If DNS is not configured properly, over time your e-mail server's IP will be added to the blacklist. Today, most mail servers have some sort of protection against spam, which in turn means that all your incoming e-mail will be blocked if you do it just to be listed on a spam blacklist.
In this article I will describe how to properly configure your MX and reverse DNS entries for your mail server. This article is based on an Exchange 2003/2007 server-based, but follow each other messaging serversthe same principle.
Barracuda Spam
Assign an IP address
Starting from scratch, the first thing you do is a static external IP address of a private mail server. You must apply these rules to the firewall SMTP relay (port 25) and an external IP address on the NAT server's internal address.
Something that many administrators fail to do or control is to use the NAT rule out on the same external IP addresscreated for the rule to the incoming mail server. If this is not set, the reverse DNS do not match, and turn the blacklisted mail servers are listed. If the firewall rules are correctly set the IP address listed on this page, the same IP address that are mapped to internal private IP address of the mail server.
Create MX records for mail servers
For the purposes of this example, we list below all of the details of my mail server so you can understand what youneed to do.
External IP: 87.22.1.22
E-mail domain: domain.com
They have an administrative contact for the external DNS provider for your domain, to make these changes. In most cases, this can be done by a panel of online providers of DNS. In the absence of this by phone or e-mail.
1 The first thing to do is create a record for the external IP address on the firewall to the mail server associated point. The owner of a record can be calledeverything, but it is commonly known as "mail". In our example we will create "mail.domain.com", choose the IP address "87.22.1.22"
2 Next we will create an MX record that points to the newly created A record of our mail server.
In the DNS control panel, select "Add MX". Make sure that the host address is the primary domain name in our case, "domain.com"
Set the fully qualified domain name as the record we just created, in our case is "mail.domain.com".
The property is the lowestpreferred, but in our example, set the priority to 10.
Check with nslookup DNS MX records and should be applied
Can propagate up to 48 hours for DNS, but in most cases 12-24 hours. To check our DNS records are correct and we can apply nslookup.
1 Open a CMD prompt and type nslookup
2 Set the type type = mx
3 Enter the domain name, which in our case, domain.com.
In our example, the output should be as follows, if set correctly:
>domain.com
Non-authoritative answer:
domain.com MX preference = 10, mail exchanger = mail.domain.com
mail.domain.com internet address = 87.22.1.22
Configure Reverse DNS
Reverse DNS is used to ensure that the mail server, which says it is. The recipient's mail server is a reverse lookup to verify that the IP address of the mail-in entry in DNS or series of the same IP address with which it is communicated. Only one entry can be found by IP RDNSAddress.
You have to do with your ISP for this entry. It will not be able to use this in your DNS control panel, even if your ISP DNS host and give you the capability to add their own RDNS records.
In our case, we would consult with our ISP and we would like to have a voice would RDNS for your IP address 87.22.1.22 to solve the mail.domain.com.
Make sure your reverse DNS
Also, can propagate up to 48 hours for DNS, but in mostCases 12-24 hours. To ensure that RDNS entries were added correctly and are as follows:
1 Open a CMD prompt.
2 Type ping-a 87.22.1.22 (This is the external IP address for the mail server. In our case we use our external IP address as above)
RDNS if configured correctly, the output appears as follows:
C: user> ping-a 87.22.1.22
Pinging mail.domain.com [87.22.1.22] with 32 bytes of data:
SMTP Banner
Every time a mail serverconnects to the mail server, shows its SMTP banner. The banner must be resolved on the Internet and best practice is to make as a host email / have a record.
Configure the SMTP banner in Exchange 2003
1 Open the Exchange System Manager.
2 Expand the Administrative Group (the "First Administrative Group" is enabled by default).
3 Expand Server.
4 Expand the server name.
5 Expand the container Protocals.
6 Select the SMTP container.
7 RightWindow, right-click the SMTP virtual server (or SMTP server name) and
select Properties.
8 Select the Delivery tab.
9 Click the Advanced button.
10 In the Fully Qualified Domain Name mail.domain.com type (A voice / host created in DNS for the mail server)
11 Click OK and OK again to accept the changes
Configure the SMTP banner in Exchange 2007/2010
1 Open the Exchange Management Console.
2 Select the OrganizationContainer configuration.
3 Select the Hub Transport container.
4 On the right side, select the Send Connectors tab.
5 Right-click on the Send connector, and select Properties.
6 On the General tab, under the set of the FQDN this connector ... Give the A-record domain name created. In our case this is mail.domain.com. Click OK.
7 In the Server Configuration window, click the Hub Transport container.
8 In the right pane, select the properties of the receptionLinking Receive Connectors tab.
9 On the General tab, under the set of the FQDN this connector ... Give the A-record domain name created. In our case this is mail.domain.com. Click OK
To review these changes, you can telnet to the release of a connection on port 25 to see our mail server. Use the following steps to do this:
1 Open a CMD prompt
2 Type telnet mail.domain.com 25
The output you should see something like that andContain a record of your mail server:
220 mail.domain.com Microsoft ESMTP MAIL Service ready at Sun, 28 February 2
010 17:51:20 +0000
If you have an edge server or a device like the Barracuda spam filter for SMTP banner should be set on this device / server.
Check if your mail server to spam lists and / or an open relay
An ideal site for use to verify the MX record, RDNS, check if the mail server is an open relay and verify that you have listedWww.mxtoolbox.com spam-list. This is a great site and one to keep in your favorites.
Following these guidelines will be successfully and properly configure mail routing to and from the mail server. The next step is to ensure and guarantee that the mail server is not an open relay. I'm writing a separate article on this subject in the near future.
Configuring Exchange mail server reverse DNS and MX records correctly
No comments:
Post a Comment