Exchange setting

Posted on 2012-08-31
Last Modified: 2012-09-16
We're using Exchange for mail server (Internet IP Address NAT

(MX record: MX preference = 10, mail exchanger =
(A Name)  internet address =

Question 1: (For a single Exchange server)
Can I add one more iP address for mail routing redundancy when IP address is blacklisted)
1. Internet IP Address NAT
2. (New A Name)  internet address =
3. MX preference = 30, mail exchanger =,

is it possible? If not, any good suggestion please?
Question 2:
For DR (single domain:
Site A: Master Exchange (Internet IP Address NAT
Site B: Standby Exchange  (Internet IP Address NAT

What I should prepare for mail server switching?
Site B will get all email when Master Exchange server down
Question 3:
What's the good solution for Exchange server redundancy?
- Clustering ?
- Front-End+Back End Exchange (If Front-End Exchange down, how to auto switch to Back-End Exchange to pick up the online job?)
- Or others

Thanks !
Question by:rhinoceros
    LVL 8

    Expert Comment

    1.) MX preference you can add as many mailservers you want until you have still numbers free: as lower the number the first its get served. So if you have 10 and 20 the first 10 is served is it down 20 is served etc.

    For blacklisting you will have a problem because not only the mailserver itselfe get blacklisted also your domain

    2.) its enough if you have the second mx entry for

    3.) Master solution is a hardware loadbalancer infront and a cluster behind. If not possible then only cluster because then you do not need to switch anything and you can upgrade with more servers if you are under heavy load.
    LVL 63

    Accepted Solution

    In my opinion MX record cost/preference is no longer valid. While you can set it, email will go to all servers in the MX record list. Therefore either the servers need to accept and route email correctly, or ensure they don't answer.
    Blacklisting has no effect on inbound email, so setting multiple MX records will provide no protection from that.
    The best protection you can have for blacklisting is a dedicated IP address for Exchange, the firewall locked down to only allow SMTP traffic from Exchange, and then Exchange setup correctly so it cannot be abused.
    Furthermore the posting above about blacklisting is incorrect. Domains are not blacklisted - it is ONLY IP addresses that are blacklisted. If domains could be blacklisted then companies could be held hostage, Microsoft for example would probably be permanently blacklisted.

    If you have two sites, both in the same forest, then have MX records pointing to both locations. Although ensure that both locations have the same level of antispam, so that they are both protected.

    You haven't said which version of Exchange that you are using, or what you want to protect to answer your third question.
    Exchange 2010 makes site resilience very easy, Exchange 2007 it is ok, and with Exchange 2003 almost impossible. Too many options available to you and not enough information.

    LVL 12

    Assisted Solution

    Making Exchange 2010 highly available can be challenging on the budget.  Exchange 2010 does not directly support the classic "fail over" cluster architecture like 2003 and 2007. Instead it  uses "Database Availability Groups" (DAGs) to make the mailbox servers resiliant. In a DAG there are copies of the database on multiple "back end" servers and the "client Access Servers" redirect the users connections to the backend server that currently has the database mounted. So at a minumum you will need two copies of Windows Enterprise server as DAGs actually use Cluster Services to manage fail over.

    That will provide resliance for the databases but you need to provide client reslience. Microsoft do this through a Client Access Server Array which relies on IIS network load balancing clustering. The issue is that you can't isntall both MSCS and NLB clustering on the same server.

    So if manual failover is sufficient then you can also put the the CAS roles on the database servers and tweak the DNS entries for the CAS to point to the active server but this will give a 15 minute failover time.

    If you have an external hardware load balancer then you can just put the Client Access role on the database servers and let that load balancer manage things when a server fails but a hardware load balancer is generally not cheap, and then becomes a single point of failure in itself.

    My personal preferance is to use a Hypervisor such as ESXi or HyperV. Then you can put two copies of Windows and Exchange on a single physical box. In each physical box you you install two virual machines. In one you set up Windows with MSCS cluster services and Exchange with the Mailbox roles. In the other virtual machine you install Network Load Balancing and Exchange with the Client Access and Hub Transport roles.

    The main issue with this is that if the Client Access Service fails NLB will still try and connect folks to the faulty server. In my experience, on a fully patched server, it doesn'y happen very often, but you need to be aware and re-boot the server when it does lock up.

    Assuming you are using Server/2008R2 then you only need two Windows licences as Windows Enterprise allows you to run up to four copies of Windows Server on a single virtual box regardless of the virtualization product. Sadly Exchange does not so you will need four Exchange Licences.

    For many small users Exchange Server Standard will be OK as the ONLY limit is 5 databases. If you keep to the recomended database sizes thats 5 x 200gb or 1TB ....

    Featured Post

    Too many email signature changes to deal with?

    Are you constantly being asked to update your organization's email signatures? Do they take up too much of your time? Wouldn't you love to be able to manage all signatures from one central location, easily design them and deploy them quickly to users. Well, you can!

    Join & Write a Comment

    Use these top 10 tips to master the art of email signature design. Create an email signature design that will easily wow recipients, promote your brand and highlight your professionalism.
    Not sure what the best email signature size is? Are you worried about email signature image size? Follow this best practice guide.
    In this video we show how to create a Resource Mailbox in Exchange 2013. We show this process by using the Exchange Admin Center. Log into Exchange Admin Center.: Navigate to the Recipients >> Resources tab.: "Recipients" is our default selection …
    To show how to generate a certificate request in Exchange 2013. We show this process by using the Exchange Admin Center. Log into Exchange Admin Center.:  First we need to log into the Exchange Admin Center. Navigate to the Servers >> Certificates…

    755 members asked questions and received personalized solutions in the past 7 days.

    Join the community of 500,000 technology professionals and ask your questions.

    Join & Ask a Question

    Need Help in Real-Time?

    Connect with top rated Experts

    19 Experts available now in Live!

    Get 1:1 Help Now