Solved

Website hosted externally, Internal Mail Server, how to set up DNS

Posted on 2008-10-15
12
439 Views
Last Modified: 2010-04-21
HI there

We are bringing our mail server in house, previously we have been using hosted POP3 accounts.  I have set up the internal DNS ok on our server, but am not sure what I need to do to point mail traffic to our internal mail server?

Our website is hosted externally and we need to keep that set up, so I think I need to change the MX records?
0
Comment
Question by:tv_kid
  • 6
  • 6
12 Comments
 
LVL 70

Accepted Solution

by:
Chris Dent earned 250 total points
ID: 22719479

Hey,

These are the DNS requirements for hosting an SMTP Server:

1. Host (A) record - Inbound and Outbound mail

If you need to accept inbound mail you should create a dedicated name for your SMTP server (because it makes things clear). The record must be created in your public DNS service and it should point to the public IP address your mail server will use for receiving (and / or sending) mail.

For example, any of these is perfectly adequate:

mail.yourdomain.com.   IN A   1.2.3.4
smtp.yourdomain.com.   IN A   1.2.3.4

2. Mail Exchanger (MX) record - Inbound mail

To accept inbound mail you should create an MX Record for your domain that points to the record created above. MX Records must point to a Host (A) record to be RFC complaint.

MX Records are written in this form:

<email-domain>  IN MX   <priority>   <server>

For example, this MX record will accept mail bound for <anyrecipient>@yourdomain.com and pass it onto mail.yourdomain.com.

yourdomain.com.   IN MX   10   mail.yourdomain.com.

3. Pointer (PTR) record - Outbound mail

The reverse lookup zone maps IP Addresses back to names using Pointer (PTR) records. This forms the basis of a simple test to see if your SMTP server looks official rather than a virus / malware ridden machine sending spam.

If your server is sending out mail to hosts on the internet (that is, not relaying through a third-party service) you must configure a PTR record for your server. If you do not you will find mail sent from your server is rejected by certain recipients.

Addition of the PTR record must, in general, be requested via your ISP; those responsible for providing the internet connection your mail server uses. The exception to this is where responsibility for the Reverse Lookup Zone has been delegated to you.

The PTR record for mail.yourdomain.com running on the public IP 1.2.3.4 would look like this:

4.3.2.1.in-addr.arpa.   IN PTR   mail.yourdomain.com.

Many ISPs will understand a request for a Reverse Lookup Record for 1.2.3.4 to mail.yourdomain.com. That is, you do not necessarily need to know the syntax above.

4. SMTP service name - Outbound mail

Again, if the server is sending out mail it must use a public name. Failure to do so will result in rejected mail because of the simple tests above.

The name used should have a Host (A) record and a Pointer (PTR) record configured.

For Exchange 2007 the name is set in the Properties for the Send Connector. It is possible to set the name for the Receive Connector as well however this will have no impact on mail delivery. It can be considered good practice to set a public name on the Receive Connector for the sake of consistency.

For Exchange 2003 the name is set in the Properties for the Virtual SMTP Server (Delivery, Advanced, Server FQDN).

5. (Optional) Sender Policy Framework (SPF / TXT) record

The Sender Policy Framework allows you to state explicitly which servers can send mail as your domain name.

While this is not universally used it will help reduce abuse of your domain name by third-parties and also reduce the number of non-delivery reports returned to your system for mail you didn't send in the first place.

Wizards exist for this record here:

http://www.openspf.org/
http://www.microsoft.com/mscorp/safety/content/technologies/senderid/wizard/

The record would be added as a TXT record to your public domain. It is only checked by systems receiving mail from you.

HTH

Chris
0
 
LVL 2

Author Comment

by:tv_kid
ID: 22721410
Hi Chris

Thanks for your comprehensive reply.  I have set up the DNS records I think, and mail can be sent to and from the server.  However, I must have done something wrong...

Assuming my domain name is "example.com", I set up the DNS on the server to be "server.example.com" and directed mail to this accordingly.  However, the mail server automatically creates user accounts as "user@server.example.com" rather than "user@example.com"

What have I done wrong?
0
 
LVL 70

Expert Comment

by:Chris Dent
ID: 22722726

It's likely that the policy responsible for creating addresses is just a bit wrong.

For Exchange 2007 we'd be looking at the Email Address Policy, for Exchange 2003 the Recipient Policies. Which version are we dealing with?

Chris
0
What is SQL Server and how does it work?

The purpose of this paper is to provide you background on SQL Server. It’s your self-study guide for learning fundamentals. It includes both the history of SQL and its technical basics. Concepts and definitions will form the solid foundation of your future DBA expertise.

 
LVL 2

Author Comment

by:tv_kid
ID: 22722769
It's Kerio Mail Server on a Mac OSX Server...
0
 
LVL 70

Expert Comment

by:Chris Dent
ID: 22722849

Exchange is normally a fairly safe assumption :)

I've never used Kerio, but this looks like the correct place:

http://www.kerio.com/manual/kms/en/sect-domdef.html

Is the primary domain listed as server.example.com?

Chris
0
 
LVL 2

Author Comment

by:tv_kid
ID: 22722876
The primary domain is listed as "example.com" but I had to create another entry for "server.example.com" to get it to authenticate to the Open Directory on the same server.  This works except for the accounts being created as user@server.example.com

Thanks for your help.
0
 
LVL 70

Expert Comment

by:Chris Dent
ID: 22722927

Odd, I would expect to create the SMTP addresses with the Primary. Does it list multiple e-mail addresses per user, and is it assigning user@example.com as well?

As I mentioned, I don't have any direct experience with Kerio, so I may not be the best person to ask about this particular piece, hence the exploratory nature of my questions :)

Chris
0
 
LVL 2

Author Comment

by:tv_kid
ID: 22722992
Hi Chris

No it's not listing multiple email addresses per user, just the one for each user that I've linked to in the Open Directory.

My feeling was that I had set up the DNS incorrectly, but I guess it may be something wih Kerio instead.  I had already tried to set up the internal OSX Mail Server but this didn't work either!

DNS is working internally however, as I can authenticate to the server from client machines.
0
 
LVL 70

Expert Comment

by:Chris Dent
ID: 22729717

Hmm I can't say why that bit isn't behaving I'm afraid, anything I suggest there is going to be paraphrasing the manual which isn't much help.

Chris
0
 
LVL 2

Author Comment

by:tv_kid
ID: 22774727
Hi Chris

Thanks for your input on this.  As you've said, there is little more you can suggest.  I've been in direct contact with Kerio about it and am workign to sort it out.

I'm going to mark your original answer as the solution, as that certainly helped to get things clear in my head.

No doubt I'll be back to this topic at some point in the future!
0
 
LVL 2

Author Closing Comment

by:tv_kid
ID: 31506226
Thanks for your help on this Chris.
0
 
LVL 70

Expert Comment

by:Chris Dent
ID: 22774885

Best of luck, I hope they sort it out for you :)

Chris
0

Featured Post

NFR key for Veeam Backup for Microsoft Office 365

Veeam is happy to provide a free NFR license (for 1 year, up to 10 users). This license allows for the non‑production use of Veeam Backup for Microsoft Office 365 in your home lab without any feature limitations.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

This article explains how a domain name may be inadvertently appended to all DNS queries. This exhibits as described below. (CODE)And / Or: (CODE) Cause This issue can occur in either of these two scenarios. EITHER 1. A Primary DNS S…
Resolve DNS query failed errors for Exchange
I've attached the XLSM Excel spreadsheet I used in the video and also text files containing the macros used below. https://filedb.experts-exchange.com/incoming/2017/03_w12/1151775/Permutations.txt https://filedb.experts-exchange.com/incoming/201…

837 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question