Inbound Relay Technical Arrangements

Download as PDFDownload as PDF
  • Route using Mail eXchanger (MX) records
  • Route using A records
  • Route to a specific host
  • Notes for Non-local MX

1. Route using Mail eXchanger (MX) records

(This option is illustrated in the section Setting up the Janet Mailer Shield.)

2. Route using A records

At present you will be announcing yourself to the world with a DNS entry like this: 
orgname.ac.uk. IN MX 3 mail1 .organisationname.ac.uk.

Everyone in the Internet sends your mail to mail1. You also have to publish the IP address of mail1 at your nameserver in the usual way:

$ORIGIN orgname.ac.uk
mail1 IN A 192.168.19.84

You will remove that MX (Mail eXchanger) record and use instead: 

organisationname.ac.uk. IN MX 20 relay1.jms.ja.net.
organisationname.ac.uk. IN MX 10 relay3.jms.ja.net.

People send your mail to one of the JMS relays, whose IP addresses are published in the Janet nameservers.

The numbers in these MX records indicate the order in which senders should try the relays; lowest number is for first choice. The JMS staff will tell you which relays to list and what preference numbers to use for each. The order in which the records appear does not matter.

The IP addresses used above are for example only: yours will of course be different.

Please also see the note for non-local MX, below.

3. Route to a specific host

With this option you simply have a single MX record pointing to the Janet Mailer Shield service, and you provide us with a single host name to which all your e-mail should be sent. The host name given may contain multiple address records if you have multiple local servers. For the site from the above examples, this would become something like:

organisationname.ac.uk. IN MX 7 jms.ja.net .

mail.organisationname.ac.uk. IN A 192.168.19.84
  IN A 192.168.19.85

The IP addresses used above are for example only: yours of course will be different.

The Janet Mailer Shield service will route all your e-mail to mail.organisationname.ac.uk. As that has two (or more) address records, if one were unavailable then the Janet Mailer Shield service would try the other. E-mail from the Janet Mailer Shield service to local servers will be randomly sent to any one of the listed IP addresses so all servers must be fully configured to accept the e-mail and handle it locally.

Please also see the note for non-local MX, below.

Notes for Non-local MX:

DNS MX records are explicitly intended for use in routing e-mail. When an e-mail server tries to send e-mail, it queries the DNS for the list of MX records registered for the recipient domain. It will then try to send the e-mail to the MX record with the smallest MX value. If that fails it will try the second smallest and so on until it finds a server that will accept the e-mail. That server must then either accept the e-mail as local, or try to relay it on to a host with a lower MX record than it has. That means your local host(s) must have a smaller MX value than the Janet server for this to work.

Options 2 and 3 above do not point to any local MX records at your site. This is cleaner than option 1 because e-mail comes to the Janet Mailer Shield service directly rather than having to be refused by your mailer first. These options require specific configuration on the Janet Mailer Shield service server, which may need updating if you alter the DNS details for the domain name you use for accepting e-mail. It also means that you MUST configure all your local e-mail servers and clients to send local e-mail via your server. Otherwise it could be routed via the Janet Mailer Shield service, which would be very inefficient. With this method, no external RFC-2821 compliant e-mail servers should send e-mail to you directly, although most spammers and hackers are not RFC-compliant. If you do not want direct connections from any hosts other than the Janet Mailer Shield service, a firewall or router access list is required. The list of servers in use by the Janet Mailer Shield service will be provided when you are registered, and any subsequent updates will be announced on the Janet Mailer Shield service contact mailing list.