Solved

Scenario breakdown on help with Mail Server and PTR records.

Posted on 2008-06-20
6
419 Views
Last Modified: 2011-10-19
This month the IT staff in the company left our company without any notice. I'm now once again back in trying to resolve some major mail problems. A great number of our companies emails are not reaching hosts such as AOL, Comcast etc... After looking around I suspect a PTR issue and even more I believe our Email server was never setup with proper DNS records. I'm not in anyway ready to figure this out myself so I would like help getting our servers setup with correct DNS and PTR records. I will break down our system design in detail. Currently webmail is enabled under webmail.newerafinance.com as the only method of mail access.


Domain Name is newerafinance.com hosted by 3rd party provider.
1 In house AD Domain Controller setup newerafinance.local 192.168.0.2
1 In house exchange server setup on the same network as DC.
        LAN Network is on    192.168.0.10
        WAN Network is on   99.163.162.138
Go to  http://www.myhostpix.com/tcpip.jpg To View TCIP config image.


Domain is registered and host records are setup with namecheap.com
To view current records please go to http://www.myhostpix.com/namecheap.jpg


Public nslookup with mx records show..

Non-authoritative answer:
newerafinance.com       MX preference = 10, mail exchanger = webmail.newerafiannce.com

newerafinance.com       nameserver = dns1.name-services.com
newerafinance.com       nameserver = dns2.name-services.com
newerafinance.com       nameserver = dns3.name-services.com
newerafinance.com       nameserver = dns4.name-services.com
newerafinance.com       nameserver = dns5.name-services.com
dns1.name-services.com  internet address = 69.25.142.42
dns2.name-services.com  internet address = 216.52.184.248
dns3.name-services.com  internet address = 63.251.92.200
dns4.name-services.com  internet address = 69.64.145.225
dns5.name-services.com  internet address = 70.42.37.7
>

As you see Im not sure where to start looking to resolve the DNS issues and setup PTR but from the looks up things it seems as the network was never finished with proper settings. What I also see as a problem is that the domain newerafinance.com points to the 3rd party host provider but yet the mail server is in house therefore setting up PTRs is not simple for me.

tcpip.jpg
namecheap.jpg
0
Comment
Question by:bashyywash
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 2
  • 2
6 Comments
 
LVL 71

Accepted Solution

by:
Chris Dent earned 250 total points
ID: 21829399

Hey,

IP Configuration:

Members of Active Directory Domains (and Domain Controllers) should never reference DNS Servers that cannot answer authoritatively for the AD Domain.

In the picture posted we see the external interface has two external DNS Servers listed. These need to be removed, if you wish to use them they should be added as Forwarders under the DNS Console on the server.

Having these present will cause authentication failures and policy application problems.

MX Record:

This one is absolutely fine.

Mail Server:

Does mail send out directly from the mail server? Or is it relayed?

If it's sent out directly there are two things to do:

1. Check the name.

Check the name in the properties for the Send Connector (Organisation Configuration) in Exchange System Console.

It should be a public name, ideally webmail.newerafinance.com because that's what's used in the MX.

2. Check NAT / PAT

NAT (Network Address Translation) and PAT (Port Address Translation) are important, you need to know which IP Address your server is using to connect to others.

This isn't always the same as the IP Address it uses to accept inbound connections.

If the network only has a single public IP, or you haven't changed it from the default it will be using the (external) IP of the router / firewall.

3. Reverse Lookup

Your Reverse Lookup Record need to be configured for the IP used for the server as discussed in 2.

It we assume that it matches the IP used for inbound that means you need a Reverse Lookup Record added like this:

138.162.163.99.in-addr.arpa.  PTR  webmail.newerafinance.com.

Your ISP will have to add that for you, it's not something you do on your own DNS Service as you don't have authority for the range.

Chris
0
 

Author Comment

by:bashyywash
ID: 21829583
Ok.
1. fixed the TCPIP settings for the Domain Member Exchange server to only use the AD DNS. Added the WAN DNS servers to the DC Forwarders.

2. The Exchange send connector did not have ANY FQDN associated with it, so I added webmail.newerafinance.com

3. Company owns a Block of IP's. Default network is on 99.163.162.137 (public ip on smoothwall firewal)
and Exchange server WAN on 99.163.162.138. SO I ASSUME 99.163.162.138 is used for incoming emails and 99.163.162.137 is used for outgoing emails. Therefore i will need to ask Internet Provider to add 137.162.163.99.in-addr.arpa.  PTR  webmail.newerafinance.com ?

Are the A Record and C.Names done correctly?

Images added for reference.
tcpipb.jpg
exchange.jpg
0
 

Author Comment

by:bashyywash
ID: 21829592
OR wait since the WAN is the Only gateway then outgoing is also 99.163.162.138, RIGHT ?
0
 
LVL 71

Expert Comment

by:Chris Dent
ID: 21829622

> wait since the WAN is the Only gateway then outgoing is
> also 99.163.162.138

Provided NAT is operating for both Inbound and Outbound connections for the server. Any sensible setup would have it configured for bi-directional so it's very probably safe to assume it has been.

The FQDN you've added is great, that just means you need the PTR with the IP:

138.162.163.99.in-addr.arpa.  PTR  webmail.newerafinance.com

As above, that must be added by your ISP etc :)

All DNS records in the Forward Lookup zone associated with the MX and Exchange (for outbound) are absolutely fine.

Chris
0

Featured Post

Office 365 Training for IT Pros

Learn how to provision tenants, synchronize on-premise Active Directory, implement Single Sign-On, customize Office deployment, and protect your organization with eDiscovery and DLP policies.  Only from Platform Scholar.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

This article aims to explain the working of CircularLogArchiver. This tool was designed to solve the buildup of log file in cases where systems do not support circular logging or where circular logging is not enabled
A list of top three free exchange EDB viewers that helps the user to extract a mailbox from an unmounted .edb file and get a clear preview of all emails & other items with just a single click on mailboxes.
In this video we show how to create a Shared Mailbox in Exchange 2013. We show this process by using the Exchange Admin Center. Log into Exchange Admin Center.: First we need to log into the Exchange Admin Center. Navigate to the Recipients >> Sha…
how to add IIS SMTP to handle application/Scanner relays into office 365.

707 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question