Mx Record - Fortinet FortiMail-100 Install Manual

Key concepts

MX record

FortiMail™ Secure Messaging Platform Version 4.0 Patch 1 Install Guide
Revision 2
http://docs.fortinet.com/ • Feedback
Mail Exchanger (MX) records are configured on a DNS server. MX records for a domain
name indicate designated email servers or email gateways that deliver email to that
domain, and their order of preference. In their most simple form, MX records use the
following format:
example.com IN MX 10 mail.example.com
where:
• example.com is the name of the domain
• IN indicates the Internet protocol class
• MX indicates that the DNS resource record is of the MX type
• 10 indicates the order of preference (greater values indicate lower preference)
• mail.example.com is the host name of an email server or gateway
When an email client sends an email, the sender's MTA queries a DNS server for the MX
record of the domain name in the recipient's email address. To resolve the host name of
the MTA referenced by the MX record, it then queries for the A record of the destination
MTA. That A record provides the IP address of the email server or gateway. The sender's
MTA then attempts to deliver the email to that IP address.
For example, if the recipient email address is user1@example.com, in order to deliver the
email, the sender's MTA would query the MX and A records to determine the IP address of
the email gateway of example.com.
Often, the domain name and/or IP address of the email domain is different from that of its
email server or gateway. The fully qualified domain name (FQDN) of an email server or
gateway may be a subdomain or another domain name entirely, such as that of the MTA of
an Internet service provider (ISP). For example, the email gateways for the email domain
example.com could be mail1.example.com and mail2.example.com, or
mail.isp.example.net.
If your FortiMail unit will operate in transparent mode, and you will configure it be fully
transparent at both the IP layer and in the SMTP envelope and message headers by
enabling "Hide this box from the mail server" in the session profile, "Hide the transparent
box" in the protected domain, and "Use client-specified SMTP server to send email" for the
proxies, no MX record changes are required.
If your FortiMail unit will operate in gateway mode or server mode, or in transparent mode
while not configured to be fully transparent, you must configure the public DNS server for
your domain name with an MX record that refers to the FortiMail unit which will operate as
the email gateway, such as:
example.com IN MX 10 fortimail.example.com
Caution: If your FortiMail unit will operate in gateway mode or server mode, or in
transparent mode while not fully transparent, configure the MX record to refer to the
FortiMail unit, and remove other MX records. If you do not configure the MX record to refer
to the FortiMail unit, or if other MX records exist that do not refer to the FortiMail unit,
external MTAs may not be able to deliver email to or through the FortiMail unit, or may be
able to bypass the FortiMail unit. If you have configured secondary MX records for failover
reasons, consider configuring FortiMail high availability (HA) instead. For details, see
"FortiMail high availability modes" on page
Note: For more information on gateway mode and server mode, see
modes" on page 19.
The role of DNS in email delivery
19.
"FortiMail operation
17