Microsoft Exchange and Blackberry Server Specialists

Exchange DNS Configuration for Email Delivery

Getting your DNS configured correctly for email delivery is a vital part of ensuring that Exchange works as it is designed. It not only affects your incoming email, but your ability to send email as well. The DNS settings are used by many receiving mail servers to verify that your message is not spam.

The first two parts of this page apply to any email server, the last part just to Exchange/IIS mail servers. This guide is also just concerned with the SMTP email delivery side and the DNS changes required. It does not cover DNS for OWA, ActiveSync, Outlook Anywhere/RPC over HTTPS, Autodiscover or, POP3/IMAP.

MX Records

The MX records for your domain are the most important, as they are what the rest of the Internet uses to know where to send email for your domain.

The MX record is set with the domain name management provider. This could be your ISP, a registrar or a web host. Whoever is in control of your domain name.

An MX record is made up of two parts.

  1. The host. This will be something along the lines of mail.example.com and will point to an IP address. You can use a CNAME if you wish, but there isn't much point as it just slows things down.
  2. The MX record itself. This points to a host. Pointing the MX record to an IP address is not valid. While it will work in some cases, you will get failures.
    The host in the MX record does not have to be in the same domain that it is serving. For example you could have the domain "example.net" with its MX records pointing to "mail.example.com". The host just needs to be valid.
    However the name used on the host does play a part with the other DNS configurations made.

If you are hosting multiple domains, then you can use the same host and MX record information for all of the domains. This will also help with reverse DNS and the name of the server (see below).

The MX weight or priority indicates which server should be used first. The lowest number is tried first. This is usually incremented in units of five. Five is the lowest, followed by ten, fifteen etc. It is very rare to see the number one.

However, be careful with the priority value. Some spammers will use the higher values on purpose, hoping that the higher numbers are backup servers without the antispam tools.

Furthermore, if you are relying on a server with a higher number to receive your email, make sure that the lower numbers are not accessible. If they initially connect then the sending server could be sat in retry mode, instead of moving on to the next server in the MX list.

Reverse DNS

Reverse DNS is also important. In many cases the reverse DNS information is used to check that your server is who it says it is. The RDNS record (also known as PTR) is attached to the IP address. As such you can only have one Reverse DNS per IP address.

Reverse DNS has to be set by the company responsible for the IP address. This is usually your ISP. They do not have to host your domain - if they tell you that the cannot set it because they aren't responsible for the domain then they are wrong. Similarly, if you are told to speak to your domain name registrar (usually because they don't host the domain) then ask to speak to someone who knows how DNS on the internet works.

If your ISP will not change the reverse DNS, which is often the case with DSL type connections or a connection that uses dynamic IP address, then you may have to look at using an SMTP Connector (Exchange 2003) or Send Connector (Exchange 2007 and higher) to ensure that your email is delivered correctly.

The reverse DNS should ideally match the MX record, and what your server has on the SMTP banner when connecting. However some companies will simply accept your email because you have a reverse DNS entry, not worrying that it doesn't match what is in the SMTP banner.

SMTP Banner - Exchange 2003

Every time your server connects to another, or a server connects to yours, it announces itself with a name. This is called the SMTP Banner.
If this name isn't valid on the Internet, then some hosts will not allow your server to deliver its email.

To set the name on an Exchange Server.

  1. Open Exchange System Manager, Servers, <your server>, Protocols, SMTP.
  2. Right click on the "Default SMTP Virtual Server" and choose Properties.
  3. Click on the last tab "Delivery" and then the button "Advanced".
  4. In the box labelled "Fully Qualified Domain Name" enter the name that your server is known as on the Internet - mail.domain.com for example.
    Do not bother with "Check DNS" as it will probably fail.

    Screenshot: Advanced Delivery showng completed FQDN
     
  5. Apply/Ok out.

You can test it by opening a telnet session to port 25:

  1. Open a command prompt
  2. Type: telnet servername 25
    Where servername is the name of your Exchange server.
  3. Press enter. You should get a response like this:
    220 mail.server.domain Microsoft ESMTP MAIL Service, Version: 6.0.2790.0 Ready at
  4. Type quit to close the session.

You can find out more about doing a telnet test here.

SMTP Banner - Exchange 2007 and higher

For Exchange 2007 and later versions you need to set the FQDN on the Send Connector. The receive connector is not so important, but will mean that if you carry out the telnet test as above, a different name will appear. This is not a problem and should not affect the ability of your server to send email.

Questions

Q: I am using the POP3 Connector with SBS - do I still need to make these changes?
A: You are still sending email out via SMTP, which is what these settings most affect, so they are still valid.

Q: The ISP I collect email from via the POP3 connector is already using "mail.example.com" for my email. Can I use another name?
A: You can use any name that you like. What you need to ensure is that everything matches - the host name in DNS, the SMTP Banner, and ideally the reverse DNS.

Q: The hosts that I am using on the domain name only work outside the network, and I would like them to work inside as well. Is that possible?
Q: How can I browse our web site from inside the LAN after changing our internal DNS?

A: You need to use split DNS. This is where different results are returned on DNS queries depending on whether you are inside or outside of the LAN. More information on using split DNS can be found here.


Related Articles

Telnet Test
Split DNS
SMTP Connector (Exchange 2003)
Send Connector (Exchange 2007 and higher)
Receive Connector (Exchange 2007 and Higher)