- Get link
- Other Apps
Configure Exchange E-Mail Server Reverse DNS and MX Records Correctly
If DNS is setup incorrectly, over time your mail server IP will be added to blacklists. Nowadays most E-Mail servers have some kind of spam protection service which in turn means that all your inbound mail will be blocked if you do happen to be listed on a spam blacklist.In this article I will describe how to correctly configure your MX and reverse DNS records for your mail server. This article is based on an Exchange 2003/2007 server but every other messaging server will follow the same principle.
Assigning an IP address
Starting from the bottom up the first thing you need to do is assign a static external IP address to the internal private address of your mail server. You will need to apply these rules on your firewall to port forward SMTP (port 25) and NAT an external IP address to the internal address of the server.
Something that a lot of administrators forget to do or check is to set the outgoing NAT rule to use the same external IP address created for the inbound rule to the mail server. If this isn't set, Reverse DNS will not match and in turn your mail server will be listed on blacklists. If your firewall rules are setup correctly the IP address listed on this page should be the same IP address you mapped to the internal private IP address of the mail server.
Create the MX records for your mail server
For the purpose of this example, listed below are all the details of my mail server to help you understand what you need to do.
External IP: 120.12.453.22(for example)
E-Mail Domain: domain.com
You will need to be an administrative contact for your External DNS provider for your domain to make these changes. In most cases this can be done through an online control panel through your DNS provider. Failing that on the phone or via E-Mail.
1. The first thing we need to do is create an A record to point to the external IP address mapped on your firewall to the mail server. The host A record can be called any thing but is commonly called "mail". In our example we will create "mail.domain.com" to point to IP address "120.12.453.22"
2. Next we will create an MX record to point to the newly created A record of our mail server.
Within your DNS control panel select "add MX record". Make sure that the host address is the root domain name in our case "domain.com"
Set the FQDN as the A record we just created which in our case is "mail.domain.com".
The lowest property is the most preferred but in our example we will set the priority as 10.
Use NSlookup to check DNS and MX records are applied
It can take up to 48 hours for DNS to propagate but in most cases 12-24 hours. To check our DNS entries are applied and correct we can use nslookup.
1. Open a CMD prompt and type nslookup
2. Type set type=mx
3. Type the domain name which in our case is domain.com.
In our example the output should read as follows if correctly setup:
> domain.com
Non-authoritative answer:
domain.com MX preference = 10, mail exchanger = mail.domain.com
mail.domain.com internet address = 120.12.453.22
Configure Reverse DNS
Reverse DNS is used to verify that the mail server is who it says it is. The recipients mail server will do a reverse lookup to make sure that the IP address of the mail A or host record in DNS is the same as the IP address it is communicating with. Only 1 RDNS entry can be present per IP address.
To do this you will need to contact your ISP to make this entry. You will not be able to do this in your DNS control panel unless your ISP also host your DNS and give you the functionality to add your own RDNS records.
In our case we would contact our ISP and advise that we would like to create an RDNS entry for our IP address 120.12.453.22 which would resolve too mail.domain.com.
Verify Reverse DNS
Again it can take up to 48 hours for DNS to propagate but in most cases 12-24 hours. To verify that the RDNS entries have been added and are correct do the following:
1. Open a CMD prompt.
2. Type Ping -a 120.12.453.22 (This is the external IP address for your mail server. In our case we use our external IP address stated above)
If RDNS is configured correctly the following output will be shown:
C:UsersUser>ping -a 120.12.453.22
Pinging mail.domain.com [120.12.453.22] with 32 bytes of data:
SMTP Banner
Every time a mail server establishes a connection with your mail server it shows its SMTP banner. This banner must be resolvable on the internet and best practice is to have it as your mail host/A record.
Configure SMTP banner Exchange 2003
1. Open Exchange system manager.
2. Expand your administrative group ("First administrative group" by default).
3. Expand Servers.
4. Expand YourServerName.
5. Expand Protocals container.
6. Select SMTP container.
7. On the right window, right click the Default SMTP virtual Server (Or the name you set your SMTP Server) and
select Properties.
8. Select the Delivery Tab.
9. Click the Advanced button.
10. Under the Fully-qualified domain name type mail.domain.com (The A/Host record you created in DNS for your mail server)
11. Click OK and OK again to accept the changes
For the purpose of this example, listed below are all the details of my mail server to help you understand what you need to do.
External IP: 120.12.453.22(for example)
E-Mail Domain: domain.com
You will need to be an administrative contact for your External DNS provider for your domain to make these changes. In most cases this can be done through an online control panel through your DNS provider. Failing that on the phone or via E-Mail.
1. The first thing we need to do is create an A record to point to the external IP address mapped on your firewall to the mail server. The host A record can be called any thing but is commonly called "mail". In our example we will create "mail.domain.com" to point to IP address "120.12.453.22"
2. Next we will create an MX record to point to the newly created A record of our mail server.
Within your DNS control panel select "add MX record". Make sure that the host address is the root domain name in our case "domain.com"
Set the FQDN as the A record we just created which in our case is "mail.domain.com".
The lowest property is the most preferred but in our example we will set the priority as 10.
Use NSlookup to check DNS and MX records are applied
It can take up to 48 hours for DNS to propagate but in most cases 12-24 hours. To check our DNS entries are applied and correct we can use nslookup.
1. Open a CMD prompt and type nslookup
2. Type set type=mx
3. Type the domain name which in our case is domain.com.
In our example the output should read as follows if correctly setup:
> domain.com
Non-authoritative answer:
domain.com MX preference = 10, mail exchanger = mail.domain.com
mail.domain.com internet address = 120.12.453.22
Configure Reverse DNS
Reverse DNS is used to verify that the mail server is who it says it is. The recipients mail server will do a reverse lookup to make sure that the IP address of the mail A or host record in DNS is the same as the IP address it is communicating with. Only 1 RDNS entry can be present per IP address.
To do this you will need to contact your ISP to make this entry. You will not be able to do this in your DNS control panel unless your ISP also host your DNS and give you the functionality to add your own RDNS records.
In our case we would contact our ISP and advise that we would like to create an RDNS entry for our IP address 120.12.453.22 which would resolve too mail.domain.com.
Verify Reverse DNS
Again it can take up to 48 hours for DNS to propagate but in most cases 12-24 hours. To verify that the RDNS entries have been added and are correct do the following:
1. Open a CMD prompt.
2. Type Ping -a 120.12.453.22 (This is the external IP address for your mail server. In our case we use our external IP address stated above)
If RDNS is configured correctly the following output will be shown:
C:UsersUser>ping -a 120.12.453.22
Pinging mail.domain.com [120.12.453.22] with 32 bytes of data:
SMTP Banner
Every time a mail server establishes a connection with your mail server it shows its SMTP banner. This banner must be resolvable on the internet and best practice is to have it as your mail host/A record.
Configure SMTP banner Exchange 2003
1. Open Exchange system manager.
2. Expand your administrative group ("First administrative group" by default).
3. Expand Servers.
4. Expand YourServerName.
5. Expand Protocals container.
6. Select SMTP container.
7. On the right window, right click the Default SMTP virtual Server (Or the name you set your SMTP Server) and
select Properties.
8. Select the Delivery Tab.
9. Click the Advanced button.
10. Under the Fully-qualified domain name type mail.domain.com (The A/Host record you created in DNS for your mail server)
11. Click OK and OK again to accept the changes
Configure SMTP banner Exchange 2007/2010
1. Open the Exchange management console.
2. Select the Organisation Configuration container.
3. Select Hub Transport container.
4. On the right select the Send Connectors tab.
5. Right click your send connector and select properties.
6. On the General tab under the Set the FQDN this connector will... type the A record domain name you created. Which in our case is mail.domain.com. Click OK.
7. Under the Server Configuration container click the Hub Transport container.
8. In the Right window Select the properties of the Receive Connector under Receive Connectors tab.
9. On the General tab under the Set the FQDN this connector will... type the A record domain name you created. Which in our case is mail.domain.com. Click OK
To verify these changes we can use telnet to view the output upon establishing a connection on port 25 to our mail server. Use the following steps to do this:
1. Open a CMD prompt
2. Type Telnet mail.domain.com 25.
The output you see should look something like this and contain your A record of your mail server:
appliance like a Barracuda the SMTP banner will have to be set on this device/server.
Check to see if your mail server is on spam lists and/or an open relay
1. Open the Exchange management console.
2. Select the Organisation Configuration container.
3. Select Hub Transport container.
4. On the right select the Send Connectors tab.
5. Right click your send connector and select properties.
6. On the General tab under the Set the FQDN this connector will... type the A record domain name you created. Which in our case is mail.domain.com. Click OK.
7. Under the Server Configuration container click the Hub Transport container.
8. In the Right window Select the properties of the Receive Connector under Receive Connectors tab.
9. On the General tab under the Set the FQDN this connector will... type the A record domain name you created. Which in our case is mail.domain.com. Click OK
To verify these changes we can use telnet to view the output upon establishing a connection on port 25 to our mail server. Use the following steps to do this:
1. Open a CMD prompt
2. Type Telnet mail.domain.com 25.
The output you see should look something like this and contain your A record of your mail server:
appliance like a Barracuda the SMTP banner will have to be set on this device/server.
Check to see if your mail server is on spam lists and/or an open relay
- Get link
- Other Apps
Thank Syed.
ReplyDeleteI every time spent my half an houг to read this ωеb site'ѕ content daіly
ReplyDeletealοng with a mug of cоffee.
Also ѵіsit my blog :: merchant cash advance
I'm extremelу impгessеd with youг writing sκіlls and
ReplyDeletealso wіth the layout on yοuг weblog.
Is thiѕ a paіd theme or diԁ
you customіze іt уouгsеlf?
Anyway keep up the niсe qualitу writing, іt is гarе to seе а grеat blοg liκe thіs оnе tоdaу.
My blog - earn money online easy
I blog quite often and I truly appreciate your information.
ReplyDeleteYour article has really peaked my interest. I am going to bookmark your blog and keep checking for
new information about once a week. I subscribed to your RSS feed as
well.
My webpage tria hair removal laser reviews
I really love your website.. Great colors & theme.
ReplyDeleteDid you make this website yourself? Please reply back as I'm looking
to create my own website and would like to know where
you got this from or exactly what the theme
is called. Cheers!
Also visit my webpage: symptoms of thyroid problems
May I just say what a comfort to discover a person that genuinely understands what
ReplyDeletethey're discussing online. You definitely realize how to bring a problem to light and make it important.
More people really need to check this out and understand this side of
the story. I can't believe you're not more popular
because you definitely have the gift.
Check out my web blog unsecured business loans