Two mail server (accepting / sending) and DNS setup

zhjim · 03-24-2009, 03:30 AM

Hi folks,

we are in the midst of a server move and I'm setting up the mailsystem. Also I setup the PTR record of our mailserver (A.B.C.104) I'm not quite sure if this is enough for all the other mailservers to accept mail. Specially beause the MX record points to a total diffrent IP.
Can any one help me clear up the DNS settings or point out to me what DNS records are needed for a clean mail server?

Here is the DNS records I thought of. Entries with * are allready setup and can not be changed

Code:

in-addr.arpa.C.B.A PTR mailer.com (The mailer sending)

mailer.com       A      A.B.C.120 *      (Webserver the domain points to)
mailer.com       MX 10  B.C.A.D *        (The mailer accepting mails for us)
mailer.com       MX 50  A.B.C.104        (The mailer sending. needed?)
mail.mailer.com  A      A.B.C.104        (Or can we do it like that?)
mailer.com       CNAME  mail.mailer.com  (Alias to get mailing right)

Or do i have to get the party hosting the accepting mailer to setup a PTR record with mailer.com for their IP B.C.A.D (the first mx record above)

Hope I could get my point accross

Cheers Zhjim

acid_kewpie · 03-24-2009, 03:44 AM

you only need an MX record for servers which are being sent mail externally. if there is no MX record for that domain, then most other MTA's sending you mail will try the A record as a fallback. "mail.mailer.com" is just a subdomain of "mailer.com" and doesn't mean anything in itself. PTR's shouldn't matter at all, It's all about the MX.

Thread moved to Linux - Server as this is not a networking question.

zhjim · 03-25-2009, 03:16 AM

Thanks for the reply which now has me totaly confused

Quote:

Originally Posted by acid_kewpie

you only need an MX record for servers which are being sent mail externally.

Do you mean that the server which accepts mail for the domain needs an MX record? Thats how it is setup right now. But the MX record does not point to the server which sends the mail. Hence the question about the PTR.

I just re read my initial post and think I did not made myself clear.
I need advise on how to setup the DNS records in the right way so other SMTP Server accept our mail. That at least would explain why you say that PTR's shouldn't matter or i just misunderstand every paper about correct mailer DNS setup

So to make things clear.
To receive mail I need an MX record ( if non is found the A record will be used).

But to send mail from our domain I need the correct PTR and everything is fine?
Just as i understand correct mailer behavior the receiving party would to a reverse lookup of the ip (the mail is coming from) and if the answer does not contain the domain the mail stats it's coming from its considerd Spam....

Quote:

Originally Posted by acid_kewpie

Thread moved to Linux - Server as this is not a networking question.

Was'nt quite sure where to put it.

acid_kewpie · 03-25-2009, 05:26 AM

Well the PTR is just for good practise in general, not actually required for sending emails. Is the case that some other mail servers will check the PTR to make sure it all looks nice. A more formal setup you might want to follow is the SPF system: http://www.openspf.org/Project_Overview which does work well and used by many other mail servers.

Japie · 03-25-2009, 05:44 AM

Quote:

But to send mail from our domain I need the correct PTR and everything is fine?

That's right

Quote:

Well the PTR is just for good practise in general

Not exactly, most well configured mailservers DEMAND an existing PTR record for the delivering mailserver, to prevent spammers with floating IP's.

If you don't have your PTR records set up, lot's of mailservers will bounce or reject your mail

zhjim · 03-25-2009, 06:15 AM

Thanks for the link of SPF. Looks like a good thing.

Sounds like I'm all set then with the right PTR record. Or can you thing of any other good practice DNS settings for sending mails?

Thanks Zhjim

Japie · 03-26-2009, 04:20 AM

Not really, you should be good to go.

In general I like to keep my zonefiles easily readible.
this should do the trick

$TTL 1W
@ IN SOA ns.mailer.com email.address.mailer.com (
yearmonthday ; Serial
28800 ; Refresh
1800 ; Retry
604800 ; Expire - 1 week
86400 ) ; Minimum

; ********************************************************************
; Nameserver records
; ********************************************************************
@ NS ns.mailer.com.
NS ns2.mailer.com.

MX 10 mail.mailer.com.
MX 50 mail2.mailer.com.
; **********************************************************************

A a.b.c.120
mail A b.c.a.d
mail2 A a.b.c.104

Keep your PTR records in a separate zonefile, that looks like this :

$TTL 1W
@ IN SOA ns.mailer.com email.address.mailer.com (
yearmonthday ; Serial
28800 ; Refresh
1800 ; Retry
604800 ; Expire - 1 week
86400 ) ; Minimum

; ********************************************************************
; Nameserver records
; ********************************************************************
@ NS ns.mailer.com.
NS ns2.mailer.com.

MX 10 mail.mailer.com.
MX 50 mail2.mailer.com.
; **********************************************************************

a.b.c.120 PTR www.mailer.com.
b.c.a.d PTR mail.mailer.com.
a.b.c.104 PTR mail2.mailer.com.

Have fun !
Regards,
Japie

zhjim · 03-27-2009, 02:51 AM

Thanks for the layout of the zone files, luckily I can set up all the DNS through a webpage so I don't have to fiddle with the files.

Questions answered. Case can be closed

Regards Zhjim

zhjim · 04-06-2009, 04:46 AM

Little addition. Check out this link it gives a nice round up how dns should be set for mailing.

http://bind8nt.meiway.com/itsaDNSmess.cfm