0

I work for a company that is located in an area where the fastest Internet connection available is 3M/512K DSL. Due to growth of Internet use we now have configured (4) DSL connections in our SonicWall TZ-210 router using "Ratio" load balancing.

In order to make this setup work I had to configure a route so that all outbound email goes out on port X1, our original DSL connection. Without this routing we frequently get return failures. Our X1 DSL connection is the one that has SPF and PTR records configured. It's also the IP address to which our MX record is forwarded.

Looking at the reports in the SonicWall I can see that this X1 connection is by far the busiest, not to mention that our server (SBS 2008, our only server) is sending and receiving some 90% of all Internet traffic. Is there some way that I can allow our server to send out emails on any of our DSL connections/IP Addresses? Do I just need to setup PTR records (reverse DNS) for each of our DSL connections/IP Addresses?

HK1
  • 268
  • 3
  • 14

2 Answers2

1

You can look into moving sending/receiving capabilities to some relay system, e.g Linux, appliance-type server. You probably should configure one DSL internet connection for WEB traffic and the others for SMTP, you should inspect the traffic generated to/from your system and decide appropriately. In the DNS zone just create 3 A/PTR records, say mail1.domain.com, mail2.domain.com, mail3.domain.com and utilize all 3 others DSL connections.

Vick Vega
  • 2,398
  • 16
  • 22
  • 1) Your suggestion to configure 1 DSL for Internet and 3 for Email is spot on, except that it appears you missed the critical point of the post: How do you configure the DSL connections to so that we don't get return failures when using them to send out email? The A records your suggesting won't help. – HK1 Feb 10 '11 at 18:27
  • A and PTR records, Can you please explain why? – Vick Vega Feb 10 '11 at 18:29
  • PTR is reverse DNS. Many email systems will reject an email that comes from an IP address that has a Reverse DNS name that does not match the email domain for the sent email. Does that make sense? A records deal more with receiving email into our email system which is, well, somewhat relevant. I'm more concerned about sending email I guess, which I did not say in the original post. – HK1 Feb 10 '11 at 18:32
  • If the email domain is domain.com as indicated in my post, why would mail1.domain.com, mail2.domain.com, mail3.domain.com will be treated differently? ISP will be required to add those PTR records to it's DNS zone. And the client will be required to add the external IPs of the DSL lines to it's own DNS zone as A records. – Vick Vega Feb 10 '11 at 18:35
  • How do the receiving email systems use the PTR record? Do they strip off the subdomain and simply verify that mydomain.com in the PTR record matches the sender's stated email domain in the senders email address? – HK1 Feb 10 '11 at 19:46
  • They validate that the connection initiated by the server through the IP that has an A record of mail1.domain.com actually has a PTR record in the reverse lookup zone. – Vick Vega Feb 10 '11 at 19:50
  • For outgoing email, is the A record necessary? – HK1 Feb 10 '11 at 21:01
  • Well, it might seem as not required, however I would do such a testing only with test domains. I would assume that various anti-spam solutions do such a check. – Vick Vega Feb 10 '11 at 21:05
0

It sounds more like your load balancer isn't working right if 90% of all bandwidth is on one connection.

That said, sure, you can create RDNS entries for all of your IP addresses and that will work fine. In DNS, a single IP address can have many hostnames, and a single hostname can have many IP addresses. You can also specify more than one IP address in your SPF record. We do that, in no small part because we're an ISP with several mail servers for outgoing mail.

Ernie
  • 5,324
  • 6
  • 30
  • 37
  • The 90% on one connection is because, apparently, 90% of all our traffic is email. Remember, I'm forcing all email to go through X1 which is the one showing the high usage. – HK1 Feb 10 '11 at 18:14
  • Well even so, you should be able to do exactly what you propose: add each IP address to your SPF and RDNS records for mail.yourdomain.com. Or you can just as easily move your mail server to a colocation space on a 100 Mbps internet connection. I can think of a dozen other reasons to do so as well. – Ernie Feb 10 '11 at 21:02
  • "I can think of a dozen other reasons to do so as well." - If I understand you correctly you're saying it would be advisable for a large variety of reasons to run the email server elsewhere? How would this help since the outlook clients still have to push/pull the same emails from the server? – HK1 Feb 10 '11 at 21:50
  • Easy. You can load balance the traffic over your 4 ADSL connections. Unless I'm missing something and Exchange does SPF and reverse dns lookups on Outlook clients? I thought the point was to provide one point of contact between Exchange and other SMTP servers on the internet to prevent bouncebacks from those other SMTP servers. Other benefits usually include a better operating environment, backup power, and redundant internet connections. You can also look into hosted Exchange solutions. – Ernie Feb 10 '11 at 22:39