What should I set the Fully Qualified Domain Name to if I have 3 Exchange servers

I've got a site with 3 exchange servers.  There's a problem with some email from some users not be recieved by outside recipients and I think there's a spam checking issue.  Whilst I've checked Spam-lists etc, I think one of the problems is setting the correct Fully Qualifed Domain Name for each Server.

The site uses several email domains, say Dom1.com, Dom2.com etc. They are all used to various degress but Dom1.com is the main one.

What should I set the FQDN to on each server?  SHould I use the masquade text box too?

(I've put the question to 500 points because I'd appreciate an explanation as well as an answer)

Thanks Experts!
Who is Participating?
I wear a lot of hats...

"The solutions and answers provided on Experts Exchange have been extremely helpful to me over the last few years. I wear a lot of hats - Developer, Database Administrator, Help Desk, etc., so I know a lot of things but not a lot about one thing. Experts Exchange gives me answers from people who do know a lot about one thing, in a easy to use platform." -Todd S.

When you have multiple servers the FQDN value becomes key for internal Exchange routing.
Are the servers split in to separate routing groups?
Are you routing email to the internet through just one of those servers?

The fact that you are using multiple domain names is completely immaterial. When it comes to remote sites, what they are looking for is a reverse DNS entry that resolves, and preferably a matching ehlo/helo, which is the FQDN set on the SMTP virtual server.

When it comes to multiple servers, the FQDN should be unique and should resolve INTERNALLY to the correct IP address, as well as externally. Therefore even if the email is being routed through one specific machine, the FQDN should be unique.

I blogged on how the FQDN value burnt my fingers over two years ago.

Basically, with the information you have provided, answering your question isn't possible. It could be any number of values.


Experts Exchange Solution brought to you by

Your issues matter to us.

Facing a tech roadblock? Get the help and guidance you need from experienced professionals who care. Ask your question anytime, anywhere, with no hassle.

Start your 7-day free trial
Agreed, there are too many information missing to give a precise answer, what i would think is crucial here is whether you use a single smarthost/Mail Gateway/Bridgehead server. In our company we have 8 different Internet Domains we must handle for mail, but we use an ironport Gateway (2 SG and 2 AV in a redundant setup) to fetch out spam/Viruses. Like you we have all 3 exchange servers (Handling the 8 domains with a total of ~3500 mailboxes) on one single site. We have just set up the DNS accordingly so all domains have MX records that points to our ironports. The ironports are set up to accept mail for all 8 domains and route it to our internal Exchange Bridgeheads, these route according to domain name to the right exchange server. We have only one domain with the FQDN as the 1st registered domain (The other 7 came later on). so the exchange servers (i may not give out real info so i anonymize it) FQDN would be exchange1.olddomain.com, exchange2.olddomain.com and so on although they host mailboxes for totally different domains. The Helo/ehlo on the ironport also just reflects our olddomain.com, as for technical reasons you obviously can have 1 per machine, but we have never had problems with that. If you however use the exchange servers directly connected to the Internet so they are the SMTP gateway the FQDN might be a problem, in this case you should take a deep look into Simons blog or directly call him (I heard he gives remote support and consulting for fair rates)  ;)
jmsjmsAuthor Commented:
Thanks for your responses.  Hopefully this should give enough info to sort this out then...
-The Servers are in one routing group.
-The routing group has a SMTP connector that sends email to a SMTP Gateway (provided by the ISP).
-Each has it's own SMTP connector (I'm not sure if these settings are used or wether the Routing Group SMTP connector is the only one used).

From reading your answers, can I confirm, that I need to give each server a unique FQDN that resolves internally and externally?

Would I therefore have to create MX records for each, even though external email only goes to one of the servers? Or would just a host name do?
Big Business Goals? Which KPIs Will Help You

The most successful MSPs rely on metrics – known as key performance indicators (KPIs) – for making informed decisions that help their businesses thrive, rather than just survive. This eBook provides an overview of the most important KPIs used by top MSPs.

jmsjmsAuthor Commented:
With regard to how the mail comes in, the MX record (which points to the FQDN of the main server) points to the IP address of the Router/FIrewall.  i.e. not the actual internal IP of the Mail server.  This OK?

If you are sending email out through the ISPs SMTP server, then the FQDN doesn't matter. It will have no part to play in the delivery of the email messages. Therefore I would just set them to be the server's real name and leave it at that.

If your inbound email is flowing, then don't touch anything on the DNS.

Servers that are doing checks for spam will not be connecting to your server, they will be connecting to your ISPs server, because all they are interested in is whether the server that is delivering the email to them is valid or not.

jmsjmsAuthor Commented:
Well this is a header from the site to my yahoo address (account name/domains changed)

Notice that the header has a "Received: from mail.thedomain.com " which is the FQDN of the server.

It also refers to MAILSERVER.localdomain.local. which is the local FQDN of the server.

From a user Mon Jul  6 12:37:01 2009
Return-Path: <A.User@thedomain.com>
Authentication-Results: mta123.mail.ird.yahoo.com  from=thedomain.com; domainkeys=neutral (no sig); from=thedomain.com; dkim=neutral (no  sig)
Received: from  (EHLO mtaout01-winn.ispmail.ntl.com) (
  by mta123.mail.ird.yahoo.com with SMTP; Mon, 06 Jul 2009 12:37:53 +0000
Received: from aamtaout02-winn.ispmail.ntl.com ([])
          by mtaout01-winn.ispmail.ntl.com
          (InterMail vM. 201-2186-134-20080326) with ESMTP
          id <20090706123752.UDUJ6742.mtaout01-winn.ispmail.ntl.com@aamtaout02-winn.ispmail.ntl.com>
          for <me@yahoo.co.uk>; Mon, 6 Jul 2009 13:37:52 +0100
Received: from mail.thedomain.com ([])
          by aamtaout02-winn.ispmail.ntl.com
          (InterMail vG. 201-2161-120-102-20060912) with ESMTP
          id <20090706123752.HBVA21638.aamtaout02-winn.ispmail.ntl.com@mail.thedomain.com>
          for <me@yahoo.co.uk>; Mon, 6 Jul 2009 13:37:52 +0100
Content-class: urn:content-classes:message
Subject: Test
MIME-Version: 1.0
Content-Type: multipart/related;
Date: Mon, 6 Jul 2009 13:37:01 +0100
Message-ID: <3E715E520A8A6743B6317475A5CC2CEA1C8D@MAILSERVER.localdomain.local>
Thread-Topic: Test
Thread-Index: Acn+J+zzRNuJyqQyQyCzYga2tKcDKgADoiuy
References: <3E715E520A8A6743B6317475A5CC2CEA295A@MAILSERVER.localdomain.local>
From: "A User" <A.User@thedomain.com>
To: <me@yahoo.co.uk>
Content-Length: 12643

Open in new window

jmsjmsAuthor Commented:
So yahoo is only  checking against mtaout01-winn.ispmail.ntl.com?

If you are sending email out through NTLs server, then that is the only thing they are looking for. It doesn't matter that the email originated from the another system - the receiving server doesn't care.

jmsjmsAuthor Commented:
Thanks for confirming that Simon.  

The ISP asked for the FQDN of the MAIL servers. It could be that the ISP checks the FQDN.  I've sent a request to find out what they use it for.

If they dont need it to be resolvable externally then I'll use the host@local domain FQDN.

If they do then I'll setup Internet resolvable FQDN for the servers and sort out a local forward lookupzone to ensure local clients can reach them.

This sound like a plan?  Thanks again.

What ISP asked for the FQDN?
When you are using a smart host to route email, it is impossible to know what is happening to the messages. All you can do is track the messages were sent to the smart host, that is all.
In this scenario, the smarthost is the internet facing server, as the others route the email through them. Therefore the internal reference is completely immaterial.

I don't think setting the FQDN to a public name will help because that isn't what the remote servers are looking at. All it does is make a cleaner header, which 99.9% of people don't even look at.

jmsjmsAuthor Commented:
Sorry should have been clearer.  The site is linked to the Internet via the ISP.  This ISP also offers a SMTP gateway and they asked for the FQDN of the main server(s).

I dont know why they are asking for it, so I've asked them and am awaiting a response.  

Well in this case it is really unclear why they ask for FQDN, all they need is your external IP that is listening to port 21 (It will probably be your firewall that has a rule to NAT that IP/Port to the exchange server in your network who is routing all the mails. The ISP does definitely not need an FQDN name, as in your own network you could change it on a daily base if you find that funny, ISP just needs to set his mail routing to route all mails for your intenet domain to your External IP with the port 21 NATed to your exchange. You could even supply several of your external IPs if you have more than 1 server set  up to do mail routing. They dont need your FQDN as they could not use it anyways, in a private network you could use all possible and impossible FQDN, they should not be interested what's behind your firewall, if you use nasty animal names for the FQDN or myhostsucks.com is none of their business this is your internal network, asking for such info sounds already like social engineering. ;)  I am curious what they will reply, but probably just that it was a mistake...
jmsjmsAuthor Commented:
Yep I thought it was weird.  I've just had a message back saying that they only check IP address for SMTP relay authentication.  Beforehand they said they used FQDN and Email domain....

Anyway, I've made some changes that seem to have fixed things. They are:

1- Setup an individual FQDN that is resolvable on the Internet on each Mail server.  
2- Changed the IP setting on each servers SMTP Connector from 'Any' to their internal IP. (From Simons Blog entry).

Although this shouldn't have made a difference I can now get emails from the mail server to my own email account when I couldn't before.

THanks very much to both of you.


It's more than this solution.Get answers and train to solve all your tech problems - anytime, anywhere.Try it for free Edge Out The Competitionfor your dream job with proven skills and certifications.Get started today Stand Outas the employee with proven skills.Start learning today for free Move Your Career Forwardwith certification training in the latest technologies.Start your trial today

From novice to tech pro — start learning today.