Solved

MX Records / DNS Settings for new Exchange Server on SBS 2011

Posted on 2012-03-31
13
2,550 Views
Last Modified: 2012-03-31
We have recently installed a new Windows SBS 2011 Server and have configured all the Exchange Mail Boxes in conjunction with the users setup. The mail is collected from my POP3/SMTP mail hosting company using the POP3 Connector.

I no longer want to use the POP3 connector, and need to know what settings I need to change in the DNS control panel 9to deliver mail directly to my Exchange Server (SBS 2011).

Currently the following records are set:-
A Record
mail.{domainname} --> IP Address of ISP POP3 server 

MX Records
@{domainname}     --> mail.{domainname}   --> Priority = 10
@*.{domainname}   --> mail.{domainname}   --> Priority = 10

Open in new window

I have a static WAN IP address assigned to my SBS 2011 Server.

Questions...

1.

Do I need to change the A record for mail.{domainname} to point to my static WAN IP address?

3.

Do I need to change the priorities for the MX records (or add new MX records)?

3.

What do I need to add in order to setup Reverse DNS records for the exchange mail server?

4.

Are there any other suggestions for 'best practice' in this typical SBS 2011 / Exchange setup?Looking forward to some positive responses :)
0
Comment
Question by:Team1_Coder
13 Comments
 
LVL 8

Expert Comment

by:Elmar-H
Comment Utility
Hello,
You must change the A Record to your IP of Exchange Server. The reverse DNS (PTR) also. thats all.
0
 
LVL 10

Accepted Solution

by:
CSIPComputing earned 500 total points
Comment Utility
Don't change the current records.

You should have an "A" record for "remote.domainname.com" pointing to your static IP Address.  This lets your users use the Remote Web Workplace, Outlook Web Access etc.  If you've not got one set it up now.

ADD an new MX record, with a priority lower than the existing ones, but in the same format.  I suggest priority 5.

A Record
mail.{domainname} --> IP Address of ISP POP3 server
remote.{domainname}--> Static WAN Address

MX Records
@{domainname}     --> remote.{domainname}   --> Priority = 5
@*.{domainname}   --> remote.{domainname}   --> Priority = 5
@{domainname}     --> mail.{domainname}   --> Priority = 10
@*.{domainname}   --> mail.{domainname}   --> Priority = 10

Ask your ISP to add a reverse DNS entry (PTR) for "remote.{domainname}" for your Static WAN Address. (You can't do this, you don't OWN the IP address, your ISP does!)

You can continue to collect your POP3 mail whilst these changes propagate around the world, then mail will start flowing using SMTP directly to your server (assuming you've allowed the SBS wizards to open port 25, or you've manually opened port 25 on your router)

If you maintain the POP3 accounts, in the event of your server being off line, the priority 10 MX records will be used to accept mail again (because the priority 5 server is offline) until your server is back with the living, then you can retrieve the POP3 mail that was accepted on your behalf whilst you were down, and guarantee not losing anything.  Naturally when your server is back on line, the priority 5 MX records will again take precedence.

Hope that helps!
0
 

Author Comment

by:Team1_Coder
Comment Utility
The reverse DNS (PTR) also]
I don't see this in my DNS control panel, unless it is a text record?

The following text record is set:-
v=spf1 a mx a:mailforwards.extendcp.co.uk ~all

Open in new window

This TXT record gives .{domainname} the value v=spf1 a mx a:mailforwards.extendcp.co.uk ~all

Do I change this when moving to Exchange?
0
 
LVL 10

Expert Comment

by:CSIPComputing
Comment Utility
You can't change your reverse DNS pointer, you don't have control over it.  It's from a pool of IPs from your ISP.  You have to ask them to change it.

Regarding SPF, this relates to sending email FROM your domain, and shouldn't change just because you're changing how you RECIEVE email.

However, if in doubt, check the Microsoft SPF Records Wizard, which will guide you as to what *it* thinks is the correct entries for your domain

http://www.microsoft.com/mscorp/safety/content/technologies/senderid/wizard/
0
 

Author Comment

by:Team1_Coder
Comment Utility
CSIPComputing

Thanks for your detailed response to my questions.  I already have A records set for remote.{domainname} and the local firewall has ports open for 25, 587 and 110 which are NAT to the SBS 2011.

With regards the Reverse DNS, does this mean that in fact the mail that is being delivered currently will not actually have matching RDNS?  I sent an email from one of the exchange accounts, and checked the header information on receipt - it showed it received from remote.{domainname}

With regards the MX records - your suggestion is excellent (adding records rather than changing A records)  This being the case, am I safe to leave the POP3 Connector in place - to collect any mail that lands in the POP3 mail boxes?  Or is there a chance that mail could be delivered twice - to the exchange server and to the POP account?

Thanks again, and look forward to your response.
0
 
LVL 10

Expert Comment

by:CSIPComputing
Comment Utility
Good.  I'm glad you already have a "remote" A record.  It's just it was missing from your original post!

Have you done a reverse DNS lookup on your Static WAN Address?  Does it already have one?

Your email headers will show that the email was recieved from "remote.{domainname}", however this is not the same as a reverse DNS lookup.

How are you delivering mail?  Are you using a smart-host?  If so, you don't need to worry about Reverse DNS, as all mail will go to the smart host from your system, and from there will be delivered to the recipient.  The Smarthost IP Address is therefore the one that needs the Reverse DNS entry (it will have, ISPs have this sorted) and therefore you don't need to worry.   If you are NOT delivering via smart host (you're delivering directly), then you need to check your reverse DNS PTR, and ensure there's SOMETHING there (Mail servers tend to hate finding NO reverse DNS at all).  If possible get it updated for your Static WAN address.

Yes you can continue to collect your POP3 mail.  Mail will only get there if your own mail server is not able to accept messages, therefore you should not get any duplicates :-)

Enjoy
0
IT, Stop Being Called Into Every Meeting

Highfive is so simple that setting up every meeting room takes just minutes and every employee will be able to start or join a call from any room with ease. Never be called into a meeting just to get it started again. This is how video conferencing should work!

 
LVL 7

Expert Comment

by:abdulalikhan
Comment Utility
You can leave your POP3 settings as it is for backup purpose.
0
 

Author Comment

by:Team1_Coder
Comment Utility
Hello CSIPComputing,

Thanks again for your response.

I am not using SmartHosts - do you advise implementing this?  I have established the MX Records as per your suggestion, and have also run through the MS SPF utility (thanks for sending the link).

Have also checked the RDNS records - it would appear that there are records set for this IP - but I will request that they are updated to the remote.{domainname} shortly.

I don't really understand the existing SPF record - but guess that doesn't matter for the moment!  I have added a new SPF record based on the results of the MS SPF utility - should I remove the existing record?  This is the new SPF record:-
v=spf1 a mx a:mailforwards.extendcp.co.uk ip4:79.170.xxx.138 ip4:92.27.xxx.47 a:remote.{domainname} mx:remote.{domainname} ~all

Open in new window


Thanks again for your help - is there any way to send a private message in EE?
0
 
LVL 10

Expert Comment

by:CSIPComputing
Comment Utility
Great.  Don't have 2 spf records.  But make a note of the one you're going to delete, because if you start getting rejections based on your current spf, you can revert to the original one (which works!)

If you are happy to deliver email directly to recipients, then keep it as it is.  I don't use smart hosts, and don't have a single client that does!

Not sure about private messages, I've never looked!
0
 

Author Closing Comment

by:Team1_Coder
Comment Utility
Excellent response - detailed and accurate information that was presented intelligently and worked in real life!
0
 
LVL 10

Expert Comment

by:CSIPComputing
Comment Utility
Happy to help.

Thanks for the kind words :-)
0
 

Author Comment

by:Team1_Coder
Comment Utility
CSIPComputing,

Do you offer support for SBS systems on a commercial basis?  Would be glad to hear from you if so... (does this number identify you 036225?)

Many thanks for your help on this topic once again.
0
 
LVL 10

Expert Comment

by:CSIPComputing
Comment Utility
Yes and yes, SBS is my core business. Good detective work :-) Drop me an email.
0

Featured Post

Too many email signature updates to deal with?

Do you feel like you are taking up all of your time constantly visiting users’ desks to make changes to email signatures? Wish you could manage all signatures from one central location, easily design them and deploy them quickly to users? Well, there is an easy way!

Join & Write a Comment

Resolve DNS query failed errors for Exchange
Find out how to use Active Directory data for email signature management in Microsoft Exchange and Office 365.
In this video we show how to create a Shared Mailbox in Exchange 2013. We show this process by using the Exchange Admin Center. Log into Exchange Admin Center.: First we need to log into the Exchange Admin Center. Navigate to the Recipients >> Sha…
The video tutorial explains the basics of the Exchange server Database Availability groups. The components of this video include: 1. Automatic Failover 2. Failover Clustering 3. Active Manager

744 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

18 Experts available now in Live!

Get 1:1 Help Now