Exchange 2007 Getting Your mail Delivered

If you are unsure about approaching this issue please call our helpdesk as you can irreversibly damage your PC if you are not careful

 

Exchange can use two methods to send e-mail to other mail servers. These are commonly referred to as smart host delivery and DNS delivery. By default, SBS 2008 uses smart host to send Internet e-mail. A smart host is a “middleman” e-mail server that forwards/sends e-mail for your domain’s e-mail server on its behalf. When a smart host is in place, Exchange takes outgoing mail and sends it to another mail server that you specify (the smart host). The smart host then sends your e-mail to the destination mail server. This feature makes it appear that e-mail from your domain is originating from the smart host server. Most client-side POP3 accounts function this way for sending mail, and using a smart host on your server puts your server in a similar position.

If the SBS server is not configured to use a smart host, it will use DNS to find the MX records for the recipient domains and attempt to deliver mail directly. So, for example, if you use Outlook to send an e-mail to john@newcompany.com, your server will query DNS to find the MX records for newcompany.com. Let’s assume the MX query returns with the name mail01.newcompany.com as the mail server. Your server will then connect to mail01.newcompany.com on TCP port 25 to deliver the outbound e-mail.

Ensuring Delivery- Given the number of new and often aggressive anti-spam technologies that are being deployed by organizations across the spectrum, another important consideration for any mail admin is how to ensure that mail originating from your server is not misconstrued as spam. To that end, we will now look at a number of configurations that will raise the likelihood of your mail being accepted. Some of these configurations are required, while others are just recommended.

Reverse DNS Record- If you are not using a smart host, one of the most important things on your checklist should be getting an RDNS record created. When a recipient server gets an e-mail from your server, it will usually check the name of your server (as specified in the Send Connector settings) against the IP address of your server and then do a DNS reverse lookup to see what name is associated with your IP address. If the name returned by the query does not match the name that your server provided, it might decide to refuse your server’s connection, depending on how the recipient server has been configured. Setting up an RDNS record is not something you do at your own external DNS management console. This is a record that exists at your ISP, and your ISP is usually responsible for creating it after you request it. Normally, you would give them the hostname of your mail server and the public IP address that it is listening on. Some ISPs enable you to configure it yourself in their console.

Dynamic IP Lists- Many large ISPs that provide both business and residential broadband have their IP address blocks marked as “dynamic,” and assume that their customers will be using a smart host for outbound mail delivery. If you are not using a smart host, and your static IP happens to be in one of these “dynamic” blocks, you may have trouble with your mail being blocked by ISPs like AOL. If this is your situation, you get an error like this one:

554- The IP address you are using to connect to AOL is a dynamic (residential) IPaddress. AOL will not accept future e-mail transactions from this IP address untilyour ISP removes this IP address from its list of dynamic IP addresses.

Your chances of having your ISP do this for you may be low, and if you already have a static IP, you will probably have to get a new static IP in a different block of addresses. Your best solution at this point is to work with a smart host.

 Blacklists or RBLs (Real-Time Black Lists) are lists of IP addresses that have been known to send out spam. The most likely reason for an SBS 2008 server to end up on a blacklist is if you aren’t using a smart host and someone in your organization sent out a lot of unsolicited mail through the server. It’s common to have someone send out a marketing campaign without checking with the mail administrator first, but doing so could put your server on a blacklist or cause your smart host to stop relaying mail for your server. Best practice is to not use the SBS server for marketing campaigns and for bulk newsletters. Instead, use a service designed to handle that kind of communication, like Constant Contact. If your server’s IP does get put on a blacklist, you can usually request it to be removed from the blacklist. Each blacklist has its own procedure for being removed. Some automatically remove your IP after 12 hours; others let you manually remove the address via a web interface.

Routing Mail Directly Versus Using a Smart Host- When choosing whether to route mail directly through DNS or through a smart host, there are multiple factors worth considering. The benefits of routing through DNS include the following:

Not having a “middleman” usually reduces troubleshooting complexity.  

No reliance on a third-party e-mail server to ensure mail delivery.  

Increased control over how mail to different destinations is handled.

That said, using a smart host does have a lot of perks, including the following:

No need to configure an RDNS record.  

Less hassle with remote anti-spam measures.  

Greatly reduced likelihood of being affected by blacklists.  

Queues are offloaded to the smart host and don’t consume local resources.  

It’s the best way to handle mail if your network has a dynamic IP

All in all, the benefits of using a smart host are higher than the benefits for routing directly. Using a smart host offloads some of the need for mail and DNS expertise and puts some of the responsibility for proper mail delivery in the hands of your ISP or other smart host provider. Depending on who that provider is, this may be a great arrangement, but care should be taken not to leave this important responsibility in the hands of a business entity that you cannot count on.

SPF Records- How often have you gotten an error message response from a server regarding an e-mail that you never sent? It’s a common occurrence, and it usually is caused by someone forging your address as the reply address on a spam message. There is a system in place called Sender Policy Framework (SPF) to prevent this sort of spoofing of addresses, but adoption is still growing. Using the system involves creating an SPF record in your DNS zone file. An SPF record is a DNS record that publishes information about which mail servers are authorized to send out mail with your domain name on the return address. Having an SPF record provides a domain with additional protection against spammers, because it makes it more difficult for them to spoof your domain name on spam they send out. Many anti-spam filters use SPF to see if the server that sent a message was authorized to do so, and depending on how the filter is configured, it may drop the message if there was an SPF record in place and the sending server was not on the authorized list. Because many domains do not have SPF records, passing this test is not a requirement to get mail delivered, but having an SPF record does cut down on the amount of bounce-back spam that will come to your domain. Because the anti-spam filters on many mail servers (including Exchange 2007) use SPF information to help calculate SCL values, having an SPF record improves the prospects of your domain’s mail avoiding the junk mail folder at other domains!

Creating the SPF record can be tricky, but Microsoft has built an online wizard that simplifies the process. As long as you have the ability to create records in your DNS zone, you can use this wizard to generate the contents of the SPF record. For more information, see http://www.microsoft.com/mscorp/safety/content/technologies/senderid/wizard/

 

Have more questions? Submit a request

0 Comments

Please sign in to leave a comment.
Powered by Zendesk