[Webinar] Streamline your web hosting managementRegister Today

x
?
Solved

MX and PTR records

Posted on 2014-02-17
9
Medium Priority
?
540 Views
Last Modified: 2014-02-24
I am getting rejected emails and need help fixing.

I currently have a barracuda spam filter. My MX record points to it. I have one exchange server that sends outbound emails directly through the internet. My PTR record is exchange.ABC.com and points to the public IP of MY mail server.  
My question is... The banner message OF my barracuda is barracuda.ABC.com. The barracuda obviously uses a different public IP.

What is the best practice for setting up these records in this scenario?

I have been receiving very vague reaponses ... Can you PLEASE be specific??
0
Comment
Question by:BSModlin
  • 5
  • 3
9 Comments
 
LVL 13

Expert Comment

by:Ugo Mena
ID: 39866127
What error codes specifically are you getting with rejected emails?

Do you have an SPF record?
0
 

Author Comment

by:BSModlin
ID: 39866142
i am on MS block list 1..... I have changed my DNS configurations so many times... that I would like to know what best practice is.....
0
 
LVL 13

Expert Comment

by:Ugo Mena
ID: 39866210
Best practice is to use SPF records in addition to properly setup DNS records.
It would seem that:

Your MX record for your Barracuda is OK.
The PTR record for your Exchange (outbound) is also OK.

You need to setup an SPF record to specify the IP addresses that can send mail for your domain, this also tells the receiving servers to only allow the outbound servers you listed.

SPF can be kinda tricky to setup.

Assuming the Barracuda can send mail then your SPF txt should look like this:

“v=spf1 mx ip4:enter your Exchange IP here ~all”

Open in new window

     
If the Barracuda does not send email, but only receives, then exclude the mx part:

“v=spf1 ip4:enter your Exchange IP here ~all”

Open in new window


The all parameter has three switches that it can use:

-: Do not accept any mail from anyone other than listed above; hard-fail.

~: Do not accept any email that does not come from one of the above; allow but soft-fail the email.
 
?: Indicates that there are more servers that may be sending from our domain.

There is a lot more explaining that can be done for each parameter, but this is best left to www.openspf.org
0
Easily manage email signatures in Office 365

Managing email signatures in Office 365 can be a challenging task if you don't have the right tool. CodeTwo Email Signatures for Office 365 will help you implement a unified email signature look, no matter what email client is used by users. Test it for free!

 

Author Comment

by:BSModlin
ID: 39866262
So would it look like this:

v=spf1 ip4:1.1.1.1 ~all
0
 
LVL 13

Expert Comment

by:Ugo Mena
ID: 39866360
Yes. That would indicate that IP 1.1.1.1 is allowed to send email for the domain with a soft fail on messages delivered from anywhere else.
0
 

Author Comment

by:BSModlin
ID: 39866491
What is a soft fail....
0
 
LVL 13

Expert Comment

by:Ugo Mena
ID: 39867546
SoftFail :The SPF record has designated the host as NOT being
allowed to send but is in transition accept, but mark the message.

Fail :The SPF record has designated the host as NOT being allowed to
send, reject the message.

Spammers have been known to forge domains and many admins will use the SPF hard fail to deter this. I typically will use a soft fail and will escalate the SPAM scores based on this and other parameters, however the false positive rate from SPF (hard fail) rejection is thought by many to be very low.
0
 
LVL 63

Accepted Solution

by:
Simon Butler (Sembee) earned 2000 total points
ID: 39870460
Before you get on to SPF records, you need to sort out the basics.
SPF records depend on the basic DNS settings being correct.

If you have an appliance, then use that for inbound and outbound email, unless you can give Exchange its own external IP address, FQDN and matching PTR. The Exchange server does not have to be exposed to the internet for SMTP traffic, but you do need to ensure the rest is correct.

Simon.
0
 
LVL 13

Expert Comment

by:Ugo Mena
ID: 39884637
Thanks! I hope that you got this sorted out.
0

Featured Post

Free Tool: Subnet Calculator

The subnet calculator helps you design networks by taking an IP address and network mask and returning information such as network, broadcast address, and host range.

One of a set of tools we're offering as a way of saying thank you for being a part of the community.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

I am posting this in case anyone runs into similar issues that I did, this may save you a lot of grief: Condition: 1. Your NetBIOS domain name contains an ampersand " & " character.  (e.g. AT&T) 2. You've tried to run any Microsoft installation…
There’s hardly a doubt that Business Communication is indispensable for both enterprises and small businesses, and if there is an email system outage owing to Exchange server failure, it definitely results in loss of productivity.
This video demonstrates how to sync Microsoft Exchange Public Folders with smartphones using CodeTwo Exchange Sync and Exchange ActiveSync. To learn more about CodeTwo Exchange Sync and download the free trial, go to: http://www.codetwo.com/excha…
Exchange organizations may use the Journaling Agent of the Transport Service to archive messages going through Exchange. However, if the Transport Service is integrated with some email content management application (such as an antispam), the admini…
Suggested Courses

590 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question