Solved

Exchange and Non-Authoritative Domains

Posted on 2010-11-07
5
1,148 Views
Last Modified: 2012-05-10
Hi

We currently have an exchange 2010 server that is configured for our existing domain name.
We are part of a national group and have 24 exchange servers across the country all hosting their own domain name and no network links between them.  We are setting up a new name to be used by all and have a web service that will be doing the redirection to the relevant exchange server on a per user basis.
My question is, will I get any issues with reverse dns lookups on the local exchange servers if they are sending out as the new domain name as the mx record is not pointing to each server?

Any help would be awesome, thanks

Mark
0
Comment
Question by:mwelf1
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 2
  • 2
5 Comments
 
LVL 31

Expert Comment

by:MegaNuk3
ID: 34082265
You could always add those mx records to DNS at a much higher cost/priority...

0
 
LVL 58

Expert Comment

by:tigermatt
ID: 34082306
No, it shouldn't cause any issues for you. Anti spam checks don't generally perform reverse lookups and compare with the MX records of the sender's domain

You mostly need to make sure the SMTP banner on your send connector is set to a valid DNS name, ensure that resolves back to the server's public IP and that the same record is found in the ISP ptr record for that IP.

I.e. If your server sits at 1.2.3.4 and has a name site.company.com, the DNS record should point to 1.2.3.4 and the PTR record set to site.company.com.

If you use SPF, there could be issues there - so make sure each sending server is listed on the SPF record for the domain.

Matt
0
 
LVL 31

Expert Comment

by:MegaNuk3
ID: 34082390
Yep, Matt is right. MX records are for sending into your domain, not for checking what is coming out of it.

Not having an SPF or not having all servers listed in SPF may result in higher Spam scoring for your messages.

With SPF you can put in that all your MX records are valid for the domain (hence my mention of adding MX records
above)
0
 

Author Comment

by:mwelf1
ID: 34082522
Can I just clarify the points above please.

So the MX record for the new domain name will point to the cloud based service that does the re-direction not the local servers.

If the smtp banner is set to mail.oldname.com.au but the mail sent out is from @newname.com.au, is that a problem?

What do I do with teh SPF records? Is that with my ISP?

thanks for your assistance guys

Mark
0
 
LVL 58

Accepted Solution

by:
tigermatt earned 500 total points
ID: 34085872
"...the MX record for the new domain name will point to the cloud based service that does the redirection..."

Correct.

"...the smtp banner is set to mail.oldname.com.au but the mail sent out is from @newname.com.au, is that a problem?"

Not a problem. The SMTP banner does not have to match the MX record(s) defined for the domain.  There are hundreds of mail admins who use services like Postini for inbound email but send email directly... If matching the MX record was a requirement this wouldn't work.

What you need to ensure is:

* the FQDN in the SMTP banner is a valid DNS name which resolves to the IP the server will send from

* the IP the server is sending from has a PTR record whose value is the FQDN in the SMTP banner

The PTR record would usually need to be set with your ISP.

The SPF framework is a system implemented in recent years which defines the servers approved to send for a domain. It isn't a requirement but configuring it can help reduce backscatter attacks using your domain. It isn't 100% effective but it is better than nothing.

The SPF record is set by you on your public DNS, wherever that is hosted for the new email domain. It is set in a DNS TXT record so your DNS host needs to support that format (some don't).

Have a look at

http://en.m.wikipedia.org/wiki/Sender_Policy_Framework
and
http://www.openspf.org/

for more info.

Matt
0

Featured Post

Online Training Solution

Drastically shorten your training time with WalkMe's advanced online training solution that Guides your trainees to action. Forget about retraining and skyrocket knowledge retention rates.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Phishing attempts can come in all forms, shapes and sizes. No matter how familiar you think you are with them, always remember to take extra precaution when opening an email with attachments or links.
As tax season makes its return, so does the increase in cyber crime and tax refund phishing that comes with it
how to add IIS SMTP to handle application/Scanner relays into office 365.
Established in 1997, Technology Architects has become one of the most reputable technology solutions companies in the country. TA have been providing businesses with cost effective state-of-the-art solutions and unparalleled service that is designed…

690 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question