Solved

Mail issues with multiple MX records

Posted on 2013-05-28
8
779 Views
Last Modified: 2013-05-28
I have a client who's in-house Exchange server went down this weekend and they did not have any type of service or appliance that would capture and queue the e-mail until it was brought back online (sans the sending servers auto-retry policies).  While I was working on the Exchange server, I setup a second MX record and pointed it to a one of my servers where I installed hMailServer and configured it to mirror the e-mail accounts on their Exchange server.  Here are what the MX records look like:

MX Record 1:  Priority-0  Destination-mail.domain.com

MX Record 2:  Priority-15 Destiantion-mail2.domain.com

Eventually I got the Exchange server online and all e-mail again began flowing properly to it; or so I thought.  I decided to leave my temporary backup e-mail solution in place until I could speak with my client more about the need for a queuing service / appliance or fail-over e-mail server.

This morning I was running a check to make certain my client's Exchange server was still running as expected, which it is.  I then decided to check the backup e-mail server and noticed some e-mail had come in even after I fixed the Exchange server.  I did quick a comparison of a few accounts and sure enough they are receiving e-mails on both the Exchange server and hMailServer.  To be clear, they are not duplicate e-mails being received on both servers.  Rather, several e-mails will go to the Exchange server and then several will go the hMailServer...and so on.  As a result, I have removed the second MX record to force all e-mail to go to the Exchange server.

My question:  Why would e-mail still route via the second MX record if the server pointed to from the first MX record is up and receiving e-mail?  I thought MX Priority 0 was much higher than MX Priority 15?  Can some please help explain why this is happening?

Thank you!
0
Comment
Question by:Yort
  • 4
  • 2
  • 2
8 Comments
 
LVL 31

Expert Comment

by:LeeDerbyshire
ID: 39201150
It might just be down to propagation delays. There is a nice DNS propagation tester here:

http://www.whatsmydns.net/
0
 
LVL 1

Author Comment

by:Yort
ID: 39201163
LeeDerbyshire - thank you for the quick reply.  I am a bit confused by your response.  After I added the second MX record it took about 30 minutes to propagate and for e-mail to start flowing into the backup hMailServer; I never made any changes to the first MX record.  Once the main Exchange server was online, all e-mail, theoretically, should have started flowing to it since its MX record has the highest priority.
0
 
LVL 31

Expert Comment

by:LeeDerbyshire
ID: 39201189
I'd be surprised if it was propagated worldwide in 30 minutes. These things tend to spread outwards around the world. I've had DNS changes that took over a day to completely propagate. I'm just suggesting that emails sent within a certain timeframe (again, I'd suggest a period of one day since the first change) could be misrouted as the sending servers might pick up the older MX record.

Of course, it could be something else completely. But if it's all working okay now, then I'd suggest this kind of delay as a possible cause for it previously going wrong.
0
NAS Cloud Backup Strategies

This article explains backup scenarios when using network storage. We review the so-called “3-2-1 strategy” and summarize the methods you can use to send NAS data to the cloud

 
LVL 1

Author Comment

by:Yort
ID: 39201209
LeeDerbyshire - Unfortunately, all is not working OK.  But I never changed the original MX record, thus, propagation shouldn't be an issue in this matter.
0
 
LVL 63

Expert Comment

by:Simon Butler (Sembee)
ID: 39201352
DNS propagation - that doesn't exist.
No such thing.

There is only one thing that has to propagate worldwide and that is name server changes. If you didn't make a change to the name servers then that shouldn't matter.

The only thing that has to propagate is between the DNS servers of the DNS host that you are using. I would be surprised if that has happened here.

Therefore it is perfectly possible for a DNS change to be fully effective in 30 minutes. It depends on whether the remote side has cached the information or not.
It is that cache that people are referring to when they talk about propagation - where the DNS information is cached either on your own DNS server or another server that you are using upstream. Depending on the cache configuraiton it can take 48 hours before the change is fully effective.
If you know that you are doing a change in advance, turning the TTL time down on the record can help, but not everyone follows that.

To answer the specific question, this is a common misnomer. MX records as far as I am concerned are equal, the cost means nothing. Servers will deliver to all hosts in the MX records. You need to ensure that any "backup" server is either able to cope with the traffic and know what to do with it, or isn't responding at all, therefore forcing the sending party to use the other host. Spammers will actively target higher cost MX record hosts, because they often have less protection because of the misunderstanding aobut MX record behaviour.

Simon.
0
 
LVL 1

Author Comment

by:Yort
ID: 39201449
Sembee2 - thank you for your reply.  What you say makes a lot of sense in that the e-mail being delivered to the backup server is all spam.  What, in your opinion, is the best way to make the server not respond?  The options I see are:  Leave the second MX record in place and stop the backup server mail service, or remove the second MX record and leave the server online.  Thoughts?
0
 
LVL 63

Accepted Solution

by:
Simon Butler (Sembee) earned 500 total points
ID: 39201797
Take out the MX record.
Another option I have used in the past is to use a dynamic DNS service.
While you are live, the dynamic DNS points to the same IP address as the "real" MX record. However if the server or link goes down, then you can switch the MX record to point to the backup service. Due to the nature of dynamic DNS services, that change will be live within a few minutes, without having to wait for cache to update.

Simon.
0
 
LVL 1

Author Closing Comment

by:Yort
ID: 39202211
Simon - Thanks again.  I opted to take the second MX record our and leave the backup server live.  Should the main server fail again, I can quickly add the second MX record.

Appreciate your insight.
0

Featured Post

PRTG Network Monitor: Intuitive Network Monitoring

Network Monitoring is essential to ensure that computer systems and network devices are running. Use PRTG to monitor LANs, servers, websites, applications and devices, bandwidth, virtual environments, remote systems, IoT, and many more. PRTG is easy to set up & use.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

We are happy to announce a brand new addition to our line of acclaimed email signature management products – CodeTwo Email Signatures for Office 365.
Follow this checklist to learn more about the 15 things you should never include in an email signature from personal quotes, animated gifs and out-of-date marketing content.
In this video we show how to create an Accepted Domain in Exchange 2013. We show this process by using the Exchange Admin Center. Log into Exchange Admin Center.: First we need to log into the Exchange Admin Center. Navigate to the Mail Flow >> Ac…
This video demonstrates how to sync Microsoft Exchange Public Folders with smartphones using CodeTwo Exchange Sync and Exchange ActiveSync. To learn more about CodeTwo Exchange Sync and download the free trial, go to: http://www.codetwo.com/excha…

803 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question