#1  
Old 8th April 2013, 17:52
mrrow mrrow is offline
Junior Member
 
Join Date: Apr 2013
Posts: 3
Thanks: 0
Thanked 0 Times in 0 Posts
Default MX DNS Records

I would like to know what to put for the MX records of client sites I host.
Environment:
server.com - 123.123.123.123 - This is the address and IP of the physical hardware. It runs the mail server, mail.server.com
client.com - This is the domain name of the client website.

I have a few choices as I see it.
1. Just set the MX record to mail.server.com for every client.
2. Set the MX record to mail.client.com and have an A record pointing mail.client.com -> 123.123.123.123
3. Set the MX record to mail.client.com and have an CNAME record pointing mail.client.com -> mail.server.com

I'm trying to figure out what the best thing to do is from:
1. A maintenance point of view (likely to move servers in the future)
2. Receiving servers point of view (are any of the options less likely to get email from user@client.com bounced / help with reverse DNS lookups)

Thanks in advance.

ISPConfig: 2.2.35
Ubunutu: 2.6.39.4-x1-64
Reply With Quote
Sponsored Links
  #2  
Old 9th April 2013, 03:45
Parsec Parsec is offline
Member
 
Join Date: Jan 2013
Posts: 66
Thanks: 1
Thanked 9 Times in 8 Posts
Default

Quote:
Originally Posted by mrrow View Post
server.com - 123.123.123.123 - This is the address and IP of the physical hardware. It runs the mail server, mail.server.com
client.com - This is the domain name of the client website.

I have a few choices as I see it.
1. Just set the MX record to mail.server.com for every client.
2. Set the MX record to mail.client.com and have an A record pointing mail.client.com -> 123.123.123.123
3. Set the MX record to mail.client.com and have an CNAME record pointing mail.client.com -> mail.server.com
Well, you can do it whichever way you like although option 3 is most probably better then 2. However Option 1 is actually the best, especially if your clients start using ssl methods of transport. Assuming mail.server.com has a valid ssl certificate, then the clients will connect without issue, however if you use their domain name and the server responds with it's ssl cert (mail.server.com) they will always get an error popping up in their client.

Quote:
Originally Posted by mrrow View Post
I'm trying to figure out what the best thing to do is from:
1. A maintenance point of view (likely to move servers in the future)
2. Receiving servers point of view (are any of the options less likely to get email from user@client.com bounced / help with reverse DNS lookups)
1. Actually another way is to have a cname for mail.server.com and this server has a wildcard ssl for *.server.com, then you merely create a cname for the server eg: smtp1.server.com cname mail.server.com. In this way if you ever change or get a new server and it's called mail3.server.com you can use the same ssl and just change the cname (smtp1.server.com cname mail3.server.com) - thus clients just keep their existing setup in their email clients eg: smtp1.server.com

2. Doesn't matter, the other end will always see the mail as coming from mail.server.com so as long as that has the corect rDNS you should be fine.
Reply With Quote
  #3  
Old 9th April 2013, 16:41
mrrow mrrow is offline
Junior Member
 
Join Date: Apr 2013
Posts: 3
Thanks: 0
Thanked 0 Times in 0 Posts
Default

Thanks for the quick reply.

I'd totally forgotten about the SSL aspect of this, I think I'll have to go with option 1. (Just set the MX record to mail.server.com for every client.) because I don't want folks ringing me up re certificate errors.

I don't really want to fork out for a wildcard certificate so I think when I move server I'll set up mail1.server.com, buy an ssl for mail1, shift the accounts, and then add mail.server.com CNAME mail1.server.com.

As part of the move I was looking to expand to a couple of servers, and move sites and email clients between servers as necessary to balance the load. I was hoping that by using option 3, that I could change the CNAME records and make the move transparent to the end customer. E.g.
Before: Client1's email boxes on mail1.server.com and mail.client1.com CNAME mail1.server.com
After: Move the client1's email boxes to mail2.server.com and do mail.client1.com CNAME mail2.server.com

Is there anyway to achieve this without getting certificate errors? Maybe a way to redirect (like a web 301) mail.client1.com to mail2.server.com. Basically, looking for a way to move some email boxes without having to trouble the customer.

Thanks for your help.
Reply With Quote
  #4  
Old 10th April 2013, 00:24
Parsec Parsec is offline
Member
 
Join Date: Jan 2013
Posts: 66
Thanks: 1
Thanked 9 Times in 8 Posts
Default

I guess it depends on what you offer your existing clients now. if they are connecting to mail.client1.com, does it have a correct ssl certificate? If you don't have any existing clients using an ssl connection method then you might get away with the cnames.

I know moving clients to new servers is always a problem unless you are a big company with huge resources, there never seems to be an easy way.

Theres not much I can help you with about moving existing clients to new servers - best bet is to test it with a dummy setup and see what happens yourself, and see what you can do to get around the problems.

I do suggest however, if you are going to have multiple servers to serve your clients you look deeper into having all your servers under the one domain and using a wildcard ssl. if you hunt around you can get a wildcard for a reasonable price - compared to buying individual certs for server1, server2 etc. It's something to look into as it helps with a number of other things not just mail. Maybe check out places like godaddy and search around for coupon codes - you can often end up with a price not that much different to buying a couple of standard certs.
Reply With Quote
  #5  
Old 10th April 2013, 00:38
mrrow mrrow is offline
Junior Member
 
Join Date: Apr 2013
Posts: 3
Thanks: 0
Thanked 0 Times in 0 Posts
Default

Thanks Parsec,
I'll have another look at wildcard certs again.
Reply With Quote
Reply

Bookmarks

Tags
bounce, dns, ispconfig, mx record, reverse dns

Thread Tools
Display Modes

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is On
HTML code is Off

Forum Jump

Similar Threads
Thread Thread Starter Forum Replies Last Post
sarg issue while generating reports for squid mail4vij Server Operation 3 31st December 2009 14:12
Ubuntu Server, ISPConfig, Domain name, and problems NYCSavage Server Operation 5 27th November 2009 18:45
Google Apps dayjahone General 19 29th March 2008 18:25
Unable send receive emails vassilis3 Installation/Configuration 15 19th May 2007 15:34
No SPF record. beryl Installation/Configuration 6 17th May 2007 20:52


All times are GMT +2. The time now is 08:31.


Powered by vBulletin® Version 3.8.7
Copyright ©2000 - 2014, vBulletin Solutions, Inc.