Valid MX record for...
 
Notifications
Clear all

Valid MX record for installation, but can I remove the MX record afterward

3 Posts
2 Users
0 Reactions
369 Views
(@jimdo)
Joined: 1 year ago
Posts: 5
Topic starter  

Hi,

We have a server installed with Carbonio CE. All works fine. As indicated in documentation, we created a valid MX record and FQDN for the installation.

We also have Mailcleaner running as in our prior system (we migrated from Zimbra OSE). The MX record for mailcleaner is mail.mydomain.com, with priority 10, and the one for Carbonio is mail3.mydomain.com with priority 30 (also have a mail2.mydomain.com with priority 20 as secondary in case mail.mydomain.com falls down). 

Normally, mails arrived on mail.mydomain.com, then after all checking and cleaning, are sent to Carbonio. But it's common for spam to target the mail server with the lowest priority.

Hence my question, now that Carbonio has been set up and is running, can we remove the MX record (and keep only the A)? Or can we limit incoming mails to mail.mydomain.com and mail2.mydomain.com?

Thanks in advance

J.

 

 


   
Quote
(@sharif)
Admin
Joined: 3 years ago
Posts: 593
 

@jimdo

Hi,

We are glad that you found Carbonio CE trustworthy and useful. And we will take it as complement and would try our best to keep our commitment.

Now, about the statement "But it's common for spam to target the mail server with the lowest priority.", we did not find enough information to back that idea so don't worry about that.

You can set the priority of Carbonio CE (mail3.mydomain.com) to 10 or lowest so that it becomes the active receiving server. For the backup purposes, you can keep mail2.mydomain.com with priority 20 and even mail.mydomain.com with priority 30.

But per say you can not split incoming emails in two servers.  Technically you can do some tuning in MX records to have multiple servers under a single  MX record but in that case incoming emails will be delivered to all the servers under the single MX record in round robin fashion. which is not an ideal splitting scenario. Also you can try split DNS but that's a whole another level of concept but I would not recommend that also.

So I just wanted to give you ideas of different scenarios., but I would request you to keep it simple.

I hope you can understand what I wanted to explained.

Have a good day!

Regards,

Sharif


   
ReplyQuote
(@jimdo)
Joined: 1 year ago
Posts: 5
Topic starter  

Dear Sharif,

thanks for taking time to reply.

Actually, in our former setup (Mailcleaner + Zimbra OSE), 100% of mails were filtered by Mailcleaner, and we achieved to have an acceptable level of remaining spams. Mailcleaner act as a relay, so when migrating to Carbonio as production server, we only had to change the address to relay messages from zimbra.mydomain.com to mail3.mydomain.com (which points to Carbonio server). That works perfectly, and when I check regular messages, I can see in headers that they have passed the Mailcleaner filters

But the mail3.mydomain.com is now exposed as a MX record, though with a lower priority, and we are facing a significant increase in spams. When I checked those spams, I realized that those spams are directly received from spammer by mail3.mydomain.com (Carbonio production server), and not filtered by Mailcleaner. I have not checked the literature lately, but I remember reading articles indicating that spam bots could target preferably the server with lowest priority as it is usually a backup server with less attention). As the solution with Mailcleaner works well (either for spams rejected definitely or for messages sent to quarantine), I would like to keep the same setup. 

If I need to keep the MX exposed, then is it possible to allow incoming mails only from the relay Mailcleaner and reject all other sending servers? The issue is that I didn't see that problem when doing trials but only now that we switch to Carbonio as a production server (so I don't want to play with MX record if I risk to stop service).

Have a great day.

J

 

This post was modified 9 months ago by jimdo

   
ReplyQuote