exchange server 2003 w/ external dns & SSL

My main goal is to access exchange server with mobile devices and offsite outlook, but let's get the basics together

i have port forwarded udp+tcp, 25 54 80 110 3389

my forward external dns seems to be functioning properly example.com
and my exchange and domain controller are working beautifully too
local dns and domain are domain.example.com and set to send mail as example.com
outlook w/ exchange is working locally and I am able to send and receive e-mail to my gmail
but other places  like my @live.com throw it right into spam/junk  i'm figuring because of not having SSL and or reverse dns working properly

I realize that hosting your own DNS is insecure I am doing this all for learning purposes!

I have the domain w/ godaddy and they are not even doing the dns hosting, I have nameserver set to ns0.example.com

i have the zone for example.com with nameserver ns0.example.com pointing to the external IP address and obviously mx record for hte FQDN ns0.domain.example.com

I created the primary reverse zone with the first 3 sections of IP address and proceeded to set a ptr for the fqdn/host and enter in the correct 4th digit section of the ip address from what i've read i have done this correctly

I read somewhere you have to call your ISP for them to set you up with the reverse dns which for me is Qwest  (i already have a static ip obviously)

if this is true should for this exchange situation do I just ask qwest to setup reverse dns for example.com and nothing else? I don't want to call them without knowing exactly what I need to do
dr_patsoAsked:
Who is Participating?

[Product update] Infrastructure Analysis Tool is now available with Business Accounts.Learn More

x
I wear a lot of hats...

"The solutions and answers provided on Experts Exchange have been extremely helpful to me over the last few years. I wear a lot of hats - Developer, Database Administrator, Help Desk, etc., so I know a lot of things but not a lot about one thing. Experts Exchange gives me answers from people who do know a lot about one thing, in a easy to use platform." -Todd S.

NetfloCommented:
Hi,

Okay first of all to troubleshoot mail delivery to external providers in your case Hotmail and Gmail, you need to ensure you're clean and compliant.

Having SSL is not a requirement for safe delivery, that is more for secure webmail connectivity, your SSL certificate may be used to TLS authentication for inbound and outbound delivery.

Yes as a matter of best practice you need to setup a reverse DNS record and your ISP have to set that, I've seen many scenarios where your ISP may refer you to your DNS provider. In that scenario just tell your ISP you want a PTR record set for your public IP address, if they don't understand that, ask to speak to their manager or someone who knows about DNS.

For your test environment I would ensure that your reverse DNS record matches the DNS record for your static IP. You could also ensure that the EHLO string matches your PTR record, on Exchange 2003 this would be on your Virtual SMTP adaptor in ESM, on Exchange 2007/2010 this would be on your Send Connector.

For example:

1.2.3.4 = mail.domain.com (PTR RECORD)
mail.domain.com = 1.2.3.4 (A RECORD) implied that mail.domain.com (MX RECORD)

For authenticating emails coming from your IP and prevent spoofing I would recommend setting up an SPF record, this is fairly simple to setup and I would consider this a must for any email server setup. A fairly simple record you could use to validate that emails from your MX record as authentic is listed below. I've used the ~ (tilde) as opposed to the strict - (hyphen), which should pass SPF lookups by Google and Hotmail.

"v=spf1 mx ~all"

I think this may be a question typo, DNS operates on port 53 UDP as opposed to port 54. I personally wouldn't open up port 110 unless you need external POP3 access.

Please see the following links for further reading:

http://www.microsoft.com/mscorp/safety/content/technologies/senderid/wizard/

http://blog.fastmail.fm/2007/12/05/sending-email-servers-best-practice/

Hope this helps and best of luck!
0

Experts Exchange Solution brought to you by

Your issues matter to us.

Facing a tech roadblock? Get the help and guidance you need from experienced professionals who care. Ask your question anytime, anywhere, with no hassle.

Start your 7-day free trial
dr_patsoAuthor Commented:
I just got reverse working..


but my Ip address resolves to ns0.example.com  (i set this up with qwest) when the exchange is set to send as example.com  but is actually domain.example.com

when I run the smtp test @ mxtoolbox.com it says reverse failed still, even though reverse lookup comes up with correct thing I set up, ns0.example.com

here is the error from smtp test for example.com @ mxlookup

a:example.com

smtp:1.2.3.4 (external ip address)                smtp  
220 ns0.domain.example.com Microsoft ESMTP MAIL Service, Version: 6.0.3790.0 ready at Sat, 2 Apr 2011 16:57:09 -0700
 Reverse DNS FAILED! This is a problem.


Do i need to set my PTR with qwest to be ns0.domain.exmaple.com?? please help before tech support closes lol!






0
dr_patsoAuthor Commented:
oh smtp test works now, on mxlookup result is this

green dots all the way!

I just tried e-mailing my mom's msn accoutn but it still went straight to spam =(



smtp:1.2.3.4(External IP)                smtp  
220 ns0.domain.example.com Microsoft ESMTP MAIL Service, Version: 6.0.3790.0 ready at Sat, 2 Apr 2011 17:59:01 -0700

 OK - 71.39.214.22 resolves to ns0.example.com
 OK - Reverse DNS matches SMTP Banner
 0 seconds - Good on Connection time
Not an open relay.
 0.515 seconds - Good on Transaction time
0
dr_patsoAuthor Commented:
thanks much for your help I got reverse dns working correctly!
0
NetfloCommented:
Glad to hear everything is okay.
0
It's more than this solution.Get answers and train to solve all your tech problems - anytime, anywhere.Try it for free Edge Out The Competitionfor your dream job with proven skills and certifications.Get started today Stand Outas the employee with proven skills.Start learning today for free Move Your Career Forwardwith certification training in the latest technologies.Start your trial today
Exchange

From novice to tech pro — start learning today.