MX Records / DNS Settings for new Exchange Server on SBS 2011

We have recently installed a new Windows SBS 2011 Server and have configured all the Exchange Mail Boxes in conjunction with the users setup. The mail is collected from my POP3/SMTP mail hosting company using the POP3 Connector.

I no longer want to use the POP3 connector, and need to know what settings I need to change in the DNS control panel 9to deliver mail directly to my Exchange Server (SBS 2011).

Currently the following records are set:-
A Record
mail.{domainname} --> IP Address of ISP POP3 server 

MX Records
@{domainname}     --> mail.{domainname}   --> Priority = 10
@*.{domainname}   --> mail.{domainname}   --> Priority = 10

Open in new window

I have a static WAN IP address assigned to my SBS 2011 Server.



Do I need to change the A record for mail.{domainname} to point to my static WAN IP address?


Do I need to change the priorities for the MX records (or add new MX records)?


What do I need to add in order to setup Reverse DNS records for the exchange mail server?


Are there any other suggestions for 'best practice' in this typical SBS 2011 / Exchange setup?Looking forward to some positive responses :)
Who is Participating?
I wear a lot of hats...

"The solutions and answers provided on Experts Exchange have been extremely helpful to me over the last few years. I wear a lot of hats - Developer, Database Administrator, Help Desk, etc., so I know a lot of things but not a lot about one thing. Experts Exchange gives me answers from people who do know a lot about one thing, in a easy to use platform." -Todd S.

Elmar KoschkaSenior System EngineerCommented:
You must change the A Record to your IP of Exchange Server. The reverse DNS (PTR) also. thats all.
Don't change the current records.

You should have an "A" record for "" pointing to your static IP Address.  This lets your users use the Remote Web Workplace, Outlook Web Access etc.  If you've not got one set it up now.

ADD an new MX record, with a priority lower than the existing ones, but in the same format.  I suggest priority 5.

A Record
mail.{domainname} --> IP Address of ISP POP3 server
remote.{domainname}--> Static WAN Address

MX Records
@{domainname}     --> remote.{domainname}   --> Priority = 5
@*.{domainname}   --> remote.{domainname}   --> Priority = 5
@{domainname}     --> mail.{domainname}   --> Priority = 10
@*.{domainname}   --> mail.{domainname}   --> Priority = 10

Ask your ISP to add a reverse DNS entry (PTR) for "remote.{domainname}" for your Static WAN Address. (You can't do this, you don't OWN the IP address, your ISP does!)

You can continue to collect your POP3 mail whilst these changes propagate around the world, then mail will start flowing using SMTP directly to your server (assuming you've allowed the SBS wizards to open port 25, or you've manually opened port 25 on your router)

If you maintain the POP3 accounts, in the event of your server being off line, the priority 10 MX records will be used to accept mail again (because the priority 5 server is offline) until your server is back with the living, then you can retrieve the POP3 mail that was accepted on your behalf whilst you were down, and guarantee not losing anything.  Naturally when your server is back on line, the priority 5 MX records will again take precedence.

Hope that helps!

Experts Exchange Solution brought to you by

Your issues matter to us.

Facing a tech roadblock? Get the help and guidance you need from experienced professionals who care. Ask your question anytime, anywhere, with no hassle.

Start your 7-day free trial
Team1_CoderAuthor Commented:
The reverse DNS (PTR) also]
I don't see this in my DNS control panel, unless it is a text record?

The following text record is set:-
v=spf1 a mx ~all

Open in new window

This TXT record gives .{domainname} the value v=spf1 a mx ~all

Do I change this when moving to Exchange?
Big Business Goals? Which KPIs Will Help You

The most successful MSPs rely on metrics – known as key performance indicators (KPIs) – for making informed decisions that help their businesses thrive, rather than just survive. This eBook provides an overview of the most important KPIs used by top MSPs.

You can't change your reverse DNS pointer, you don't have control over it.  It's from a pool of IPs from your ISP.  You have to ask them to change it.

Regarding SPF, this relates to sending email FROM your domain, and shouldn't change just because you're changing how you RECIEVE email.

However, if in doubt, check the Microsoft SPF Records Wizard, which will guide you as to what *it* thinks is the correct entries for your domain
Team1_CoderAuthor Commented:

Thanks for your detailed response to my questions.  I already have A records set for remote.{domainname} and the local firewall has ports open for 25, 587 and 110 which are NAT to the SBS 2011.

With regards the Reverse DNS, does this mean that in fact the mail that is being delivered currently will not actually have matching RDNS?  I sent an email from one of the exchange accounts, and checked the header information on receipt - it showed it received from remote.{domainname}

With regards the MX records - your suggestion is excellent (adding records rather than changing A records)  This being the case, am I safe to leave the POP3 Connector in place - to collect any mail that lands in the POP3 mail boxes?  Or is there a chance that mail could be delivered twice - to the exchange server and to the POP account?

Thanks again, and look forward to your response.
Good.  I'm glad you already have a "remote" A record.  It's just it was missing from your original post!

Have you done a reverse DNS lookup on your Static WAN Address?  Does it already have one?

Your email headers will show that the email was recieved from "remote.{domainname}", however this is not the same as a reverse DNS lookup.

How are you delivering mail?  Are you using a smart-host?  If so, you don't need to worry about Reverse DNS, as all mail will go to the smart host from your system, and from there will be delivered to the recipient.  The Smarthost IP Address is therefore the one that needs the Reverse DNS entry (it will have, ISPs have this sorted) and therefore you don't need to worry.   If you are NOT delivering via smart host (you're delivering directly), then you need to check your reverse DNS PTR, and ensure there's SOMETHING there (Mail servers tend to hate finding NO reverse DNS at all).  If possible get it updated for your Static WAN address.

Yes you can continue to collect your POP3 mail.  Mail will only get there if your own mail server is not able to accept messages, therefore you should not get any duplicates :-)

You can leave your POP3 settings as it is for backup purpose.
Team1_CoderAuthor Commented:
Hello CSIPComputing,

Thanks again for your response.

I am not using SmartHosts - do you advise implementing this?  I have established the MX Records as per your suggestion, and have also run through the MS SPF utility (thanks for sending the link).

Have also checked the RDNS records - it would appear that there are records set for this IP - but I will request that they are updated to the remote.{domainname} shortly.

I don't really understand the existing SPF record - but guess that doesn't matter for the moment!  I have added a new SPF record based on the results of the MS SPF utility - should I remove the existing record?  This is the new SPF record:-
v=spf1 a mx a:remote.{domainname} mx:remote.{domainname} ~all

Open in new window

Thanks again for your help - is there any way to send a private message in EE?
Great.  Don't have 2 spf records.  But make a note of the one you're going to delete, because if you start getting rejections based on your current spf, you can revert to the original one (which works!)

If you are happy to deliver email directly to recipients, then keep it as it is.  I don't use smart hosts, and don't have a single client that does!

Not sure about private messages, I've never looked!
Team1_CoderAuthor Commented:
Excellent response - detailed and accurate information that was presented intelligently and worked in real life!
Happy to help.

Thanks for the kind words :-)
Team1_CoderAuthor Commented:

Do you offer support for SBS systems on a commercial basis?  Would be glad to hear from you if so... (does this number identify you 036225?)

Many thanks for your help on this topic once again.
Yes and yes, SBS is my core business. Good detective work :-) Drop me an email.
It's more than this solution.Get answers and train to solve all your tech problems - anytime, anywhere.Try it for free Edge Out The Competitionfor your dream job with proven skills and certifications.Get started today Stand Outas the employee with proven skills.Start learning today for free Move Your Career Forwardwith certification training in the latest technologies.Start your trial today

From novice to tech pro — start learning today.