Solved

Exchange and Non-Authoritative Domains

Posted on 2010-11-07
5
1,129 Views
Last Modified: 2012-05-10
Hi

We currently have an exchange 2010 server that is configured for our existing domain name.
We are part of a national group and have 24 exchange servers across the country all hosting their own domain name and no network links between them.  We are setting up a new name to be used by all and have a web service that will be doing the redirection to the relevant exchange server on a per user basis.
My question is, will I get any issues with reverse dns lookups on the local exchange servers if they are sending out as the new domain name as the mx record is not pointing to each server?

Any help would be awesome, thanks

Mark
0
Comment
Question by:mwelf1
  • 2
  • 2
5 Comments
 
LVL 31

Expert Comment

by:MegaNuk3
ID: 34082265
You could always add those mx records to DNS at a much higher cost/priority...

0
 
LVL 58

Expert Comment

by:tigermatt
ID: 34082306
No, it shouldn't cause any issues for you. Anti spam checks don't generally perform reverse lookups and compare with the MX records of the sender's domain

You mostly need to make sure the SMTP banner on your send connector is set to a valid DNS name, ensure that resolves back to the server's public IP and that the same record is found in the ISP ptr record for that IP.

I.e. If your server sits at 1.2.3.4 and has a name site.company.com, the DNS record should point to 1.2.3.4 and the PTR record set to site.company.com.

If you use SPF, there could be issues there - so make sure each sending server is listed on the SPF record for the domain.

Matt
0
 
LVL 31

Expert Comment

by:MegaNuk3
ID: 34082390
Yep, Matt is right. MX records are for sending into your domain, not for checking what is coming out of it.

Not having an SPF or not having all servers listed in SPF may result in higher Spam scoring for your messages.

With SPF you can put in that all your MX records are valid for the domain (hence my mention of adding MX records
above)
0
 

Author Comment

by:mwelf1
ID: 34082522
Can I just clarify the points above please.

So the MX record for the new domain name will point to the cloud based service that does the re-direction not the local servers.

If the smtp banner is set to mail.oldname.com.au but the mail sent out is from @newname.com.au, is that a problem?

What do I do with teh SPF records? Is that with my ISP?

thanks for your assistance guys

Mark
0
 
LVL 58

Accepted Solution

by:
tigermatt earned 500 total points
ID: 34085872
"...the MX record for the new domain name will point to the cloud based service that does the redirection..."

Correct.

"...the smtp banner is set to mail.oldname.com.au but the mail sent out is from @newname.com.au, is that a problem?"

Not a problem. The SMTP banner does not have to match the MX record(s) defined for the domain.  There are hundreds of mail admins who use services like Postini for inbound email but send email directly... If matching the MX record was a requirement this wouldn't work.

What you need to ensure is:

* the FQDN in the SMTP banner is a valid DNS name which resolves to the IP the server will send from

* the IP the server is sending from has a PTR record whose value is the FQDN in the SMTP banner

The PTR record would usually need to be set with your ISP.

The SPF framework is a system implemented in recent years which defines the servers approved to send for a domain. It isn't a requirement but configuring it can help reduce backscatter attacks using your domain. It isn't 100% effective but it is better than nothing.

The SPF record is set by you on your public DNS, wherever that is hosted for the new email domain. It is set in a DNS TXT record so your DNS host needs to support that format (some don't).

Have a look at

http://en.m.wikipedia.org/wiki/Sender_Policy_Framework
and
http://www.openspf.org/

for more info.

Matt
0

Featured Post

PRTG Network Monitor: Intuitive Network Monitoring

Network Monitoring is essential to ensure that computer systems and network devices are running. Use PRTG to monitor LANs, servers, websites, applications and devices, bandwidth, virtual environments, remote systems, IoT, and many more. PRTG is easy to set up & use.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Marketers need statistics and metrics like everybody else needs oxygen. In this article we explain how to enable marketing campaign statistics for Microsoft Exchange mail.
This article explains how to install and use the NTBackup utility that comes with Windows Server.
In this video we show how to create an email address policy in Exchange 2013. We show this process by using the Exchange Admin Center. Log into Exchange Admin Center.:  First we need to log into the Exchange Admin Center. Navigate to the Mail Flow…
The basic steps you have just learned will be implemented in this video. The basic steps are shown to configure an Exchange DAG in a live working Exchange Server Environment and manage the same (Exchange Server 2010 Software is used in a Windows Ser…

813 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

12 Experts available now in Live!

Get 1:1 Help Now