Host Corporate Email — Part 3

In part two of this four-part series, you set up user accounts, storage restrictions, and authentication methods for new email hosting on an OS X server. This week, we'll look at what it takes to bring your new mail server up smoothly on your internet domain.

Testing An Isolated Email Configuration:

As much work as you've done up until now, the only machine that knows you're running mail service is the email server itself. Take advantage of that fact to adequately test your existing configuration, sending messages to a test account (from both inside and outside your network), collecting them using an IMAP client configured specifically for this purpose, and using the machine as an SMTP server to send mail out to other addresses. It's ten minutes of mild annoyance, but it could save you hours of frustration if there are problems you don't find until the system is live.

MX Records And The Domain Name System:

Once you know your server can send and receive mail properly, it's time to let the whole world know it's there. Like most internet services, successful communication between machines requires that the appropriate DNS information be available to every computer involved in the transaction. While it's unlikely you'd implement your own mail system without a strong working knowledge of the Domain Name System, email is unusual in that you'll need to adjust DNS both inside your own network and out on the internet.

On your internal DNS servers, you'll have to point to your mail servers (in the form of MX records). In the DNS Zones settings of Server Admin, simply click the "plus" button next to the "Mail Exchangers" field and fill in the hostnames for the email servers you're about to configure. Then assign the priority (the order mail delivery is attempted) to those hosts, usually 10 for the primary MX (the only server set up so far).

If the DNS servers you administer control the DNS for your external domain as well, then mail will start moving towards your new servers as the new MX records propagate across the internet Domain Name System. More likely, your external DNS is controlled by a parent company or bandwidth vendor. In those cases, you'll need to have them change your external MX records as well.

Testing Your MX Records:

When an email client sends mail to an address like user@example.com, it queries it's DNS servers for the MX record to the example.com domain, and makes an SMTP connection to send mail to the server address that's returned. So once you hit "Save" in the bottom right of the Server Admin window (or your ISP does the equivalent on their end), every machine that receives your updated information will start sending mail to your new servers.

Once you've flipped the switch, it makes sense to check the MX records for your local environment immediately. Open the Network Utility application, select the "Lookup" pane, then "MX Record" from the pull-down menu. Enter your domain name and click "Lookup" to see the current data offered by your immediate DNS provider.

Be aware, however, that DNS is propagated in fits and starts, as each server synchronizes MX record changes at their own pre-determined schedules across the internet. Machines which share your primary name server may begin using the updated MX records immediately, with large ISPs following suit in a matter of minutes, while international providers or smaller services could take hours or (in a worse case but not uncommon scenario) days.

As a rule of thumb, you'll want to have your DNS settings in effect at least 48 hours before your users need to rely on dependable mail delivery (with a common strategy being to enact changes Friday evening one the office is empty). Come Monday morning, your users should have a brand new mail system, fully operational and under your company's control.

Next Week: In our fourth and final installment, we'll take a look at strategies for redundancy and high-availability to make OS X email truly suitable for corporate use.

Recommended Reading: Paul Kincaid-Smith's article Configuring DNS For Standards-Based Mail Service gives an excellent overview of the issues administrators most often face with MX records.