How to configure mx records for my mailserver at home

Hi,
I have set up a mailserver at home and I am trying to configure correctly mx records (in hover.com) to be able to send/receive mails.

The configuration is as follows:

{Hover (mydomain.com} <---> {modem (wan ip is known)} <---> {mailserver (static ip 192.168.x.x type, hostname=myfirstmailserver)}

First of all, do I have to configure both  A type and MX type records?

If yes, I see that for an A type record I need to add a hostname (is this myfirstmailserver? or mydomain.com?) and an IP address (is this my modem's WAN IP?). Which are the correct values?

Also, I see that for an mx record I need to add a hostname ( is this mydomain.com?) a priority (I suppose 10 is ok) and another hostname (is this myfirstmailserver?)

Do I need to worry for anything else? (e.g. port forwarding on my modem or ISP related issues).

Please excuse my ignorance.
cvassiliouAsked:
Who is Participating?
I wear a lot of hats...

"The solutions and answers provided on Experts Exchange have been extremely helpful to me over the last few years. I wear a lot of hats - Developer, Database Administrator, Help Desk, etc., so I know a lot of things but not a lot about one thing. Experts Exchange gives me answers from people who do know a lot about one thing, in a easy to use platform." -Todd S.

Frosty555Commented:
The "MX" record for your domain specifies what the hostname(s) are for your mailserver(s) which should receive the email.

Since the MX record is supposed to specify a hostname, you have to give it a fully qualified domain name, not just an IP address.

So this means you first need to set up an "A" record which resolves to your home internet's WAN IP address.

So, you should set up an A record for mydomain.com, e.g.:

HOST              IP ADDRESS    
homemail                10.20.230.222

This would mean that the hostname     "homemail.mydomain.com" resolves to 10.20.230.222

After that, you can set your MX record to point to "mail.mydomain.com".

The MX record priority is only used if you have more than one MX record (e.g. multiple redundant mailservers on separate networks). It's an arbitrary number that specifies what the order of preference should be for your mailservers. 10 is fine.

Because the IP address of your mailserver is actually the WAN IP address of your home internet connection, you now need to configure port forwarding on your router to forward port 25 or whatever ports you need to your mailserver's private IP address on the local network (e.g. 192.168.xx.xx).
0
Frosty555Commented:
Sorry, typo. When I said in my message above:

>>After that, you can set your MX record to point to "mail.mydomain.com".

I meant this:

>>After that, you can set your MX record to point to "homemail.mydomain.com".

---------------------


Just a warning - trying to run a mailserver from a home internet connection and have it directly face the Internet is a bad idea. You are opening up a big can of worms here that might bite you down the road.

Here's a few issues you should make sure you consider:

1) If your internet goes down, or your mailserver is offline, mail will not only fail to be delivered to you, but it will BOUNCE BACK to the sender with an "undeliverable mail" error.

2) Additionally, your server, which is exposed to the Internet, will have to deal with attackers trying to relay unsolicited mail through your server, and your server will have to deal with incoming spam and various types of attacks (e.g. backscatter),

3) Outbound mail coming from your server will usually be discarded by others as spam. Your home IP address is considered very suspicious by other mailservers, because mail that originates from a residential network like yours is usually spam from a spambot or virus. In fact, your ISP may even BLOCK port 25 entirely to specifically prevent you from setting up your own mailserver like this.

4) Your home IP address likely has a dynamic IP, which will change periodically. When it changes, your mail will stop flowing until you fix your DNS settings.


So... my suggestion to you is this:

* Set yourself up with a Dyn.com account (http://dyn.com/remote-access/) and set up a dynamic hostname for yourself which stays up to date with your home internet IP address (e.g. cvassilioumail1234.dyndns.org). You do this by installing the Dyn Updater Client on your server so that when your IP address changes, your dyn.com hostname updates itself automatically.

* Set up a CNAME record on your domain which points to your Dyn.com hostname (e.g. mail.mydomain.com  -->  cvassilioumail1234.dyndns.org. This way you can use the name "mail.mydomain.com" in your configuration

* Sign up for Dyn.com's Email Gateway service (http://dyn.com/email/dyn-email-gateway/), which will receive mail on your behalf, filter out the spam, and forward the good stuff to your server on a nonstandard port that your ISP isn't blocking (e.g. port 2525, or port 10025). You configure the Dyn.com email gateway to send the incoming mail to the "mail.mydomain.com" address you set up earlier, and you configure your MX records to point to Dyn.com's servers (e.g. mx1.mailhop.org with priority 10, mx2.mailhop.org with priority 20). This way your mail is received by a real, proper server in a real datacenter, and if your home server goes down, Dyn.com will hang on to your mail and forward it all to you later when your server is back up so that no messages get lost, and your customers are none the wiser.

* Set up your mailserver to accept incoming mail ONLY on the nonstandard port (e.g. port 2525 or 10025) and ONLY from Dyn.com's gateways, and reject everything else. You will need to set up port forwarding on your router accordingly.

* Set up your mailserver to relay outbound mail through another, trusted SMTP service. Your ISP or your Web hosting provider usually provides you with an SMTP server you can relay through (basically, you need to have your mailserver relay outbound mail through the same SMTP server that you have otherwise configured Outlook to use). If you don't have a suitable mailserver, sign up for Dyn.com's Email Delivery service (http://dyn.com/email/), or sign up for basic email services with Hover.com.
0
cvassiliouAuthor Commented:
Hello Frosty555,

thank you soooo much for this lesson!!

It seems that I was about to make some serious mistakes here.

I will follow your instructions to use dyndns. Since I am doing this in my spare time it will take me some time but I am more optimist now.

Until I make it happen I will leave this post open.

Than you once more for your time.
0
Do You Have a Trusted Wireless Environment?

A Trusted Wireless Environment is a framework for building a complete Wi-Fi network that is fast, easy to manage, and secure.

skullnobrainsCommented:
I have set up a mailserver at home and I am trying to configure correctly mx records (in hover.com) to be able to send/receive mails.

mx records are totally unrelated to email sending

First of all, do I have to configure both  A type and MX type records?

an A record is enough to receive email (it will be queried if there is no mx record availabe for your domain), but setting up an extra MX record is a good idea

If yes, I see that for an A type record I need to add a hostname (is this myfirstmailserver? or mydomain.com?) and an IP address (is this my modem's WAN IP?). Which are the correct values?

Also, I see that for an mx record I need to add a hostname ( is this mydomain.com?) a priority (I suppose 10 is ok) and another hostname (is this myfirstmailserver?)

A record
query : the domain you use for email (what is after the @)
answer : WAN ip of your modem

MX record (not needed but welcome)
query : same as above
answer : whatever domain name that has an a record that refers to your WAN ip
as stated above, don't bother with priorities

Do I need to worry for anything else? (e.g. port forwarding on my modem or ISP related issues).

you will not have problems when receving email, but sending is much more tricky for various reasons among which
- many ISPs block outgoing port 25 except if the destination is their own servers
- many mail filters will flag you as spam much more easily if you use a home connection
- your ISP might do the same if you send many emails. he might even suspend your connection.
- you WILL definitely be flagged as spam very easily if you don't have a PTR for that IP. ideally the PTR exists, matches your domain, and there should be a corresponding A record containing your WAN ip. if you can't setup your PTR, you should use a smarthost.

i'd advise you check with your isp if they agree with direct email sending, if they agree you use their SMTP server as a smarthost, and setup an SPF record for your domain
0
cvassiliouAuthor Commented:
Hello skullnobrains,

thank you for your post.

It seems that I 'm missing quite a lot here.

I will try to re-assess what should I do to have my own mail server.

I will also leave this post open since it seems that I will need your help again.

Thank you all once more
0
skullnobrainsCommented:
problems only may arise for sending email. you're good to go for receiving

as far as sending goes, first check your PTR.
if you don't have one, find a smarthost (likely smtp.yourisp.tld)
if you do have one, that is validated by a corresponding A record, you can give a try to direct sending

----

working example taken from gmail allowing direct mail sending

$ host 173.194.66.108
108.66.194.173.in-addr.arpa domain name pointer we-in-f108.1e100.net.
# --> ip has a PTR

$ host we-in-f108.1e100.net.
we-in-f108.1e100.net has address 173.194.66.108
# --> the ptr is valid

# the following is not reuired but a good idea if you're on a personal connection
$ host -t TXT gmail.com
gmail.com descriptive text "v=spf1 redirect=_spf.google.com"
$ host -t TXT _spf.google.com
_spf.google.com descriptive text "v=spf1 include:_netblocks.google.com include:_netblocks2.google.com include:_netblocks3.google.com ~all"
$ host -t TXT _netblocks.google.com
_netblocks.google.com descriptive text "v=spf1 ip4:216.239.32.0/19 ip4:64.233.160.0/19 ip4:66.249.80.0/20 ip4:72.14.192.0/18 ip4:209.85.128.0/17 ip4:66.102.0.0/20 ip4:74.125.0.0/16 ip4:64.18.0.0/20 ip4:207.126.144.0/20 ip4:173.194.0.0/16 ~all"
# --> the SPF record for the domain mentions this IP as a valid sender (not required but welcome)
0
Frosty555Commented:
Skullnobrains - I would strong discourage cvassiliou from trying to go down the PTR record route or even bothering to look into that. It's a tangent he doesn't need to go down or worry about.

Even if his ISP were to allow him to change his PTR records (they won't), even if his ISP doesn't block port 25 (they very likely do), other mailservers will still reject mail coming directly from his server because his IP address is in a block designated for home internet plans.

He needs to use an SMTP smarthost, such as the SMTP server provided by his web hosting provider, or his ISP's SMTP Servers, or he needs to sign up for a third party SMTP service like Dyn.com's DynECT service.

Having his mailserver directly receive mail via his domain's MX records is also still a no-no, for the reasons I stated above. He will still need to use an email gateway for his incoming mail.
0
skullnobrainsCommented:
that would depend on the isp, which is why i suggest looking at the ptr. there are blocklists of user home connections but usually a static ip with a proper ptr will be allowed to deliver small amounts of email. the isp may of may ot have a proper ptr set in the first place and may or may not allow to set it up / change it.

same applies to blocking port 25. that could be easily checked by attempting a telnet on a well-known mail server
0

Experts Exchange Solution brought to you by

Your issues matter to us.

Facing a tech roadblock? Get the help and guidance you need from experienced professionals who care. Ask your question anytime, anywhere, with no hassle.

Start your 7-day free trial
skullnobrainsCommented:
@frosty

i did not want to clutter the thread but since it is now closed :

Skullnobrains - I would strong discourage cvassiliou from trying to go down the PTR record route or even bothering to look into that. It's a tangent he doesn't need to go down or worry about.

expecting to send email without checking for that is foolish at best

Even if his ISP were to allow him to change his PTR records (they won't)

did i ever suggest that he changes his PTR ? no

and btw, some ISPs allow that. usually this is reserved to business connections but not always. some people have different ISPs from you. some live in different countries and use ISPs you never even heard of

even if his ISP doesn't block port 25 (they very likely do)

same here : likely but not sure (mine does not). given the fact that checking requires a single telnet command, it is even less time consuming than reading a post.

other mailservers will still reject mail coming directly from his server because his IP address is in a block designated for home internet plans.

the main and first historic list is called the PBL (maintained by spamhaus) and mostly focuses on dynamic and LAN address pools rather than just home address pools. it is VERY far from being complete. completing it with heuristics was necessary last time i run a filtering mail server. i hope no mail server admin is dumb enough to reject mail ONLY because they are on the PBL, and the PBL includes many ways to remove yourself from it if you run a legitimate mail server.

He needs to use an SMTP smarthost, such as the SMTP server provided by his web hosting provider, or his ISP's SMTP Servers, or he needs to sign up for a third party SMTP service like Dyn.com's DynECT service.

i think i suggested the smarthost.

but using the ISP's SMTP without asking them is very likely to end up in account termination at some point if you send a few hundred email per day. below a conservative 20-50, you should be safe. most ISPs i know of have a treshold around 100, some are smart enough to trigger after a number of identified spam.

using an external service would require that they provide an alternate port if port 25 is blocked by the ISP

Having his mailserver directly receive mail via his domain's MX records is also still a no-no, for the reasons I stated above. He will still need to use an email gateway for his incoming mail.

none of the above reasons apply, and this does provably work. been doing so a number of times. why the hell do you think one would need a gateway for incoming email ?
0
It's more than this solution.Get answers and train to solve all your tech problems - anytime, anywhere.Try it for free Edge Out The Competitionfor your dream job with proven skills and certifications.Get started today Stand Outas the employee with proven skills.Start learning today for free Move Your Career Forwardwith certification training in the latest technologies.Start your trial today
DNS

From novice to tech pro — start learning today.