| Make Kerio use MX records instead of A records when resolving domain name [message #140535] |
Thu, 02 August 2018 16:10  |
 |
lgsit
Messages: 38
Registered: December 2012
Location: /home/lgsit
|
|
|
|
Hello guys!
I have a question regarding mail forwarding. Is it possible to tell Kerio to use MX records instead of A records when resolving a domain name? I already added MX records to my DNS zone (local network) - one for my primary mail server (Kerio) and one for my backup mail server (Postfix).
Let's say that my domain is called example.com. Then my zone looks like this (just an excerpt):
mail IN MX 10 pri
mail IN MX 20 sec
pri IN A 127.0.0.1
sec IN A 127.0.0.2
The MX record mail.example.com resolves to pri.example.com and sec.example.com, which in turn resolve to 127.0.0.1 and 127.0.0.2.
When I set the host to mail.example.com in my domain forwarding rules (Domains -> (Tab) Forwarding) or the SMTP Delivery settings (SMTP Server -> (Tab) SMTP Delivery) and then send a test mail, I can see the following lines in the log:
[02/Aug/2018 00:00:00][110] {dns} Looking up host mail.example.com in DNS...
[02/Aug/2018 00:00:00][110] {dns} Searching cache for A records for host mail.example.com
[02/Aug/2018 00:00:00][110] {dns} Searching DNS for A records for host mail.example.com
[02/Aug/2018 00:00:00][110] {dns} Querying server no. 1, address 127.0.0.254
[02/Aug/2018 00:00:00][110] {dns} Got answer
[02/Aug/2018 00:00:00][110] {dns} Valid answer arrived
[02/Aug/2018 00:00:00][110] {dns} DNS query for name mail.example.com returned no A records
[02/Aug/2018 00:00:00][110] {dns} Host mail.example.com not found in DNS
So, Kerio tries to get the A record of mail.example.com, which does not exist (on purpose!) and fails to deliver the mail. I know that it is possible in Postfix to make it resolve either MX records or A records. For example in the main.cf you can say:
relayhost = mail.example.com
Or force Postfix to resolve A record instead of MX records:
relayhost = [mail.example.com]
This already works perfectly fine (in Postfix), but I would like to have this behavior in Kerio, too.
Any help would be appreciated!
Regards,
Matthias
|
|
|
|
| Re: Make Kerio use MX records instead of A records when resolving domain name [message #140539 is a reply to message #140535] |
Thu, 02 August 2018 23:27  |
Bud Durland
Messages: 586
Registered: December 2013
Location: Plattsburgh, NY
|
|
|
|
Be careful to not confuse domains with hosts. An MX record belongs to a domain, and defines the host that processes mail for that domain. sending mail to an address (john<_at_>example.com) requires two DNS lookups. The first is for the MX record for 'example.com', which in your example will return the host name 'pri'. The sending server will attempt to connect to 'pri', which will create a second DNS lookup for 'pri', returning 127.0.0.1.
In the case of Kerio's two options 'send mail for unknown users to this host' and 'use this mail relay server host', there is no MX lookup, because it's been told to connect directly to the host 'mail.example.com' and send the mail. 'mail.example.com' is not a domain (unless you've done some DNS trickery defining a 'mail.' sub-domain), therefore won't have an MX record (although the 'example.com' domain could have an MX record that points to 'mail.example.com').
So if you want Kerio to use some other mail host to accept mail for missing accounts, for a relay server, you need to specify the host name or IP address of a machine that can accept mail.
I cannot speak about PostFix.
|
|
|
|
| Re: Make Kerio use MX records instead of A records when resolving domain name [message #140548 is a reply to message #140539] |
Fri, 03 August 2018 14:26 |
|
lgsit
Messages: 38
Registered: December 2012
Location: /home/lgsit
|
|
|
|
Thank you for your answer and clarification. You're right: I have confused domains and hosts a bit. And if I understood you correctly, I implicitly created a subdomain (mail) with the corresponding MX records for mail.example.com?
What I actually want to achieve is an automatic failover in case the primary server (pri.example.com) is not available. Then the mails should be forwarded to the secondary server (sec.example.com). The scenario is this: I have a peripheral mail server (mail.foobar.com) with a few accounts (alice@foobar.com, bob<_at_>foobar.com, etc.) and the server resides in a separate network (VLAN) and domain (foobar.com). All mails for which he is not responsible should be forwarded to the primary mail server (pri.example.com). That's why I put him there as a relay host. But as already mentioned above, this way should be redundant, so if the primary mail server is not reachable, the secondary server should step in. This could be solved by DNS only, if Kerio (at mail.foobar.com) looked up the MX records of the domain (example.com) when forwarding to the relay host.
I used the example with Postfix, because there it is possible to control whether Postfix performs MX lookups or not. My secondary mail server is a Postfix and I have two mail gateways (also Postfix; forward mails to the internet) redundantly connected as its relay hosts. There I used the DNS trick you mentioned with a subdomain (mailgate.example.com) and the corresponding MX records (10 mailgate1.example.com, 20 mailgate2.example.com). As a relay host I simply specified mailgate.example.com and thus Postfix asks for the MX records of this subdomain. Works exactly as desired.
Here is an excerpt from the documentation of Postfix:
Quote:On an intranet, specify the organizational domain name.
In the case of SMTP, specify a domain name, hostname, hostname:port, [hostname]:port, [hostaddress] or [hostaddress]:port. The form [hostname] turns off MX lookups.
Examples:
relayhost = $mydomain
relayhost = [gateway.example.com]
relayhost = [an.ip.add.ress]
But now back to my original question: Kerio definitely wants a host name or IP address and I can't make it perform MX lookups for the domain at this point, as it is possible in Postfix?
(I have also attach a small diagram to illustrate the situation)
-
Attachment: example.png
(Size: 7.39KB, Downloaded 492 times)
[Updated on: Fri, 03 August 2018 14:47] Report message to a moderator |
|
|
|
| Re: Make Kerio use MX records instead of A records when resolving domain name [message #140561 is a reply to message #140548] |
Fri, 03 August 2018 20:31 |
Bud Durland
Messages: 586
Registered: December 2013
Location: Plattsburgh, NY
|
|
|
|
|
Presuming that pri.example.com and sec.example.com are both running kerio connect, you can just define 'foobar.com' as a second domain on both servers. Configure the 'foobar.com' domain to forward mail for unknown users to 'mail.foobar.com', and don't add any users. In effect, anything that either server receives for '*<_at_>foobar.com' will be relayed to 'mail.foobar.com', and that server will take care of bounces.
|
|
|
|
| Re: Make Kerio use MX records instead of A records when resolving domain name [message #140591 is a reply to message #140535] |
Wed, 08 August 2018 16:51 |
|
lgsit
Messages: 38
Registered: December 2012
Location: /home/lgsit
|
|
|
|
Please excuse my late reply (I was on vacation).
That's a good idea to have a second domain on both servers. But I need it the other way round: from mail.foobar.com (Kerio) to pri.example.com (Kerio) or sec.example.com (Postfix). But I will set that up on mail.foobar.com in this way (set up example.com as a second domain). Will Kerio then ask for the MX record for example.com and send the mail to one of the two servers (depending on the priority)?
Unfortunately the internal structure is even more complex than shown here in the graph and the configuration is quite a mess. There are even forwarding rules for individual users (like you go here but you go there, the rest goes somewhere else...).
But I will take up your idea and try it out in the next few days. Many thanks for that!
Regards,
Matthias
|
|
|
|
Members
Search
Help
Register
Login
Home
