Exchange server to mail.domain.com
Enable forward and reverse DNS lookup with an entry required by both the host of the domain and my ISP. Presumably as incoming mail is relayed from the host already it is the reverse lookup (ISP PTR entry) which is now required?
Get the host of the domain to update the SPF file for mail.domain.com.
Can I just list what I need to do?
Change the FQDN on my Exchange server to mail.domain.com
Enable forward and reverse DNS lookup with an entry required by both the host of the domain and my ISP. Presumably as incoming mail is relayed from the host already it is the reverse lookup (ISP PTR entry) which is now required?
Get the host of the domain to update the SPF file for mail.domain.com.
Change the FQDN on my Exchange server to mail.domain.com
>>Change the FQDN on my Exchange server SMTP banner to mail.domain.com. Although not too relavent since your parent company is routing mail to you...
Enable forward and reverse DNS lookup with an entry required by both the host of the domain and my ISP. Presumably as incoming mail is relayed from the host already it is the reverse lookup (ISP PTR entry) which is now required?
>>>Yes change reverse entry to match the host name of your parent company
Get the host of the domain to update the SPF file for mail.domain.com.
This way email is sent to your parent company to mail.domain.com, they get it to you somehow. when you reply by virtue of recipient policy your reply address is in the same smtp domina, and if they do a reverse lookup on your ip it matches mail.domain.com
I think that's it!
>>Change the FQDN on my Exchange server SMTP banner to mail.domain.com. Although not too relavent since your parent company is routing mail to you...
Enable forward and reverse DNS lookup with an entry required by both the host of the domain and my ISP. Presumably as incoming mail is relayed from the host already it is the reverse lookup (ISP PTR entry) which is now required?
>>>Yes change reverse entry to match the host name of your parent company
Get the host of the domain to update the SPF file for mail.domain.com.
This way email is sent to your parent company to mail.domain.com, they get it to you somehow. when you reply by virtue of recipient policy your reply address is in the same smtp domina, and if they do a reverse lookup on your ip it matches mail.domain.com
I think that's it!
ASKER
Thanks very much.
I will test tomorrow and see how I get on.
I will test tomorrow and see how I get on.
ASKER
Just apoken with BT (an ordeal in itslef) and just to confirm they need me to set up the A record befor they will do the reverse DNS.
Presumably, in my case, the host of the new domain needs to set this up? Just as they wold the MX records. Getting confused by the difference beweent the two.
Presumably, in my case, the host of the new domain needs to set this up? Just as they wold the MX records. Getting confused by the difference beweent the two.
Yes your DNS host needs to set the mx and A records up for you.
ASKER
Thanks for that.
DNS now updated propagted and sorted.
DNS now updated propagted and sorted.
ASKER
Do I need to do anything with DNS/PTR records?