If Dns is setup incorrectly, over time your mail server Ip will be added to blacklists. Nowadays most E-Mail servers have some kind of spam security service which in turn means that all your inbound mail will be blocked if you do happen to be listed on a spam blacklist.
In this description I will recite how to correctly configure your Mx and reverse Dns records for your mail server. This description is based on an change 2003/2007 server but every other messaging server will succeed the same principle.
Assigning an Ip address
Starting from the lowest up the first thing you need to do is assign a static external Ip address to the internal hidden address of your mail server. You will need to apply these rules on your firewall to port forward Smtp (port 25) and Nat an external Ip address to the internal address of the server.
Something that a lot of administrators forget to do or check is to set the outgoing Nat rule to use the same external Ip address created for the inbound rule to the mail server. If this isn't set, Reverse Dns will not match and in turn your mail server will be listed on blacklists. If your firewall rules are setup correctly the Ip address listed on this page should be the same Ip address you mapped to the internal hidden Ip address of the mail server.
Create the Mx records for your mail server
For the purpose of this example, listed below are all the details of my mail server to help you understand what you need to do.
External Ip: 87.22.1.22
E-Mail Domain: domain.com
You will need to be an menagerial contact for your External Dns supplier for your domain to make these changes. In most cases this can be done through an online operate panel through your Dns provider. Failing that on the phone or via E-Mail.
1. The first thing we need to do is originate an A description to point to the external Ip address mapped on your firewall to the mail server. The host A description can be called any thing but is generally called "mail". In our example we will originate "mail.domain.com" to point to Ip address "87.22.1.22"
2. Next we will originate an Mx description to point to the newly created A description of our mail server.
Within your Dns operate panel pick "add Mx record". Make sure that the host address is the root domain name in our case "domain.com"
Set the Fqdn as the A description we just created which in our case is "mail.domain.com".
The lowest asset is the most favorite but in our example we will set the priority as 10.
Use Nslookup to check Dns and Mx records are applied
It can take up to 48 hours for Dns to propagate but in most cases 12-24 hours. To check our Dns entries are applied and literal, we can use nslookup.
1. Open a Cmd prompt and type nslookup
2. Type set type=mx
3. Type the domain name which in our case is domain.com.
In our example the production should read as follows if correctly setup:
> domain.com
Non-authoritative answer:
domain.com Mx preference = 10, mail exchanger = mail.domain.com
mail.domain.com internet address = 87.22.1.22
Configure Reverse Dns
Reverse Dns is used to verify that the mail server is who it says it is. The recipients mail server will do a reverse lookup to make sure that the Ip address of the mail A or host description in Dns is the same as the Ip address it is communicating with. Only 1 Rdns entry can be gift per Ip address.
To do this you will need to contact your Isp to make this entry. You will not be able to do this in your Dns operate panel unless your Isp also host your Dns and give you the functionality to add your own Rdns records.
In our case we would contact our Isp and propose that we would like to originate an Rdns entry for our Ip address 87.22.1.22 which would decide too mail.domain.com.
Verify Reverse Dns
Again it can take up to 48 hours for Dns to propagate but in most cases 12-24 hours. To verify that the Rdns entries have been added and are literal, do the following:
1. Open a Cmd prompt.
2. Type Ping -a 87.22.1.22 (This is the external Ip address for your mail server. In our case we use our external Ip address stated above)
If Rdns is configured correctly the following production will be shown:
C:UsersUser>ping -a 87.22.1.22
Pinging mail.domain.com [87.22.1.22] with 32 bytes of data:
Smtp Banner
Every time a mail server establishes a association with your mail server it shows its Smtp banner. This banner must be resolvable on the internet and best custom is to have it as your mail host/A record.
Configure Smtp banner change 2003
1. Open change law manager.
2. Improve your menagerial group ("First menagerial group" by default).
3. Improve Servers.
4. Improve YourServerName.
5. Improve Protocals container.
6. pick Smtp container.
7. On the right window, right click the Default Smtp virtual Server (Or the name you set your Smtp Server) and
select Properties.
8. pick the Delivery Tab.
9. Click the industrialized button.
10. Under the Fully-qualified domain name type mail.domain.com (The A/Host description you created in Dns for your mail server)
11. Click Ok and Ok again to accept the changes
Configure Smtp banner change 2007/2010
1. Open the change management console.
2. pick the Organisation Configuration container.
3. pick Hub vehicle container.
4. On the right pick the Send Connectors tab.
5. Right click your send connector and pick properties.
6. On the general tab under the Set the Fqdn this connector will... Type the A description domain name you created. Which in our case is mail.domain.com. Click Ok.
7. Under the Server Configuration package click the Hub vehicle container.
8. In the Right window pick the properties of the Receive Connector under Receive Connectors tab.
9. On the general tab under the Set the Fqdn this connector will... Type the A description domain name you created. Which in our case is mail.domain.com. Click Ok
To verify these changes we can use telnet to view the production upon establishing a association on port 25 to our mail server. Use the following steps to do this:
1. Open a Cmd prompt
2. Type Telnet mail.domain.com 25.
The production you see should look something like this and include your A description of your mail server:
220 mail.domain.com Microsoft Esmtp Mail service ready at Sun, 28 Feb 2
010 17:51:20 +0000
If you use an edge server or a Spam filter appliance like a Barracuda the Smtp banner will have to be set on this device/server.
Check to see if your mail server is on spam lists and/or an open relay
A great website to use to check your Mx records, Rdns, check if your mail server is an open relay and check to see if you are listed on spam lists is www.mxtoolbox.com. This is a great site and one to keep in your favourites.
Following these guide lines will successfully and correctly configure mail routing to and from your mail server. The next step is too regain and ensure your mail server is not an open relay. I will be writing a cut off description dedicated to this in the near future.
Mail Server Host
No comments:
Post a Comment