In this article I will describe how to correctly configure your MX and reverse DNS records for your mail server. This article is based on an Exchange 2003/2007 server but every other messaging server will follow the same principle.
Assigning an IP address
Starting from the bottom up the first thing you need to do is assign a static external IP address to the internal private address of your mail server. You will need to apply these rules on your firewall to port forward SMTP (port 25) and NAT an external IP address to the internal address of the server.
Something that a lot of administrators forget to do or check is to set the outgoing NAT rule to use the same external IP address created for the inbound rule to the mail server. If this isn’t set, Reverse DNS will not match and in turn your mail server will be listed on blacklists. If your firewall rules are setup correctly the IP address listed on this page should be the same IP address you mapped to the internal private IP address of the mail server.
Create the MX records for your mail server
For the purpose of this example, listed below are all the details of my mail server to help you understand what you need to do.
External IP: 184.108.40.206
E-Mail Domain: domain.com
You will need to be an administrative contact for your External DNS provider for your domain to make these changes. In most cases this can be done through an online control panel through your DNS provider. Failing that on the phone or via E-Mail.
1. The first thing we need to do is create an A record to point to the external IP address mapped on your firewall to the mail server. The host A record can be called any thing but is commonly called “mail”. In our example we will create “mail.domain.com” to point to IP address “220.127.116.11″
2. Next we will create an MX record to point to the newly created A record of our mail server.
Within your DNS control panel select “add MX record”. Make sure that the host address is the root domain name in our case “domain.com”
Set the FQDN as the A record we just created which in our case is “mail.domain.com”.
The lowest property is the most preferred but in our example we will set the priority as 10.
Use NSlookup to check DNS and MX records are applied
It can take up to 48 hours for DNS to propagate but in most cases 12-24 hours. To check our DNS entries are applied and correct we can use nslookup.
1. Open a CMD prompt and type nslookup
2. Type set type=mx
3. Type the domain name which in our case is domain.com.
In our example the output should read as follows if correctly setup:
domain.com MX preference = 10, mail exchanger = mail.domain.com
mail.domain.com internet address = 18.104.22.168
Configure Reverse DNS
Reverse DNS is used to verify that the mail server is who it says it is. The recipients mail server will do a reverse lookup to make sure that the IP address of the mail A or host record in DNS is the same as the IP address it is communicating with. Only 1 RDNS entry can be present per IP address.
To do this you will need to contact your ISP to make this entry. You will not be able to do this in your DNS control panel unless your ISP also host your DNS and give you the functionality to add your own RDNS records.
In our case we would contact our ISP and advise that we would like to create an RDNS entry for our IP address 22.214.171.124 which would resolve too mail.domain.com.
Verify Reverse DNS
Again it can take up to 48 hours for DNS to propagate but in most cases 12-24 hours. To verify that the RDNS entries have been added and are correct do the following:
1. Open a CMD prompt.
2. Type Ping -a 126.96.36.199 (This is the external IP address for your mail server. In our case we use our external IP address stated above)
If RDNS is configured correctly the following output will be shown:
C:UsersUser>ping -a 188.8.131.52
Pinging mail.domain.com [184.108.40.206] with 32 bytes of data:
Every time a mail server establishes a connection with your mail server it shows its SMTP banner. This banner must be resolvable on the internet and best practice is to have it as your mail host/A record.
Configure SMTP banner Exchange 2003
1. Open Exchange system manager.
2. Expand your administrative group (“First administrative group” by default).
3. Expand Servers.
4. Expand YourServerName.
5. Expand Protocals container.
6. Select SMTP container.
7. On the right window, right click the Default SMTP virtual Server (Or the name you set your SMTP Server) and
8. Select the Delivery Tab.
9. Click the Advanced button.
10. Under the Fully-qualified domain name type mail.domain.com (The A/Host record you created in DNS for your mail server)
11. Click OK and OK again to accept the changes
Configure SMTP banner Exchange 2007/2010
1. Open the Exchange management console.
2. Select the Organisation Configuration container.
3. Select Hub Transport container.
4. On the right select the Send Connectors tab.
5. Right click your send connector and select properties.
6. On the General tab under the Set the FQDN this connector will… type the A record domain name you created. Which in our case ismail.domain.com. Click OK.
7. Under the Server Configuration container click the Hub Transport container.
8. In the Right window Select the properties of the Receive Connector under Receive Connectors tab.
9. On the General tab under the Set the FQDN this connector will… type the A record domain name you created. Which in our case ismail.domain.com. Click OK
To verify these changes we can use telnet to view the output upon establishing a connection on port 25 to our mail server. Use the following steps to do this:
1. Open a CMD prompt
2. Type Telnet mail.domain.com 25.
The output you see should look something like this and contain your A record of your mail server:
220 mail.domain.com Microsoft ESMTP MAIL Service ready at Sun, 28 Feb 2
010 17:51:20 +0000
If you use an edge server or a SPAM filter appliance like a Barracuda the SMTP banner will have to be set on this device/server.
Check to see if your mail server is on spam lists and/or an open relay
A great website to use to check your MX records, RDNS, check if your mail server is an open relay and check to see if you are listed on spam lists is www.mxtoolbox.com. This is a great site and one to keep in your favourites.
Following these guide lines will successfully and correctly configure mail routing to and from your mail server. The next step is too secure and ensure your mail server is not an open relay. I will be writing a separate article dedicated to this in the near future.
If you would prefer to not experience the stress in looking after and maintaining an Exchange server environment you may choose a hosted exchange server solution instead.
Mike Collins has over 10 years experience in computing and is a senior IT Consultant at Sphere IT Consulting
Article Source: http://EzineArticles.com/?expert=Mike_S_Collins