Want to win a PS4? Go Premium and enter to win our High-Tech Treats giveaway. Enter to Win

x
?
Solved

MX Records / DNS Settings for new Exchange Server on SBS 2011

Posted on 2012-03-31
13
Medium Priority
?
2,864 Views
Last Modified: 2012-03-31
We have recently installed a new Windows SBS 2011 Server and have configured all the Exchange Mail Boxes in conjunction with the users setup. The mail is collected from my POP3/SMTP mail hosting company using the POP3 Connector.

I no longer want to use the POP3 connector, and need to know what settings I need to change in the DNS control panel 9to deliver mail directly to my Exchange Server (SBS 2011).

Currently the following records are set:-
A Record
mail.{domainname} --> IP Address of ISP POP3 server 

MX Records
@{domainname}     --> mail.{domainname}   --> Priority = 10
@*.{domainname}   --> mail.{domainname}   --> Priority = 10

Open in new window

I have a static WAN IP address assigned to my SBS 2011 Server.

Questions...

1.

Do I need to change the A record for mail.{domainname} to point to my static WAN IP address?

3.

Do I need to change the priorities for the MX records (or add new MX records)?

3.

What do I need to add in order to setup Reverse DNS records for the exchange mail server?

4.

Are there any other suggestions for 'best practice' in this typical SBS 2011 / Exchange setup?Looking forward to some positive responses :)
0
Comment
Question by:Team1_Coder
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
13 Comments
 
LVL 8

Expert Comment

by:Elmar Koschka
ID: 37790236
Hello,
You must change the A Record to your IP of Exchange Server. The reverse DNS (PTR) also. thats all.
0
 
LVL 10

Accepted Solution

by:
CSIPComputing earned 2000 total points
ID: 37790564
Don't change the current records.

You should have an "A" record for "remote.domainname.com" pointing to your static IP Address.  This lets your users use the Remote Web Workplace, Outlook Web Access etc.  If you've not got one set it up now.

ADD an new MX record, with a priority lower than the existing ones, but in the same format.  I suggest priority 5.

A Record
mail.{domainname} --> IP Address of ISP POP3 server
remote.{domainname}--> Static WAN Address

MX Records
@{domainname}     --> remote.{domainname}   --> Priority = 5
@*.{domainname}   --> remote.{domainname}   --> Priority = 5
@{domainname}     --> mail.{domainname}   --> Priority = 10
@*.{domainname}   --> mail.{domainname}   --> Priority = 10

Ask your ISP to add a reverse DNS entry (PTR) for "remote.{domainname}" for your Static WAN Address. (You can't do this, you don't OWN the IP address, your ISP does!)

You can continue to collect your POP3 mail whilst these changes propagate around the world, then mail will start flowing using SMTP directly to your server (assuming you've allowed the SBS wizards to open port 25, or you've manually opened port 25 on your router)

If you maintain the POP3 accounts, in the event of your server being off line, the priority 10 MX records will be used to accept mail again (because the priority 5 server is offline) until your server is back with the living, then you can retrieve the POP3 mail that was accepted on your behalf whilst you were down, and guarantee not losing anything.  Naturally when your server is back on line, the priority 5 MX records will again take precedence.

Hope that helps!
0
 

Author Comment

by:Team1_Coder
ID: 37790574
The reverse DNS (PTR) also]
I don't see this in my DNS control panel, unless it is a text record?

The following text record is set:-
v=spf1 a mx a:mailforwards.extendcp.co.uk ~all

Open in new window

This TXT record gives .{domainname} the value v=spf1 a mx a:mailforwards.extendcp.co.uk ~all

Do I change this when moving to Exchange?
0
Q2 2017 - Latest Malware & Internet Attacks

WatchGuard’s Threat Lab is a group of dedicated threat researchers committed to helping you stay ahead of the bad guys by providing in-depth analysis of the top security threats to your network.  Check out our latest Quarterly Internet Security Report!

 
LVL 10

Expert Comment

by:CSIPComputing
ID: 37790592
You can't change your reverse DNS pointer, you don't have control over it.  It's from a pool of IPs from your ISP.  You have to ask them to change it.

Regarding SPF, this relates to sending email FROM your domain, and shouldn't change just because you're changing how you RECIEVE email.

However, if in doubt, check the Microsoft SPF Records Wizard, which will guide you as to what *it* thinks is the correct entries for your domain

http://www.microsoft.com/mscorp/safety/content/technologies/senderid/wizard/
0
 

Author Comment

by:Team1_Coder
ID: 37790598
CSIPComputing

Thanks for your detailed response to my questions.  I already have A records set for remote.{domainname} and the local firewall has ports open for 25, 587 and 110 which are NAT to the SBS 2011.

With regards the Reverse DNS, does this mean that in fact the mail that is being delivered currently will not actually have matching RDNS?  I sent an email from one of the exchange accounts, and checked the header information on receipt - it showed it received from remote.{domainname}

With regards the MX records - your suggestion is excellent (adding records rather than changing A records)  This being the case, am I safe to leave the POP3 Connector in place - to collect any mail that lands in the POP3 mail boxes?  Or is there a chance that mail could be delivered twice - to the exchange server and to the POP account?

Thanks again, and look forward to your response.
0
 
LVL 10

Expert Comment

by:CSIPComputing
ID: 37790611
Good.  I'm glad you already have a "remote" A record.  It's just it was missing from your original post!

Have you done a reverse DNS lookup on your Static WAN Address?  Does it already have one?

Your email headers will show that the email was recieved from "remote.{domainname}", however this is not the same as a reverse DNS lookup.

How are you delivering mail?  Are you using a smart-host?  If so, you don't need to worry about Reverse DNS, as all mail will go to the smart host from your system, and from there will be delivered to the recipient.  The Smarthost IP Address is therefore the one that needs the Reverse DNS entry (it will have, ISPs have this sorted) and therefore you don't need to worry.   If you are NOT delivering via smart host (you're delivering directly), then you need to check your reverse DNS PTR, and ensure there's SOMETHING there (Mail servers tend to hate finding NO reverse DNS at all).  If possible get it updated for your Static WAN address.

Yes you can continue to collect your POP3 mail.  Mail will only get there if your own mail server is not able to accept messages, therefore you should not get any duplicates :-)

Enjoy
0
 
LVL 7

Expert Comment

by:abdulalikhan
ID: 37790627
You can leave your POP3 settings as it is for backup purpose.
0
 

Author Comment

by:Team1_Coder
ID: 37790645
Hello CSIPComputing,

Thanks again for your response.

I am not using SmartHosts - do you advise implementing this?  I have established the MX Records as per your suggestion, and have also run through the MS SPF utility (thanks for sending the link).

Have also checked the RDNS records - it would appear that there are records set for this IP - but I will request that they are updated to the remote.{domainname} shortly.

I don't really understand the existing SPF record - but guess that doesn't matter for the moment!  I have added a new SPF record based on the results of the MS SPF utility - should I remove the existing record?  This is the new SPF record:-
v=spf1 a mx a:mailforwards.extendcp.co.uk ip4:79.170.xxx.138 ip4:92.27.xxx.47 a:remote.{domainname} mx:remote.{domainname} ~all

Open in new window


Thanks again for your help - is there any way to send a private message in EE?
0
 
LVL 10

Expert Comment

by:CSIPComputing
ID: 37790649
Great.  Don't have 2 spf records.  But make a note of the one you're going to delete, because if you start getting rejections based on your current spf, you can revert to the original one (which works!)

If you are happy to deliver email directly to recipients, then keep it as it is.  I don't use smart hosts, and don't have a single client that does!

Not sure about private messages, I've never looked!
0
 

Author Closing Comment

by:Team1_Coder
ID: 37790652
Excellent response - detailed and accurate information that was presented intelligently and worked in real life!
0
 
LVL 10

Expert Comment

by:CSIPComputing
ID: 37790653
Happy to help.

Thanks for the kind words :-)
0
 

Author Comment

by:Team1_Coder
ID: 37790690
CSIPComputing,

Do you offer support for SBS systems on a commercial basis?  Would be glad to hear from you if so... (does this number identify you 036225?)

Many thanks for your help on this topic once again.
0
 
LVL 10

Expert Comment

by:CSIPComputing
ID: 37791069
Yes and yes, SBS is my core business. Good detective work :-) Drop me an email.
0

Featured Post

Has Powershell sent you back into the Stone Age?

If managing Active Directory using Windows Powershell® is making you feel like you stepped back in time, you are not alone.  For nearly 20 years, AD admins around the world have used one tool for day-to-day AD management: Hyena. Discover why.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

This article lists the top 5 free OST to PST Converter Tools. These tools save a lot of time for users when they want to convert OST to PST after their exchange server is no longer available or some other critical issue with exchange server or impor…
New style of hardware planning for Microsoft Exchange server.
In this video we show how to create an Address List in Exchange 2013. We show this process by using the Exchange Admin Center. Log into Exchange Admin Center.: First we need to log into the Exchange Admin Center. Navigate to the Organization >> Ad…
To add imagery to an HTML email signature, you have two options available to you. You can either add a logo/image by embedding it directly into the signature or hosting it externally and linking to it. The vast majority of email clients display l…
Suggested Courses

610 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question