Kelly:
While Eric's reply is clear about the fact that the MX record has to use
an A record reference (vs CNAME), I think the answer you need here is
simply that the A-record has to point to the correct IP address. What
name you put in the MX record is of little import, so long as it
references an A record that points to the correct IP address.
===
By way of examples (for other users):
Say my mail host is at 10.0.0.2, behind a NAT router with WAN IP address
*1.2.3.4* (apologies to Google for using their IP in my example).
- my mail host listens on ALL the standard ports (25, 80, 110, 143,
443, 465, 587, 993, & 995) for web and mail hosting (all forwarded
through my router).
- my mail host uses a name of *mail.qmthosting.com* (that's one of MY
OWN hosting domains, so no worries about using it here)
- my clients each have their own domains (for grins, we'll use
*a.com*, *b.com*, *c.com*, etc)
- in general, my clients DNS servers (whether hosted by me or not,
with entries for their domains that look like:
* @ IN MX 10 mail**
** mail IN A 1.2.3.4*
Thus, to the outside world, they have an MX server at *mail.a.com*,
which resolves to *1.2.3.4*. (Their domain name, their A record, my IP
address).
Now, where the SPAM detection for IP addressing starts is when an
outside mail server connects:
- sendingdomain.com wants to send to *u...@a.com* & detects the MX
record is *mail.a.com*, which resolves (by A-record) to *1.2.3.4*
- sendingdomain.com connects to *1.2.3.4* on port 25 and gets an *EHLO
*response that the name of the server is *mail.qmthosting.com*
- sendingdomain.com then does a DNS query for *mail.qmthosting.com*
and gets an IP of *1.2.3.4* -- so far, so good
- sendingdomain.com next does a DNS query for 1.2.3.4 (actually,
*4.3.2.1.in-addr.arpa*) and gets a PTR value of *mail.qmthosting.com* --
bingo! a match!
- sendingdomain.com continues sending the message (presumably to a
domain in the rcpthosts file)...
The trouble comes when you want to connect your */clients/*...
- for *webmail*, I simply create an entry for each domain
(*https://mail.a.com*, etc) that redirects to the real ssl page
*https://mail.qmthosting.com*. That way the SSL certificate (which only
has the name mail.qmthosting.com in it) works. (I do not allow webmail
access except through https).
- for IMAP mail, there are 3 options:
a) connect to *mail.a.com* on port *143 *and use *IMAP *with /_no
security_/ (BAD IDEA -- I only allow this on one host, and only because
the client INSISTS upon it)
b) connect to *mail.a.com* on port *993 *and use *IMAP over SSL* --
clients will have /varying degrees of difficulty /as the SSL Cert won't
match the host name
c) connect to *mail.qmthosting.com* on port *993 *and use *IMAP
over SSL* with my_*trusted SSL certificate*_ (names match, so no errors,
and no worries!)
NOTE: Most clients choose option C -- in large part because I tell
them to :)
- The same general idea goes for POP access, only on ports 110 and 995.
SMTP access is a little more tricky... it is a BEST PRACTICE to disallow
SMTP-AUTH on port 25 (because it can be abused -- I'm not sure how, but
all the major anti-virus and anti-spam companies tell me so, and I'm not
of a need to determine exactly why -- I have bigger fish to fry!). Since
this is the only un-authenticated access to the system, this port's SMTP
service is plugged into SPAMDYKE -- which has been told to NOT allow
SMTP-AUTH. But that is OK, because we're talking about CLIENT access to
an SMTP server here:
- I allow SMTP-AUTH with or without SSL on port 587 (if you choose to
enable SSL, remember that the certificate is for the site
mail.qmthosting.com)
- I allow SMTP-AUTH only with SSL on port 465 (again, remember that
the certificate is for the hostname mail.qmthosting.com).
So, clients can configure their SMTP access as being on port 587 using
mail.a.com, or port 465 using SSL and the host name mail.qmthosting.com.
I really need to post some of this on the WIKI ... sigh when I'm less
overworked :)
Dan
On 4/25/2014 7:41 PM, Kelly Cobean wrote:
Sorry about the hijack Eric. Won't do that again. One last question. Should
the MX records for the other domains indicate the hostname that is in the me
file or should they be a record for a host in their own domain that maps to my
server ip? Ie should I have 5 domains all with identical MX entries?
Sent from my iPhone
--
IT4SOHO, LLC
33 - 4th Street N, Suite 211
St. Petersburg, FL 33701-3806
CALL TOLL FREE:
877-IT4SOHO
877-484-7646 Phone
727-647-7646 Local
727-490-4394 Fax
We have support plans for QMail!
