Home » Mail Server » Virtual Server Basic Setup for Email Service
Birthday Reminders from your Linux Server
Perl script sending birthday reminder emails from you Linux server using an Excel CSV file as birthday database.
Restore Hostname During Reboot
A custom system service to restore hostname settings during reboot on virtual servers overwriting network configuration files.
Postfix With Courier IMAP Mail Server Installation
Install and configure Postfix mail server with Courier IMAP and Maildir storage on Debian 11 or Ubuntu 20.04.
Add a Catch-All Account with Postfix-Mysql
How to implement a catch-all account with Postfix-Mysql receiving emails to unused aliases without entry in users or aliases tables.
Maildrop Spam Filtering For Postfix MySQL
How to use Courier-Maildrop or compatible tools for spam filtering and mail folder administration with Postfix-MySQL.

Virtual Server Basic Setup for Email Service

Virtual server email setup begins with choosing an operating system. I recommend Ubuntu 20.04, Debian 11 or later. Once you can login via SSH, install a software firewall. I’m using Shorewall, the default configuration of which blocks most ports apart from SSH. Beware, wrong firewall settings may lock you out of your server. Therefore, you want to test this before spending much time on other setup. Some V-Server have a menu for a hardware firewall, which is great. But doesn’t necessarily protect from unwanted access by other V-Server clients in your sub-network.

Activate IPv6 Networking

Make sure your server has an allocation for both IPv4 and IPv6 primary addresses. In my latest virtual server Email setup, out of the box I had an allocation for IPv4 only. All I needed to do was to check an IPv6-box my provider’s Server Configuration, Network & Load, and IP Addresses menu.

Set up Reverse DNS Records

Some mail servers perform reverse DNS lookups on incoming connections in order to detect spam. Your emails may be rejected or moved to the spam folder if your reverse DNS record fails any of the following tests: it must exist, reverse and “forward” records must match, and it should pass pattern checks, especially not include your IP address.

So why is an odd feature for internet plumbers like reverse DNS essential for mail servers, when it’s totally unimportant for web servers? Because network administrators set reverse DNS records, whereas you can easily run your own DNS server. Therefore reverse DNS is useful verifying a server’s identity, separating plums and lemons, or legitimate emails from spammer’s crap.

DNS and reverse DNS lookups with matching results

As network admin, your V-Server provider will offer a menu for setting the reverse DNS record. It may be somewhat hidden; I found it under server settings and somewhat curiously, the domains tab. As shown in the image, mail servers perform a reverse DNS lookup for connecting server’s IP addresses, IPv4 or IPv6. Afterwards, they do a DNS lookup on the domain name obtained from reverse DNS. If results don’t match, the connecting server’s identity is fishy and messages are in all probability spam.

Standard Reverse DNS Records to Avoid

Usually virtual server providers set a standard reverse DNS record, such as h2939490.v-servercompany.net. You may be fine leaving those settings. However, override settings including your IP, like server.85.214.104.162.v-servercompany.net. This is because a lot of spam originates from DSL or cable networks with similar reverse DNS name patterns derived from an IP address. To be on the safe side, just create IPv4 and IPv6 DNS records and pick those same names in your provider’s reverse DNS admin pages. Something like mx0.yourdomain.com does the trick. Note that some mail providers expect your mailer hostname and reverse DNS to sound something like mail or mx in pattern checks.

Some Useful DNS Command Lines

Normally, Domain Name Service (DNS) will resolve a human readable server name like mx0.frizz.net to an IP-address. For mx0.frizz.net this results in an IPv4 85.214.104.162 and IPv6 2a01:238:42cd:0:4be7:4eb2:c4a7:8464. The Unix dig command can be used to verify:

[email protected]$ dig mx0.frizz.net

;; ANSWER SECTION:
mx0.frizz.net.	3600	IN	A	85.214.104.162

[email protected]$ dig mx0.frizz.net aaaa

;; ANSWER SECTION:
mx0.frizz.net.	3600	IN	AAAA	2a01:238:42cd:0:4be7:4eb2:c4a7:8464

For a mail server there should be a reverse lookup for the server’s IP addresses. So in reverse lookup, the IPs you get from DNS for mx0.frizz.net should return mx0.frizz.net as a domain name. Again, the Unix dig command can be used to verify:

[email protected]$ dig -x 85.214.104.162

;; ANSWER SECTION:
162.104.214.85.in-addr.arpa. 1800 IN	PTR	mx0.frizz.net.

[email protected]$ dig -x 2a01:238:42cd:0:4be7:4eb2:c4a7:8464

;; ANSWER SECTION:
4.6.4.8.7.a.4.c.2.b.e.4.7.e.b.4.0.0.0.0.d.c.2.4.8.3.2.0.1.0.a.2.ip6.arpa. 1800 IN PTR mx0.frizz.net.

Virtual Server Hostname Setup

Finally, you should specify your server’s hostname in /etc/hostname. Having the hostname same as the reverse DNS record is a good choice, but not a requirement. Check for safety that your DNS reverse name makes it into your mail headers, as this is what other mail providers may check.

If your V-Server provider keeps overwriting your choice of hostname with some default during reboot, this fix restores your settings.

Create a Provider Web Page

Some mail providers require the mail server domain name to show provider information on the web. So set up a web page for your mail server FQDN with your company or personal contact information including an abuse email address. Alternatively it’s acceptable to redirect to a company page having the required information.

References

Domain Name System (DNS) https://en.wikipedia.org/wiki/Domain_Name_System

What is reverse DNS? https://www.cloudflare.com/en-ca/learning/dns/glossary/reverse-dns/


Published: January 10, 2022
Updated: July 4, 2022

Classfactory.com
Tech Solutions and Programming