If the DNS is incorrectly configured, over time, the mail IP address is added to the black list. Today, most E-Mail servers have some kind of spam protection feature, which in turn means that all incoming emails are blocked if they are listed in the spam blacklist.
This article describes how to correctly configure MX and reverse DNS records on the mail server. This article is based on an Exchange 2003/2007 server, but all other messaging servers follow the same principle.
IP Address Assignment
The bottom-up thing is the first thing you need to do to assign a static external IP address to the private mail address of the mail server. These rules must be applied to the firewall to pass SMTP (port 25) and NAT external IP address to the server's internal address.
Something that many system administrators have forgotten to do or control is an outbound NAT rule that uses the same external IP address for the incoming rule for the mail server. If this is not set, the Reverse DNS does not match and the mail server is listed on black lists. If the firewall rules are set correctly, the IP address on this page must match the IP address assigned to the mail server's internal private IP address.
Creating MX Records on Mail Server
The following listing of this example is all the details of a mail server that helps you understand what you need to do.
External IP: 188.8.131.52
E-Mail Domain: domain.com
Your administrator will be your domain's external DNS provider to make these changes . In most cases, this is through an online control panel through your DNS service provider. Failure to do so by phone or email
1. The first thing we need is to create a record that directs the mail server to an external IP address mapped to the firewall. The host The record can be called anything else, but usually it is called "mail". In our example, we create "mail.domain.com" to show the IP address "184.108.40.206"
2. We then create an MX record to show the record of our newly created mail server.
In the DNS Control Panel, select "Add MX Record". Make sure host names are root domain name for "domain.com"
Set FQDN to the A record we create, which is in our case "mail.domain.com".
The lowest property is most preferred, but in our example, the priority is set to 10.
Using NSlookup to control DNS and MX records
The spread of DNA may take up to 48 hours, but in most cases 12 to 24 hours. Check your DNS entries and use nslookup
correctly. Open a CMD prompt and enter nslookup
2. Type set type = mx
3. Enter the domain name that is in our case domain.com .
In our example, you should read the output as follows if you install it correctly:
domain.com Preferred MX = 10, mail exchanger = mail.domain.com  mail.domain.com internet address = 220.127.116.11
Configure Reverse DNS
to verify that the mail server is the one who says it. The recipient mail server performs a reverse search to make sure that the A mailbox IP address or the DNS incoming record is the same as the IP address you are communicating with. Only one RDNS entry may appear per IP address
To do so, you must sign up with your ISP to enter the entry. This can not be done on the DNS control panel unless the ISP receives the DNS and assigns functions to add your own RDNS records.
In this case, we will contact the ISP and advise you to create an RDNS entry for our IP address 18.104.22.168 which resolves mail.domain.com .
Check Reverse DNS
can take up to 48 hours for the spread of DNA, but up to 12-24 hours. To verify that RDNS entries are added and correct, do the following:
1. Open a CMD command
. Type Ping -a 22.214.171.124 (This is the external IP address for your mail server, in which case we use your IP address as above).
If the RDNS is set correctly,  C: UsersUser> ping -a 126.96.36.199
Pinging mail.domain.com [188.8.131.52] 32 bytes data:
mail server connection with mail server, the SMTP banner. This banner must be unlocked on the Internet and the best practice is to have it as an archive / record.
SMTP banner setup for Exchange 2003
1. Open Exchange System Manager .
2nd Expand the Administrator Group ("First Admin Group" by default)
3. Expand the servers .
4th Expand YourServerName .
5th Expand Protocals container.
6th Select SMTP container.
7th Right-click in the right-hand window to select the default SMTP virtual server (or SMTP server name) and
select Properties 8. Select Shipping card
9. Click Advanced button.
10th Type Fully Qualified Domain Name mail.domain.com (A / Receive Record Created on Mailbox DNS)
11. Click OK and OK to accept the changes.
Configuring SMTP banner Exchange 2007/2010
1. Open the Exchange Management Console .
2nd Select Organization Configuration container.
3rd Select Hub Transport container.
4th Right click the Send Connectors tab.
5th Right-click on the connector you are sending and select properties .
6th On the General tab under set the FQDN, this connector … type the name of the created A record domain. In our case mail.domain.com . Click OK .
7th Under Server Configuration container, click Hub Transport container.
8th In the right window Select the properties of the Receive Connector on the Receive Connectors tab.
ninth On the General tab under set the FQDN, this connector … type the name of the created A record domain. In our case mail.domain.com . Click the button. OK
To verify the changes on port 25 when creating a connection 25, telnet can display the output. To do this, follow these steps:
1. Open a CMD prompt
2. Type Telnet mail.domain.com 25 .
The displayed output should be like this and include mail server A record:
220 mail.domain.com Microsoft ESMTP MAIL service is ready for Sun on February 28, 2
010 17:51: 20 +0000
If you use a live server or SPAM filter like a Barracuda, the SMTP banner must be set on this device / server. 19659002] Check whether the mail server is on spam and / or an open relay
For a great site to verify MX records, RDNS, make sure the mail server is open and verify that is listed on spam lists www.mxtoolbox.com . This is a great place and one of your favorites.
Following rows can successfully and correctly configure mail paths from the mail server and the mail server. The next step is too secure and ensures that the mail server is not an open relay. In the near future I will write a separate article for this purpose.