Need help setting up DNS for my SMTP Server

Hello,

I'd had my website sending out emails through a gmail account, but then I ran into my ceiling cap, and messages were no longer able to be delivered.

My website lives on a Windows 2003 box (IIS6) and sends out email via the IIS smtp service, and I had the smtp service configured to channel all of that email through gmail, so when I ran into this problem, I found that I could get a UCC SSL certificate, put that on my server, and then just deliver email directly.

I did set it up, and it works, but I think I'm still getting a certain number of messages that are not being delivered, and I need to improve that as much as possible.

I've read a bit about SPF DNS records, and I also have a question about MX records: given as how this mail server handles outgoing emails only, do I need to have an MX record?

Please let me know what I need to do ensure that the DNS is setup as correctly as possible. The FQDN of the server is portal.X.com

Thanks in advance for your help!

--Jon
LVL 3
Jon JaquesInformation TechnologistAsked:
Who is Participating?
I wear a lot of hats...

"The solutions and answers provided on Experts Exchange have been extremely helpful to me over the last few years. I wear a lot of hats - Developer, Database Administrator, Help Desk, etc., so I know a lot of things but not a lot about one thing. Experts Exchange gives me answers from people who do know a lot about one thing, in a easy to use platform." -Todd S.

Patrick BogersDatacenter platform engineer LindowsCommented:
Hi Jon,

MX records are ment to point to exchange servers, since you are using SMTP servers only you do not need them.

You should setup a PTR record as most exchange servers use it to verify the sender. This will avoid you being blacklisted. See?! this explains why not all is being delivered i think.
oops - obfuscated
Nothing else is needed imho.
0

Experts Exchange Solution brought to you by

Your issues matter to us.

Facing a tech roadblock? Get the help and guidance you need from experienced professionals who care. Ask your question anytime, anywhere, with no hassle.

Start your 7-day free trial
Jon JaquesInformation TechnologistAuthor Commented:
So my server is already blacklisted? Will setting up the PTR records fix that? What is the proper settings that I need to put in?

BTW, the server sending out these emails never sends any mail other then requested transactional messages: Thanks for register, please activate, payment receipts, forgot passwords, etc. There is no instance of unsolicited messages at all, so apparently the blacklisting system is completely whacked.

--Jon
0
Jon JaquesInformation TechnologistAuthor Commented:
Okay, so I checked my DNS settings, and I only have the option of creating an A, a CNAME, or a TXT record, so how do I go about creating a PTR record?

My smtp server is in-house, but my DNS server is co-located at hostgator; does this mean that I need to run a dns server on my DNS server, or at least hosted on my private subnet?
0
10 Tips to Protect Your Business from Ransomware

Did you know that ransomware is the most widespread, destructive malware in the world today? It accounts for 39% of all security breaches, with ransomware gangsters projected to make $11.5B in profits from online extortion by 2019.

Jon JaquesInformation TechnologistAuthor Commented:
Okay, hostgator said I had to go to my ISP's dns, which is Hargray; I've contacted them and they're working on it, and will call me back later.
0
Patrick BogersDatacenter platform engineer LindowsCommented:
Hi,

Sorry for not answering more sooner.
You were flagged because some of the recieving email servers (from your customers) check vality by requesting the PTR record which every grown-up provider should have configurable.

TXT is more for preventing spammers to send mail in your 'name'

Hope Hargray will fix your issue, if not i hope hostgator has a SMTP service you can use.

Keep us posted.

BTW: once the PTR record is in place we can scan the blacklist again and if still flagged request for removal.
0
Jon JaquesInformation TechnologistAuthor Commented:
Okay, Hargray's still working on it, they called to verify my information, but no response yet on resolution.

Once that is resolved, I see from spamhaus that once I get the PTR setup, I'll need to remove my ip from the PBL list, as per this link:

http://www.spamhaus.org/query/ip/«public ip here»

My HG account is a shared server, so I think it'd be better for me to get this working, than to ride off of their smtp server, wouldn't you agree?
0
Patrick BogersDatacenter platform engineer LindowsCommented:
Offcourse! i hope they fix it for you and that link was a good find!
0
Jon JaquesInformation TechnologistAuthor Commented:
Okay, cool, Hargray just called and said it's done, but of course DNS changes can take up to 24 hours to propagate.

I did refer back to mxtoolbox.com that you'd used, above, and one of the "errors" that they list is that my main website, www.X.com does not have an SSL cert... I don't have one on that site because payments are only made through the subdomain, where the smtp server lives.

Would it help this issue to also have a cert over there? Even though I don't otherwise need it, I'd put one on it if it would help the credibility of my smtp services...

Thoughts?
0
Patrick BogersDatacenter platform engineer LindowsCommented:
Many thought, there is no sensitive data transferred on that site so there is no need for SSL.
SMTP does not rely on SSL (SMTPS does but it is another story) so also here no need. It is not likely there is a man in the middle between your SMTP server and the target mailserver.

Keep it as it is and when the PTR is replicated, free yourself from the Spamhaus listings and i am pretty sure the problem should be solved.

One tip i can give you, avoid sentences in your automated mails which hackers also use a lot, this could harm your status. So words like “Once in a lifetime opportunity!” and "click on this link" is a trigger. Vialis/Viagra etc etc you know what i mean. Also be carefull with extra exclamation points!!!!!!! avoid spamfilters is educational.
0
Jon JaquesInformation TechnologistAuthor Commented:
I think I'm clean! No longer listed in the PBL, and no blacklist entries! Thanks for your help!
0
It's more than this solution.Get answers and train to solve all your tech problems - anytime, anywhere.Try it for free Edge Out The Competitionfor your dream job with proven skills and certifications.Get started today Stand Outas the employee with proven skills.Start learning today for free Move Your Career Forwardwith certification training in the latest technologies.Start your trial today
Email Servers

From novice to tech pro — start learning today.