Jump to content

I don't understand how this MX record works.


plippy7

Recommended Posts

I don't understand how MX records work when the MX record is the name of the website.

For example: mail.mdmconsultancy.com is the MX of mdmconsultancy.com and altgroupltd.com is the MX of altgroupltd.com.

Which company is providing mail services to these two websites?

Something like alt1.aspmx.l.google.com or fb.mail.gandi.net makes sense to me but I don't understand what the two above mean.
 

Link to comment
Share on other sites

There would be a mail server running on the primary server. Confirm that with a portscan against the primary server. 
Like in your listings, there "could" be a mailserver on altgroupltd.com. In the case of mdmconsultancy, it's called mail, and a separate domain name called mail, so the FQDN is, have the mail.domain.com.

Remember domains are read from right to left, with the country as place / value one (toplevel), place two (primary domain), and three (subdomain/ hostname), and four --> x being subdomains / hostname.

And for which company provides the services ?, who owns the IP address / ip range ?, what hostname do you find when taking a closer look ?

Link to comment
Share on other sites

Thank you for your response. I am still a little confused and have performed some tests (shown below).

dig mail.mdmconsultancy.com and mdmconsultancy.com - 85.17.135.243

host 85.17.135.243 - srv3.peweb.com - going to peweb.com redirects to https://www.webservice.be/ "a so-called "white-label" company. We register domain-names and host websites mainly for webdesign-companies whose ambition it is to focus on building websites."

whois - 85.17.135.243 - Leaseweb

ports - 110 / 995 / 143 / 993 / 587 (shared IP)

I don't understand why 85.17.135.243 is for two organizations (Webservice.be) and Leaseweb. Or is it possible that Webservice is the hoster and Leaseweb provides the mail records?

----------

dig altgroupltd.com - 199.192.28.180

host 199.192.28.180 - server1.ku-host.com

whois 199.192.28.180 - Namecheap

ports - 110 / 995 / 143 / 993 / 587 (shared IP)

In this case I don't know what ku-host.com is. The site is blank with a countdown clock in French! How does ku-host relate to Namesheap? Unless the idea is that ku-host is the hoster and Namecheap provides the mail records?

Link to comment
Share on other sites

Okish, let's try this. If you run a whois against 85.17.135.243, you should get this

inetnum:        85.17.135.192 - 85.17.135.255
netname:        LEASEWEB
descr:          LeaseWeb Netherlands B.V.


Note inetnum so Leaseweb own's all IP's in the range 85.17.135.192 - 85.17.135.255

SO, they can, and did assign an IP of 85.17.135.243 to webservice.be. (That's a webservice. SO, they can use namebased Apache virtual hosting, to host multiple sites on that single IP)
since you find 110,995 ports open, it's maybe a primary mail server used for namebased virtual hosting, and 143 problably is a webserver witl SSL Nothing wrong with that.

Namebased virtual hosting on Apache is pretty standard for hosting multiple websites on separate domains on a single IP. That way you don't pay for IP's you don't use, and the end result is nearly the same.

I think the same goes for the other server you found.

Namecheap owns the range 199.192.16.0 - 199.192.31.255

But, keep at it. You'll solve the mystery somehow 😉

Much Happy Hunting 🙂

/Kent

Link to comment
Share on other sites

Thanks - my impression now is that the above use cPanel. The convention is for the MX to be the same as the domain name.

Let me provide two more examples - one I understand and one I don't.

aaa-ii.com  has an MX of mx.stackmail.com and stackmail.com is a webmail provider. That's simple. However, the IP for mx.stackmail.com resolves to an organisation called INFRA. The only way I can know the mail system that users of of aaa-li.com use is because mx.stackmail.com is a self-explanatory URI.

In the next case, henleyglobal.com uses mx3.mtaroutes.com. The MX IP is owned by Cogent Communications (38.0.0.0 - 38.255.255.255). The A record of the site (www.henleyglobal.com) is owned by Swisscom (194.209.0.0 - 194.209.255.255).

My question is: is there a way to learn which mail provider an organisation is using based on the records above? In the first case, the MX record is clear. In the second case, it's not.

Is there a model which allows someone to figure out what mail system any company is using? Thanks.

Link to comment
Share on other sites

Archived

This topic is now archived and is closed to further replies.

  • Recently Browsing   0 members

    • No registered users viewing this page.
×
×
  • Create New...