Solved

Website hosted externally, Internal Mail Server, how to set up DNS

Posted on 2008-10-15
12
441 Views
Last Modified: 2010-04-21
HI there

We are bringing our mail server in house, previously we have been using hosted POP3 accounts.  I have set up the internal DNS ok on our server, but am not sure what I need to do to point mail traffic to our internal mail server?

Our website is hosted externally and we need to keep that set up, so I think I need to change the MX records?
0
Comment
Question by:tv_kid
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 6
  • 6
12 Comments
 
LVL 71

Accepted Solution

by:
Chris Dent earned 250 total points
ID: 22719479

Hey,

These are the DNS requirements for hosting an SMTP Server:

1. Host (A) record - Inbound and Outbound mail

If you need to accept inbound mail you should create a dedicated name for your SMTP server (because it makes things clear). The record must be created in your public DNS service and it should point to the public IP address your mail server will use for receiving (and / or sending) mail.

For example, any of these is perfectly adequate:

mail.yourdomain.com.   IN A   1.2.3.4
smtp.yourdomain.com.   IN A   1.2.3.4

2. Mail Exchanger (MX) record - Inbound mail

To accept inbound mail you should create an MX Record for your domain that points to the record created above. MX Records must point to a Host (A) record to be RFC complaint.

MX Records are written in this form:

<email-domain>  IN MX   <priority>   <server>

For example, this MX record will accept mail bound for <anyrecipient>@yourdomain.com and pass it onto mail.yourdomain.com.

yourdomain.com.   IN MX   10   mail.yourdomain.com.

3. Pointer (PTR) record - Outbound mail

The reverse lookup zone maps IP Addresses back to names using Pointer (PTR) records. This forms the basis of a simple test to see if your SMTP server looks official rather than a virus / malware ridden machine sending spam.

If your server is sending out mail to hosts on the internet (that is, not relaying through a third-party service) you must configure a PTR record for your server. If you do not you will find mail sent from your server is rejected by certain recipients.

Addition of the PTR record must, in general, be requested via your ISP; those responsible for providing the internet connection your mail server uses. The exception to this is where responsibility for the Reverse Lookup Zone has been delegated to you.

The PTR record for mail.yourdomain.com running on the public IP 1.2.3.4 would look like this:

4.3.2.1.in-addr.arpa.   IN PTR   mail.yourdomain.com.

Many ISPs will understand a request for a Reverse Lookup Record for 1.2.3.4 to mail.yourdomain.com. That is, you do not necessarily need to know the syntax above.

4. SMTP service name - Outbound mail

Again, if the server is sending out mail it must use a public name. Failure to do so will result in rejected mail because of the simple tests above.

The name used should have a Host (A) record and a Pointer (PTR) record configured.

For Exchange 2007 the name is set in the Properties for the Send Connector. It is possible to set the name for the Receive Connector as well however this will have no impact on mail delivery. It can be considered good practice to set a public name on the Receive Connector for the sake of consistency.

For Exchange 2003 the name is set in the Properties for the Virtual SMTP Server (Delivery, Advanced, Server FQDN).

5. (Optional) Sender Policy Framework (SPF / TXT) record

The Sender Policy Framework allows you to state explicitly which servers can send mail as your domain name.

While this is not universally used it will help reduce abuse of your domain name by third-parties and also reduce the number of non-delivery reports returned to your system for mail you didn't send in the first place.

Wizards exist for this record here:

http://www.openspf.org/
http://www.microsoft.com/mscorp/safety/content/technologies/senderid/wizard/

The record would be added as a TXT record to your public domain. It is only checked by systems receiving mail from you.

HTH

Chris
0
 
LVL 2

Author Comment

by:tv_kid
ID: 22721410
Hi Chris

Thanks for your comprehensive reply.  I have set up the DNS records I think, and mail can be sent to and from the server.  However, I must have done something wrong...

Assuming my domain name is "example.com", I set up the DNS on the server to be "server.example.com" and directed mail to this accordingly.  However, the mail server automatically creates user accounts as "user@server.example.com" rather than "user@example.com"

What have I done wrong?
0
 
LVL 71

Expert Comment

by:Chris Dent
ID: 22722726

It's likely that the policy responsible for creating addresses is just a bit wrong.

For Exchange 2007 we'd be looking at the Email Address Policy, for Exchange 2003 the Recipient Policies. Which version are we dealing with?

Chris
0
Resolve Critical IT Incidents Fast

If your data, services or processes become compromised, your organization can suffer damage in just minutes and how fast you communicate during a major IT incident is everything. Learn how to immediately identify incidents & best practices to resolve them quickly and effectively.

 
LVL 2

Author Comment

by:tv_kid
ID: 22722769
It's Kerio Mail Server on a Mac OSX Server...
0
 
LVL 71

Expert Comment

by:Chris Dent
ID: 22722849

Exchange is normally a fairly safe assumption :)

I've never used Kerio, but this looks like the correct place:

http://www.kerio.com/manual/kms/en/sect-domdef.html

Is the primary domain listed as server.example.com?

Chris
0
 
LVL 2

Author Comment

by:tv_kid
ID: 22722876
The primary domain is listed as "example.com" but I had to create another entry for "server.example.com" to get it to authenticate to the Open Directory on the same server.  This works except for the accounts being created as user@server.example.com

Thanks for your help.
0
 
LVL 71

Expert Comment

by:Chris Dent
ID: 22722927

Odd, I would expect to create the SMTP addresses with the Primary. Does it list multiple e-mail addresses per user, and is it assigning user@example.com as well?

As I mentioned, I don't have any direct experience with Kerio, so I may not be the best person to ask about this particular piece, hence the exploratory nature of my questions :)

Chris
0
 
LVL 2

Author Comment

by:tv_kid
ID: 22722992
Hi Chris

No it's not listing multiple email addresses per user, just the one for each user that I've linked to in the Open Directory.

My feeling was that I had set up the DNS incorrectly, but I guess it may be something wih Kerio instead.  I had already tried to set up the internal OSX Mail Server but this didn't work either!

DNS is working internally however, as I can authenticate to the server from client machines.
0
 
LVL 71

Expert Comment

by:Chris Dent
ID: 22729717

Hmm I can't say why that bit isn't behaving I'm afraid, anything I suggest there is going to be paraphrasing the manual which isn't much help.

Chris
0
 
LVL 2

Author Comment

by:tv_kid
ID: 22774727
Hi Chris

Thanks for your input on this.  As you've said, there is little more you can suggest.  I've been in direct contact with Kerio about it and am workign to sort it out.

I'm going to mark your original answer as the solution, as that certainly helped to get things clear in my head.

No doubt I'll be back to this topic at some point in the future!
0
 
LVL 2

Author Closing Comment

by:tv_kid
ID: 31506226
Thanks for your help on this Chris.
0
 
LVL 71

Expert Comment

by:Chris Dent
ID: 22774885

Best of luck, I hope they sort it out for you :)

Chris
0

Featured Post

Industry Leaders: We Want Your Opinion!

We value your feedback.

Take our survey and automatically be enter to win anyone of the following:
Yeti Cooler, Amazon eGift Card, and Movie eGift Card!

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Suggested Solutions

Title # Comments Views Activity
Help with Relays between Exchange 2003 and Exchange 2010 3 46
Windows Deployment Services 6 108
DNS record 4 54
Round robin for Exchange 2013 4 54
Most DNS problems are VERY easily troubleshot and identifiable if you can follow the steps a DNS query takes. I would like to share the step-by-step a DNS query takes from the origin to the destination. _____________________________________________…
If you have a multi-homed DNS setup in windows, you can have issues with connectivity to the server that hosts the DNS services (or even member servers of your domain if this same DNS server is a DC). This is because windows registers all of its IPs…
In a recent question (https://www.experts-exchange.com/questions/29004105/Run-AutoHotkey-script-directly-from-Notepad.html) here at Experts Exchange, a member asked how to run an AutoHotkey script (.AHK) directly from Notepad++ (aka NPP). This video…
I've attached the XLSM Excel spreadsheet I used in the video and also text files containing the macros used below. https://filedb.experts-exchange.com/incoming/2017/03_w12/1151775/Permutations.txt https://filedb.experts-exchange.com/incoming/201…

710 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question