|
|
OK, here's the deal. For the past several months our company has been
receiving a LOT of delayed emails. Some by a few hours some by a few
days. As you can guess, this is a serious problem. I've tried
several things to resolve this situation:
1 - call our ISP, who was taking care of DNS for us at the time. They
said they'd heard of others having the same issue, but that the DNS
records for our domains were configured properly.
2 - take control of our DNS records by moving them to GoDaddy and
setting the records up myself.
3 - put a sniffer between our ISP's router and our firewall to confirm
that delayed emails are *really* not making it to our network. (Turns
out, about 20 to 30% of hotmail emails always get delayed coming to
any of our domains, so sending a batch of 10 or 20 emails from hotmail
to one of our domains allowed me to see the raw data coming in through
the sniffer. There is no doubt that the emails that were delayed
coming in to a user's inbox did *not* make it to our network. Also,
interestingly enough, nearly 100% of emails from gmail make it through
without delay. I've tried this hotmail and gmail test with groups of
10 to 20 single emails dozens of times. Gmail is always on time and
hotmail always has 20 to 30% delays.)
4 - purchase a separate DSL line, ran it through our firewall and
pointed one of our domain names' MX record to the DSL line's IP info.
Hotmail emails to that domain name on the new DSL line were still
delayed.
So, as a last ditch effort, I thought it wouldn't hurt to post our DNS
record info to get some advice. I'm the first to admit that DNS is
not one of my strong points. Any advice on changes would be
appreciated.
_____________________________________________________________________________________
A records
Host Points To
[ at ] WWW.XXX.YYY.37
mail WWW.XXX.YYY.37
exchange WWW.XXX.YYY.37
www WWW.XXX.YYY.36
ts2 WWW.XXX.YYY.42
CNAMES (Aliases)
Host Points To
smtp [ at ]
ts ts2
ftp [ at ]
MX (Mail Exchange)
Priority Host Goes To
0 [ at ] mail
TXT (Text)
Host TXT Value
[ at ] v=spf1 a mx ptr ~all
_____________________________________________________________________________________
I read earlier today that [ at ] should point to my web server (WWW.XXX.YYY.
36) instead of my exchange server (WWW.XXX.YYY.37) and that www should
be a cname pointing to [ at ]. Could that be causing emails delays? I
tried making that change on one of our unused domain names, but then I
didn't receive emails at all.
Thanks for any insight at all.
Max.
|
|
On May 29, 10:20 am, Max C <maxc...[ at ]gmail.com> wrote:
[Quoted Text] > OK, here's the deal. For the past several months our company has been
> receiving a LOT of delayed emails. Some by a few hours some by a few
> days. As you can guess, this is a serious problem. I've tried
> several things to resolve this situation:
>
> 1 - call our ISP, who was taking care of DNS for us at the time. They
> said they'd heard of others having the same issue, but that the DNS
> records for our domains were configured properly.
>
> 2 - take control of our DNS records by moving them to GoDaddy and
> setting the records up myself.
>
> 3 - put a sniffer between our ISP's router and our firewall to confirm
> that delayed emails are *really* not making it to our network. (Turns
> out, about 20 to 30% of hotmail emails always get delayed coming to
> any of our domains, so sending a batch of 10 or 20 emails from hotmail
> to one of our domains allowed me to see the raw data coming in through
> the sniffer. There is no doubt that the emails that were delayed
> coming in to a user's inbox did *not* make it to our network. Also,
> interestingly enough, nearly 100% of emails from gmail make it through
> without delay. I've tried this hotmail and gmail test with groups of
> 10 to 20 single emails dozens of times. Gmail is always on time and
> hotmail always has 20 to 30% delays.)
>
> 4 - purchase a separate DSL line, ran it through our firewall and
> pointed one of our domain names' MX record to the DSL line's IP info.
> Hotmail emails to that domain name on the new DSL line were still
> delayed.
>
> So, as a last ditch effort, I thought it wouldn't hurt to post our DNS
> record info to get some advice. I'm the first to admit that DNS is
> not one of my strong points. Any advice on changes would be
> appreciated.
> _____________________________________________________________________________________
> A records
> Host Points To
> [ at ] WWW.XXX.YYY.37
> mail WWW.XXX.YYY.37
> exchange WWW.XXX.YYY.37
> www WWW.XXX.YYY.36
> ts2 WWW.XXX.YYY.42
>
> CNAMES (Aliases)
> Host Points To
> smtp [ at ]
> ts ts2
> ftp [ at ]
>
> MX (Mail Exchange)
> Priority Host Goes To
> 0 [ at ] mail
>
> TXT (Text)
> Host TXT Value
> [ at ] v=spf1 a mx ptr ~all
> _____________________________________________________________________________________
>
> I read earlier today that [ at ] should point to my web server (WWW.XXX.YYY.
> 36) instead of my exchange server (WWW.XXX.YYY.37) and that www should
> be a cname pointing to [ at ]. Could that be causing emails delays? I
> tried making that change on one of our unused domain names, but then I
> didn't receive emails at all.
>
> Thanks for any insight at all.
> Max.
To add to my above config, I use godaddy.com for DNS config. Here's
something I've been playing around with:
I changed the following records as such:
A Records
Host Points To
[ at ] WWW.XXX.YYY.36 (web server)
mail WWW.XXX.YYY.37 (exchange server)
exchange WWW.XXX.YYY.37 (exchange server)
CNAMES (Aliases)
Host Points To
www [ at ]
MX (Mail Exchange)
Priority Host Goes To
0 [ at ] mail (A Record for exchange server)
________________________________________________________________________
GoDaddy.com says that "[ at ]" simply refers to the domain name in
question. So, I thought "maybe it would be OK to have the A record
for [ at ] pointing to the web server (WWW.XXX.YYY.36) and then a MX record
for "[ at ]" pointing to the exchange server (WWW.XXX.YYY.37)
It would appear that line of thinking was incorrect. When I set up my
test domain as above, I could not receive emails to that test domain.
Thanks for reading again.
Max.
|
|
The second DNS configuration you posted looks good to me. You would need to
change your SPF record to not include "a" however.
I don't think your delayed mail issue is DNS related though. Do you have
this problem with any domains OTHER than Hotmail?
"Max C" <maxc246[ at ]gmail.com> wrote in message
news:1180455897.711483.189510[ at ]q66g2000hsg.googlegroups.com...
[Quoted Text] > On May 29, 10:20 am, Max C <maxc...[ at ]gmail.com> wrote:
>> OK, here's the deal. For the past several months our company has been
>> receiving a LOT of delayed emails. Some by a few hours some by a few
>> days. As you can guess, this is a serious problem. I've tried
>> several things to resolve this situation:
>>
>> 1 - call our ISP, who was taking care of DNS for us at the time. They
>> said they'd heard of others having the same issue, but that the DNS
>> records for our domains were configured properly.
>>
>> 2 - take control of our DNS records by moving them to GoDaddy and
>> setting the records up myself.
>>
>> 3 - put a sniffer between our ISP's router and our firewall to confirm
>> that delayed emails are *really* not making it to our network. (Turns
>> out, about 20 to 30% of hotmail emails always get delayed coming to
>> any of our domains, so sending a batch of 10 or 20 emails from hotmail
>> to one of our domains allowed me to see the raw data coming in through
>> the sniffer. There is no doubt that the emails that were delayed
>> coming in to a user's inbox did *not* make it to our network. Also,
>> interestingly enough, nearly 100% of emails from gmail make it through
>> without delay. I've tried this hotmail and gmail test with groups of
>> 10 to 20 single emails dozens of times. Gmail is always on time and
>> hotmail always has 20 to 30% delays.)
>>
>> 4 - purchase a separate DSL line, ran it through our firewall and
>> pointed one of our domain names' MX record to the DSL line's IP info.
>> Hotmail emails to that domain name on the new DSL line were still
>> delayed.
>>
>> So, as a last ditch effort, I thought it wouldn't hurt to post our DNS
>> record info to get some advice. I'm the first to admit that DNS is
>> not one of my strong points. Any advice on changes would be
>> appreciated.
>> _____________________________________________________________________________________
>> A records
>> Host Points To
>> [ at ] WWW.XXX.YYY.37
>> mail WWW.XXX.YYY.37
>> exchange WWW.XXX.YYY.37
>> www WWW.XXX.YYY.36
>> ts2 WWW.XXX.YYY.42
>>
>> CNAMES (Aliases)
>> Host Points To
>> smtp [ at ]
>> ts ts2
>> ftp [ at ]
>>
>> MX (Mail Exchange)
>> Priority Host Goes To
>> 0 [ at ] mail
>>
>> TXT (Text)
>> Host TXT Value
>> [ at ] v=spf1 a mx ptr ~all
>> _____________________________________________________________________________________
>>
>> I read earlier today that [ at ] should point to my web server (WWW.XXX.YYY.
>> 36) instead of my exchange server (WWW.XXX.YYY.37) and that www should
>> be a cname pointing to [ at ]. Could that be causing emails delays? I
>> tried making that change on one of our unused domain names, but then I
>> didn't receive emails at all.
>>
>> Thanks for any insight at all.
>> Max.
>
> To add to my above config, I use godaddy.com for DNS config. Here's
> something I've been playing around with:
>
> I changed the following records as such:
>
> A Records
> Host Points To
> [ at ] WWW.XXX.YYY.36 (web server)
> mail WWW.XXX.YYY.37 (exchange server)
> exchange WWW.XXX.YYY.37 (exchange server)
>
>
> CNAMES (Aliases)
> Host Points To
> www [ at ]
>
>
> MX (Mail Exchange)
> Priority Host Goes To
> 0 [ at ] mail (A Record for exchange server)
> ________________________________________________________________________
>
> GoDaddy.com says that "[ at ]" simply refers to the domain name in
> question. So, I thought "maybe it would be OK to have the A record
> for [ at ] pointing to the web server (WWW.XXX.YYY.36) and then a MX record
> for "[ at ]" pointing to the exchange server (WWW.XXX.YYY.37)
>
> It would appear that line of thinking was incorrect. When I set up my
> test domain as above, I could not receive emails to that test domain.
>
> Thanks for reading again.
> Max.
|
|
Thanks for the reply, Michael.
[Quoted Text] > The second DNS configuration you posted looks good to me. You would need to
> change your SPF record to not include "a" however.
I must admit that SPF records are quite a mystery to me. I believe I
created that SPF Record with some sort of Wizard. Perhaps I need to
rerun the wizard.
When I set up DNS the way you said looked good, I could no longer
receive emails. Would that be because of the SPF Record including "a"
as you mentioned? Do I *really* need the SPF Record? Could I just
get rid of it all together?
My guess was that the reason I couldn't receive emails when set up as
per my second post was that the "[ at ]" host record was pointing to our
Web Server in an A Record. Of course, there was another "[ at ]" Record as
an MX record, which I thought would be OK, but my thought was that
maybe the A Record was overriding the MX record.
> I don't think your delayed mail issue is DNS related though. Do you have
> this problem with any domains OTHER than Hotmail?
Hotmail seems to be the worst, but other domains are having problems
as well. For some reason GMail almost never has the problem. As you
can guess, trying to get someone at Hotmail to work with me on the
issue is about as easy as running a marathon on the bottom of the
ocean. Yahoo Mail delays about 3 to 5 % of the time, cox.net about
20%. It's really hard to tell which domains have the problem the
worst because most of my users don't realize they've received a
delayed email.
Thanks again,
Max.
On May 29, 3:17 pm, "Michael Dragone" <no.e-mail=less_spam> wrote:
> The second DNS configuration you posted looks good to me. You would need to
> change your SPF record to not include "a" however.
>
> I don't think your delayed mail issue is DNS related though. Do you have
> this problem with any domains OTHER than Hotmail?
>
> "Max C" <maxc...[ at ]gmail.com> wrote in message
>
> news:1180455897.711483.189510[ at ]q66g2000hsg.googlegroups.com...
>
> > On May 29, 10:20 am, Max C <maxc...[ at ]gmail.com> wrote:
> >> OK, here's the deal. For the past several months our company has been
> >> receiving a LOT of delayed emails. Some by a few hours some by a few
> >> days. As you can guess, this is a serious problem. I've tried
> >> several things to resolve this situation:
>
> >> 1 - call our ISP, who was taking care of DNS for us at the time. They
> >> said they'd heard of others having the same issue, but that the DNS
> >> records for our domains were configured properly.
>
> >> 2 - take control of our DNS records by moving them to GoDaddy and
> >> setting the records up myself.
>
> >> 3 - put a sniffer between our ISP's router and our firewall to confirm
> >> that delayed emails are *really* not making it to our network. (Turns
> >> out, about 20 to 30% of hotmail emails always get delayed coming to
> >> any of our domains, so sending a batch of 10 or 20 emails from hotmail
> >> to one of our domains allowed me to see the raw data coming in through
> >> the sniffer. There is no doubt that the emails that were delayed
> >> coming in to a user's inbox did *not* make it to our network. Also,
> >> interestingly enough, nearly 100% of emails from gmail make it through
> >> without delay. I've tried this hotmail and gmail test with groups of
> >> 10 to 20 single emails dozens of times. Gmail is always on time and
> >> hotmail always has 20 to 30% delays.)
>
> >> 4 - purchase a separate DSL line, ran it through our firewall and
> >> pointed one of our domain names' MX record to the DSL line's IP info.
> >> Hotmail emails to that domain name on the new DSL line were still
> >> delayed.
>
> >> So, as a last ditch effort, I thought it wouldn't hurt to post our DNS
> >> record info to get some advice. I'm the first to admit that DNS is
> >> not one of my strong points. Any advice on changes would be
> >> appreciated.
> >> _____________________________________________________________________________________
> >> A records
> >> Host Points To
> >> [ at ] WWW.XXX.YYY.37
> >> mail WWW.XXX.YYY.37
> >> exchange WWW.XXX.YYY.37
> >> www WWW.XXX.YYY.36
> >> ts2 WWW.XXX.YYY.42
>
> >> CNAMES (Aliases)
> >> Host Points To
> >> smtp [ at ]
> >> ts ts2
> >> ftp [ at ]
>
> >> MX (Mail Exchange)
> >> Priority Host Goes To
> >> 0 [ at ] mail
>
> >> TXT (Text)
> >> Host TXT Value
> >> [ at ] v=spf1 a mx ptr ~all
> >> _____________________________________________________________________________________
>
> >> I read earlier today that [ at ] should point to my web server (WWW.XXX.YYY.
> >> 36) instead of my exchange server (WWW.XXX.YYY.37) and that www should
> >> be a cname pointing to [ at ]. Could that be causing emails delays? I
> >> tried making that change on one of our unused domain names, but then I
> >> didn't receive emails at all.
>
> >> Thanks for any insight at all.
> >> Max.
>
> > To add to my above config, I use godaddy.com for DNS config. Here's
> > something I've been playing around with:
>
> > I changed the following records as such:
>
> > A Records
> > Host Points To
> > [ at ] WWW.XXX.YYY.36 (web server)
> > mail WWW.XXX.YYY.37 (exchange server)
> > exchange WWW.XXX.YYY.37 (exchange server)
>
> > CNAMES (Aliases)
> > Host Points To
> > www [ at ]
>
> > MX (Mail Exchange)
> > Priority Host Goes To
> > 0 [ at ] mail (A Record for exchange server)
> > ________________________________________________________________________
>
> > GoDaddy.com says that "[ at ]" simply refers to the domain name in
> > question. So, I thought "maybe it would be OK to have the A record
> > for [ at ] pointing to the web server (WWW.XXX.YYY.36) and then a MX record
> > for "[ at ]" pointing to the exchange server (WWW.XXX.YYY.37)
>
> > It would appear that line of thinking was incorrect. When I set up my
> > test domain as above, I could not receive emails to that test domain.
>
> > Thanks for reading again.
> > Max.
|
|
Max, please read inline below.
"Max C" <maxc246[ at ]gmail.com> wrote in message
news:1180473873.163616.296740[ at ]q75g2000hsh.googlegroups.com...
[Quoted Text] > Thanks for the reply, Michael.
>
>> The second DNS configuration you posted looks good to me. You would need
>> to
>> change your SPF record to not include "a" however.
>
> I must admit that SPF records are quite a mystery to me. I believe I
> created that SPF Record with some sort of Wizard. Perhaps I need to
> rerun the wizard.
>
> When I set up DNS the way you said looked good, I could no longer
> receive emails. Would that be because of the SPF Record including "a"
> as you mentioned? Do I *really* need the SPF Record? Could I just
> get rid of it all together?
You don't NEED it, although you really should have one. While you're working
on this issue you might want to remove it; it's better to have no SPF record
than one that's misconfigured.
> My guess was that the reason I couldn't receive emails when set up as
> per my second post was that the "[ at ]" host record was pointing to our
> Web Server in an A Record. Of course, there was another "[ at ]" Record as
> an MX record, which I thought would be OK, but my thought was that
> maybe the A Record was overriding the MX record.
The "[ at ]" record you refer to simply means "this domain." By having both "[ at ]"
and "www" resolvable in DNS you allow visitors to get to your website by
typing either "domain.com" or "www.domain.com" in their browser's address
bar.
In general, you shouldn't use CNAME records as they require two DNS lookups
for a full resolution (the first to resolve the CNAME to its A record, then
another to resolve the A record to its IP address). You can have as many A
records as you want resolve to the same IP address.
If you convert your CNAME record for your Web server to an A record, your
zone would look like this:
A records
[ at ] www.xxx.yyy.36 (Web server)
mail www.xxx.yyy.37 (Exchange server)
www www.xxx.yyy.36 (Web server)
MX records
Priority Host Goes To
0 [ at ] mail
A remote system attempting to send you mail will query DNS for all your MX
record values and attempt delivery to the one with the highest priority (the
*lowest* numerical value) first. A second DNS query will be made for A
record of the hostname returned by the MX lookup (in your case your MX
record indicates mail.domain.com) to obtain its IP address. Delivery will
then be attempted to that IP address over port 25 (SMTP).
>> I don't think your delayed mail issue is DNS related though. Do you have
>> this problem with any domains OTHER than Hotmail?
>
> Hotmail seems to be the worst, but other domains are having problems
> as well. For some reason GMail almost never has the problem. As you
> can guess, trying to get someone at Hotmail to work with me on the
> issue is about as easy as running a marathon on the bottom of the
> ocean. Yahoo Mail delays about 3 to 5 % of the time, cox.net about
> 20%. It's really hard to tell which domains have the problem the
> worst because most of my users don't realize they've received a
> delayed email.
Once you've got your DNS squared away (and like I said earlier I don't
believe this is your issue - you can receive mail, albeit mail from some
domains is delayed), and since it looks like you're using Exchange, you
might want to repost this to one of the Exchange newsgroups so we can get
some more Exchange expertise on this issue.
> Thanks again,
> Max.
>
> On May 29, 3:17 pm, "Michael Dragone" <no.e-mail=less_spam> wrote:
>> The second DNS configuration you posted looks good to me. You would need
>> to
>> change your SPF record to not include "a" however.
>>
>> I don't think your delayed mail issue is DNS related though. Do you have
>> this problem with any domains OTHER than Hotmail?
>>
>> "Max C" <maxc...[ at ]gmail.com> wrote in message
>>
>> news:1180455897.711483.189510[ at ]q66g2000hsg.googlegroups.com...
>>
>> > On May 29, 10:20 am, Max C <maxc...[ at ]gmail.com> wrote:
>> >> OK, here's the deal. For the past several months our company has been
>> >> receiving a LOT of delayed emails. Some by a few hours some by a few
>> >> days. As you can guess, this is a serious problem. I've tried
>> >> several things to resolve this situation:
>>
>> >> 1 - call our ISP, who was taking care of DNS for us at the time. They
>> >> said they'd heard of others having the same issue, but that the DNS
>> >> records for our domains were configured properly.
>>
>> >> 2 - take control of our DNS records by moving them to GoDaddy and
>> >> setting the records up myself.
>>
>> >> 3 - put a sniffer between our ISP's router and our firewall to confirm
>> >> that delayed emails are *really* not making it to our network. (Turns
>> >> out, about 20 to 30% of hotmail emails always get delayed coming to
>> >> any of our domains, so sending a batch of 10 or 20 emails from hotmail
>> >> to one of our domains allowed me to see the raw data coming in through
>> >> the sniffer. There is no doubt that the emails that were delayed
>> >> coming in to a user's inbox did *not* make it to our network. Also,
>> >> interestingly enough, nearly 100% of emails from gmail make it through
>> >> without delay. I've tried this hotmail and gmail test with groups of
>> >> 10 to 20 single emails dozens of times. Gmail is always on time and
>> >> hotmail always has 20 to 30% delays.)
>>
>> >> 4 - purchase a separate DSL line, ran it through our firewall and
>> >> pointed one of our domain names' MX record to the DSL line's IP info.
>> >> Hotmail emails to that domain name on the new DSL line were still
>> >> delayed.
>>
>> >> So, as a last ditch effort, I thought it wouldn't hurt to post our DNS
>> >> record info to get some advice. I'm the first to admit that DNS is
>> >> not one of my strong points. Any advice on changes would be
>> >> appreciated.
>> >> _____________________________________________________________________________________
>> >> A records
>> >> Host Points To
>> >> [ at ] WWW.XXX.YYY.37
>> >> mail WWW.XXX.YYY.37
>> >> exchange WWW.XXX.YYY.37
>> >> www WWW.XXX.YYY.36
>> >> ts2 WWW.XXX.YYY.42
>>
>> >> CNAMES (Aliases)
>> >> Host Points To
>> >> smtp [ at ]
>> >> ts ts2
>> >> ftp [ at ]
>>
>> >> MX (Mail Exchange)
>> >> Priority Host Goes To
>> >> 0 [ at ] mail
>>
>> >> TXT (Text)
>> >> Host TXT Value
>> >> [ at ] v=spf1 a mx ptr ~all
>> >> _____________________________________________________________________________________
>>
>> >> I read earlier today that [ at ] should point to my web server
>> >> (WWW.XXX.YYY.
>> >> 36) instead of my exchange server (WWW.XXX.YYY.37) and that www should
>> >> be a cname pointing to [ at ]. Could that be causing emails delays? I
>> >> tried making that change on one of our unused domain names, but then I
>> >> didn't receive emails at all.
>>
>> >> Thanks for any insight at all.
>> >> Max.
>>
>> > To add to my above config, I use godaddy.com for DNS config. Here's
>> > something I've been playing around with:
>>
>> > I changed the following records as such:
>>
>> > A Records
>> > Host Points To
>> > [ at ] WWW.XXX.YYY.36 (web server)
>> > mail WWW.XXX.YYY.37 (exchange server)
>> > exchange WWW.XXX.YYY.37 (exchange server)
>>
>> > CNAMES (Aliases)
>> > Host Points To
>> > www [ at ]
>>
>> > MX (Mail Exchange)
>> > Priority Host Goes To
>> > 0 [ at ] mail (A Record for exchange server)
>> > ________________________________________________________________________
>>
>> > GoDaddy.com says that "[ at ]" simply refers to the domain name in
>> > question. So, I thought "maybe it would be OK to have the A record
>> > for [ at ] pointing to the web server (WWW.XXX.YYY.36) and then a MX record
>> > for "[ at ]" pointing to the exchange server (WWW.XXX.YYY.37)
>>
>> > It would appear that line of thinking was incorrect. When I set up my
>> > test domain as above, I could not receive emails to that test domain.
>>
>> > Thanks for reading again.
>> > Max.
|
|
Read inline please.
In news:1180455897.711483.189510[ at ]q66g2000hsg.googlegroups.com,
Max C <maxc246[ at ]gmail.com> typed:
[Quoted Text] > On May 29, 10:20 am, Max C <maxc...[ at ]gmail.com> wrote:
>> OK, here's the deal. For the past several months our company has
>> been
>> receiving a LOT of delayed emails. Some by a few hours some by a few
>> days. As you can guess, this is a serious problem. I've tried
>> several things to resolve this situation:
<snip>
>
> A Records
> Host Points To
> [ at ] WWW.XXX.YYY.36 (web server)
> mail WWW.XXX.YYY.37 (exchange server)
> exchange WWW.XXX.YYY.37 (exchange server)
>
>
> CNAMES (Aliases)
> Host Points To
> www [ at ]
>
>
> MX (Mail Exchange)
> Priority Host Goes To
> 0 [ at ] mail (A Record for exchange server)
> ________________________________________________________________________
>
> GoDaddy.com says that "[ at ]" simply refers to the domain name in
> question. So, I thought "maybe it would be OK to have the A record
> for [ at ] pointing to the web server (WWW.XXX.YYY.36) and then a MX record
> for "[ at ]" pointing to the exchange server (WWW.XXX.YYY.37)
>
> It would appear that line of thinking was incorrect. When I set up my
> test domain as above, I could not receive emails to that test domain.
>
I would like to see the actual domain name, but it should actually look
something like this. Without seeing the actual records it is only a wild
guess.
[ at ] 900 IN A <IPAddress>
www 900 IN CNAME domain.com
mail 900 IN A <IPAddress>
[ at ] 900 IN MX 10 mail.domain.com.
<Please note- regardless of the E-Mail domain, the MX record should point
to the A record that matches the SMTP HELO name.>
--
Best regards,
Kevin D. Goodknecht Sr. [MVP]
Hope This Helps
===================================
When responding to posts, please "Reply to Group"
via your newsreader so that others may learn and
benefit from your issue, to respond directly to
me remove the nospam. from my email address.
===================================
http://www.lonestaramerica.com/
http://support.wftx.us/
http://message.wftx.us/
===================================
Use Outlook Express?... Get OE_Quotefix:
It will strip signature out and more
http://home.in.tum.de/~jain/software/oe-quotefix/
===================================
Keep a back up of your OE settings and folders
with OEBackup:
http://www.oehelp.com/OEBackup/Default.aspx
===================================
|
|
Michael, thanks again for your time. Replies are below.
[Quoted Text] > You don't NEED it, although you really should have one. While you're working
> on this issue you might want to remove it; it's better to have no SPF record
> than one that's misconfigured.
That's what I thought. It's good to get confirmation, though. If
nothing else, I'm gaining some confidence in my DNS abilities from
this discussion. So far nothing you're said was completely new to
me. It all makes perfect sense.
> The "[ at ]" record you refer to simply means "this domain." By having both "[ at ]"
> and "www" resolvable in DNS you allow visitors to get to your website by
> typing either "domain.com" or "www.domain.com" in their browser's address
> bar.
That's exactly why I thought it should be OK to have one "[ at ]" as an A
Record pointing to our web server and another [ at ] as a MX Record
pointing to our Exchange Server. When I set up my test domain that
way yesterday, I couldn't receive email at all... but it would appear
it was simply an internet propagation issue. It's still set up that
way and I'm now getting emails on the test domain address. Of course,
emails from Hotmail are still getting delayed, but GMail and Yahoo
Mail are getting through just fine.
> In general, you shouldn't use CNAME records as they require two DNS lookups
> for a full resolution (the first to resolve the CNAME to its A record, then
> another to resolve the A record to its IP address). You can have as many A
> records as you want resolve to the same IP address.
You now, common sense was leading me in that direction. I've wondered
why have CName records at all. I'm sure there must be some valid
scenarios when you'd want to use them, but I've always thought "Why
not just make more A Records?" :)
> If you convert your CNAME record for your Web server to an A record, your
> zone would look like this:
>
> A records
> [ at ] www.xxx.yyy.36(Web server)
> mail www.xxx.yyy.37(Exchange server)
> www www.xxx.yyy.36(Web server)
>
> MX records
> Priority Host Goes To
> 0 [ at ] mail
Yes, that's *exactly* how I have my test domain set up. There's
another boost in my confidence level. :D I believe you're right.
This has nothing to do with DNS.
> A remote system attempting to send you mail will query DNS for all your MX
> record values and attempt delivery to the one with the highest priority (the
> *lowest* numerical value) first. A second DNS query will be made for A
> record of the hostname returned by the MX lookup (in your case your MX
> record indicates mail.domain.com) to obtain its IP address. Delivery will
> then be attempted to that IP address over port 25 (SMTP).
In addition to the A and MX records, I also created a couple of SRV
records for my test domain for SMTP and HTTP. Those would seem to be
more of a "Just in case" thing to me, but I figured they probably
wouldn't hurt. What's your opinion?
> Once you've got your DNS squared away (and like I said earlier I don't
> believe this is your issue - you can receive mail, albeit mail from some
> domains is delayed), and since it looks like you're using Exchange, you
> might want to repost this to one of the Exchange newsgroups so we can get
> some more Exchange expertise on this issue.
Well, that might be a good next move, but I'm 100% confident that this
is not an Exchange issue. I put a sniffer on our inbound wire between
the ISP's router (which does no firewalling) and our firewall. Then I
sent 10 emails from hotmail to my email address here. I could see
from the sniffer logs that the 3 emails that didn't arrive instantly
in my inbox also did not come in to our network. They just got lost
on the internet, from what I can tell.
If this were just Hotmail, I'd say "The heck with it" but it's
happening to about a dozen (or more) other domains trying to send us
email. I honestly don't see how this could possibly be our fault, but
it's also not the fault of our ISP, since I had the same problem when
I set up another ISP for testing. I'd like to blame it on the
internet in general, but no one else seems to be complaining.
Thanks again for your time. It's greatly appreciated.
Max.
|
|
Hi Max. See below.
"Max C" <maxc246[ at ]gmail.com> wrote in message
news:1180537012.469501.35990[ at ]w5g2000hsg.googlegroups.com...
[snip]
[Quoted Text] >> A remote system attempting to send you mail will query DNS for all your
>> MX
>> record values and attempt delivery to the one with the highest priority
>> (the
>> *lowest* numerical value) first. A second DNS query will be made for A
>> record of the hostname returned by the MX lookup (in your case your MX
>> record indicates mail.domain.com) to obtain its IP address. Delivery will
>> then be attempted to that IP address over port 25 (SMTP).
>
> In addition to the A and MX records, I also created a couple of SRV
> records for my test domain for SMTP and HTTP. Those would seem to be
> more of a "Just in case" thing to me, but I figured they probably
> wouldn't hurt. What's your opinion?
I don't know of any application aside from Active Directory that looks for
SRV records.
>> Once you've got your DNS squared away (and like I said earlier I don't
>> believe this is your issue - you can receive mail, albeit mail from some
>> domains is delayed), and since it looks like you're using Exchange, you
>> might want to repost this to one of the Exchange newsgroups so we can get
>> some more Exchange expertise on this issue.
>
> Well, that might be a good next move, but I'm 100% confident that this
> is not an Exchange issue. I put a sniffer on our inbound wire between
> the ISP's router (which does no firewalling) and our firewall. Then I
> sent 10 emails from hotmail to my email address here. I could see
> from the sniffer logs that the 3 emails that didn't arrive instantly
> in my inbox also did not come in to our network. They just got lost
> on the internet, from what I can tell.
>
> If this were just Hotmail, I'd say "The heck with it" but it's
> happening to about a dozen (or more) other domains trying to send us
> email. I honestly don't see how this could possibly be our fault, but
> it's also not the fault of our ISP, since I had the same problem when
> I set up another ISP for testing. I'd like to blame it on the
> internet in general, but no one else seems to be complaining.
The e-mail that didn't arrive instantly did arrive eventually though,
correct? Did you happen to take a look at the mail headers for an "instant"
message vs. a delayed one?
> Thanks again for your time. It's greatly appreciated.
You bet.
|
|
On May 30, 11:02 am, "Michael Dragone" <no.e-mail=less_spam> wrote:
snip
[Quoted Text] > > In addition to the A and MX records, I also created a couple of SRV
> > records for my test domain for SMTP and HTTP. Those would seem to be
> > more of a "Just in case" thing to me, but I figured they probably
> > wouldn't hurt. What's your opinion?
>
> I don't know of any application aside from Active Directory that looks for
> SRV records.
Ah, so it probably won't matter one way or the other, then. I'll
leave them there for now. I just added them yesterday and they don't
seem to be hurting anything.
> > Well, that might be a good next move, but I'm 100% confident that this
> > is not an Exchange issue. I put a sniffer on our inbound wire between
> > the ISP's router (which does no firewalling) and our firewall. Then I
> > sent 10 emails from hotmail to my email address here. I could see
> > from the sniffer logs that the 3 emails that didn't arrive instantly
> > in my inbox also did not come in to our network. They just got lost
> > on the internet, from what I can tell.
>
> > If this were just Hotmail, I'd say "The heck with it" but it's
> > happening to about a dozen (or more) other domains trying to send us
> > email. I honestly don't see how this could possibly be our fault, but
> > it's also not the fault of our ISP, since I had the same problem when
> > I set up another ISP for testing. I'd like to blame it on the
> > internet in general, but no one else seems to be complaining.
>
> The e-mail that didn't arrive instantly did arrive eventually though,
> correct? Did you happen to take a look at the mail headers for an "instant"
> message vs. a delayed one?
Yes, *most* of the delayed emails eventually arrive. When I check the
headers, the servers they go through look nearly identical (with small
variations of the many server names at Hotmail.) The only difference
I can find is that the time gap between the last Hotmail server and my
Spam filter is MUCH larger on delayed emails. Here's an example of
one of the delayed email headers.
Received: from nssco_spam.nssco.com (10.1.1.27) by Exchange.nssco.com
(10.1.1.17) with Microsoft SMTP Server id 8.0.685.24; Thu, 17 May
2007
14:04:08 -0500
********************************************
Received: from bay0-omc1-s21.bay0.hotmail.com ([65.54.246.93]) by
nssco_spam.nssco.com (SonicWALL 5.0.3.8711) with ESMTP; Thu, 17 May
2007
14:03:51 -0500
Received: from hotmail.com ([65.54.174.13]) by bay0-omc1-
s21.bay0.hotmail.com
with Microsoft SMTPSVC(6.0.3790.2668); Wed, 16 May 2007 15:08:28
-0700
********************************************
Received: from mail pickup service by hotmail.com with Microsoft
SMTPSVC;
Wed, 16 May 2007 15:08:28 -0700
Message-ID: <BAY103-F324BD406DD8779E10C89FB73C0[ at ]phx.gbl>
Received: from 65.54.174.200 by by103fd.bay103.hotmail.msn.com with
HTTP; Wed,
16 May 2007 22:08:25 GMT
I put "********************************************" around the
section of importance. As you can see, it took nearly a full day for
this simple, one word email to arrive from hotmail. That email was
sent at the exact same time that 9 others were sent... 7 of those
arrived nearly instantly. The other 3 arrived spread out across the
following 24 hours.
During that same time, we were receiving hundreds of other emails.
Like you, I feel that the clues are not leading to a DNS issue, but I
feel I've confirmed that these emails just get stuck out on the
internet for no good reason, so I'm stumped.
Thanks again.
Max.
|
|
"Max C" <maxc246[ at ]gmail.com> wrote in message
news:1180542979.583726.97370[ at ]q69g2000hsb.googlegroups.com...
[snip]
[Quoted Text] > Yes, *most* of the delayed emails eventually arrive. When I check the
> headers, the servers they go through look nearly identical (with small
> variations of the many server names at Hotmail.) The only difference
> I can find is that the time gap between the last Hotmail server and my
> Spam filter is MUCH larger on delayed emails. Here's an example of
> one of the delayed email headers.
>
> Received: from nssco_spam.nssco.com (10.1.1.27) by Exchange.nssco.com
> (10.1.1.17) with Microsoft SMTP Server id 8.0.685.24; Thu, 17 May
> 2007
> 14:04:08 -0500
> ********************************************
> Received: from bay0-omc1-s21.bay0.hotmail.com ([65.54.246.93]) by
> nssco_spam.nssco.com (SonicWALL 5.0.3.8711) with ESMTP; Thu, 17 May
> 2007
> 14:03:51 -0500
> Received: from hotmail.com ([65.54.174.13]) by bay0-omc1-
> s21.bay0.hotmail.com
> with Microsoft SMTPSVC(6.0.3790.2668); Wed, 16 May 2007 15:08:28
> -0700
> ********************************************
> Received: from mail pickup service by hotmail.com with Microsoft
> SMTPSVC;
> Wed, 16 May 2007 15:08:28 -0700
> Message-ID: <BAY103-F324BD406DD8779E10C89FB73C0[ at ]phx.gbl>
> Received: from 65.54.174.200 by by103fd.bay103.hotmail.msn.com with
> HTTP; Wed,
> 16 May 2007 22:08:25 GMT
>
> I put "********************************************" around the
> section of importance. As you can see, it took nearly a full day for
> this simple, one word email to arrive from hotmail. That email was
> sent at the exact same time that 9 others were sent... 7 of those
> arrived nearly instantly. The other 3 arrived spread out across the
> following 24 hours.
>
> During that same time, we were receiving hundreds of other emails.
>
> Like you, I feel that the clues are not leading to a DNS issue, but I
> feel I've confirmed that these emails just get stuck out on the
> internet for no good reason, so I'm stumped.
Yes, very strange. The only DNS problem here would be if "nssco_spam" wasn't
listed as your MX and/or there was no A record for it.
Also, just as an aside, Office Communication Server also uses SRV records...
:-)
|
|
On May 30, 11:59 am, "Michael Dragone" <no.e-mail=less_spam> wrote:
[Quoted Text] > "Max C" <maxc...[ at ]gmail.com> wrote in message
>
> news:1180542979.583726.97370[ at ]q69g2000hsb.googlegroups.com...
>
> [snip]
>
>
>
> > Yes, *most* of the delayed emails eventually arrive. When I check the
> > headers, the servers they go through look nearly identical (with small
> > variations of the many server names at Hotmail.) The only difference
> > I can find is that the time gap between the last Hotmail server and my
> > Spam filter is MUCH larger on delayed emails. Here's an example of
> > one of the delayed email headers.
>
> > Received: from nssco_spam.nssco.com (10.1.1.27) by Exchange.nssco.com
> > (10.1.1.17) with Microsoft SMTP Server id 8.0.685.24; Thu, 17 May
> > 2007
> > 14:04:08 -0500
> > ********************************************
> > Received: from bay0-omc1-s21.bay0.hotmail.com ([65.54.246.93]) by
> > nssco_spam.nssco.com (SonicWALL 5.0.3.8711) with ESMTP; Thu, 17 May
> > 2007
> > 14:03:51 -0500
> > Received: from hotmail.com ([65.54.174.13]) by bay0-omc1-
> > s21.bay0.hotmail.com
> > with Microsoft SMTPSVC(6.0.3790.2668); Wed, 16 May 2007 15:08:28
> > -0700
> > ********************************************
> > Received: from mail pickup service by hotmail.com with Microsoft
> > SMTPSVC;
> > Wed, 16 May 2007 15:08:28 -0700
> > Message-ID: <BAY103-F324BD406DD8779E10C89FB7...[ at ]phx.gbl>
> > Received: from 65.54.174.200 by by103fd.bay103.hotmail.msn.com with
> > HTTP; Wed,
> > 16 May 2007 22:08:25 GMT
>
> > I put "********************************************" around the
> > section of importance. As you can see, it took nearly a full day for
> > this simple, one word email to arrive from hotmail. That email was
> > sent at the exact same time that 9 others were sent... 7 of those
> > arrived nearly instantly. The other 3 arrived spread out across the
> > following 24 hours.
>
> > During that same time, we were receiving hundreds of other emails.
>
> > Like you, I feel that the clues are not leading to a DNS issue, but I
> > feel I've confirmed that these emails just get stuck out on the
> > internet for no good reason, so I'm stumped.
>
> Yes, very strange. The only DNS problem here would be if "nssco_spam" wasn't
> listed as your MX and/or there was no A record for it.
>
> Also, just as an aside, Office Communication Server also uses SRV records...
> :-)
Well, now hold on... you may be on to something. NSSCO_Spam is not in
our public DNS records at all. When an email arrives at our Firewall
heading for "Exchange" we divert it to "NSSCO_Spam" which is our spam
filter. The spam filter then forwards the email on to Exchange, the
original destination.
Are you saying that even though NSSCO_Spam is not the intended
destination, it should still be listed as a mail server with a MX
record?
Of course, in my mind, that even further complicates the SPF record
issue. I'm already fuzzy on that issue.
This could get interesting!
Max.
|
|
"Max C" <maxc246[ at ]gmail.com> wrote in message
news:1180545679.935626.60140[ at ]h2g2000hsg.googlegroups.com...
[Quoted Text] > Well, now hold on... you may be on to something. NSSCO_Spam is not in
> our public DNS records at all. When an email arrives at our Firewall
> heading for "Exchange" we divert it to "NSSCO_Spam" which is our spam
> filter. The spam filter then forwards the email on to Exchange, the
> original destination.
>
> Are you saying that even though NSSCO_Spam is not the intended
> destination, it should still be listed as a mail server with a MX
> record?
Your MX record lists mail.nssco.com which resolves to your .37 IP address.
This IP address answers on port 25, but the SMTP banner states
"NSSCO_Spam.nssco.com."
Some mailers look to see if the SMTP banner hostname matches the MX hostname
(since it's what they expect). While there's nothing technically *wrong*
with your setup, you should consider adding both an MX (at priority 0) and
an A record for "nssco_spam" pointing to your .37 IP address. After a day or
so once DNS propagates around the Internet you can take out the MX and A
records for "mail."
> Of course, in my mind, that even further complicates the SPF record
> issue. I'm already fuzzy on that issue.
An SPF record simply dictates which servers you declare are authorized to be
sending mail from your domain.
Take for example this SPF record:
v=spf1 mx -all
This means that all the IP addresses resolved from the MX record(s) for the
domain containing this TXT record are recognized by you as legitimate
senders of mail for your domain (the mx part of the SPF record). No other
servers are authorized by you to send mail from your domain (the -all part
of the SPF record).
Most SPF records contain ~all rather than -all since there are instances
where mail MAY be legitimate but not sent by a server you've authorized.
Using the "e-mail this article to a friend" link from the NY Times is one
example.
In your case, if your Exchange server submits outbound mail to your spam
filter box, then the SPF record above with either ~all or -all would likely
work well for your needs.
If however your Exchange server submits outbound mail directly to the
Internet, that SPF record would be incorrect.
That all being said, I prefer to setup SPF records with IP address when
possible to avoid extra DNS lookups. So if your Exchange server submits mail
directly itself and it's IP address is 1.2.3.4, the SPF record would be:
v=spf1 ip4:1.2.3.4 ~all
I hope this helped somewhat...
|
|
On May 30, 1:21 pm, "Michael Dragone" <no.e-mail=less_spam> wrote:
[Quoted Text] > "Max C" <maxc...[ at ]gmail.com> wrote in message
>
> news:1180545679.935626.60140[ at ]h2g2000hsg.googlegroups.com...
>
> > Well, now hold on... you may be on to something. NSSCO_Spam is not in
> > our public DNS records at all. When an email arrives at our Firewall
> > heading for "Exchange" we divert it to "NSSCO_Spam" which is our spam
> > filter. The spam filter then forwards the email on to Exchange, the
> > original destination.
>
> > Are you saying that even though NSSCO_Spam is not the intended
> > destination, it should still be listed as a mail server with a MX
> > record?
>
> Your MX record lists mail.nssco.com which resolves to your .37 IP address.
> This IP address answers on port 25, but the SMTP banner states
> "NSSCO_Spam.nssco.com."
>
> Some mailers look to see if the SMTP banner hostname matches the MX hostname
> (since it's what they expect). While there's nothing technically *wrong*
> with your setup, you should consider adding both an MX (at priority 0) and
> an A record for "nssco_spam" pointing to your .37 IP address. After a day or
> so once DNS propagates around the Internet you can take out the MX and A
> records for "mail."
OK. I'll give it a try on my test domain first. I'll give it a
couple of days to propagate and then test it out.
> > Of course, in my mind, that even further complicates the SPF record
> > issue. I'm already fuzzy on that issue.
>
> An SPF record simply dictates which servers you declare are authorized to be
> sending mail from your domain.
>
> Take for example this SPF record:
>
> v=spf1 mx -all
>
> This means that all the IP addresses resolved from the MX record(s) for the
> domain containing this TXT record are recognized by you as legitimate
> senders of mail for your domain (the mx part of the SPF record). No other
> servers are authorized by you to send mail from your domain (the -all part
> of the SPF record).
>
> Most SPF records contain ~all rather than -all since there are instances
> where mail MAY be legitimate but not sent by a server you've authorized.
> Using the "e-mail this article to a friend" link from the NY Times is one
> example.
>
> In your case, if your Exchange server submits outbound mail to your spam
> filter box, then the SPF record above with either ~all or -all would likely
> work well for your needs.
>
> If however your Exchange server submits outbound mail directly to the
> Internet, that SPF record would be incorrect.
>
> That all being said, I prefer to setup SPF records with IP address when
> possible to avoid extra DNS lookups. So if your Exchange server submits mail
> directly itself and it's IP address is 1.2.3.4, the SPF record would be:
>
> v=spf1 ip4:1.2.3.4 ~all
>
> I hope this helped somewhat...
Well, it's now about as clear as mud, whereas before it was as clear
as tar. I'm sure there must be a web site I can look up to see an SPF
record defined. I'll look in to it.
All of my servers (including my Exchange server) have private IP
addresses. My firewall does 1to1 NAT for each of them. That's how
I'm able to route Exchange bound mail to NSSCO_Spam. For the moment,
mail going to the internet from the Exchange server goes to the
firewall and then out to the internet, but in the future we may change
it so that outbound email is also sent through the spam server.
Many thanks (yet again.)
Max.
|
|
"Max C" <maxc246[ at ]gmail.com> wrote in message
news:1180550723.255113.255630[ at ]m36g2000hse.googlegroups.com...
[snip]
[Quoted Text] >> Your MX record lists mail.nssco.com which resolves to your .37 IP
>> address.
>> This IP address answers on port 25, but the SMTP banner states
>> "NSSCO_Spam.nssco.com."
>>
>> Some mailers look to see if the SMTP banner hostname matches the MX
>> hostname
>> (since it's what they expect). While there's nothing technically *wrong*
>> with your setup, you should consider adding both an MX (at priority 0)
>> and
>> an A record for "nssco_spam" pointing to your .37 IP address. After a day
>> or
>> so once DNS propagates around the Internet you can take out the MX and A
>> records for "mail."
>
> OK. I'll give it a try on my test domain first. I'll give it a
> couple of days to propagate and then test it out.
Okay, sounds like a plan.
>> I hope this helped somewhat...
>
> Well, it's now about as clear as mud, whereas before it was as clear
> as tar. I'm sure there must be a web site I can look up to see an SPF
> record defined. I'll look in to it.
Yes, there are plenty. There are also a few that have SPF Wizards that will
assist you in creating your SPF records as well as some "SPF testers" -
e-mail addresses that you send mail to to make sure that your record is
configured correctly.
http://www.microsoft.com/mscorp/safety/content/technologies/senderid/wizard/
http://www.openspf.org/
Those should get you going.
> All of my servers (including my Exchange server) have private IP
> addresses. My firewall does 1to1 NAT for each of them. That's how
> I'm able to route Exchange bound mail to NSSCO_Spam. For the moment,
> mail going to the internet from the Exchange server goes to the
> firewall and then out to the internet, but in the future we may change
> it so that outbound email is also sent through the spam server.
Your SPF record should reference the outside IP address that the internal IP
address of your Exchange is NATed to. If it's just the one Exchange server
you can use "v=spf1 ip4:(outside IP of Exchange server) ~all".
|
|
Just to be 100% clear, when I set up the A and MX records for
NSSCO_Spam, should I direct them both to www.xxx.yyy.37? I was under
the impression that the MX record worked better if it was mapped to a
host name rather than an IP.
After a couple of days, you're saying you'd get rid of the "mail" A
Record? If so, then that means you'd just adjust the "[ at ]" MX record to
point to the NSSCO_Spam A Record?
I'm just trying to be thorough. I don't want to screw this up.
Thanks for being patient.
Max.
On May 30, 1:54 pm, "Michael Dragone" <no.e-mail=less_spam> wrote:
[Quoted Text] > "Max C" <maxc...[ at ]gmail.com> wrote in message > > news:1180550723.255113.255630[ at ]m36g2000hse.googlegroups.com... > > [snip] > > > > >> Your MX record lists mail.nssco.com which resolves to your .37 IP > >> address. > >> This IP address answers on port 25, but the SMTP banner states > >> "NSSCO_Spam.nssco.com." > > >> Some mailers look to see if the SMTP banner hostname matches the MX > >> hostname > >> (since it's what they expect). While there's nothing technically *wrong* > >> with your setup, you should consider adding both an MX (at priority 0) > >> and > >> an A record for "nssco_spam" pointing to your .37 IP address. After a day > >> or > >> so once DNS propagates around the Internet you can take out the MX and A > >> records for "mail." > > > OK. I'll give it a try on my test domain first. I'll give it a > > couple of days to propagate and then test it out. > > Okay, sounds like a plan. > > >> I hope this helped somewhat... > > > Well, it's now about as clear as mud, whereas before it was as clear > > as tar. I'm sure there must be a web site I can look up to see an SPF > > record defined. I'll look in to it. > > Yes, there are plenty. There are also a few that have SPF Wizards that will > assist you in creating your SPF records as well as some "SPF testers" - > e-mail addresses that you send mail to to make sure that your record is > configured correctly. > > http://www.microsoft.com/mscorp/safety/content/technologies/senderid/...http://www.openspf.org/> > Those should get you going. > > > All of my servers (including my Exchange server) have private IP > > addresses. My firewall does 1to1 NAT for each of them. That's how > > I'm able to route Exchange bound mail to NSSCO_Spam. For the moment, > > mail going to the internet from the Exchange server goes to the > > firewall and then out to the internet, but in the future we may change > > it so that outbound email is also sent through the spam server. > > Your SPF record should reference the outside IP address that the internal IP > address of your Exchange is NATed to. If it's just the one Exchange server > you can use "v=spf1 ip4:(outside IP of Exchange server) ~all".
|
|
"Max C" <maxc246[ at ]gmail.com> wrote in message
news:1180555591.925723.186130[ at ]q69g2000hsb.googlegroups.com...
[Quoted Text] > Just to be 100% clear, when I set up the A and MX records for
> NSSCO_Spam, should I direct them both to www.xxx.yyy.37? I was under
> the impression that the MX record worked better if it was mapped to a
> host name rather than an IP.
No, no - you're right, it should be a hostname. You still set up the MX
record to point to nssco_spam.nssco.com and then set up an A record for
nssco_spam pointing to your .37 IP address.
> After a couple of days, you're saying you'd get rid of the "mail" A
> Record? If so, then that means you'd just adjust the "[ at ]" MX record to
> point to the NSSCO_Spam A Record?
Right now you'll add an A record for nssco_spam and change your MX record to
go to nssco_spam. When you're done, your zone will look like this:
A records
[ at ] www.xxx.yyy.36 (Web server)
mail www.xxx.yyy.37 (spam filter)
www www.xxx.yyy.36 (Web server)
nssco_spam www.xxx.yyy.37 (spam filter)
MX records
Priority Host Goes To
0 [ at ] nssco_spam
After a full day (or two to be safe - the default TTL for your zone is 1
day), you can remove the "mail" A record. By doing this you ensure that
anyone on the Internet that has cached "mail.nssco.com" as your MX will
still be able to resolve the hostname "mail" and send you messages while
anyone who has NOT cached the MX record will get your shiny new nssco_spam
hostname from an NX query.
If you're really paranoid you can keep the MX record for mail and set it to
a higher priority (10 would be good) for the same amount of time before you
delete it.
> I'm just trying to be thorough. I don't want to screw this up.
I don't blame you. Better to be safe.
|
|
Thanks for that very detailed information. Because of it, I now haev
a new piece of information that may or may not be important. When I
tried to add the MX record of [ at ] pointing to NSSCO_SPAM, GoDaddy gave
me an obscure error message. It's wasn't at all descriptive. I tried
several things, finally thinking that it would only allow an IP
address for the MX record (because it states "Goes To - IP Address" in
the brief instructions.
After much fiddling, I finally figured out that it was the "_" in the
host name that GoDaddy didn't like. So, I've renamed my host
NSSCO_Spam to NSSCO-Spam. I'm now in the process of resetting my DNS
records. I'll keep you posted.
Mark.
On May 30, 6:38 pm, "Michael Dragone" <no.e-mail=less_spam> wrote:
[Quoted Text] > "Max C" <maxc...[ at ]gmail.com> wrote in message
>
> news:1180555591.925723.186130[ at ]q69g2000hsb.googlegroups.com...
>
> > Just to be 100% clear, when I set up the A and MX records for
> > NSSCO_Spam, should I direct them both towww.xxx.yyy.37? I was under
> > the impression that the MX record worked better if it was mapped to a
> > host name rather than an IP.
>
> No, no - you're right, it should be a hostname. You still set up the MX
> record to point to nssco_spam.nssco.com and then set up an A record for
> nssco_spam pointing to your .37 IP address.
>
> > After a couple of days, you're saying you'd get rid of the "mail" A
> > Record? If so, then that means you'd just adjust the "[ at ]" MX record to
> > point to the NSSCO_Spam A Record?
>
> Right now you'll add an A record for nssco_spam and change your MX record to
> go to nssco_spam. When you're done, your zone will look like this:
>
> A records
> [ at ] www.xxx.yyy.36(Web server)
> mail www.xxx.yyy.37(spam filter)
> www www.xxx.yyy.36(Web server)
> nssco_spam www.xxx.yyy.37(spam filter)
>
> MX records
> Priority Host Goes To
> 0 [ at ] nssco_spam
>
> After a full day (or two to be safe - the default TTL for your zone is 1
> day), you can remove the "mail" A record. By doing this you ensure that
> anyone on the Internet that has cached "mail.nssco.com" as your MX will
> still be able to resolve the hostname "mail" and send you messages while
> anyone who has NOT cached the MX record will get your shiny new nssco_spam
> hostname from an NX query.
>
> If you're really paranoid you can keep the MX record for mail and set it to
> a higher priority (10 would be good) for the same amount of time before you
> delete it.
>
> > I'm just trying to be thorough. I don't want to screw this up.
>
> I don't blame you. Better to be safe.
|
|
True, I totally forgot about that. Only A-Z, 0-9 and - are allowed as
characters in DNS... Sorry about that.
"Max C" <maxc246[ at ]gmail.com> wrote in message
news:1180631943.797957.16440[ at ]p47g2000hsd.googlegroups.com...
[Quoted Text] > Thanks for that very detailed information. Because of it, I now haev
> a new piece of information that may or may not be important. When I
> tried to add the MX record of [ at ] pointing to NSSCO_SPAM, GoDaddy gave
> me an obscure error message. It's wasn't at all descriptive. I tried
> several things, finally thinking that it would only allow an IP
> address for the MX record (because it states "Goes To - IP Address" in
> the brief instructions.
>
> After much fiddling, I finally figured out that it was the "_" in the
> host name that GoDaddy didn't like. So, I've renamed my host
> NSSCO_Spam to NSSCO-Spam. I'm now in the process of resetting my DNS
> records. I'll keep you posted.
>
> Mark.
>
> On May 30, 6:38 pm, "Michael Dragone" <no.e-mail=less_spam> wrote:
>> "Max C" <maxc...[ at ]gmail.com> wrote in message
>>
>> news:1180555591.925723.186130[ at ]q69g2000hsb.googlegroups.com...
>>
>> > Just to be 100% clear, when I set up the A and MX records for
>> > NSSCO_Spam, should I direct them both towww.xxx.yyy.37? I was under
>> > the impression that the MX record worked better if it was mapped to a
>> > host name rather than an IP.
>>
>> No, no - you're right, it should be a hostname. You still set up the MX
>> record to point to nssco_spam.nssco.com and then set up an A record for
>> nssco_spam pointing to your .37 IP address.
>>
>> > After a couple of days, you're saying you'd get rid of the "mail" A
>> > Record? If so, then that means you'd just adjust the "[ at ]" MX record to
>> > point to the NSSCO_Spam A Record?
>>
>> Right now you'll add an A record for nssco_spam and change your MX record
>> to
>> go to nssco_spam. When you're done, your zone will look like this:
>>
>> A records
>> [ at ] www.xxx.yyy.36(Web server)
>> mail www.xxx.yyy.37(spam filter)
>> www www.xxx.yyy.36(Web server)
>> nssco_spam www.xxx.yyy.37(spam filter)
>>
>> MX records
>> Priority Host Goes To
>> 0 [ at ] nssco_spam
>>
>> After a full day (or two to be safe - the default TTL for your zone is 1
>> day), you can remove the "mail" A record. By doing this you ensure that
>> anyone on the Internet that has cached "mail.nssco.com" as your MX will
>> still be able to resolve the hostname "mail" and send you messages while
>> anyone who has NOT cached the MX record will get your shiny new
>> nssco_spam
>> hostname from an NX query.
>>
>> If you're really paranoid you can keep the MX record for mail and set it
>> to
>> a higher priority (10 would be good) for the same amount of time before
>> you
>> delete it.
>>
>> > I'm just trying to be thorough. I don't want to screw this up.
>>
>> I don't blame you. Better to be safe.
|
|
Getting back to this issue. No one I've talked to can believe it, but
the cause of this very strange problem was my firewall configuration.
We still don't know *what* in the config was wrong, but after
completely rebuilding the config from scratch, the problems with
delayed emails went away completely. Before starting with a clean
slate, I was only receiving about 60 to 70% of my emails from hotmail
within the first minute, the other 30 or 40% would take between 3 and
48 hours to arrive. Immediately after resetting the firewall, 100% of
the emails from hotmail were arriving within 15 seconds.
To finally figure this out, we got a second internet connection (DSL)
from a different ISP and plugged it into an additional inbound port on
our firewall. At the time, we thought it was an ISP problem. When I
continued having the same problem with a different ISP, I knew the
problem had to be on my end. So, I used the DSL connection for
testing by (very briefly) plugging it directly into my LAN and sending
emails. When I did that, emails would arrive instantly. As soon as I
plugged it back into to the firewall, I'd be back to 60 or 70%.
I hope this helps someone.
Max.
On May 29, 10:20 am, Max C <maxc...[ at ]gmail.com> wrote:
[Quoted Text] > OK, here's the deal. For the past several months our company has been
> receiving a LOT of delayed emails. Some by a few hours some by a few
> days. As you can guess, this is a serious problem. I've tried
> several things to resolve this situation:
>
> 1 - call our ISP, who was taking care of DNS for us at the time. They
> said they'd heard of others having the same issue, but that the DNS
> records for our domains were configured properly.
>
> 2 - take control of our DNS records by moving them to GoDaddy and
> setting the records up myself.
>
> 3 - put a sniffer between our ISP's router and our firewall to confirm
> that delayed emails are *really* not making it to our network. (Turns
> out, about 20 to 30% of hotmail emails always get delayed coming to
> any of our domains, so sending a batch of 10 or 20 emails from hotmail
> to one of our domains allowed me to see the raw data coming in through
> the sniffer. There is no doubt that the emails that were delayed
> coming in to a user's inbox did *not* make it to our network. Also,
> interestingly enough, nearly 100% of emails from gmail make it through
> without delay. I've tried this hotmail and gmail test with groups of
> 10 to 20 single emails dozens of times. Gmail is always on time and
> hotmail always has 20 to 30% delays.)
>
> 4 - purchase a separate DSL line, ran it through our firewall and
> pointed one of our domain names' MX record to the DSL line's IP info.
> Hotmail emails to that domain name on the new DSL line were still
> delayed.
>
> So, as a last ditch effort, I thought it wouldn't hurt to post our DNS
> record info to get some advice. I'm the first to admit that DNS is
> not one of my strong points. Any advice on changes would be
> appreciated.
> _____________________________________________________________________________________
> A records
> Host Points To
> [ at ] WWW.XXX.YYY.37
> mail WWW.XXX.YYY.37
> exchange WWW.XXX.YYY.37
> www WWW.XXX.YYY.36
> ts2 WWW.XXX.YYY.42
>
> CNAMES (Aliases)
> Host Points To
> smtp [ at ]
> ts ts2
> ftp [ at ]
>
> MX (Mail Exchange)
> Priority Host Goes To
> 0 [ at ] mail
>
> TXT (Text)
> Host TXT Value
> [ at ] v=spf1 a mx ptr ~all
> _____________________________________________________________________________________
>
> I read earlier today that [ at ] should point to my web server (WWW.XXX.YYY.
> 36) instead of my exchange server (WWW.XXX.YYY.37) and that www should
> be a cname pointing to [ at ]. Could that be causing emails delays? I
> tried making that change on one of our unused domain names, but then I
> didn't receive emails at all.
>
> Thanks for any insight at all.
> Max.
|
|
Read inline please.
In news:1182456279.533916.24640[ at ]c77g2000hse.googlegroups.com,
Max C <maxc246[ at ]gmail.com> typed:
[Quoted Text] > Getting back to this issue. No one I've talked to can believe it, but
> the cause of this very strange problem was my firewall configuration.
I have no problem believing it, especially if the firewall blocks UDP
packets over 512 bytes, or does not allow DNS to use make iterative lookups
to every IP address on the internet using port 53 UDP and TCP.
--
Best regards,
Kevin D. Goodknecht Sr. [MVP]
Hope This Helps
===================================
When responding to posts, please "Reply to Group"
via your newsreader so that others may learn and
benefit from your issue, to respond directly to
me remove the nospam. from my email address.
===================================
http://www.lonestaramerica.com/
http://support.wftx.us/
http://message.wftx.us/
===================================
Use Outlook Express?... Get OE_Quotefix:
It will strip signature out and more
http://home.in.tum.de/~jain/software/oe-quotefix/
===================================
Keep a back up of your OE settings and folders
with OEBackup:
http://www.oehelp.com/OEBackup/Default.aspx
===================================
|
|
|