When your Exchange 2010 organization needs to receive email from the internet
via SMTP, then you
must configure MX records (Mail eXchange) in DNS. If you are troubleshooting
then remember that people need to find your email server.
DNS is a complex topic in its own right; so let us begin with the basics. A records
(Host) map the mail server to its IP address. The extra factor
with Exchange is that the DNS record must link your mail server to
the email domain name.
For email delivery into your domain you need:
[Host (A)] + [MX Record] IP -- mail server -- email domain
Format: ServerName.domain.com
Fortunately, DNS has an MX record to maintain the above mapping. To check DNS records, launch your server's DNS snap-in, expand
the server icon, click Forward Lookup Zones and navigate to your domain
folder. You should be able to see the MX records and examine their
FQDN. (See diagram above.)
Best practice recommends at least two Exchange servers each with its own MX record. Traditionally MX priorities are set in multiples of 10, and
Exchange will attempt to deliver the email to the
server with the lowest priority first.
Which DNS Server Should Host the MX records?
The next consideration is whose DNS server should host these MX records? The answer depends on how your email domain is registered with InterNic.
Remember that the email domain, could be different from your Active Directory domain.
Plan A would be to ask your ISP to create an MX record for your domain pointing to the ISP's name servers. In this
scenario you would need to periodically download the email from the ISP's mail server to
your Exchange 2010 server.
Plan B would be for you to have a permanent IP address which is
alway connected to the internet. In this case, you could have the MX records on your
own DNS pointing to your Exchange 2010
servers.
Plan C is a hybrid of the first two plans. Ask your ISP to create MX records for both your server and the ISP's own servers. In this instance
ask them to assign a lower priority to the MX record for
your Exchange server. As a result the email comes to your Exchange servers if the connection is active, or else is delivered temporarily to the ISP, if the internet link is down.
Guy Recommends: A Free Trial of the Network Performance Monitor
(NPM)
SolarWinds'
Network Performance Monitor
will help you discover what's happening on your network. This
utility will also guide you through troubleshooting; the dashboard will
indicate whether the root cause is a broken link, faulty equipment or
resource overload.
What I like best is the way NPM suggests solutions to network
problems. Its
also has the ability to monitor the health of individual VMware
virtual machines. If you are interested in troubleshooting, and creating
network maps, then I recommend that you try NPM now.
Naturally, your Outlook clients send all their email to your
Exchange 2010 server. Internal delivery for recipients in your organization is no problem
because your own DNS can handle all queries for Exchange servers.
However, any email addressed to external recipient, needs a DNS server with extra information called root hints. Root hints have the IP addresses of internet servers which specialize in top level
domains such as .org, .com. For successful delivery, either your DNS server has these root hints configured, or you forward all external email to your ISP's DNS server. Naturally the ISP's DNS takes
responsibility for resolving the domain names via its root hints.
To configure outgoing DNS, either navigate to the Virtual Server (See diagram), or to the
SMTP Routing Connector.
What you are looking for is the Smart host dialog box. This setting would hold the IP address of your ISP's DNS server. Alternatively, configure the IP address of one of your DNS Servers outside
the firewall. When you enter the IP address, strangely, it must be enclosed in square brackets, for example [2xx.208.45.10]
MX Records When Using Mail Relay with Exchange Edge Server
In cases where you have a DMZ (Demilitarized Zone) with a Mail Relay host
such as Linux or a Windows Exchange 2010 Edge Server, you must configure an
MX record for the FQDN and IP address of your Mail Relay host. Also
remember to configure the Firewall to only allow TCP Port 25 traffic to be
sent to the IP address of the Mail Relay computer, and not the actual
internal mail server.
Naturally, you configure the Mail Relay to forward the incoming emails to
your users' real mail server inside the DMZ.
Record FQDN Record Type Record Value
MX Pref cperf.com
MX
mail.cperf.com 10
mail.cperf.com A
192.20.1.30
Test Your MX Records with NSLookup
I use a reverse lookup for cases where they know the IP address but want
to check the hostname. NSLookup is useful for a situation where you
can ping an IP address of your Exchange Server, and want to check the fully
qualified domain name.
Ping - 192.20.1.30.
NSLookup - 10.209.12.20 Reply mail.cperf.com.
Note: NSLookup is a built-in command line utility for
most Windows operating systems.
Here is an utility where you can review firewall settings such as
access control lists (ACL), or troubleshoot problems with network
address translation (NAT).
Other reasons to download this SolarWinds Firewall Browser include
managing requests to change your firewall settings, and testing firewall
rules before you go live.
It is possible for email to be delivered internally (within your Exchange Organization) without
any need for MX records. The reason being that your own Exchange servers can resolve the delivery
request with a plain A (Host) DNS record.
For example, suppose you have two Exchange 2010 servers,
Worcester and Boston. Active Directory will already have DNS A (Host) records for these servers. So when mail is sent by a
user with a Worcester mailbox
to eddie @cperf.com, Exchange queries Active Directory for eddie's mailbox - answer
Boston, then it queries DNS for the IP address of Boston. Now it can deliver email to the
Boston Exchange 2010 server.
No MX records are required for this scenario.
Summary of Exchange MX Records
There are three separate DNS challenges for your Exchange 2010 server.
If you are receiving email from the internet, then it is essential to configure MX records for your Exchange 2010 server.
Internal email delivery on needs A (Host) DNS records.
Here is a
free tool to monitor your Exchange Server.
Download the utility, then inspect your mail queues, monitor Exchange server's
memory, confirm there is enough disk space and check the CPU utilization.
