[Webinar] Streamline your web hosting managementRegister Today

x
  • Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 369
  • Last Modified:

Changing MX record and DNS cache

Recently I have to configure new Spam filter on my Exchange server 2003.
The mx record looked like this before change;

xxx.com MX mail.xxx.com
mail.xxx.com A 222.222.222.222(my exchange server)

Now pointed mail.xxx.com to 333.333.333.333(spam filter)

333.333.333.333 will forward the filtered emails to my exchange server 222.222.222.222

From now, I will say 222.222.222.222 as 2 and 333.333.333.333 as 3.

After the change, about half of emails are sent directly to 2, not to 3, and most of them are spams.
I guess this is caused by the spam sender's DNS cache still has our MX and A records.
I thought if I change A record of mail.xxx.com from 2 to 3, the emails will be all redirected to 3, but as I inspected headers of spams, they are still sending emails directly to 2. How can I fix this problem? Should I change the MX record as well, like 'xxx.com MX mail2.xxx.com'? Is there anyway to propagate DNS record change immediately? TTL on both MX and A records are 3600 sec in Dyn.com. They said DNS cache will be cleared at most 24 hours, but it doesn't look like. I changed last Friday, still I'm getting lots of spams directly to my exchange server.
0
crcsupport
Asked:
crcsupport
  • 5
  • 3
  • 2
  • +2
4 Solutions
 
MAS EE MVETechnical Department HeadCommented:
Hi,
First of all you are running an unsupported Exchange server. Please consider upgrading to a supported version version.
I guess you configured new spam filer on both IPs.
Antispam is supposed to work like below.
Antispam flow
Your email is supposed to receive in the spamfiler and spamfilter will forward the genuine emails to mailbox server/Transport server.

Please check the below images for your understanding of mail flow and Exchange IOPS in different version of Exchange servers.
Mail flow
Mail flow
Exchange IOPs
Exchange IOPs
MAS
1
 
Dr. KlahnPrincipal Software EngineerCommented:
Both the A record and the MX record for your mail receiver should be pointing to the same IP address.  This allows ill-written software that does an A lookup instead of an MX lookup to still get mail through.

It can take up to 2 days in bad cases for a record change to propagate all the way up to the root level.  After that it will start to propagate down to individual network DNS caches.
1
 
MAS EE MVETechnical Department HeadCommented:
As commented above it will take sometime to get updated over the web.
That could be one reason for the spam received directly.
1
Evaluating UTMs? Here's what you need to know!

Evaluating a UTM appliance and vendor can prove to be an overwhelming exercise.  How can you make sure that you're getting the security that your organization needs without breaking the bank? Check out our UTM Buyer's Guide for more information on what you should be looking for!

 
crcsupportAuthor Commented:
Dr. Klahn,
what do you mean this part? "Both the A record and the MX record for your mail receiver should be pointing to the same IP address. "

MX record is pointing to A record (mail.xxx.com) and A record is pointing to IP address.
Do you mean I have to get rid of A record and make the MX to point to IP address like below?

xxx.com MX 333.333.333.333

I thought a proper way to configure is MX to A, then A to IP address.
0
 
crcsupportAuthor Commented:
Also, TTL is configured at very low. And I guess the problem is not DNS update from my ANS to root, but root to spam senders. I thought spam senders keep their only DNS cache TTL ignoring my configured TTL.
0
 
MAS EE MVETechnical Department HeadCommented:
@crcsupport,
You are correct.
MX should point to A record and A record should point to IP.
FYI you cannot point MX record to IP. It can only point to A record.
1
 
David Johnson, CD, MVPOwnerCommented:
now you have to set a transport/firewall rule to only accept external mail from your antispam vendors ip address and reject from other internet addresses.
1
 
bbaoIT ConsultantCommented:
> TTL is configured at very low. And I guess the problem is not DNS update from my ANS to root, but root to spam senders.

you have done everything correctly from your side

 the reason of keeping receiving spam at the old email server (actually still the current email server with a new MX record) is simply because the spammer side haven't changed the IP per your new MX record.

what's the point for them to change if they could keep successfully sending spam to an IP? the spammers don't care domain names and MX records, actually using IP directly is a good practice for them to avoid to be fooled by the what you are doing. be aware an IP is location associated and not easy to be changed while a domain name can be easily pointed to anywhere, especially for an IP that the spammers have used for years. if you are the spammer, wha t do you do?
1
 
bbaoIT ConsultantCommented:
therefore keep observing for a while. if there is no significant changes, consider getting a new IP for your mail server, OR simply swap the IPs of your mail server and antispam gateway if possible.
1
 
crcsupportAuthor Commented:
Now I'm attracted to David's suggestion and convinced more reading Bing's.
It's been about 70 hours, we are still getting spams, guess Bing is right, spammers use IP address, not MX records, don't know why and how they operate, but it sound very possible.

Maybe I have to change IP between my server and the antispam cloud which won't affect my DNS records or block all but antispam cloud server.



I'll let you know guys
0
 
crcsupportAuthor Commented:
I blocked all but only SMTP 25 for cloud Antispam to us and all spams are gone.

I also found Barracuda works very well, almost all spams getting caught. I used to use GFI Mail Essential, too much headache, their spam filtering is way off standard.
0
 
crcsupportAuthor Commented:
By the way, until I make changes to firewall to block all ports, spams have been coming even after 4 days,96 hours. Half spams were sent to new MX record, half spams were still sent to old MX record.
So, I guess many spam senders are just ignoring DNS record change of recipients, maybe to reduce the load on their spam sending server or something else.

Anyway, it's good to know.
0

Featured Post

Will You Be GDPR Compliant by 5/28/2018?

GDPR? That's a regulation for the European Union. But, if you collect data from customers or employees within the EU, then you need to know about GDPR and make sure your organization is compliant by May 2018. Check out our preparation checklist to make sure you're on track today!

  • 5
  • 3
  • 2
  • +2
Tackle projects and never again get stuck behind a technical roadblock.
Join Now