Virtual server email setup begins with choosing an operating system. I recommend Ubuntu 20.04, Debian 11 or later. Once you can login via SSH, install a software firewall. I’m using Shorewall, the default configuration of which blocks most ports apart from SSH. Beware, wrong firewall settings may lock you out of your server. Therefore, you want to test this before spending much time on other setup. Some V-Server have a menu for a hardware firewall, which is great. But doesn’t necessarily protect from unwanted access by other V-Server clients in your sub-network.
Activate IPv6 Networking
Make sure your server has an allocation for both IPv4 and IPv6 primary addresses. In my latest virtual server Email setup, out of the box I had an allocation for IPv4 only. All I needed to do was to check an IPv6-box my provider’s Server Configuration, Network & Load, and IP Addresses menu.
Set up Reverse DNS Records
Some mail servers perform reverse DNS lookups on incoming connections in order to detect spam. Your emails may be rejected or moved to the spam folder if your reverse DNS record fails any of the following tests: it must exist, reverse and “forward” records must match, and it should pass pattern checks, especially not include your IP address.
So why is an odd feature for internet plumbers like reverse DNS essential for mail servers, when it’s totally unimportant for web servers? Because network administrators set reverse DNS records, whereas you can easily run your own DNS server. Therefore reverse DNS is useful verifying a server’s identity, separating plums and lemons, or legitimate emails from spammer’s crap.
As network admin, your V-Server provider will offer a menu for setting the reverse DNS record. It may be somewhat hidden; I found it under server settings and somewhat curiously, the domains tab. As shown in the image, mail servers perform a reverse DNS lookup for connecting server’s IP addresses, IPv4 or IPv6. Afterwards, they do a DNS lookup on the domain name obtained from reverse DNS. If results don’t match, the connecting server’s identity is fishy and messages are in all probability spam.
Standard Reverse DNS Records to Avoid
Usually virtual server providers set a standard reverse DNS record, such as h2939490.v-servercompany.net. You may be fine leaving those settings. However, override settings including your IP, like server.188.8.131.52.v-servercompany.net. This is because a lot of spam originates from DSL or cable networks with similar reverse DNS name patterns derived from an IP address. To be on the safe side, just create IPv4 and IPv6 DNS records and pick those same names in your provider’s reverse DNS admin pages. Something like mx0.yourdomain.com does the trick. Note that some mail providers expect your mailer hostname and reverse DNS to sound something like mail or mx in pattern checks.
Some Useful DNS Command Lines
Normally, Domain Name Service (DNS) will resolve a human readable server name like mx0.frizz.net to an IP-address. For mx0.frizz.net this results in an IPv4 184.108.40.206 and IPv6 2a01:238:42cd:0:4be7:4eb2:c4a7:8464. The Unix dig command can be used to verify:
[email protected]$ dig mx0.frizz.net ;; ANSWER SECTION: mx0.frizz.net. 3600 IN A 220.127.116.11 [email protected]$ dig mx0.frizz.net aaaa ;; ANSWER SECTION: mx0.frizz.net. 3600 IN AAAA 2a01:238:42cd:0:4be7:4eb2:c4a7:8464
For a mail server there should be a reverse lookup for the server’s IP addresses. So in reverse lookup, the IPs you get from DNS for mx0.frizz.net should return mx0.frizz.net as a domain name. Again, the Unix dig command can be used to verify:
[email protected]$ dig -x 18.104.22.168 ;; ANSWER SECTION: 22.214.171.124.in-addr.arpa. 1800 IN PTR mx0.frizz.net. [email protected]$ dig -x 2a01:238:42cd:0:4be7:4eb2:c4a7:8464 ;; ANSWER SECTION: 126.96.36.199.7.a.4.c.2.b.e.4.7.e.b.188.8.131.52.0.d.c.184.108.40.206.220.127.116.11.a.2.ip6.arpa. 1800 IN PTR mx0.frizz.net.
Virtual Server Hostname Setup
Finally, you should specify your server’s hostname in /etc/hostname. Having the hostname same as the reverse DNS record is a good choice, but not a requirement. Check for safety that your DNS reverse name makes it into your mail headers, as this is what other mail providers may check.
If your V-Server provider keeps overwriting your choice of hostname with some default during reboot, this fix restores your settings.
Create a Provider Web Page
Some mail providers require the mail server domain name to show provider information on the web. So set up a web page for your mail server FQDN with your company or personal contact information including an abuse email address. Alternatively it’s acceptable to redirect to a company page having the required information.
Domain Name System (DNS) https://en.wikipedia.org/wiki/Domain_Name_System
What is reverse DNS? https://www.cloudflare.com/en-ca/learning/dns/glossary/reverse-dns/