Go Premium for a chance to win a PS4. Enter to Win

x
  • Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 449
  • Last Modified:

Website hosted externally, Internal Mail Server, how to set up DNS

HI there

We are bringing our mail server in house, previously we have been using hosted POP3 accounts.  I have set up the internal DNS ok on our server, but am not sure what I need to do to point mail traffic to our internal mail server?

Our website is hosted externally and we need to keep that set up, so I think I need to change the MX records?
0
tv_kid
Asked:
tv_kid
  • 6
  • 6
1 Solution
 
Chris DentPowerShell DeveloperCommented:

Hey,

These are the DNS requirements for hosting an SMTP Server:

1. Host (A) record - Inbound and Outbound mail

If you need to accept inbound mail you should create a dedicated name for your SMTP server (because it makes things clear). The record must be created in your public DNS service and it should point to the public IP address your mail server will use for receiving (and / or sending) mail.

For example, any of these is perfectly adequate:

mail.yourdomain.com.   IN A   1.2.3.4
smtp.yourdomain.com.   IN A   1.2.3.4

2. Mail Exchanger (MX) record - Inbound mail

To accept inbound mail you should create an MX Record for your domain that points to the record created above. MX Records must point to a Host (A) record to be RFC complaint.

MX Records are written in this form:

<email-domain>  IN MX   <priority>   <server>

For example, this MX record will accept mail bound for <anyrecipient>@yourdomain.com and pass it onto mail.yourdomain.com.

yourdomain.com.   IN MX   10   mail.yourdomain.com.

3. Pointer (PTR) record - Outbound mail

The reverse lookup zone maps IP Addresses back to names using Pointer (PTR) records. This forms the basis of a simple test to see if your SMTP server looks official rather than a virus / malware ridden machine sending spam.

If your server is sending out mail to hosts on the internet (that is, not relaying through a third-party service) you must configure a PTR record for your server. If you do not you will find mail sent from your server is rejected by certain recipients.

Addition of the PTR record must, in general, be requested via your ISP; those responsible for providing the internet connection your mail server uses. The exception to this is where responsibility for the Reverse Lookup Zone has been delegated to you.

The PTR record for mail.yourdomain.com running on the public IP 1.2.3.4 would look like this:

4.3.2.1.in-addr.arpa.   IN PTR   mail.yourdomain.com.

Many ISPs will understand a request for a Reverse Lookup Record for 1.2.3.4 to mail.yourdomain.com. That is, you do not necessarily need to know the syntax above.

4. SMTP service name - Outbound mail

Again, if the server is sending out mail it must use a public name. Failure to do so will result in rejected mail because of the simple tests above.

The name used should have a Host (A) record and a Pointer (PTR) record configured.

For Exchange 2007 the name is set in the Properties for the Send Connector. It is possible to set the name for the Receive Connector as well however this will have no impact on mail delivery. It can be considered good practice to set a public name on the Receive Connector for the sake of consistency.

For Exchange 2003 the name is set in the Properties for the Virtual SMTP Server (Delivery, Advanced, Server FQDN).

5. (Optional) Sender Policy Framework (SPF / TXT) record

The Sender Policy Framework allows you to state explicitly which servers can send mail as your domain name.

While this is not universally used it will help reduce abuse of your domain name by third-parties and also reduce the number of non-delivery reports returned to your system for mail you didn't send in the first place.

Wizards exist for this record here:

http://www.openspf.org/
http://www.microsoft.com/mscorp/safety/content/technologies/senderid/wizard/

The record would be added as a TXT record to your public domain. It is only checked by systems receiving mail from you.

HTH

Chris
0
 
tv_kidAuthor Commented:
Hi Chris

Thanks for your comprehensive reply.  I have set up the DNS records I think, and mail can be sent to and from the server.  However, I must have done something wrong...

Assuming my domain name is "example.com", I set up the DNS on the server to be "server.example.com" and directed mail to this accordingly.  However, the mail server automatically creates user accounts as "user@server.example.com" rather than "user@example.com"

What have I done wrong?
0
 
Chris DentPowerShell DeveloperCommented:

It's likely that the policy responsible for creating addresses is just a bit wrong.

For Exchange 2007 we'd be looking at the Email Address Policy, for Exchange 2003 the Recipient Policies. Which version are we dealing with?

Chris
0
Veeam Task Manager for Hyper-V

Task Manager for Hyper-V provides critical information that allows you to monitor Hyper-V performance by displaying real-time views of CPU and memory at the individual VM-level, so you can quickly identify which VMs are using host resources.

 
tv_kidAuthor Commented:
It's Kerio Mail Server on a Mac OSX Server...
0
 
Chris DentPowerShell DeveloperCommented:

Exchange is normally a fairly safe assumption :)

I've never used Kerio, but this looks like the correct place:

http://www.kerio.com/manual/kms/en/sect-domdef.html

Is the primary domain listed as server.example.com?

Chris
0
 
tv_kidAuthor Commented:
The primary domain is listed as "example.com" but I had to create another entry for "server.example.com" to get it to authenticate to the Open Directory on the same server.  This works except for the accounts being created as user@server.example.com

Thanks for your help.
0
 
Chris DentPowerShell DeveloperCommented:

Odd, I would expect to create the SMTP addresses with the Primary. Does it list multiple e-mail addresses per user, and is it assigning user@example.com as well?

As I mentioned, I don't have any direct experience with Kerio, so I may not be the best person to ask about this particular piece, hence the exploratory nature of my questions :)

Chris
0
 
tv_kidAuthor Commented:
Hi Chris

No it's not listing multiple email addresses per user, just the one for each user that I've linked to in the Open Directory.

My feeling was that I had set up the DNS incorrectly, but I guess it may be something wih Kerio instead.  I had already tried to set up the internal OSX Mail Server but this didn't work either!

DNS is working internally however, as I can authenticate to the server from client machines.
0
 
Chris DentPowerShell DeveloperCommented:

Hmm I can't say why that bit isn't behaving I'm afraid, anything I suggest there is going to be paraphrasing the manual which isn't much help.

Chris
0
 
tv_kidAuthor Commented:
Hi Chris

Thanks for your input on this.  As you've said, there is little more you can suggest.  I've been in direct contact with Kerio about it and am workign to sort it out.

I'm going to mark your original answer as the solution, as that certainly helped to get things clear in my head.

No doubt I'll be back to this topic at some point in the future!
0
 
tv_kidAuthor Commented:
Thanks for your help on this Chris.
0
 
Chris DentPowerShell DeveloperCommented:

Best of luck, I hope they sort it out for you :)

Chris
0

Featured Post

New Tabletop Appliances Blow Competitors Away!

WatchGuard’s new T15, T35 and T55 tabletop UTMs provide the highest-performing security inspection in their class, allowing users at small offices, home offices and distributed enterprises to experience blazing-fast Internet speeds without sacrificing enterprise-grade security.

  • 6
  • 6
Tackle projects and never again get stuck behind a technical roadblock.
Join Now