MX and PTR records
I am getting rejected emails and need help fixing.
I currently have a barracuda spam filter. My MX record points to it. I have one exchange server that sends outbound emails directly through the internet. My PTR record is exchange.ABC.com and points to the public IP of MY mail server.
My question is... The banner message OF my barracuda is barracuda.ABC.com. The barracuda obviously uses a different public IP.
What is the best practice for setting up these records in this scenario?
I have been receiving very vague reaponses ... Can you PLEASE be specific??
I currently have a barracuda spam filter. My MX record points to it. I have one exchange server that sends outbound emails directly through the internet. My PTR record is exchange.ABC.com and points to the public IP of MY mail server.
My question is... The banner message OF my barracuda is barracuda.ABC.com. The barracuda obviously uses a different public IP.
What is the best practice for setting up these records in this scenario?
I have been receiving very vague reaponses ... Can you PLEASE be specific??
ASKER
i am on MS block list 1..... I have changed my DNS configurations so many times... that I would like to know what best practice is.....
Best practice is to use SPF records in addition to properly setup DNS records.
It would seem that:
Your MX record for your Barracuda is OK.
The PTR record for your Exchange (outbound) is also OK.
You need to setup an SPF record to specify the IP addresses that can send mail for your domain, this also tells the receiving servers to only allow the outbound servers you listed.
SPF can be kinda tricky to setup.
Assuming the Barracuda can send mail then your SPF txt should look like this:
If the Barracuda does not send email, but only receives, then exclude the mx part:
The all parameter has three switches that it can use:
-: Do not accept any mail from anyone other than listed above; hard-fail.
~: Do not accept any email that does not come from one of the above; allow but soft-fail the email.
?: Indicates that there are more servers that may be sending from our domain.
There is a lot more explaining that can be done for each parameter, but this is best left to www.openspf.org
It would seem that:
Your MX record for your Barracuda is OK.
The PTR record for your Exchange (outbound) is also OK.
You need to setup an SPF record to specify the IP addresses that can send mail for your domain, this also tells the receiving servers to only allow the outbound servers you listed.
SPF can be kinda tricky to setup.
Assuming the Barracuda can send mail then your SPF txt should look like this:
“v=spf1 mx ip4:enter your Exchange IP here ~all”If the Barracuda does not send email, but only receives, then exclude the mx part:
“v=spf1 ip4:enter your Exchange IP here ~all”The all parameter has three switches that it can use:
-: Do not accept any mail from anyone other than listed above; hard-fail.
~: Do not accept any email that does not come from one of the above; allow but soft-fail the email.
?: Indicates that there are more servers that may be sending from our domain.
There is a lot more explaining that can be done for each parameter, but this is best left to www.openspf.org
ASKER
So would it look like this:
v=spf1 ip4:1.1.1.1 ~all
v=spf1 ip4:1.1.1.1 ~all
Yes. That would indicate that IP 1.1.1.1 is allowed to send email for the domain with a soft fail on messages delivered from anywhere else.
ASKER
What is a soft fail....
SoftFail :The SPF record has designated the host as NOT being
allowed to send but is in transition accept, but mark the message.
Fail :The SPF record has designated the host as NOT being allowed to
send, reject the message.
Spammers have been known to forge domains and many admins will use the SPF hard fail to deter this. I typically will use a soft fail and will escalate the SPAM scores based on this and other parameters, however the false positive rate from SPF (hard fail) rejection is thought by many to be very low.
allowed to send but is in transition accept, but mark the message.
Fail :The SPF record has designated the host as NOT being allowed to
send, reject the message.
Spammers have been known to forge domains and many admins will use the SPF hard fail to deter this. I typically will use a soft fail and will escalate the SPAM scores based on this and other parameters, however the false positive rate from SPF (hard fail) rejection is thought by many to be very low.
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
Thanks! I hope that you got this sorted out.
Do you have an SPF record?