Windows Vista Forums

DNS MX Question

  1. #1


    ChrisUK Guest

    DNS MX Question

    Hello,

    I am trying to get some clarification that my mx settings are OK. Mail is
    sending and receiving OK but I don't think its "by-the-book"

    I am running a SBS 2008 domain (lets call it mydomain.local) and I am
    hosting my own email server.

    I registered my domain name with fasthosts.co.uk (lets call it
    mydomain.co.uk).
    I have a static IP address assigned by my ISP (BT - British Telecom)
    I have forwarded port 25 on my router to go to the internal IP address of my
    SBS. server
    On Fasthosts control panel I can set various DNS setting (A, mx, PTR etc). I
    originally created an MX record to be the Static IP address of my router. I
    also created an A record to point remote.mydomain.co.uk to the same static IP
    address for OWA.

    Having done some more research into DNS / MX records I'm beginning to think
    that what i SHOULD have done is create an A record such as
    mail.mydomain.co.uk and point it to my static IP, then create an MX record
    pointing to mail.mydomain.co.uk.

    Is this correct?

    As my mail is flowing I'm reluctant to make any changes. If I do need to
    change it to what I mentioned above, can I do this without any emails getting
    bounced / lost?

    Final question, I've read a lot of PTR records being needed more and more.
    On my control panel with Fasthosts all I can create are, A, Cname, MX, AAAA
    and TXT records. Will I need to contact Fasthosts and ask them to create a
    PTR record for me? What do I need to have in this PTR? Sorry if that is a
    dumb question but I'm just starting to learn this stuff.

    Kind regards,

    Chris

      My System SpecsSystem Spec

  2.   


  3. #2


    Cliff Galiher - MVP Guest

    Re: DNS MX Question

    Inline:

    -Cliff


    "ChrisUK" <ChrisUK@newsgroup> wrote in message
    news:EE6D581B-19F6-4A9C-ADED-98FD5B1288B2@newsgroup

    > Hello,
    >
    > I am trying to get some clarification that my mx settings are OK. Mail is
    > sending and receiving OK but I don't think its "by-the-book"
    >
    > I am running a SBS 2008 domain (lets call it mydomain.local) and I am
    > hosting my own email server.
    >
    > I registered my domain name with fasthosts.co.uk (lets call it
    > mydomain.co.uk).
    By not posting your real domain, you make it difficult for *us* to look and
    verify. And since it is a public domain, hackers are still going to find
    and scan it. Obfuscating public domains in newsgroups provides *no* added
    security. Just for future reference.

    > I have a static IP address assigned by my ISP (BT - British Telecom)
    > I have forwarded port 25 on my router to go to the internal IP address of
    > my
    > SBS. server
    > On Fasthosts control panel I can set various DNS setting (A, mx, PTR etc).
    > I
    > originally created an MX record to be the Static IP address of my router.
    > I
    > also created an A record to point remote.mydomain.co.uk to the same static
    > IP
    > address for OWA.
    >
    > Having done some more research into DNS / MX records I'm beginning to
    > think
    > that what i SHOULD have done is create an A record such as
    > mail.mydomain.co.uk and point it to my static IP, then create an MX record
    > pointing to mail.mydomain.co.uk.
    Either/or. I prefer domain names in MX records...one less thing to change
    and get cached if things have to get shuffled. I wouldn't call your setup
    *wrong* though, just not optimal.

    > As my mail is flowing I'm reluctant to make any changes. If I do need to
    > change it to what I mentioned above, can I do this without any emails
    > getting
    > bounced / lost?
    If you don't make any *wrong* changes then mail will flow just fine. Some
    DNS servers will have the old data cached, but since your IP isn't changing,
    it'll still get delivered. And new DNS queries will get the name and since
    that also appears to work, you'll continue to be fine. Should be
    transparent.

    > Final question, I've read a lot of PTR records being needed more and more.
    > On my control panel with Fasthosts all I can create are, A, Cname, MX,
    > AAAA
    > and TXT records. Will I need to contact Fasthosts and ask them to create a
    > PTR record for me? What do I need to have in this PTR? Sorry if that is a
    > dumb question but I'm just starting to learn this stuff.
    Not Fasthosts. Reverse lookups work backwards, so the PTR record would
    actually be owned/controlled by the owner of the IP address. In this case
    BT. Again, had you posted your public IP, we could have checked for you; it
    may already exist. It doesn't need to match your company, it need only
    exist.

    >
    > Kind regards,
    >
    > Chris

      My System SpecsSystem Spec

  4. #3


    Joe Guest

    Re: DNS MX Question

    ChrisUK wrote:

    >
    > Final question, I've read a lot of PTR records being needed more and more.
    > On my control panel with Fasthosts all I can create are, A, Cname, MX, AAAA
    > and TXT records. Will I need to contact Fasthosts and ask them to create a
    > PTR record for me? What do I need to have in this PTR? Sorry if that is a
    > dumb question but I'm just starting to learn this stuff.
    >
    You already know what to do, I'd add that I've known BT to be quite
    difficult about PTR records, even on 'business' accounts with static IP
    addresses. There will already be one of a generic kind, along the lines
    of 'adsl-12-34-56-67-pool.btconnect.com', but this is not likely to
    impress other mail servers. I have my own server configured to reject
    SMTP connections from addresses with PTR records of this kind.

    The bad news is that many mail servers, particularly those of ISPs, will
    expect a 'proper' PTR record of 'example.domain.com' form, and many
    (including mine) will expect there to be a valid A record for
    example.domain.com which points back to the IP address. I have not found
    it necessary for the PTR-A pair to match the MX record or HELO string,
    as mine do not and I have no problem sending mail to AOL, which is
    notoriously fussy.

    Certainly two or three years ago, BT wasn't good at organising this kind
    of thing. If they are still not willing to do it, then the only way you
    can send mail reliably is through another mail server which is
    considered 'respectable', such as an ISP's SMTP server. Check if your
    account with BT includes the use of an SMTP smarthost, as it is a
    facility you may want to use for other reasons.

    One of my customers insisted on using BT as ISP, against my
    recommendations, and took out a 'business' account. This turned out to
    have no smarthost facility and a fixed IP address that had a 'generic'
    PTR and was on a number of blacklists, none of which BT was prepared to
    do anything about. I ended up giving him an authenticated SMTP account
    on a web hosting package that I rent, to use as a smarthost. BT's
    recommendation, and I kid you not, was to use Yahoo for email. I think
    even today, BT subcontracts some parts of its email handling to Yahoo.

    --
    Joe

      My System SpecsSystem Spec

  5. #4


    Andrew M. Saucci, Jr. Guest

    Re: DNS MX Question

    Actually, the "generic" reverse DNS isn't nearly as much of a
    problem as having none at all. If the ISP won't update the reverse DNS, then
    setting up an A record to match it and changing the settings of the SMTP
    virtual server to use that identity can work. It isn't pretty, but it's
    legitimate. I don't think too many spam filters care much about what your
    reverse DNS is as long as it matches what the SMTP server reports as its
    identity in the HELO command. After all, the identity of a server in the end
    is purely arbitrary.

    "Joe" <joe@newsgroup> wrote in message
    news:%23LkxhPHlKHA.5128@newsgroup

    > ChrisUK wrote:

    >>
    >> Final question, I've read a lot of PTR records being needed more and
    >> more. On my control panel with Fasthosts all I can create are, A, Cname,
    >> MX, AAAA and TXT records. Will I need to contact Fasthosts and ask them
    >> to create a PTR record for me? What do I need to have in this PTR? Sorry
    >> if that is a dumb question but I'm just starting to learn this stuff.
    >>
    >
    > You already know what to do, I'd add that I've known BT to be quite
    > difficult about PTR records, even on 'business' accounts with static IP
    > addresses. There will already be one of a generic kind, along the lines of
    > 'adsl-12-34-56-67-pool.btconnect.com', but this is not likely to impress
    > other mail servers. I have my own server configured to reject SMTP
    > connections from addresses with PTR records of this kind.
    >
    > The bad news is that many mail servers, particularly those of ISPs, will
    > expect a 'proper' PTR record of 'example.domain.com' form, and many
    > (including mine) will expect there to be a valid A record for
    > example.domain.com which points back to the IP address. I have not found
    > it necessary for the PTR-A pair to match the MX record or HELO string, as
    > mine do not and I have no problem sending mail to AOL, which is
    > notoriously fussy.
    >
    > Certainly two or three years ago, BT wasn't good at organising this kind
    > of thing. If they are still not willing to do it, then the only way you
    > can send mail reliably is through another mail server which is considered
    > 'respectable', such as an ISP's SMTP server. Check if your account with BT
    > includes the use of an SMTP smarthost, as it is a facility you may want to
    > use for other reasons.
    >
    > One of my customers insisted on using BT as ISP, against my
    > recommendations, and took out a 'business' account. This turned out to
    > have no smarthost facility and a fixed IP address that had a 'generic' PTR
    > and was on a number of blacklists, none of which BT was prepared to do
    > anything about. I ended up giving him an authenticated SMTP account on a
    > web hosting package that I rent, to use as a smarthost. BT's
    > recommendation, and I kid you not, was to use Yahoo for email. I think
    > even today, BT subcontracts some parts of its email handling to Yahoo.
    >
    > --
    > Joe


      My System SpecsSystem Spec

  6. #5


    Cliff Galiher - MVP Guest

    Re: DNS MX Question

    Just as a matter of debate, I've *never* seen a spam filter care if the
    reverse DNS *or* A record matches the HELO string in a mail server. In
    fact, more often than not, they don't.

    Take an example of a company that uses a cloud-based email service, such as
    an ISP server or hosted-Exchange. If you go the hosted-Exchange route, do
    you really think MS gives you your own Exchange servers and that the HELO
    strings match the MX/A record pair you set up? Or do you think that a
    service provider that offers businesses 10-20 free email accounts as part of
    their business bundle also gives them a dedicated server?

    There are so many *legitimate* scenarios where the HELO string will NOT
    match the MX record that no spam filters would rightfully reject or even
    negatively score messages that have a return header with such a setup.

    But what you say is true, a generic rDNS is usually perfectly adequate as
    long as the ISP also has an A record that matches the PTR record so that it
    is a matching pair. There isn't usually a cause to get them to create
    custom/renamed records.

    -Cliff


    "Andrew M. Saucci, Jr." <spam-only@newsgroup> wrote in message
    news:eyYMOLNlKHA.3476@newsgroup

    > Actually, the "generic" reverse DNS isn't nearly as much of a
    > problem as having none at all. If the ISP won't update the reverse DNS,
    > then setting up an A record to match it and changing the settings of the
    > SMTP virtual server to use that identity can work. It isn't pretty, but
    > it's legitimate. I don't think too many spam filters care much about what
    > your reverse DNS is as long as it matches what the SMTP server reports as
    > its identity in the HELO command. After all, the identity of a server in
    > the end is purely arbitrary.
    >
    > "Joe" <joe@newsgroup> wrote in message
    > news:%23LkxhPHlKHA.5128@newsgroup

    >> ChrisUK wrote:

    >>>
    >>> Final question, I've read a lot of PTR records being needed more and
    >>> more. On my control panel with Fasthosts all I can create are, A, Cname,
    >>> MX, AAAA and TXT records. Will I need to contact Fasthosts and ask them
    >>> to create a PTR record for me? What do I need to have in this PTR? Sorry
    >>> if that is a dumb question but I'm just starting to learn this stuff.
    >>>
    >>
    >> You already know what to do, I'd add that I've known BT to be quite
    >> difficult about PTR records, even on 'business' accounts with static IP
    >> addresses. There will already be one of a generic kind, along the lines
    >> of 'adsl-12-34-56-67-pool.btconnect.com', but this is not likely to
    >> impress other mail servers. I have my own server configured to reject
    >> SMTP connections from addresses with PTR records of this kind.
    >>
    >> The bad news is that many mail servers, particularly those of ISPs, will
    >> expect a 'proper' PTR record of 'example.domain.com' form, and many
    >> (including mine) will expect there to be a valid A record for
    >> example.domain.com which points back to the IP address. I have not found
    >> it necessary for the PTR-A pair to match the MX record or HELO string, as
    >> mine do not and I have no problem sending mail to AOL, which is
    >> notoriously fussy.
    >>
    >> Certainly two or three years ago, BT wasn't good at organising this kind
    >> of thing. If they are still not willing to do it, then the only way you
    >> can send mail reliably is through another mail server which is considered
    >> 'respectable', such as an ISP's SMTP server. Check if your account with
    >> BT includes the use of an SMTP smarthost, as it is a facility you may
    >> want to use for other reasons.
    >>
    >> One of my customers insisted on using BT as ISP, against my
    >> recommendations, and took out a 'business' account. This turned out to
    >> have no smarthost facility and a fixed IP address that had a 'generic'
    >> PTR and was on a number of blacklists, none of which BT was prepared to
    >> do anything about. I ended up giving him an authenticated SMTP account on
    >> a web hosting package that I rent, to use as a smarthost. BT's
    >> recommendation, and I kid you not, was to use Yahoo for email. I think
    >> even today, BT subcontracts some parts of its email handling to Yahoo.
    >>
    >> --
    >> Joe
    >
    >

      My System SpecsSystem Spec

  7. #6


    Ace Fekay [MVP-DS, MCT] Guest

    Re: DNS MX Question

    "Cliff Galiher - MVP" <cgaliher@newsgroup> wrote in message
    news:etYJc6NlKHA.2592@newsgroup

    > Just as a matter of debate, I've *never* seen a spam filter care if the
    > reverse DNS *or* A record matches the HELO string in a mail server. In
    > fact, more often than not, they don't.
    >
    > Take an example of a company that uses a cloud-based email service, such
    > as an ISP server or hosted-Exchange. If you go the hosted-Exchange route,
    > do you really think MS gives you your own Exchange servers and that the
    > HELO strings match the MX/A record pair you set up? Or do you think that
    > a service provider that offers businesses 10-20 free email accounts as
    > part of their business bundle also gives them a dedicated server?
    >
    > There are so many *legitimate* scenarios where the HELO string will NOT
    > match the MX record that no spam filters would rightfully reject or even
    > negatively score messages that have a return header with such a setup.
    >
    > But what you say is true, a generic rDNS is usually perfectly adequate as
    > long as the ISP also has an A record that matches the PTR record so that
    > it is a matching pair. There isn't usually a cause to get them to create
    > custom/renamed records.
    >
    > -Cliff

    Cliff,

    I understand what you're saying about not requiring a matching PTR to MX
    record, but I just wanted to point out that in some spam filters, such as
    Vamsoft, it is an option. Of course I never use that option due to the
    scenarios you described. I would be surprised if anyone does or they would
    be rejecting numerous ligitimate mail.

    --
    Ace

    This posting is provided "AS-IS" with no warranties or guarantees and
    confers no rights.

    Please reply back to the newsgroup or forum for collaboration benefit among
    responding engineers, and to help others benefit from your resolution.

    Ace Fekay, MVP, MCT, MCITP EA, MCTS Windows 2008 & Exchange 2007, MCSE &
    MCSA 2003/2000, MCSA Messaging 2003
    Microsoft Certified Trainer
    Microsoft MVP - Directory Services

    If you feel this is an urgent issue and require immediate assistance, please
    contact Microsoft PSS directly. Please check http://support.microsoft.com
    for regional support phone numbers.





      My System SpecsSystem Spec

  8. #7


    ChrisUK Guest

    Re: DNS MX Question

    Cliff> OK - thanks for the heads up. My domain name registered with Fasthosts
    is www.zoo-hardware.co.uk. My internal domain name is zoohardware.local.
    Also, thanks for confirming that for me. I've made the change to the MX
    record from IP address (81.149.235.191) to mail.zoo-hardware.co.uk. I did
    this several hours ago and everything seems to be working.

    When I use nslookup to view a couple of other companyies who I know are
    using BT their MX records show as
    mail exchanger = host(ip-address).in-addr.btopenworld.com

    I was just concerned that mine appears much simpler.

    Also, i'd quite like a backup so if my server ever went down, mail would go
    somewhere else. I would obviously put that as a higher priority. I contacted
    Fasthosts about providing me with this facility but they didn't seem to offer
    that service (it might have been my limited understanding of what i was
    asking for!)

    Joe> I know what you mean with BT, they really don't appear to be very
    helpful on anything even slightly technical. I think i'll struggle to get
    them to do anything for me.

    Bill, Andrew and Ace> Thankyou for your input / help on this too!



    "Cliff Galiher - MVP" wrote:

    > Inline:
    >
    > -Cliff
    >
    >
    > "ChrisUK" <ChrisUK@newsgroup> wrote in message
    > news:EE6D581B-19F6-4A9C-ADED-98FD5B1288B2@newsgroup

    > > Hello,
    > >
    > > I am trying to get some clarification that my mx settings are OK. Mail is
    > > sending and receiving OK but I don't think its "by-the-book"
    > >
    > > I am running a SBS 2008 domain (lets call it mydomain.local) and I am
    > > hosting my own email server.
    > >
    > > I registered my domain name with fasthosts.co.uk (lets call it
    > > mydomain.co.uk).
    >
    > By not posting your real domain, you make it difficult for *us* to look and
    > verify. And since it is a public domain, hackers are still going to find
    > and scan it. Obfuscating public domains in newsgroups provides *no* added
    > security. Just for future reference.
    >

    > > I have a static IP address assigned by my ISP (BT - British Telecom)
    > > I have forwarded port 25 on my router to go to the internal IP address of
    > > my
    > > SBS. server
    > > On Fasthosts control panel I can set various DNS setting (A, mx, PTR etc).
    > > I
    > > originally created an MX record to be the Static IP address of my router.
    > > I
    > > also created an A record to point remote.mydomain.co.uk to the same static
    > > IP
    > > address for OWA.
    > >
    > > Having done some more research into DNS / MX records I'm beginning to
    > > think
    > > that what i SHOULD have done is create an A record such as
    > > mail.mydomain.co.uk and point it to my static IP, then create an MX record
    > > pointing to mail.mydomain.co.uk.
    >
    > Either/or. I prefer domain names in MX records...one less thing to change
    > and get cached if things have to get shuffled. I wouldn't call your setup
    > *wrong* though, just not optimal.
    >

    > > As my mail is flowing I'm reluctant to make any changes. If I do need to
    > > change it to what I mentioned above, can I do this without any emails
    > > getting
    > > bounced / lost?
    >
    > If you don't make any *wrong* changes then mail will flow just fine. Some
    > DNS servers will have the old data cached, but since your IP isn't changing,
    > it'll still get delivered. And new DNS queries will get the name and since
    > that also appears to work, you'll continue to be fine. Should be
    > transparent.
    >

    > > Final question, I've read a lot of PTR records being needed more and more.
    > > On my control panel with Fasthosts all I can create are, A, Cname, MX,
    > > AAAA
    > > and TXT records. Will I need to contact Fasthosts and ask them to create a
    > > PTR record for me? What do I need to have in this PTR? Sorry if that is a
    > > dumb question but I'm just starting to learn this stuff.
    >
    > Not Fasthosts. Reverse lookups work backwards, so the PTR record would
    > actually be owned/controlled by the owner of the IP address. In this case
    > BT. Again, had you posted your public IP, we could have checked for you; it
    > may already exist. It doesn't need to match your company, it need only
    > exist.
    >

    > >
    > > Kind regards,
    > >
    > > Chris
    >
    > .
    >

      My System SpecsSystem Spec

  9. #8


    Cliff Galiher - MVP Guest

    Re: DNS MX Question

    In regards to a backup service, let me say that SMTP as a protocol was
    designed to handle delays. AFter all, if your server is down, even if you
    have a backup service, the mail is delayed getting to YOU. So, in most
    cases, I don't believe a backup service is necessary. Most mail servers
    will attempt to resend every 4 hours, and your server should *not* be down
    longer than that even during regular maintenance/patching/reboot. A good DR
    plan is also essential for any server, and the max retry on most emails is
    48 hours. You can get a new server rebuilt in that amount of time.

    But for the paranoid and overly-cautious, there is always backup MX
    services. I personally like DynDNS for the rare times I need to use one.
    Inexpensive, easy to set up, and reliable.

    -Cliff


    "ChrisUK" <ChrisUK@newsgroup> wrote in message
    news:2103E79E-0F66-4F15-A910-88B04BDD123D@newsgroup

    > Cliff> OK - thanks for the heads up. My domain name registered with
    > Fasthosts
    > is www.zoo-hardware.co.uk. My internal domain name is zoohardware.local.
    > Also, thanks for confirming that for me. I've made the change to the MX
    > record from IP address (81.149.235.191) to mail.zoo-hardware.co.uk. I did
    > this several hours ago and everything seems to be working.
    >
    > When I use nslookup to view a couple of other companyies who I know are
    > using BT their MX records show as
    > mail exchanger = host(ip-address).in-addr.btopenworld.com
    >
    > I was just concerned that mine appears much simpler.
    >
    > Also, i'd quite like a backup so if my server ever went down, mail would
    > go
    > somewhere else. I would obviously put that as a higher priority. I
    > contacted
    > Fasthosts about providing me with this facility but they didn't seem to
    > offer
    > that service (it might have been my limited understanding of what i was
    > asking for!)
    >
    > Joe> I know what you mean with BT, they really don't appear to be very
    > helpful on anything even slightly technical. I think i'll struggle to get
    > them to do anything for me.
    >
    > Bill, Andrew and Ace> Thankyou for your input / help on this too!
    >
    >
    >
    > "Cliff Galiher - MVP" wrote:
    >

    >> Inline:
    >>
    >> -Cliff
    >>
    >>
    >> "ChrisUK" <ChrisUK@newsgroup> wrote in message
    >> news:EE6D581B-19F6-4A9C-ADED-98FD5B1288B2@newsgroup

    >> > Hello,
    >> >
    >> > I am trying to get some clarification that my mx settings are OK. Mail
    >> > is
    >> > sending and receiving OK but I don't think its "by-the-book"
    >> >
    >> > I am running a SBS 2008 domain (lets call it mydomain.local) and I am
    >> > hosting my own email server.
    >> >
    >> > I registered my domain name with fasthosts.co.uk (lets call it
    >> > mydomain.co.uk).
    >>
    >> By not posting your real domain, you make it difficult for *us* to look
    >> and
    >> verify. And since it is a public domain, hackers are still going to find
    >> and scan it. Obfuscating public domains in newsgroups provides *no*
    >> added
    >> security. Just for future reference.
    >>

    >> > I have a static IP address assigned by my ISP (BT - British Telecom)
    >> > I have forwarded port 25 on my router to go to the internal IP address
    >> > of
    >> > my
    >> > SBS. server
    >> > On Fasthosts control panel I can set various DNS setting (A, mx, PTR
    >> > etc).
    >> > I
    >> > originally created an MX record to be the Static IP address of my
    >> > router.
    >> > I
    >> > also created an A record to point remote.mydomain.co.uk to the same
    >> > static
    >> > IP
    >> > address for OWA.
    >> >
    >> > Having done some more research into DNS / MX records I'm beginning to
    >> > think
    >> > that what i SHOULD have done is create an A record such as
    >> > mail.mydomain.co.uk and point it to my static IP, then create an MX
    >> > record
    >> > pointing to mail.mydomain.co.uk.
    >>
    >> Either/or. I prefer domain names in MX records...one less thing to
    >> change
    >> and get cached if things have to get shuffled. I wouldn't call your
    >> setup
    >> *wrong* though, just not optimal.
    >>

    >> > As my mail is flowing I'm reluctant to make any changes. If I do need
    >> > to
    >> > change it to what I mentioned above, can I do this without any emails
    >> > getting
    >> > bounced / lost?
    >>
    >> If you don't make any *wrong* changes then mail will flow just fine.
    >> Some
    >> DNS servers will have the old data cached, but since your IP isn't
    >> changing,
    >> it'll still get delivered. And new DNS queries will get the name and
    >> since
    >> that also appears to work, you'll continue to be fine. Should be
    >> transparent.
    >>

    >> > Final question, I've read a lot of PTR records being needed more and
    >> > more.
    >> > On my control panel with Fasthosts all I can create are, A, Cname, MX,
    >> > AAAA
    >> > and TXT records. Will I need to contact Fasthosts and ask them to
    >> > create a
    >> > PTR record for me? What do I need to have in this PTR? Sorry if that is
    >> > a
    >> > dumb question but I'm just starting to learn this stuff.
    >>
    >> Not Fasthosts. Reverse lookups work backwards, so the PTR record would
    >> actually be owned/controlled by the owner of the IP address. In this
    >> case
    >> BT. Again, had you posted your public IP, we could have checked for you;
    >> it
    >> may already exist. It doesn't need to match your company, it need only
    >> exist.
    >>

    >> >
    >> > Kind regards,
    >> >
    >> > Chris
    >>
    >> .
    >>

      My System SpecsSystem Spec

  10. #9


    Andrew M. Saucci, Jr. Guest

    Re: DNS MX Question

    In a hosted Exchange scenario, you may be given an MX on the hosting
    company's domain, not your own. You're also sending from that mail server,
    not your own. In that case, there would be no reason the HELO string
    wouldn't match the rDNS of the hosting company's server.

    Also, I've seen some pretty picky spam filters. We have a client
    where two of the principals have personal AT&T mail accounts. They were
    unable to send mail from the corporate domain to AT&T because the MX pointed
    to an external spam filtering service and we were sending mail directly out,
    making the source of the mail not match the MX. I think we solved that by
    eliminating the spam filtering service and relying on Trend Micro Worry-Free
    Business Security Advanced to handle it. AOL is also notorious for picky
    spam filtering. Many mail server administrators are of the attitude that
    fighting spam is a noble cause and if legitimate e-mail is filtered out in
    the process, "too bad, you didn't set up your mail server right, or start
    using a decent one like AT&T or AOL or MSN or Google."

    Many legitimate scenarios are rejected by spam filters (or at least
    result in higher scores); it's one of the things that drives me crazy about
    e-mail and forces me to conclude that a major overhaul of Internet and
    e-mail will eventually be demanded by end users.

    The HELO is critical; I know that because SBS 2003 mangles it by
    default (it defaults to domain.com, which is almost never right) and things
    do not work right until I fix it, even if reverse DNS itself is correct.
    Running the CEICW will usually break the HELO, and it must be fixed
    maunally. Try it. Change the HELO on an otherwise properly configured
    Exchange Server to "mail.fake.com" and try sending to AOL and see what
    happens.

    "Cliff Galiher - MVP" <cgaliher@newsgroup> wrote in message
    news:etYJc6NlKHA.2592@newsgroup

    > Just as a matter of debate, I've *never* seen a spam filter care if the
    > reverse DNS *or* A record matches the HELO string in a mail server. In
    > fact, more often than not, they don't.
    >
    > Take an example of a company that uses a cloud-based email service, such
    > as an ISP server or hosted-Exchange. If you go the hosted-Exchange route,
    > do you really think MS gives you your own Exchange servers and that the
    > HELO strings match the MX/A record pair you set up? Or do you think that
    > a service provider that offers businesses 10-20 free email accounts as
    > part of their business bundle also gives them a dedicated server?
    >
    > There are so many *legitimate* scenarios where the HELO string will NOT
    > match the MX record that no spam filters would rightfully reject or even
    > negatively score messages that have a return header with such a setup.
    >
    > But what you say is true, a generic rDNS is usually perfectly adequate as
    > long as the ISP also has an A record that matches the PTR record so that
    > it is a matching pair. There isn't usually a cause to get them to create
    > custom/renamed records.
    >
    > -Cliff
    >
    >
    > "Andrew M. Saucci, Jr." <spam-only@newsgroup> wrote in message
    > news:eyYMOLNlKHA.3476@newsgroup

    >> Actually, the "generic" reverse DNS isn't nearly as much of a
    >> problem as having none at all. If the ISP won't update the reverse DNS,
    >> then setting up an A record to match it and changing the settings of the
    >> SMTP virtual server to use that identity can work. It isn't pretty, but
    >> it's legitimate. I don't think too many spam filters care much about what
    >> your reverse DNS is as long as it matches what the SMTP server reports as
    >> its identity in the HELO command. After all, the identity of a server in
    >> the end is purely arbitrary.
    >>
    >> "Joe" <joe@newsgroup> wrote in message
    >> news:%23LkxhPHlKHA.5128@newsgroup

    >>> ChrisUK wrote:
    >>>>
    >>>> Final question, I've read a lot of PTR records being needed more and
    >>>> more. On my control panel with Fasthosts all I can create are, A,
    >>>> Cname, MX, AAAA and TXT records. Will I need to contact Fasthosts and
    >>>> ask them to create a PTR record for me? What do I need to have in this
    >>>> PTR? Sorry if that is a dumb question but I'm just starting to learn
    >>>> this stuff.
    >>>>
    >>>
    >>> You already know what to do, I'd add that I've known BT to be quite
    >>> difficult about PTR records, even on 'business' accounts with static IP
    >>> addresses. There will already be one of a generic kind, along the lines
    >>> of 'adsl-12-34-56-67-pool.btconnect.com', but this is not likely to
    >>> impress other mail servers. I have my own server configured to reject
    >>> SMTP connections from addresses with PTR records of this kind.
    >>>
    >>> The bad news is that many mail servers, particularly those of ISPs, will
    >>> expect a 'proper' PTR record of 'example.domain.com' form, and many
    >>> (including mine) will expect there to be a valid A record for
    >>> example.domain.com which points back to the IP address. I have not found
    >>> it necessary for the PTR-A pair to match the MX record or HELO string,
    >>> as mine do not and I have no problem sending mail to AOL, which is
    >>> notoriously fussy.
    >>>
    >>> Certainly two or three years ago, BT wasn't good at organising this kind
    >>> of thing. If they are still not willing to do it, then the only way you
    >>> can send mail reliably is through another mail server which is
    >>> considered 'respectable', such as an ISP's SMTP server. Check if your
    >>> account with BT includes the use of an SMTP smarthost, as it is a
    >>> facility you may want to use for other reasons.
    >>>
    >>> One of my customers insisted on using BT as ISP, against my
    >>> recommendations, and took out a 'business' account. This turned out to
    >>> have no smarthost facility and a fixed IP address that had a 'generic'
    >>> PTR and was on a number of blacklists, none of which BT was prepared to
    >>> do anything about. I ended up giving him an authenticated SMTP account
    >>> on a web hosting package that I rent, to use as a smarthost. BT's
    >>> recommendation, and I kid you not, was to use Yahoo for email. I think
    >>> even today, BT subcontracts some parts of its email handling to Yahoo.
    >>>
    >>> --
    >>> Joe
    >>
    >>


      My System SpecsSystem Spec

  11. #10


    Andrew M. Saucci, Jr. Guest

    Re: DNS MX Question

    For someone who wants to try this without messing up a perfectly
    good Exchange Server, an alternative is to use telnet to connect to AOL or
    AT&T's mail server interactively. You can type anything you want after HELO;
    it doesn't have to match what is programmed into SMTP (which would be
    irrelevant).


    "Andrew M. Saucci, Jr." <spam-only@newsgroup> wrote in message
    news:uiHfYNYlKHA.5060@newsgroup

    > Try it. Change the HELO on an otherwise properly configured Exchange
    > Server to "mail.fake.com" and try sending to AOL and see what happens.


      My System SpecsSystem Spec

Page 1 of 2 12 LastLast

DNS MX Question
Similar Threads
Thread Forum
Newbie Question: Basic select-object Question. PowerShell
escape character question - hopefully an easy question PowerShell
HD DVD Question Vista General
vista genral question and ultimate question Vista General
Dual boot system question and family deal discount question Vista General