MX Record

[Kevin Sangwell [MSFT]]

The MX record needs to resolve to the external IP address
on the firewall (which routes TCP port 25 connections to
the Exchange server).

You need to increment the serial number of the SOA on the
external zone after each change right.

It will take up to 72 hours (although much less in
practice) for a new DNS record to propogate throughout
the DNS instrafructure on the internet.

In the meantime, connect a client to the internet, and
make it a DNS client of your DNS server. Then try using
NSLOOKUP to resolve the MX record for your domain. If
that works, try telnetting to port 25 of the host which
the MX record resolves to. If this works, everything is
fine, and you just need to wait for DNS propogation.

Kevin
This posting is provided "AS IS" with no warranties, and
confers no rights

 

[Markus Weber Megalith]

This means the MX record for "Mailserver" is
NameOfExchangeServer.NameOfInternalDomain. Am I right?

I already tried this without result. I found out the DNS propagation
needs one day. I waited for one day but I got errors as already
posted.

NSLookop also doesn't work (for no of available records, "MX" as well
a "A") records I always go "Bad error value" for all domains I tried
this tool. also for our second domain where everything works fine. I
use NSLookup with computer with a dial in connection to internet which
is completly seperated from our LAN.

 

[Ace Fekay [MVP]]

In

This means the MX record for "Mailserver" is
NameOfExchangeServer.NameOfInternalDomain. Am I right?

I already tried this without result. I found out the DNS propagation
needs one day. I waited for one day but I got errors as already
posted.

NSLookop also doesn't work (for no of available records, "MX" as well
a "A") records I always go "Bad error value" for all domains I tried
this tool. also for our second domain where everything works fine. I
use NSLookup with computer with a dial in connection to internet which
is completly seperated from our LAN.

I understand you have an ISA server. Did you "publish" a Mail Server in ISA
to allow access from the internal mail server to respond to Internet
requests? THe MX should point to the external IP of the ISA.

What's your domain name and we can check to see what the MX record is from
here.


--
Regards,
Ace

Please direct all replies to the newsgroup so all can benefit.

Ace Fekay, MCSE 2000, MCSE+I, MCSA, MCT, MVP
Microsoft Windows MVP - Active Directory

 

[Kevin Sangwell [MSFT]]

In the external DNS zone, you need an
A record for the firewall e.g.
ExternalNameOfFirewall.Domain.Com, and an MX record which
points at the firewall A record (i.e. the Mailserver
entry under the MX record is
ExternalNameOfFirewall.Domain.Com)

To test this, go into run nslookup (no command line
parameters). At the ">" prompt type "set type=mx" then
enter your domain name (Domain.com in my example above).

This should return the MX record which points at the
firewall, and then the firewall record.

Kevin

This posting is provided "AS IS" with no warranties, and
confers no rights

 

[Markus Weber Megalith]

Thanks for information, so that means that MX report doesn't point to
mail exchanger itself it point to the server which receives the mails?

 

[Ace Fekay [MVP]]

In

Thanks for information, so that means that MX report doesn't point to
mail exchanger itself it point to the server which receives the mails?

In the external DNS zone, you need an
A record for the firewall e.g.
ExternalNameOfFirewall.Domain.Com, and an MX record which
points at the firewall A record (i.e. the Mailserver
entry under the MX record is
ExternalNameOfFirewall.Domain.Com)

To test this, go into run nslookup (no command line
parameters). At the ">" prompt type "set type=mx" then
enter your domain name (Domain.com in my example above).

This should return the MX record which points at the
firewall, and then the firewall record.

Kevin

This posting is provided "AS IS" with no warranties, and
confers no rights

-----Original Message-----
This means the MX record for "Mailserver" is
NameOfExchangeServer.NameOfInternalDomain. Am I right?

I already tried this without result. I found out the DNS propagation
needs one day. I waited for one day but I got errors as already
posted.

NSLookop also doesn't work (for no of available records, "MX" as well
a "A") records I always go "Bad error value" for all domains I tried
this tool. also for our second domain where everything works fine. I
use NSLookup with computer with a dial in connection to internet which
is completly seperated from our LAN.

On Tue, 1 Jul 2003 05:57:12 -0700, "Kevin Sangwell [MSFT]"

The MX record needs to resolve to the external IP address
on the firewall (which routes TCP port 25 connections to
the Exchange server).

You need to increment the serial number of the SOA on the
external zone after each change right.

It will take up to 72 hours (although much less in
practice) for a new DNS record to propogate throughout
the DNS instrafructure on the internet.

In the meantime, connect a client to the internet, and
make it a DNS client of your DNS server. Then try using
NSLOOKUP to resolve the MX record for your domain. If
that works, try telnetting to port 25 of the host which
the MX record resolves to. If this works, everything is
fine, and you just need to wait for DNS propogation.

Kevin
This posting is provided "AS IS" with no warranties, and
confers no rights


-----Original Message-----
Hello,

We use Exchange Server 2000 in our company. This server DNS
server and firewall are on different computers. DNS server
manages internal and external domain. Exchange Server is
accessible by telnet from internet and also a port scan shows the
ports. But when I try to send a mail to the server (domain) then
I get e.g. follwing message
from other mail
servers:

"Sorry,_I_couldn't_find_a_mail_exchanger_or_IP_address" or
"all relevant MX records point to non-existent hosts"

I already tried all possible MX records
(hostname.internaldomain,
hostname.externaldomain, hostname). Hostname is the
exchange server
computer or the firewall computer. nothing works. Has
anyboy an idea
why this happens?

Thanks in advance
.


.

It should point to the mail server itself. If the mail server is behind a
NAT device (ISA, Proxy or NAT), then you point it to the external IP
address, and a "port re-map" (or whatever it;s called based on the device
you're using, Cisco calls it Port redirect, etc) and the re-map forwards the
mail to the actual internal private IP address. So in essence, it looks like
this when you setup the MX (notice that the MX record has no host name, just
lists the (same as parent) which means it's a blank hostname, which is based
on the DNS RFCs defining how to create an MX record):

This is correct:
Under zone: megalith-software.com
(same as parent) MX boba.megalith-software.com
boba A 62.156.188.34

This is INCORRECT:
Under zone: megalith-software.com
boba MX boba.megalith-software.com
boba A 62.156.188.34


That is provided that 62.156.188.34 is the external IP. If it's the ISA
server, that's fine, but you still need to do a mail publish in ISA to allow
it to respond properly to internal mail requests.


--
Regards,
Ace

Please direct all replies to the newsgroup so all can benefit.

Ace Fekay, MCSE 2000, MCSE+I, MCSA, MCT, MVP
Microsoft Windows MVP - Active Directory

 

[Markus Weber Megalith]

I get it work now!

Thanks for your great help!

After enabling anonymous use and publish the email server get it work
now with current DNS setting. I'm very happy about that. Thanks to you
once again!

In

I don't publisch anything, becasue I thought this is not required
becasue from internet I can access our mailserver via Telnet (Telnet
and Ping are currently blocked, for information, our domain is
"megalith-software.com"). Was this a wrong acceptance?

In Markus Weber Megalith <[email protected]> posted his
concerns then I replied down below:
This means the MX record for "Mailserver" is
NameOfExchangeServer.NameOfInternalDomain. Am I right?

I already tried this without result. I found out the DNS propagation
needs one day. I waited for one day but I got errors as already
posted.

NSLookop also doesn't work (for no of available records, "MX" as
well
a "A") records I always go "Bad error value" for all domains I tried
this tool. also for our second domain where everything works fine. I
use NSLookup with computer with a dial in connection to internet
which is completly seperated from our LAN.

On Tue, 1 Jul 2003 05:57:12 -0700, "Kevin Sangwell [MSFT]"

The MX record needs to resolve to the external IP address
on the firewall (which routes TCP port 25 connections to
the Exchange server).

You need to increment the serial number of the SOA on the
external zone after each change right.

It will take up to 72 hours (although much less in
practice) for a new DNS record to propogate throughout
the DNS instrafructure on the internet.

In the meantime, connect a client to the internet, and
make it a DNS client of your DNS server. Then try using
NSLOOKUP to resolve the MX record for your domain. If
that works, try telnetting to port 25 of the host which
the MX record resolves to. If this works, everything is
fine, and you just need to wait for DNS propogation.

Kevin
This posting is provided "AS IS" with no warranties, and
confers no rights


-----Original Message-----
Hello,

We use Exchange Server 2000 in our company. This server
DNS server and
firewall are on different computers. DNS server manages
internal and
external domain. Exchange Server is accessible by telnet
from internet
and also a port scan shows the ports. But when I try to
send a mail to
the server (domain) then I get e.g. follwing message
from other mail
servers:

"Sorry,_I_couldn't_find_a_mail_exchanger_or_IP_address"
or
"all relevant MX records point to non-existent hosts"

I already tried all possible MX records
(hostname.internaldomain,
hostname.externaldomain, hostname). Hostname is the
exchange server
computer or the firewall computer. nothing works. Has
anyboy an idea
why this happens?

Thanks in advance
.

I understand you have an ISA server. Did you "publish" a Mail Server
in ISA to allow access from the internal mail server to respond to
Internet requests? THe MX should point to the external IP of the ISA.

What's your domain name and we can check to see what the MX record
is from here.


--
Regards,
Ace

Please direct all replies to the newsgroup so all can benefit.

Ace Fekay, MCSE 2000, MCSE+I, MCSA, MCT, MVP
Microsoft Windows MVP - Active Directory

Your MX record resolves to:
=====================

set type=mx
megalith-software.com

Server: ponyexpress.bandwidthpros.com
Address: 208.47.39.10

megalith-software.com MX preference = 10, mail exchanger =
boba.megalith-software.com
megalith-software.com nameserver = pns.dtag.de
megalith-software.com nameserver = secondary004.dtag.net
megalith-software.com nameserver = vader.megalith2002.intern
pns.dtag.de internet address = 194.25.0.125
secondary004.dtag.net internet address = 195.244.245.27
=======================

And I can connect in thru telnet also and the mail server responds and
processes the request but it's looking for authorization. Now as an internet
host (myself trying to connect in) it should allow anonymous. If you don't
allow anonymous, you won;t be able to receive mail from no one else other
than who you authorize. There are millions of domains out there that one of
them may want to send you a piece of mail. If you require authorization,
you'll need to supply them all with a user/pass to be able to do so or you
won't receive any mail from them. AS far as determining what is spam or not,
just do not allow relaying. It never got that far in my test to tell me that
I'm trying to relay or not because it won't allow me past the authorization
to even get that far.

Another possibility, is that you didn't publish the mail server as a mail
server thru ISA.

Another possibility, is for some reason, the nslookup states the MX record
host, but doesn't state it's host with a resolved IP. Are you using a CNAME
(or alias) for the MX? It needs to be a blank entry for the host portion
when you create the MX record, then provide it with the hostname as the
target.

--
Regards,
Ace

Please direct all replies to the newsgroup so all can benefit.

Ace Fekay, MCSE 2000, MCSE+I, MCSA, MCT, MVP
Microsoft Windows MVP - Active Directory

 

[Markus Weber Megalith]

I get it work now!

Thanks for your great help!

After enabling anonymous use and publish the email server get it work
now with current DNS setting. I'm very happy about that. Thanks to you
once again!

In

Thanks for information, so that means that MX report doesn't point to
mail exchanger itself it point to the server which receives the mails?

In the external DNS zone, you need an
A record for the firewall e.g.
ExternalNameOfFirewall.Domain.Com, and an MX record which
points at the firewall A record (i.e. the Mailserver
entry under the MX record is
ExternalNameOfFirewall.Domain.Com)

To test this, go into run nslookup (no command line
parameters). At the ">" prompt type "set type=mx" then
enter your domain name (Domain.com in my example above).

This should return the MX record which points at the
firewall, and then the firewall record.

Kevin

This posting is provided "AS IS" with no warranties, and
confers no rights
-----Original Message-----
This means the MX record for "Mailserver" is
NameOfExchangeServer.NameOfInternalDomain. Am I right?

I already tried this without result. I found out the DNS propagation
needs one day. I waited for one day but I got errors as
already
posted.

NSLookop also doesn't work (for no of available
records, "MX" as well
a "A") records I always go "Bad error value" for all
domains I tried
this tool. also for our second domain where everything
works fine. I
use NSLookup with computer with a dial in connection to
internet which
is completly seperated from our LAN.

On Tue, 1 Jul 2003 05:57:12 -0700, "Kevin Sangwell
[MSFT]"

The MX record needs to resolve to the external IP
address
on the firewall (which routes TCP port 25 connections
to
the Exchange server).

You need to increment the serial number of the SOA on
the
external zone after each change right.

It will take up to 72 hours (although much less in
practice) for a new DNS record to propogate throughout
the DNS instrafructure on the internet.

In the meantime, connect a client to the internet, and
make it a DNS client of your DNS server. Then try using
NSLOOKUP to resolve the MX record for your domain. If
that works, try telnetting to port 25 of the host which
the MX record resolves to. If this works, everything is
fine, and you just need to wait for DNS propogation.

Kevin
This posting is provided "AS IS" with no warranties,
and
confers no rights


-----Original Message-----
Hello,

We use Exchange Server 2000 in our company. This server DNS
server and firewall are on different computers. DNS server
manages internal and external domain. Exchange Server is
accessible by telnet from internet and also a port scan shows the
ports. But when I try to send a mail to the server (domain) then
I get e.g. follwing message
from other mail
servers:

"Sorry,_I_couldn't_find_a_mail_exchanger_or_IP_address" or
"all relevant MX records point to non-existent hosts"

I already tried all possible MX records
(hostname.internaldomain,
hostname.externaldomain, hostname). Hostname is the
exchange server
computer or the firewall computer. nothing works. Has
anyboy an idea
why this happens?

Thanks in advance
.


.

It should point to the mail server itself. If the mail server is behind a
NAT device (ISA, Proxy or NAT), then you point it to the external IP
address, and a "port re-map" (or whatever it;s called based on the device
you're using, Cisco calls it Port redirect, etc) and the re-map forwards the
mail to the actual internal private IP address. So in essence, it looks like
this when you setup the MX (notice that the MX record has no host name, just
lists the (same as parent) which means it's a blank hostname, which is based
on the DNS RFCs defining how to create an MX record):

This is correct:
Under zone: megalith-software.com
(same as parent) MX boba.megalith-software.com
boba A 62.156.188.34

This is INCORRECT:
Under zone: megalith-software.com
boba MX boba.megalith-software.com
boba A 62.156.188.34


That is provided that 62.156.188.34 is the external IP. If it's the ISA
server, that's fine, but you still need to do a mail publish in ISA to allow
it to respond properly to internal mail requests.


--
Regards,
Ace

Please direct all replies to the newsgroup so all can benefit.

Ace Fekay, MCSE 2000, MCSE+I, MCSA, MCT, MVP
Microsoft Windows MVP - Active Directory

 

[Ace Fekay [MVP]]

In

I get it work now!

Thanks for your great help!

After enabling anonymous use and publish the email server get it work
now with current DNS setting. I'm very happy about that. Thanks to you
once again!

Glad it worked out!



--
Regards,
Ace

Please direct all replies to the newsgroup so all can benefit.

Ace Fekay, MCSE 2000, MCSE+I, MCSA, MCT, MVP
Microsoft Windows MVP - Active Directory