MX DNS Records

Discussion in 'Installation/Configuration' started by mrrow, Apr 8, 2013.

  1. mrrow

    mrrow New Member

    I would like to know what to put for the MX records of client sites I host.
    Environment: - - This is the address and IP of the physical hardware. It runs the mail server, - This is the domain name of the client website.

    I have a few choices as I see it.
    1. Just set the MX record to for every client.
    2. Set the MX record to and have an A record pointing ->
    3. Set the MX record to and have an CNAME record pointing ->

    I'm trying to figure out what the best thing to do is from:
    1. A maintenance point of view (likely to move servers in the future)
    2. Receiving servers point of view (are any of the options less likely to get email from [email protected] bounced / help with reverse DNS lookups)

    Thanks in advance.

    ISPConfig: 2.2.35
  2. Parsec

    Parsec New Member

    Well, you can do it whichever way you like although option 3 is most probably better then 2. However Option 1 is actually the best, especially if your clients start using ssl methods of transport. Assuming has a valid ssl certificate, then the clients will connect without issue, however if you use their domain name and the server responds with it's ssl cert ( they will always get an error popping up in their client.

    1. Actually another way is to have a cname for and this server has a wildcard ssl for *, then you merely create a cname for the server eg: cname In this way if you ever change or get a new server and it's called you can use the same ssl and just change the cname ( cname - thus clients just keep their existing setup in their email clients eg:

    2. Doesn't matter, the other end will always see the mail as coming from so as long as that has the corect rDNS you should be fine.
  3. mrrow

    mrrow New Member

    Thanks for the quick reply.

    I'd totally forgotten about the SSL aspect of this, I think I'll have to go with option 1. (Just set the MX record to for every client.) because I don't want folks ringing me up re certificate errors.

    I don't really want to fork out for a wildcard certificate so I think when I move server I'll set up, buy an ssl for mail1, shift the accounts, and then add CNAME

    As part of the move I was looking to expand to a couple of servers, and move sites and email clients between servers as necessary to balance the load. I was hoping that by using option 3, that I could change the CNAME records and make the move transparent to the end customer. E.g.
    Before: Client1's email boxes on and CNAME
    After: Move the client1's email boxes to and do CNAME

    Is there anyway to achieve this without getting certificate errors? Maybe a way to redirect (like a web 301) to Basically, looking for a way to move some email boxes without having to trouble the customer.

    Thanks for your help.
  4. Parsec

    Parsec New Member

    I guess it depends on what you offer your existing clients now. if they are connecting to, does it have a correct ssl certificate? If you don't have any existing clients using an ssl connection method then you might get away with the cnames.

    I know moving clients to new servers is always a problem unless you are a big company with huge resources, there never seems to be an easy way.

    Theres not much I can help you with about moving existing clients to new servers - best bet is to test it with a dummy setup and see what happens yourself, and see what you can do to get around the problems.

    I do suggest however, if you are going to have multiple servers to serve your clients you look deeper into having all your servers under the one domain and using a wildcard ssl. if you hunt around you can get a wildcard for a reasonable price - compared to buying individual certs for server1, server2 etc. It's something to look into as it helps with a number of other things not just mail. Maybe check out places like godaddy and search around for coupon codes - you can often end up with a price not that much different to buying a couple of standard certs.
  5. mrrow

    mrrow New Member

    Thanks Parsec,
    I'll have another look at wildcard certs again.

Share This Page