I am setting up a server to host some websites.
FQDN server = svr01.server.net (fictional domain name)
IP: 150.150.150.xx
DNS settings server.net domain:
A svr01.server.net 150.150.150.xx
A svr02.server.net 150.150.151.xx
MX-10 server.net [ip provider]
MX-20 server.net [ip provider]
website domains: domain-a.com, domain-b.com, domain-c.com
I have a second server on the server.net domain: svr02.server.net. On that server I will also host domains. This server has another IP: 150.150.151.xx and a FQDN svr02.server.net
I did some test with mxtoolbox for svr01.server.net and svr02.server.net and there it gives a warning that there is no spf record.
When I check a working Strato VPS server hxxxx.stratoserver.net it gives this TXT record:
v=spf1 ip4:81.169.xxx.0/24 ip4:81.169.xxx.0/24 ~all
When I make a virtual server for domain-a.com and check the neccessary dns settings they look like this:
domain-a.com. A 150.150.150.xx
mail.domain-a.com. A 150.150.150.xx
domain-a.com. MX 5 mail.domain-a.com.
domain-a.com. SPF v=spf1 a mx a:domain-a.com ip:150.150.150.xx ?all
So actually this last SPF record say that all mail send from 150.150.150.xx is valid for the domain domain-a.com.
These are my questinons:
Do I need to set a spf record for server.net?
If the answer is yes, how does this spf record look? Something like this maybe:
server.net. IN TXT "v=spf1 ip4:150.150.150.xx ip4:150.150.151.xx ~all". Maybe in the future one or some of these domains can get a different IP for SSL. So then I have to add more ip's. How can I avoid that the list will be to long?
I didn't set an A-record for server.net. Is this correct? When I check this Strato server (hxxxx.stratoserver.net) the domain stratoserver.net also doesn't have an A-record. Only the subdomains hxxxx.stratoserver.net.
I don't want to send mail from server.net, only from the domains on that server. So thats why I keep the MX-records default, so pointing to my domain hosting company. Is this correct?
You don't need an SPF record. The same way you don't need DKIM. But it's recommended, it's a way of proving your mail isn't fake and stopping others from using your domain name to send spam (spoofing).
"Spoofers can commit mail fraud by sending mail from what appear to be trusted addresses in order to gain sensitive information."
This also reduced the likelihood your emails are flagged as spam on some systems where this reduces your spam rating slightly.
The spf record is basically a list of where the mail should come from.
If you get more IPs that you send mail from then yes, you should add them, I've seen some very long SPF records. This is the SPF for one of out domains set up by our mail provider:
v=spf1 a mx ptr ptr:46.242.123.222 ptr:146.222.202.226 mx:domain.co.uk.inbound10.emea.mxlogic.net mx:domain.co.uk.inbound10.emea.mxlogicmx.net ip4:84.2.91.221 ip4:181.118.168.198 ip4:81.178.68.129 include:domain.co.uk include:mxlogic.net mx:mail.domain.co.uk ~all
You should make sure your hosting providers PTR for your IPs is set to the host names of your servers and then add the hostname of the servers to the SPF.
http://en.wikipedia.org/wiki/Sender_Policy_Framework
http://help.mandrill.com/entries/21751322-What-are-SPF-and-DKIM-and-do-I-need-to-set-them-up-
One of the better SPF generators (not just for MS Exchange servers): https://www.unlocktheinbox.com/senderid-wizard/
Related
I would like to route all my inbound mails for subdomains to sendgrid mail service.
I have added an MX record entry using wildcard (*)
When I try to send a mail to one of my subdomain ex:-(user#subdomain.mydomain.com) gmail was showing me an error the domain could not be found
Any help would be thankful
MX records to not have Wildcards, A records do... MX records have Priority and are for the Domain you set. To service Subdomain emails (which is odd), you would need to configure that outside of DNS and within the app that expects the emails to come-in (Sendgrid)
You should setup specific MX record for each subdomain, not use wildcard
Once you have a valid email, that your MX server is able to recognize a a valid mailbox, then you will be able to send to that email.
BLUF: Can I add a TXT record (SPF) for a PTR record with no other records for the domain in our DNS?
Sorry, I don't know how to put a good title to this. I've inherited a DNS server and in one of our zone files we have a mail subdomain defined for a customer of ours.
Zone file 103.102.101.in-addr.arpa.dns
74 IN PTR mail.example.com.
74 IN TXT "v=spf1 mx a ip4:101.102.103.74 ~all"
This client wants us to add an SPF record and as far as I know we have no other entries for this client in our DNS except for this one PTR record. I'm not really sure how this situation began as this was all set up before my arrival and no one else where I work has any technical background on this. I just don't want to waste their time and since I'm not sure how to ask this question concisely, Google search hasn't been very helpful so far.
Much appreciated for anyone that can chime in.
If you are routing the email for them then you know what the domain name is.
Using that, use the DNS query tools to find out where the domain name is hosted and let them know they have to contact the domain name hosting company and have the SPF entry added. At the same time they should inquire if the hosting name server has DKIM DNS keys. If they do, ask them to also assign the DKIM and DMARC keys so that the domain can also block spoofed spam and attachments. Spoofed emails have been one of the biggest entry points for hackers and network takeovers using ransomware. SPF and DKIM / DMARC together with a check policy on the mail server is the standard in defence against this. Also be sure to use TLS or SSL via the SMTP to encrypt the emails for further protection. You can get a 1 year SSL cert from any of the SSL cert registrars for the domain on the web. I find ZeroSSL has the best prices. You will have to get who ever resisted the domain to help in confirming the SSL when registering it or access to the domain DNS to add a TXT record key that is supplied by the SSL registrar. Its not complicated but is very strict and you cant do it without access to either the email address that originally registered the domain or access to the domain hosting servers DNS to add the supplied TXT key for the domain.
Good luck :)
Go here for the tools you need. https://dnschecker.org/all-tools.php
I have a classified website in a VPS. VPS are configured only like Web & MySQL server. I actually use an external mail provider for send mail from cms used in website to users. I have configured DNS on Cloudflare like follow:
domain-name.xxx in A [WEB SERVER IP]
ftp in CNAME domain-name.com
www in CNAME domain-name.com
domain-name.xxx in MX mail.provider.host priority 10
domain-name.xxx in MX mail2.provider.host priority 20
domain-name.xxx in TXT "v=spf1 include:spf-c.mail.provider.host mx a ~all"
Now i want use only noreply#domain-name.xxx (large number of emails are sent from this email address) with Dedicated mail hosting provider (it's not cheap but is affordable) and I want to use info#domain-name.xxx, or personal email accounts like name.surname#domain-name.xxx on another hosting provider ( cheap :-) ).
I'd like know if is correct adding follow DNS rules for use a second server (for info# etc):
domain-name.xxx in MX new.mail.host priority 10
I don't know if i must add any other rule.
If the mail you are sending from your server is no-reply then you could:
use a service like Mailgun . It's ideal for transactional email, and very affordable. Since the website email is outgoing only, the only DNS entries you'll need are 2 SPF & DKIM records, no MX required
then in CloudFlare add just the MX for your info# and personal mail server
and finally configure your email to bounce anything to noreply#
If this would fit your business setup then it's easy and may well cost less than using a dedicated server for sending outgoing website email.
If you needed more options for the outgoing website email, Mailgun also let's you setup a subdomain like “mg.mydomain.com”. Using a subdomain you will still be able to send emails from your root domain e.g. “noreply#mydomain.com” and it will play well with your personal email.
Good luck!
I have domain name(exmple.com) and DNS. I want email at admin#exmple.com is forwarded to mymail#gmail.com. there is any way to forwarding using MX recoder in DNS. If it is possible tell me how to update MX record ?
Thanks
It is not possible. The MX record answers the question "To send an email to a given domain name, which host should I contact?". Since what you want to do involves the local parts of email addresses, it falls outside of the realm of DNS.
I am currently using free version of Google Apps for hosting my email.It works great for my official mails my email on Google is support#mydomain.com.
In addition I'm sending out high volume mails (registrations, forgotten passwords, newsletters etc) from the website (www.mydomain.com) using IIS SMTP installed on my windows machine.
These emails are sent from talk#mydomain.com
My problem is that when I send email from the website using IIS SMTP to a mail address
support#mydomain.com I don’t receive the email to Google apps. (I only receive these emails if I install a pop service on the server with the support#mydomain.com email box).
It seems that the IIS SMTP is ignoring the domain MX records and just delivers these emails to my local server.
Here are my DNS records for domain.com:
mydomain.com A 82.80.200.20 3600s
mydomain.com TXT v=spf1 ip4: 82.80.200.20 a mx ptr include:aspmx.googlemail.com ~all
mydomain.com MX preference: 10 exchange: aspmx2.googlemail.com 3600s
mydomain.com MX preference: 10 exchange: aspmx3.googlemail.com 3600s
mydomain.com MX preference: 10 exchange: aspmx4.googlemail.com 3600s
mydomain.com MX preference: 10 exchange: aspmx5.googlemail.com 3600s
mydomain.com MX preference: 1 exchange: aspmx.l.google.com 3600s
mydomain.com MX preference: 5 exchange: alt1.aspmx.l.google.com 3600s
mydomain.com MX preference: 5 exchange: alt2.aspmx.l.google.com 3600s
Please help!
Thanks.
Yes, it is ignoring the MX record. In the SMTP service you've told it that it's domain is mydomain.com, therefore it believes that it should receive all mail for that domain and hence sends it to itself.
Depending on the version of windows server/IIS you're using, reconfiguring this is different. However, the basic gist is that you tell the SMTP service it is not authoritative for that domain.
This question is really much more appropriate for Server Fault than Stack Overflow, you'd probably get a better response there.
Update:
Problem Solved.
I had a pop3 service installed on the server from the time i wasn't using google apps.
this created a local domain under the smtp called mydomain.com.
removing the pop3 email box's along with the local domain smtp solved my problem.