Adjusting the mail record to point to external mail server???

A

Andrax

Verified User
Joined
Oct 6, 2003
Messages
36
Location
[r o o t]
So... here is my issue.

I've a customer that would like to have all of their email directed to an exchange server that they have onsite at their offices. My question is what all is required to get all of the email processing passed on to their exchange server?

They would like to use my server as a backup mail server.

They brought in a network consultant I believe to setup their server, and gave him access to their DA CP. This is how he has it setup presently.

In the DNS CP under DA (aside from all the standard stuff) is...

mail -> points to their ip

mail2 -> points to the hosting server ip

mx for mail is 10
mx for mail2 is 20

Now, all of the user email accounts are still listed in the Email account window in DA. My question is, even with the mail record being updated to point to their exchange server, is it going to cause a problem that all of the email accounts are still setup on the hosting account side of the equation?

Anyone had a customer try to do this before? And is this the proper way to go about it?

Thanks in advance ;)
 
Response edited 12/09/04 to eliminate reference to behavior in previous versions of DA which has been changed in current versions.
Andrax said:
My question is, even with the mail record being updated to point to their exchange server, is it going to cause a problem that all of the email accounts are still setup on the hosting account side of the equation?
Click to expand...
Yes.

Once you've got the MX records set up properly (you can post the real domain here so we can check for you) you'll need to tell exim that mail for the domain is NOT being hosted on your server, but that it should continue to accept email for it, and then relay it to their server. Then when/if their server goes down or is unreachable, mail will be queued on your server until their server is available again.
Anyone had a customer try to do this before? And is this the proper way to go about it?
Click to expand...
Because the exim.conf file (I wrote it) uses the same file for both "local_domains" and for "relay_domains", and because their domain has to be listed in "relay_domains" but not in "local_domains", you'll have to either rework exim.conf and create a new file, or hardcode their domain into the exim.conf file.

We've been there, and done that.

Jeff
Click to expand...
 
Last edited:
Well, strangely enough, after watching it very closely for the past week or so, it would appear that it is infact working.

I've been keeping an eye on those inboxes and they have not had any new messages delivered to the server since the change. Add that to the fact that i've not heard a peep from the customer, I would have to guess that they are getting their mail as they expect.

Should the second MX record for mail2 with a value of 20 simply be deleted? Wont the server still que/hold email if the customers Exchange server is down anyway?
 
Interesting...

Andrax, can you confirm that your setup works?

I need to setup a hosting account
which only needs web hosting as they
have contracted email on another provider. And I guess that the configuration should be similar.
 
Re: Re: Adjusting the mail record to point to external mail server???

jlasman said:
I can't verify this without the domain name, but if you use the control panel to set up an mx record for mail with a value of 10 and an mx record for mail2 with a value of 20, this is what you get:

Email sent to [email protected] will get pointed to example.com, by the first mx record. And email sent to [email protected] will get pointed to example.com, by the second mx record.

And mail sent to [email protected] will get sent to example.com, because there is no MX record.

The DA DNS panel cannot be used to send email to other services; records to do that must be set up manually through the shell.
Click to expand...
Not to be a dork, but this is not correct.

Although we don't have quite enough information to be definitive, the assumptions we can make are that the zone we are talking about is related to example.com and not mail.example.com or mail2.example.com as they would both require their own separate zone file with mx and a records before they would work.

Although you don't see it this way in DA, DNS MX records are like this:

Domain: domain123.com

domain123.com MX preference = 20, mail exchanger = mail.domain123.com
domain123.com MX preference = 10, mail exchanger = smtp.domain123.com

What this means is all mail for the domain domain123.com should be directed, forwarded, delivered to, or whatever you want to call it, the address' specified in the Mail eXchanger (MX) record

Just because the MX happens to have be a subdomain of the actual domain name has nothing to do with what the email address' will look like.

someone sends an email to: [email protected]

the SMTP server looks up the domain's mx record and send the message to whatever server is specified, and it doesn't matter what the name is. In fact, the mx record for domain123.com could have an mx record of smtp.someotherdomain.com or bob.went.shopping.because.icefishing.is.cold.com and still work as it's supposed to (their would of course have to be A records setup for these other domain names in their respective dns servers and respective zone files, but it would still work).

If it doesn't have an MX record for that domain (be it a TLD or subdomain of a TLD) it will get bounced. Email in the example sent to [email protected] and [email protected] would in fact be bounced. Only mail sent to [email protected] would actually be delivered, again, assuming their isn't a zone file for mail and mail2 with required mx records and a records.

Anyway, I hope that helps.
 
Re: Re: Re: Adjusting the mail record to point to external mail server???

jw00dy said:
Although you don't see it this way in DA, DNS MX records are like this:

Domain: domain123.com

domain123.com MX preference = 20, mail exchanger = mail.domain123.com
domain123.com MX preference = 10, mail exchanger = smtp.domain123.com

What this means is all mail for the domain domain123.com should be directed, forwarded, delivered to, or whatever you want to call it, the address' specified in the Mail eXchanger (MX) record
Click to expand...
I stand corrected. DA has at some point changed the behavior. When DA first came out creating a second MX record would do as I wrote; now it does it correctly, as you wrote.

I will edit my post to remove the misleading material.
Just because the MX happens to have be a subdomain of the actual domain name has nothing to do with what the email address' will look like.

someone sends an email to: [email protected]

the SMTP server looks up the domain's mx record and send the message to whatever server is specified, and it doesn't matter what the name is. In fact, the mx record for domain123.com could have an mx record of smtp.someotherdomain.com or bob.went.shopping.because.icefishing.is.cold.com and still work as it's supposed to (their would of course have to be A records setup for these other domain names in their respective dns servers and respective zone files, but it would still work).
Click to expand...
Of course. And I never wrote otherwise.
If it doesn't have an MX record for that domain (be it a TLD or subdomain of a TLD) it will get bounced.
Click to expand...
Not so for most mail servers. According to applicable RFCs, which most mailservers follow, proper behavior is to try to deliver the email to the destination specified by the A record if the MX record doesn't exist.[/quote]
Email in the example sent to [email protected] and [email protected] would in fact be bounced.
Click to expand...
Not because there's no MX record for them, but because there's no "[email protected]" address set up for them.

Jeff
 
Andrax said:
Well, strangely enough, after watching it very closely for the past week or so, it would appear that it is infact working.
Click to expand...
It appears to work for this reason...

All email is being accepted by mail. which is working properly, and mail2 isn't being called on to accept email. If it were, it would either end up in the local (DA) mailbox (if any) or be returned (if there were no mailbox).
Add that to the fact that i've not heard a peep from the customer, I would have to guess that they are getting their mail as they expect.
Click to expand...
Because their "mail" server is working.
Should the second MX record for mail2 with a value of 20 simply be deleted?
Click to expand...
I'd say test it; have them shut down their mailserver for a one or two minute test, and during that window have someone (from neither their system nor use) test it by sending email to them and if and when it gets delivered check the headers to see if it ever went through your server.

If it did, then changes made to DA since my original tests have made the secondary mailserver work and you should leave the MX record. If it didn't, then you can either make the changes in my previous post, or remove that secondary MX record.
Wont the server still que/hold email if the customers Exchange server is down anyway?
Click to expand...
Without that MX record your server shouldn't ever see the email; if it doesn't see it, then it can't deliver it.

Test!

Jeff
 
albatroz said:
I sent an email to support at directadmin
and they pointed me to this article

http://help.directadmin.com/item.php?id=8

It works OK, and is really easy. Just make sure you have enabled the DNS Management option for that customer.
Click to expand...
It's a good article, as far as it goes. But it doesn't say anything about using DA as a secondary mailserver. I believe that still needs to be tested, and I believe it won't work based on the way DA stores domain names in /etc/virtual/domains for both local_domains and for relay_domains.

Jeff
 
Re: Re: Re: Re: Adjusting the mail record to point to external mail server???

jlasman said:
Not so for most mail servers. According to applicable RFCs, which most mailservers follow, proper behavior is to try to deliver the email to the destination specified by the A record if the MX record doesn't exist.
Click to expand...
Right, and I completely agree with what you said in the next quote. Although the RFC states that, the message will more then likely bounce (agreeing with your next statment), because the email server won't accept the message. Sorry I wasn't more specific.
jlasman said:
Not because there's no MX record for them, but because there's no "[email protected]" address set up for them.
Click to expand...
We both agree. Thanks for replying as my intent was to make sure everyone understands how it works. You do a great job on here, as I've read a boat load of your posts already, and you are very helpful, and nice (which is a huge plus).

So again, thank you. :cool:
 
Re: Re: Re: Re: Adjusting the mail record to point to external mail server???

jlasman said:
Of course. And I never wrote otherwise.
Click to expand...
Sorry that was more for informational purposes. :)
 
jlasman said:
I'd say test it; have them shut down their mailserver for a one or two minute test, and during that window have someone (from neither their system nor use) test it by sending email to them and if and when it gets delivered check the headers to see if it ever went through your server.

If it did, then changes made to DA since my original tests have made the secondary mailserver work and you should leave the MX record. If it didn't, then you can either make the changes in my previous post, or remove that secondary MX record.

Jeff
Click to expand...
In theory it should work. The second MX with the lower priority (20 in this case) would only be called into play if the higher priority (10) were unavailable.

The better option if it's available would be to setup a test subdomain (test.example.com) to try it on instead of on a production environment.
 
jlasman said:
It's a good article, as far as it goes. But it doesn't say anything about using DA as a secondary mailserver. I believe that still needs to be tested, and I believe it won't work based on the way DA stores domain names in /etc/virtual/domains for both local_domains and for relay_domains.

Jeff
Click to expand...
I agree. It would need to be tested, although as long as the mail server its self thinks it can take the messages, they will still show up if the primary is unavailable, and more then likely accept them. The only thing I'm not sure about is, I'm just not sure in DA how the DNS aspect of this ties into whether or not the email daemon will accept the messages.

As jlasman stated, I'd test it before assuming it works because it very well might not.

Now on another note, IF a mail server goes down messages will remain in a senders queue for a specified # of days before they are bounced (this is USUALLY 3 days, but not always, since some admin's in their infinite :rolleyes: wisdom change it to whatever they feel like). So the questions you have to ask are:

1) If their mail server goes down can they get it back up before the 3 days are up? The answer is probably yes (I would hope so anyway).

2) If they do get it up in say 5 hours (or whatever), is it worth the effort to re-configure everyone's email to point to your server so they can retrieve their messages that your server received while theirs was down? I don't know how many users they have, but if it's more then 10, I'd sure hate to have their job... that can really turn into a support nightmare. Or you could do some sort of forward or redirect, but I'm not sure how to do it if it's possible.

Or even worse, what if they rebooted their server? What about those messages that are delivered during that window? I don't recall what the RFC states as far as how long an email server should try to deliver to the lowest priority MX address, so it might be fine, but what if... especially since in my experience a LOT of mail servers ignore RFC regs...

Anyway, if it was me, I wouldn't even bother. The 3 day bounce rule should cover them. And for those messages that only wait a day or whatever before they bounce... well... Oh well, resend it. Can't please all the people all the time, especially if they ignore the rules.

FWIW, that's what I would do.
 
I'm not sure if this is accurate or not, but I think I've been running mail servers since the beginning of the 90s.

Years ago, when connectivity was spotty and some mailservers didn't even have 24-hour presence, it was common to have secondary (backup) mailservers.

Now it's not only not so necessary, it can become a major problem, because a backup server won't know who is and who isn't a valid recipient. So when it finally sends email on to the final destination server, that server will block email to nonexistent addresses, making the backup server responsible for then returning all the undelivered email, mostly spam, to the senders of record, who often didn't send it in the first place.

So the backup server will get on SpamCop and a lot of other blocklists.

We don't recommend it. We don't do it.

Jeff
 
jlasman said:
I'm not sure if this is accurate or not, but I think I've been running mail servers since the beginning of the 90s.

Years ago, when connectivity was spotty and some mailservers didn't even have 24-hour presence, it was common to have secondary (backup) mailservers.

Now it's not only not so necessary, it can become a major problem, because a backup server won't know who is and who isn't a valid recipient. So when it finally sends email on to the final destination server, that server will block email to nonexistent addresses, making the backup server responsible for then returning all the undelivered email, mostly spam, to the senders of record, who often didn't send it in the first place.

So the backup server will get on SpamCop and a lot of other blocklists.

We don't recommend it. We don't do it.

Jeff
Click to expand...
Isn't this more of a "queue" so to speak. It collects the messages, and just hangs onto them until the real email server comes back online, then forwards them on? I've not done anything like this, or even know how it works... So I have no idea.

His situation would be a little different since he actually has mailboxes on his system for the users...

However, maintaining duplicate mailboxes in and of its self would be a pain (user xssff quit, user ppieer added etc). If the user accounts weren't identical it would bounce and accept stuff it shouldn't.
 
The difference is that in his case it's his server that's the backup server; the exchange server is the primary server.

So his server would have to accept email for any user, and forward it on later.

When the exchange server didn't like users it would send the email back to his server, and he'd try to return it to forged senders.

This has been discussed on various ISP lists during the last few days.

Jeff
 
Sorry, but I don't think we are on the same page.

If you read in the first post in this thread, he states the users are still setup on his server (so they still have mailboxes). So in his case the messages wouldn't queue so to speak, they would deliver, but to mailboxes on the backup server (his not the exchange box) and would then have to be forwarded later or downloaded by the users. That's all I'm saying. However, I think we've beat this dead horse enough :)

BTW, how close are you to Wildomar CA?
 
Last edited:
36.75 miles (39 minutes) according to Mapquest.

Which is a lot closer than I am to Tooele.

Why, are you coming to visit?

There's a great 50s style diner only a few miles further down I-15, so if you're coming we can meet for lunch.

Or dinner at this incredibly good South American all-you-can-eat steak house also in the neighborhood.

On me if you're coming to my neighborhood :).

Jeff
 
Right on. That's not far at all. And yeqh, Tooele's not to close :)

I do some work for a company down their and every couple months they fly me down to do the stuff that is easier done when I'm on site.

We'll have to meet up for sure. The reason I asked is his area code used to be 909, and now it's 951 too. So I figured you'd have to be close.

I'll let you know when I'm coming down again...
 
Well, I am close, but I don't necessarily have to be close just because I have a 951 area code; almost all of Riverside county changed from 909 to 951, and Riverside county is something over 200 miles from east to west.

Jeff
 
You must log in or register to reply here.
Back
Top