?
Solved

Exchange and Non-Authoritative Domains

Posted on 2010-11-07
5
Medium Priority
?
1,156 Views
Last Modified: 2012-05-10
Hi

We currently have an exchange 2010 server that is configured for our existing domain name.
We are part of a national group and have 24 exchange servers across the country all hosting their own domain name and no network links between them.  We are setting up a new name to be used by all and have a web service that will be doing the redirection to the relevant exchange server on a per user basis.
My question is, will I get any issues with reverse dns lookups on the local exchange servers if they are sending out as the new domain name as the mx record is not pointing to each server?

Any help would be awesome, thanks

Mark
0
Comment
Question by:mwelf1
  • 2
  • 2
5 Comments
 
LVL 31

Expert Comment

by:MegaNuk3
ID: 34082265
You could always add those mx records to DNS at a much higher cost/priority...

0
 
LVL 58

Expert Comment

by:tigermatt
ID: 34082306
No, it shouldn't cause any issues for you. Anti spam checks don't generally perform reverse lookups and compare with the MX records of the sender's domain

You mostly need to make sure the SMTP banner on your send connector is set to a valid DNS name, ensure that resolves back to the server's public IP and that the same record is found in the ISP ptr record for that IP.

I.e. If your server sits at 1.2.3.4 and has a name site.company.com, the DNS record should point to 1.2.3.4 and the PTR record set to site.company.com.

If you use SPF, there could be issues there - so make sure each sending server is listed on the SPF record for the domain.

Matt
0
 
LVL 31

Expert Comment

by:MegaNuk3
ID: 34082390
Yep, Matt is right. MX records are for sending into your domain, not for checking what is coming out of it.

Not having an SPF or not having all servers listed in SPF may result in higher Spam scoring for your messages.

With SPF you can put in that all your MX records are valid for the domain (hence my mention of adding MX records
above)
0
 

Author Comment

by:mwelf1
ID: 34082522
Can I just clarify the points above please.

So the MX record for the new domain name will point to the cloud based service that does the re-direction not the local servers.

If the smtp banner is set to mail.oldname.com.au but the mail sent out is from @newname.com.au, is that a problem?

What do I do with teh SPF records? Is that with my ISP?

thanks for your assistance guys

Mark
0
 
LVL 58

Accepted Solution

by:
tigermatt earned 2000 total points
ID: 34085872
"...the MX record for the new domain name will point to the cloud based service that does the redirection..."

Correct.

"...the smtp banner is set to mail.oldname.com.au but the mail sent out is from @newname.com.au, is that a problem?"

Not a problem. The SMTP banner does not have to match the MX record(s) defined for the domain.  There are hundreds of mail admins who use services like Postini for inbound email but send email directly... If matching the MX record was a requirement this wouldn't work.

What you need to ensure is:

* the FQDN in the SMTP banner is a valid DNS name which resolves to the IP the server will send from

* the IP the server is sending from has a PTR record whose value is the FQDN in the SMTP banner

The PTR record would usually need to be set with your ISP.

The SPF framework is a system implemented in recent years which defines the servers approved to send for a domain. It isn't a requirement but configuring it can help reduce backscatter attacks using your domain. It isn't 100% effective but it is better than nothing.

The SPF record is set by you on your public DNS, wherever that is hosted for the new email domain. It is set in a DNS TXT record so your DNS host needs to support that format (some don't).

Have a look at

http://en.m.wikipedia.org/wiki/Sender_Policy_Framework
and
http://www.openspf.org/

for more info.

Matt
0

Featured Post

Evaluating UTMs? Here's what you need to know!

Evaluating a UTM appliance and vendor can prove to be an overwhelming exercise.  How can you make sure that you're getting the security that your organization needs without breaking the bank? Check out our UTM Buyer's Guide for more information on what you should be looking for!

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

In this post, I will showcase the steps for how to create groups in Office 365. Office 365 groups allow for ease of flexibility and collaboration between staff members.
Among the most obnoxious of Exchange errors is error 1216 – Attached Database Mismatch error of the Jet Database Engine. When faced with this error, users may have to suffer from mailbox inaccessibility and in worst situations, permanent data loss.
how to add IIS SMTP to handle application/Scanner relays into office 365.
This video shows how to quickly and easily add an email signature for all users on Exchange 2016. The resulting signature is applied on a server level by Exchange Online. The email signature template has been downloaded from: www.mail-signatures…
Suggested Courses

578 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question