Exchange Server: Changeover from POP retrieval to MX record

I am still receiving mails about the changeover from POP3 retrieval to direct receipt of mails via MX record in connection with various Exchange versions. I actually thought that retrieving mails from a provider via POP3 and delivering them to local Exchange servers was a thing of the past, but this seems to be more common than I thought. So here's a short article on the subject.

Procedure for switching from POP3 retrieval to receipt via MX

The procedure is quite simple and quick to carry out, but there are a few requirements to ensure that it runs smoothly:

1. A fixed IP address should be available (IPs from dynamic address ranges are usually blocked by most recipients)
2. The host of the domain (e.g. frankysweblab.de) must allow the MX record to be changed
3. The provider of the Internet connection (e.g. Telekom) must allow the setting of a PTR record
4. A certificate is required, Let's Encrypt offers these free of charge. SMTP without encryption is bad
5. You must take care of appropriate protection yourself (AntiSPAM, AntiVirus)

To ensure that nothing goes wrong during the changeover and that mails are not lost, it must be checked before the changeover whether all e-mail addresses exist on the Exchange server. Years ago, I once saw a very unfortunate configuration in an environment. The hoster of the domain had only created one catch-all mailbox, and countless redirects were defined in the POP connector, something like this:

• info@domain.de send to benutzera@domain.de
• benutzera@domain.de deliver to benutzera@domain.de
• bestellung@domain.de send to benutzerb@domain.de
• irgendwas@domain.de send to benutzera@domain.de
• etc, etc, etc
• deliver everything unknown to benutzerb@domain.de

In such a case, all redirects can be resolved first; you could work with distribution groups or shared mailboxes, for example. It is particularly stupid if there is a redirect from all unknown addresses to one user, because this user can theoretically be reached under umpteen mail addresses. This is where message tracking helps to find used addresses.

To switch from POP retrieval to reception via MX, I therefore proceed as follows:

1. Create HOST-A entry for the MX (e.g. mail.frankysweblab.de with reference to the fixed IP)
2. Create PTR (reverse pointer) for the HOST-A entry (e.g. fixed IP with reference to mail.frankysweblab.de)
3. Make Exchange Server or AntiSPAM Gateway accessible from the Internet under the fixed IP with port 25 TCP (SMTP) (e.g. via NAT)
4. Test whether an SMTP connection is possible (MXToolbox SMTP Check)
5. Check that the fixed IP is not on any blacklist (MXToolbox Blacklist Check)
6. If the domain host allows it, the TTL of the MX record can be reduced before the changeover, for example to one hour. However, this is not absolutely necessary, patience works just as well.
7. Change the MX record to the HOST-A record (e.g. mail.frankysweblab.de)
8. Wait 24 hours and carry out tests from time to time (MXToolbox MX Test)
9. Deactivate / uninstall POP Connector
10. Delete POP mailboxes at the hoster

That's all there is to it. Normally a completely painless changeover.

Short example using Strato and Telekom

Here is a simple example of the procedure using the domain frankysweblab.de (my new test domain). The domain is hosted by Strato, the Internet provider with the fixed IP is Telekom.

The Strato mail servers are set as MX for frankysweblab.de at the Strato host, the mails are collected from the Strato POP servers via POP3 and POP Connector and delivered to the Exchange server:

A HOST-A entry is therefore created first, with some hosters this is also a subdomain with a HOST-A entry, this varies from hoster to hoster. At Strato, a subdomain must be created first, in this example mail.frankysweblab.de:

The HOST-A is then configured to the fixed IP for the subdomain:

After the Host-A has been created, it looks something like this:

The PTR entry is again created at the provider of the Internet connection (where the fixed IP comes from). In this case, this is Telekom:

The reverse resolution is now configured here, fixed IP to name. In the screenshot it says mail.frankysweb.de, so for this example it should be mail.frankysweblab.de, but I didn't want to change the PTR of my fixed IP now:

As soon as the remaining steps in the above list have been completed, the MX must be changed at the hoster (in this case Strato):

Now you have to wait 24 hours. As a rule, no more mails should land in the POP mailboxes after 24 hours.