What exactly is an MX record (Mail Exchanger)?
A MX (Mail Exchanger) record in its simplest form is a DNS entry for a domain which when queried by a sending MTA (SMTP Server) tells it where the destination MTA is.
A properly configured MX will consist of a correctly defined Alias record as MX records cannot be defined from CNAME or direct IP Addresses.
When a sending SMTP server wishes to send mail to a recipient in a particular domain, it will query DNS which will return a list of Smart Hosts (SMTP Servers) that accept mail for that domain which are ordered by a “Preference”.
The sending MTA will then try and establish an SMTP connection with the first host with the lowest preference number for that domain and it will deliver the message to the server that responds.
The following is a visual example of this process:
In the event that your primary MX host is down (for example the MX entry with a preference of 10) then the sending MTA will attempt a connection with the MX host configured as preference 20 – the following visualises this concept:
You can configure two MX records for your domain with the same preference number which will have the effect of pseudo load balancing via a round robin approach as the sending MTA will randomly choose a configured MX host. You should also be aware that if you have two MX records for your domain one as a primary Mail Server and one as a Secondary – you must protect your secondary server in the same way as you primary (for Example if you are running or using any form of Anti-Viral / Spam / Porn filtering on the preference 10 MX record you should also make the same provision for the MX 20.
A common tactic that malware / viral proliferation use is to connect to the backup MX record on the off chance that there is little or no protection for that MTA but, still provides a route into you mail system – so you should ensure that you maintain protection for your mail environment even on redundant routes.
There are so many ways to configure MX records for your domain – some of which are good some are bad – and it would take quite a while for me to go into the details of good and bad practice – however there are tools on the Internet that you can use to report on the configuration of your domain and highlight any potential issues.
My favourite tool is www.dnsreport.com which provides a very detailed look at your DNS configuration provides useful suggestions on what you can do to eliminate issues.
I hope that you have found this useful – and its good to be back blogging again after a long break – thanks to those of you that have sent in your wishes.