1

If you have an Exchange 2007 server, you setup an MX record in DNS in the Forward Lookup Zone pointing to whatever prefix *.domain.com you configured in Exchange Console correct? Then you create an MX record in your Domain manager on your domain vendor's site? Or is that redundant?

I am getting SOME emails but not receiving MOST emails from external sources. I've checked certificates and they seem to be updated and pointing to the correct server.domain.com. However I've checked some of the bounce back error logs for other companies, and their email servers are connecting to my actualy domain name "domain.com" and thus it seems the wrong IP address too. So they time out and bounce back. Hotmail seems to come in just fine oddly enough. At first I thought it was a Certificate/TLS issue, but I'm beginning to think it is an MX issue. Any ideas?

Any suggestions would be appreciated.

My brain is fried, been at this since last night.

In Server 2008 in DNS the following is configured: MX [10] mail.mydomain.com; A mail ip.address.here (external Exchange IP); I also have a Zone separate from our root domain, that is named our mail.mydomain.com. In that Zone, there exists records for NS, SOA, MX, and A.

Now on our Domain Manager on our Domain Host vendor's site: MX - mail.mydomain.com A - our.exchange.server.external.ip

Do I have a needlessly redundant setup? I was just contacted by our Domain Host and they mentioned they were having DNS issues, which is most likely our problem. However I am still curious about our setup.

Thank you

Hyppy
  • 15,608
  • 1
  • 38
  • 59
AdminAlive
  • 228
  • 1
  • 9
  • Post your MX records. Post your A records as well that relate to the MX records. This sounds like an issue but without actually seeing the settings it makes it difficult to say what/if you have misconfigured. – Campo Mar 23 '11 at 14:33
  • tell us your domain name and what the public IP is of your email server and we can help further. It's public info so no harm in posting. – Bret Fisher Mar 23 '11 at 15:01

2 Answers2

2

There is more then one DNS step to ensure a mail server you have on a company network can send/receive email from the Internet.

  1. Your internal Active Directory DNS server is usually not related to incoming email. If your host your domainname.com on your internal DNS server as well as Internet DNS, that's known as "split brain DNS" and is the proper way for most people to do it. For now ignore it for troubleshooting incoming mail.
  2. Your Internet DNS needs at least two records. One A record giving a name to your email server public IP, and a MX record pointing your domainname.com to a specific A record. They together would look something like this

    mail.domainname.com A 3600 333.333.333.333
    domainname.com MX 3600 mail.domainname.com

  3. Like Hyppy says, get your ISP who gave you the public IP for your mail server to change your reverse DNS for that IP to the same name as the A record.
  4. Recommended but not required for outgoing email is to make a SPF record http://old.openspf.org/wizard.html which tells the world that email coming from your mail server IP is legit and should be trusted, while any email pretending to be you coming from unknown IP's is not to be trusted. This helps keep your email from ending up in other companies spam folders.
  5. Yyou should also ensure your Exchange 2007 server has a separate anonymous-only SMTP receive connector for incoming Internet mail, that has the EHLO response header the same as your Internet A record. i.e. mail.domainname.com

Internet SMTP servers don't generally use PKI Certificates for communications, although modern Exchange servers (and maybe others) are trying to change this.

Bret Fisher
  • 3,973
  • 2
  • 21
  • 25
1

You create an MX record on whatever authoritative servers you have for the zone. The MX record should point to mail.domain.com, or whatever your actual mail server is by name. The mail server will also need an A record in order for outside servers to be able to find it.

If your authoritative DNS is hosted or managed by a domain registrar/host, then you'll need to use their tools to set up your MX record correctly.

While you're at it, set up a PTR record for your mail server. The exact procedure to request this varies wildly by hosting service, but their customer service/support center should be able to assist.

Edit to answer your edit:

If your domain host is hosting your DNS, then it's likely nothing you do on your network will affect external DNS unless the hosting company performs updates through zone transfers from your server. You mentioned that they were having DNS problems; that's probably the root cause.

That being said, you don't need a separate zone for mail.mydomain.com unless you will have subdomains like server1.mail.mydomain.com. Keep it simple and just make your records under the name "mail" in "mydomain.com"

If you want to post your hostname, we could probably take a look and see if anything is obviously wrong.

Hyppy
  • 15,608
  • 1
  • 38
  • 59
  • Thanks. I understand posting the domain and public IP would help, but I'm iffy on tying an IP to a username. Not everyone online is online to help like you guys. But I think you've provided me with the answer I was looking for, I need to clean up my DNS, thanks again! – AdminAlive Mar 23 '11 at 15:15