+ Post New Thread
Page 1 of 3 123 LastLast
Results 1 to 15 of 31
Internet Related/Filtering/Firewall Thread, Question about mail server settings for new ISP in Technical; Hi all, we are moving away from our SWGfL connection at the the end of the month. Our new ISP ...
  1. #1

    Oaktech's Avatar
    Join Date
    Jul 2011
    Location
    Bournemouth
    Posts
    2,806
    Thank Post
    774
    Thanked 547 Times in 427 Posts
    Rep Power
    260

    Question about mail server settings for new ISP

    Hi all,

    we are moving away from our SWGfL connection at the the end of the month. Our new ISP is Gigler/City Fibre

    We are using exchange 2003. Our external DNS provider is vidahosts, we have an MX record with them for our domain of in.mx.ifl.net, the smtp connector set in the exchange server is mx.swgfl.ifl.net

    what do I need to do to migrate our exchange server from SWGfL?

    Please use small words as this side of networking is not my forte!

  2. #2

    ZeroHour's Avatar
    Join Date
    Dec 2005
    Location
    Edinburgh, Scotland
    Posts
    5,704
    Thank Post
    904
    Thanked 1,320 Times in 802 Posts
    Blog Entries
    1
    Rep Power
    445
    You basically need to get your ISP to tell you you're new ip, then add a subdomain such as ext.SCHOOL.sch.uk which points to that ip. Update your MX record on your domain to point to the new record and mail will flow to your exchange directly. You must obviously port forward etc but that should be it for incoming.
    Outgoing wont need an smtp connector/server unless you're new isp blocks smtp coming direct from your exchange, you're exchange can now directly send the mail to other peoples servers rather then going through the external connector.
    While you have you're editing you're domain dns records (not internal dns) you should take the time to add a TXT record based on SPF (sender policy framework) which lists the ip's that are authorised to send mail from you're schools email domain. This will prevent issues with spam filtering when sending mail out.

    Pro Tip: BEFORE the week/day before moving change you're schools current MX records to expire after 5 minutes rather than longer, that way when you do update the records the changes are live faster, it also means if anything breaks you can switch back the mx record and you wont lose hours waiting for the web to update their caches.

    NOTE: I have not dealt with SWGFL, this is just general advice and SWGFL may have their own idiosyncrasies.
    Last edited by ZeroHour; 9th August 2013 at 11:06 AM.

  3. Thanks to ZeroHour from:

    Oaktech (9th August 2013)

  4. #3

    twin--turbo's Avatar
    Join Date
    Jun 2012
    Location
    Carlisle
    Posts
    2,334
    Thank Post
    1
    Thanked 381 Times in 340 Posts
    Rep Power
    150
    Make sure your ISP also puts in a reverse DNS pointer for your server IP.

    Do you have any inbound spam/virus protection , this may have previously been done by your RBC.

    Our mail goes in and out via a ClearOS mail relay for filtering.

    Rob

  5. 2 Thanks to twin--turbo:

    Oaktech (9th August 2013), ZeroHour (9th August 2013)

  6. #4

    ZeroHour's Avatar
    Join Date
    Dec 2005
    Location
    Edinburgh, Scotland
    Posts
    5,704
    Thank Post
    904
    Thanked 1,320 Times in 802 Posts
    Blog Entries
    1
    Rep Power
    445
    Quote Originally Posted by twin--turbo View Post
    Make sure your ISP also puts in a reverse DNS pointer for your server IP.
    Forgot about that, didnt think reverse matter so much for spam protection any more but I would add it anyway. That record should match your ext.SCHOOL.sch.uk record name.

  7. Thanks to ZeroHour from:

    Oaktech (9th August 2013)

  8. #5

    Oaktech's Avatar
    Join Date
    Jul 2011
    Location
    Bournemouth
    Posts
    2,806
    Thank Post
    774
    Thanked 547 Times in 427 Posts
    Rep Power
    260
    Ok, I said small words guys... Feeling pretty stupid today sorry!

    Lets review...

    Our ISP is dumb, we don't get anything except a connection and some external IPs from them.

    We have a DNS management arrangement with VidaHosts. Our MX record for our domain with them reads:
    Domain: leaf.bournemouth.sch.uk
    Record type: MX
    TTL: 86400
    Priority: 10
    Content: in.mx.ifl.net

    Our Exchange server has an SMTP connector of: "forward all mail through this connector to the following smarthost: mx.swgfl.ifl.net".

    We currently have an external subdomain of mail.leaf.bournemouth.sch.uk that our OWA uses and runs into the SWGfL provided external IP (it will be changed over to the 84 range IP on monday when I change the default route in our core switch, we are running 2 connections atm for business continuity and testing)

    We currently have a rule on our PaloAlto box to allow the following application signatures to traverse: Outlook web, SMTP, SSL, HTTP. The rule accepts these applications from any external source to the external IP of the mail server 84.45.115.120 and allows to traverse the firewall to the rule for the mail server internal address. There is a corresponding rule for outgoing limited to SMTP signature.

    We have an MX record in our internal DNS for our domain.internal of the mail servers internal fqdn
    We have an MX record in the internal DNS for our leaf.bournemouth.sch.uk external domain addressed to the mail servers internal fqdn

    I can't see anywhere in our vidahosts DNS management to create a reverse dns record for our mail. My options are: A, AAAA, CName, MX, TXT, SPF, SRV.
    I see that I can create both TXT and SPF records in VidaHosts which do I want?


    Could you possibly do me a step by step as I really am not strong on this bit, having never had to deal with it before.

  9. #6

    localzuk's Avatar
    Join Date
    Dec 2006
    Location
    Minehead
    Posts
    17,683
    Thank Post
    516
    Thanked 2,452 Times in 1,898 Posts
    Blog Entries
    24
    Rep Power
    832
    Reverse DNS is handled by your ISP, not your DNS host.

  10. Thanks to localzuk from:

    Oaktech (9th August 2013)

  11. #7

    twin--turbo's Avatar
    Join Date
    Jun 2012
    Location
    Carlisle
    Posts
    2,334
    Thank Post
    1
    Thanked 381 Times in 340 Posts
    Rep Power
    150
    Quote Originally Posted by localzuk View Post
    Reverse DNS is handled by your ISP, not your DNS host.
    Yep. As dumb as they may be, they have to do it as it's their DNS record relating to the static IP address when doing a reverse lookup.
    You could also ask them if they have a SMTP mail realy you can use for outbound mail



    on the vida control pannel create a new A record mail.

    mail1.leaf.bournemouth.sch.uk 84.45.115.120

    create an MX record pointing to

    mail1.leaf.bournemouth.sch.uk







    Do you have filtering??

  12. Thanks to twin--turbo from:

    Oaktech (9th August 2013)

  13. #8

    Oaktech's Avatar
    Join Date
    Jul 2011
    Location
    Bournemouth
    Posts
    2,806
    Thank Post
    774
    Thanked 547 Times in 427 Posts
    Rep Power
    260
    Thankyou for that!

    Filtering?

    We have a junk mail filter on our exchange server which delivers junk to staff junk mail folders and deletes it for students. Also the ESET for exchange examines and strips dangerous attachments.

    What do I do on our DNS to allow the outbound stuff? Or have I done enough and I just need to select 'use dns' in the exchange manager?

  14. #9

    twin--turbo's Avatar
    Join Date
    Jun 2012
    Location
    Carlisle
    Posts
    2,334
    Thank Post
    1
    Thanked 381 Times in 340 Posts
    Rep Power
    150
    Filtering:

    How are you classifying incoming mail as junk?


    If you tick DNS is shoud indedd use direct delivery without needign the SMTP relay.

    Rob

  15. Thanks to twin--turbo from:

    Oaktech (9th August 2013)

  16. #10

    Oaktech's Avatar
    Join Date
    Jul 2011
    Location
    Bournemouth
    Posts
    2,806
    Thank Post
    774
    Thanked 547 Times in 427 Posts
    Rep Power
    260
    We have intelligent message filtering set up to an SCL of 5, and store junk set to an scl of 4 we have an arrangement with a local IT company who send us, for free, block lists for sender and connection filtering which is added manually once a month.

  17. #11

    ZeroHour's Avatar
    Join Date
    Dec 2005
    Location
    Edinburgh, Scotland
    Posts
    5,704
    Thank Post
    904
    Thanked 1,320 Times in 802 Posts
    Blog Entries
    1
    Rep Power
    445
    Change your ttl now! You want that set low for a few days before doing the switch. Really mx records are fine with 2 hour ttl normal use and if you know changes are coming you set it to 5 - 15m so changes are rolled out faster.

  18. Thanks to ZeroHour from:

    Oaktech (12th August 2013)

  19. #12

    Oaktech's Avatar
    Join Date
    Jul 2011
    Location
    Bournemouth
    Posts
    2,806
    Thank Post
    774
    Thanked 547 Times in 427 Posts
    Rep Power
    260
    Ok... We've done it.

    Cross your fingers everyone...

  20. #13

    Oaktech's Avatar
    Join Date
    Jul 2011
    Location
    Bournemouth
    Posts
    2,806
    Thank Post
    774
    Thanked 547 Times in 427 Posts
    Rep Power
    260
    It *seems* to be working atm...

    And Breathe!

  21. #14

    twin--turbo's Avatar
    Join Date
    Jun 2012
    Location
    Carlisle
    Posts
    2,334
    Thank Post
    1
    Thanked 381 Times in 340 Posts
    Rep Power
    150


    Well done.

    Although I don't seem to get a telnet session to your SMTP @84.45.115.116?


    Rob

  22. #15

    twin--turbo's Avatar
    Join Date
    Jun 2012
    Location
    Carlisle
    Posts
    2,334
    Thank Post
    1
    Thanked 381 Times in 340 Posts
    Rep Power
    150
    Quote Originally Posted by twin--turbo View Post


    Well done.

    Although I don't seem to get a telnet session to your SMTP @84.45.115.116?


    Rob
    Scratch that wrong ip ,

    Connects fine

SHARE:
+ Post New Thread
Page 1 of 3 123 LastLast

Similar Threads

  1. Another question about drives for servers
    By LeMarchand in forum Hardware
    Replies: 14
    Last Post: 13th March 2012, 10:21 PM
  2. Proxy server settings for N96
    By SimpleSi in forum Netbooks, PDA and Phones
    Replies: 1
    Last Post: 5th December 2008, 11:40 AM
  3. Opinions of Raid set up for new server.
    By tosca925 in forum Windows
    Replies: 10
    Last Post: 31st January 2007, 10:15 PM
  4. Question about GPO settings on IE
    By Kyle in forum Windows
    Replies: 4
    Last Post: 9th March 2006, 11:26 PM
  5. Question about fresh install of server 2003.
    By Kyle in forum How do you do....it?
    Replies: 8
    Last Post: 20th January 2006, 09:08 AM

Thread Information

Users Browsing this Thread

There are currently 1 users browsing this thread. (0 members and 1 guests)

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •