• Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 279
  • Last Modified:

Exchange 2010 and DNS

I want to understand the points below:

1- to enable public users out on the internet to send email to my organization, I should register MX and A record  with the ISP. Correct?

 how do they show at the registar?
A : MyCompany.com  64.64.64.64
MX : Mycompany.com
Correct?

2- once the A and MX records registered, public users can send email to Mycompany.com , and it will come to my public router interface 64.64.64.64 , and from there how does it finds the route to my exchange server Mailbox??

3- if a public user , send email from Yahoo.com to Mycompany.com, I wonder if it goes through CAS server, or just from Hub server to Mailbox server?

Thanks



 
0
jskfan
Asked:
jskfan
  • 7
  • 5
6 Solutions
 
jbvernejCommented:
1-  You are almost right. Your Example should be  :
Host record (A) :  mail.company.com  64.64.64.64
MX record for domain "company.com" :  preference = 10,  mail.company.com

2- You need a firewall / or a NAT router to forward the inbound external traffic on 64.64.64.64 port 25 (TCP) to your Exchange HUB in your lan (port 25 )

3-SMTP flow is only processed by Hub Role. CAS Role is for Cient Access (Webmail via HTTP, mobile sync, POP, IMAP,...)
 
0
 
jskfanAuthor Commented:
2- it sounds like an Access List should be configured on  the router. If so, can you paste the config here?

3- If I understand your point, is if the emal is coming from Yahoo.com. or Hotmail.com, Gmail.com, then it will go to the HUB server role then to the Mailbox server role, it doesn't go through CAS server role. Correct?

0
 
Suliman Abu KharroubIT Consultant Commented:
I would like to add something important to mail record. you have to create an PRT record ( x.x.x.x points to mail.company.com) in order o not be listed in spammer black list.

Also if you need to enable and configure outlook anywhere to allow users to connect outlook to exchange server from external network, you have to forward port 80/443 to exchange server (publish exchange server in terms of ISA server).
0
A Cyber Security RX to Protect Your Organization

Join us on December 13th for a webinar to learn how medical providers can defend against malware with a cyber security "Rx" that supports a healthy technology adoption plan for every healthcare organization.

 
jskfanAuthor Commented:
Sulimanw and jbvernej

can you please write the configuration here:
for DNS and the NAT ?

thanks
0
 
jskfanAuthor Commented:
any updates please??
0
 
Suliman Abu KharroubIT Consultant Commented:
Do you have access to your domain control panel ? (external  domain), if so, then create the above records... it is a street forward process ... if not, call you domain provider and they will do it for you...and remember to tell them about prt record.

0
 
jskfanAuthor Commented:

1- OK on the public DNS  at the registrar for instance GoDaddy.com are the records gonna show as follows ??
Host record (A) = company.com  64.64.64.64
MX record=  mail.company.com

2- at the router or firewall level, can you please paste the NAT commands. ?
and the NAT will point to which IP address?
0
 
Suliman Abu KharroubIT Consultant Commented:
1. also you should have (A) mail.company.com public_mail_server_ip  ( this ip could be assigned to router and forwarded to exchange server.

2. what is the router do you have? cisco ? does it has web access ?
0
 
jskfanAuthor Commented:
Cisco Router.
What s the command line ?

0
 
Suliman Abu KharroubIT Consultant Commented:
sorry, I dont know this command.

you can post under Cisco zone for this or wait another experts input...
0
 
jskfanAuthor Commented:
do you mean the folowing records need to be at the registrar DNS:

Host record (A) = company.com  64.64.64.64
Host record (A) = mail.company.com  64.64.64.64
MX record=  mail.company.com

0
 
Suliman Abu KharroubIT Consultant Commented:
Host record (A) = company.com  64.64.64.64 <-- is not necessry for mail to work... but it could be necessary if you have website (www.company.com or company.com).

most domain registers ( like Godaddy) by default add @ (A record). it looks like @.company.com points to 64.64.64.64.... which means everything points to 64.64.64.64  except the record you added...

another important record you have to add is:

PTR (revirse) record ( 64.64.64.64 points to mail.company.com).


Summary:

you need the following records for mail to work :

Host record (A) = mail.company.com  64.64.64.64
MX record=  mail.company.com
PTR = 64.64.64.64 points to mail.company.com

if you have an @ record then no need to any other record, of not and you need to access company's website you have to create www.company.com A record.

B.R
Suliman
0
 
jskfanAuthor Commented:
Thanks
0

Featured Post

NFR key for Veeam Agent for Linux

Veeam is happy to provide a free NFR license for one year.  It allows for the non‑production use and valid for five workstations and two servers. Veeam Agent for Linux is a simple backup tool for your Linux installations, both on‑premises and in the public cloud.

  • 7
  • 5
Tackle projects and never again get stuck behind a technical roadblock.
Join Now