DNS vs. Smarthost
Javier Gomez - SBS MVP
I have seen numerous posts in the Small Business Server newsgroups regarding the use of Smarthost over DNS when using Exchange to send out mail. This document tries to present some of the pros and cons about both methods so you may choose wisely. I do not claim to be an expert on this matter, please feel free to contact me if you have any comments or concerns about it.
What is DNS or Smarthost?
This is the standard for sending mail. When Exchange needs to send mail to another domain it will look for the MX records of that domain and will attempt to contact the mailserver directly.
In this case Exchange takes your outgoing mail and sends it to another mailserver (which is called a “smarhost”, hence the name). The smarthost will deliver your mail to the other mailservers on your behalf. This is exactly what you do when you use Outlook Express to send mail using your ISP SMTP servers.
Why this is important?
Certain ISPs (like AOL) block email messages sent to their mailservers by using Reverse DNS lookups, several open relay blacklists and some other types of blacklists. If you don’t meet their criteria then you will not be able to send mail directly to these ISPs.
How they do that?
When your server sends mail to these ISPs they check if you comply with their rules. For example (AOL):
- Will check if your IP address is on a open relay blacklist (i.e. www.ordb.org)
- Will check if your IP address is in their list of dynamic IP addresses
- Will perform a Reverse DNS lookup on your IP to check if it corresponds to your domain.
If you fail on any of these tests your mail gets bounced back because of their anti-spam measures. Most ISP employs at least one of these measures (most common is the first one)
What I should do?
The first thing you should ask yourself is if you have a static IP or not? If you do, then check if you have the proper PTR records [How to check this?] so people can perform reverse DNS lookups and get your domain in return. Finally, check if you are in any kind of open relay spam list [How to check this?]. If all of the 3 things are ok then you can live with DNS without a hitch (at least for now).
If you do not have a static IP or you are unable to get the proper PTR records set up then you might need to consider using a smarthost. Why? Because when you use a smarthost the server that contact the actual recipient is your ISP mailserver (which supposedly takes good care of the server and has no problems sending mail to those domains).
Pros and Cons of each one?
- Eliminates the middleman. You don’t depend on your ISP mailservers to send mail.
- You have more control because Exchange is the one actually making the delivery (which you have complete control over it).
- If you have a domain name resolution problem your mail may take a little to get delivered.
- If the destination mailserver is not available for some reason, Exchange will keep trying. This may give the server some extra amount of work to do (little).
- You normally do not have to worry about all those anti-spam measures.
- Your ISP’s mailserver will keep trying to resend if it needs to do so.
- Sometimes this maybe the only choice as some ISPs do not allow port 25 outbound.
- If you are on a dynamic IP it is the only way to send mail to certain ISPs.
- You don't have much control. If the mail gets stuck at your ISP or something else happens you will be on the dark.
- Some people do not have access to their ISP mailservers (or is a premium service)
Different “Flavors” of Smarthosts
1) Forward specific domains to Smarthost.
This one is nice because you do not depend on your ISP’s mailservers for delivery except for those domains that cause trouble (other domains keep using DNS). However, the list of ISPs blocking because of these anti-spam measures is not static and you will need to keep it updated each time you get an errors sending to a particular domain.
2) Forward all mail to a specific Smarthost.
In this case you don't have to worry about the delivery anymore (in most cases). Ideally, your ISP knows what to do to keep their mailservers running and playing along with other ISPs today and in the future when things change again. The drawback is if your ISP is bad and/or slow then you probably will end up worse that with what you started.
How do I set this up?
DNS or Smarthost-
Run the Internet Connection Wizard (ICW on SBS2000) or Configure Email and Internet Connection Wizard (CEICW on SBS2003) and select either option.
On SBS 2003 select “Use DNS to Router e-mail” if you want to use DNS or select “Forward all e-mail to e-mail server at your ISP” and put your ISP’s SMTP server name there to use smarthost.
On SBS 2000 select “Use domain name system (DNS) for mail delivery” if you want to use DNS or select “Forward all mail to host” and put your ISP’s SMTP server name there to use smarthost.
Smarthost for specific domains-
Follow the same instructions for DNS (above) and then go to Start-> Programs-> Microsoft Exchange-> Exchange System Manager. Right click on Connectors and select New-> SMTP Connector.
Write down a nice name to the new connector, select “forward all mail” and put your ISP’s SMTP server on the box provided. On the Local Bridgehead section press “Add” and select your server from the list. Finally, go to the Address Space Tab, press Add and put the name of the domains that you want to use smarthost instead (i.e. AOL.com).
Acknowledgments and References
Many of the arguments presented here are product of numerous discussions on the SBS newsgroups (especially with Ray Fong, Chad Gross, SuperGumby and Merv Porter). I am truly grateful to each and every one that collaborates on the newsgroups.
If you want to learn more about the concepts presented here you should check these (thanks to Chad and Merv for the links):
How Reverse DNS Works
Description of DNS Reverse Lookups
How does DNS work
Do a google search for “Cannot send mail to AOL”
There are a lot of ways. The easiest way (I think) is that you go to www.dnsstuff.com and put your public IP address on the Reverse DNS lookup box. If you get back your domain then you have it right. The other two possibilities are that there are no PTR records or that it points to your ISP domain, neither of them will pass a Reverse DNS lookup test.
Alternatively, you can learn a lot about your domain on www.dnsreport.com. Check the MX section for “Reverse DNS entries for MX records”. Be aware that the test that they perform is only that the PTR record exists (not that it matches your domain).
First, check that you are not an open relay:
Now, check out this site (there are others):
-Test for Open Relay
-Remove an Open Relay
Use “Database Lookups” to see if you are blacklisted. The other two should be pretty self-explanatory.
This site Copyrighted by Susan Bradley, CPA/CITP, MCP, please distribute it as you see fit,
I make no warranties regarding the information contained in the links listed above. Surf at your own risk.