Proper value for hostname, RDNS, SPF

I've tried searching for some examples on how to do this "the right way", but I've had little luck. Maybe my search-fu is lacking, so here goes:

This will be a combination web/mail/other server. Out of all the services, mail is the one I'm most concerned about, so I want to get this right.

My current settings:

flanders:~# cat /etc/hostname
flanders
flanders:~# cat /etc/hosts
127.0.0.1 flanders.grunkalunka.net flanders localhost
flanders:~# cat /etc/mailname
mail.grunkalunka.net

Relevant DNS info

@            MX  0   mail.grunkalunka.net.
@            A   69.93.XXX.YYY
*            A   69.93.XXX.YYY
mail            A   69.93.XXX.YYY

Given this info, my questions are:

Does it make sense to simplify the whole thing to change the MX record, /etc/mailname and RDNS to just "grunkalunka.net"? Is there any benefits or drawbacks to this? Any further changes I should do (like to /etc/host{name,s})?

If I cannot do that, do I have to change the value of /etc/host to "mail"? Likewise in /etc/hosts?

What should I set the RDNS to resolve to? grunkalunka.net, mail.grunkalunka.net, or flanders.grunkalunka.net?

I believe my SPF record should look like this:

v=spf1 a mx ~all

Does that look alright?

Many thanks in advance.

10 Replies

Check out this post

This may be useful to you, too: https://www.donsbox.com/~dfelicia/qmail-howto/

@GrunkaLunka:

Does it make sense to simplify the whole thing to change the MX record, /etc/mailname and RDNS to just "grunkalunka.net"? Is there any benefits or drawbacks to this?
Using a single hostname for everything has the advantage of being simpler, while separating different services to different hostnames makes it easier to move things around later. For example, maybe someday you want separate IPs for mail and www - if you have used separate A records from the beginning you can do this without updating any of your client configs.
> What should I set the RDNS to resolve to? grunkalunka.net, mail.grunkalunka.net, or flanders.grunkalunka.net?
I think in most email cases it doesn't really matter what the PTR record contains, just that you have one. I personally would set it to be the same as your MTA's HELO.
> I believe my SPF record should look like this:

v=spf1 a mx ~all


If your A and MX records are the same address, then you don't really need to list them both, but it will still work. Also, you should consider adding additional SPF records for domains that don't send mail, as detailed here.

> separating different services to different hostnames makes it easier to move things around later
I agree. It's not difficult, and affords you flexibility in the future.

Like you, I have 1 linode serving Web and mail. Here are my DNS and hostname settings, and they work. (Even M$ hotmail accepts my mail):

$ hostname -f
catch-22.example.com
$ cat /etc/hosts
127.0.0.1       localhost
207.192.69.xxx  catch-22.example.com      catch-22
$ cat /var/qmail/control/me    
catch-22.example.com

Relevant DNS info:

@     MX     10     smtp.example.com.
@     TXT    "v=spf1 a mx ip4:207.192.69.xxx mx:smtp.example.com -all"
@     3600   A     207.192.69.xxx
smtp         A     207.192.69.xxx
catch-22     A     207.192.69.xxx
www          A     207.192.69.xxx

> What should I set the RDNS to resolve to? grunkalunka.net
That's what I'd set it to.

Many thanks for the replies guys. I think I'm going with this then:

flanders:~# cat /etc/hostname
flanders
flanders:~# cat /etc/hosts
127.0.0.1    localhost
69.93.XXX.YYY flanders.grunkalunka.net flanders
flanders:~# cat /etc/mailname
mail.grunkalunka.net

DNS

@            MX  0   mail.grunkalunka.net.
@            A   69.93.XXX.YYY
*            A   69.93.XXX.YYY
mail            A   69.93.XXX.YYY
flanders            A   69.93.XXX.YYY

With a PTR record of "grunkalunka.net" and an SPF of "v=spf1 mx ~all".

Have I left anything out?

I have heard that some receiving mail servers can be a bit temperamental when it comes to DNS/RDNS. I've no idea how true this is but i prefer to err on the side of caution.

So for example, if my linode had a name of "flanders.example.org" the rDNS would also be set to that, as would the mailname and the MX record in the DNS.

I would then use a CNAME record to alias "mail" to "flanders" for use in IMAP/POP clients. When sending email through the SMTP server you should use flanders.example.org else you will get a mismatched SSL certificate warning (free SSL certificates are available from StartSSL).

RDNS does not have to be the same as MX. Consider a domain hosted by several machines… one does mail, one does www, etc.

What you have is fine. It'll work. Microsoft's SenderID is rather picky about SPF records. You might want to cater to them if you intend to send mail to hotmail.com or msn.com recipients.

e.g. condiser below, which was generated using Microsoft's "SPF Wizard"

v=spf1 a mx ip4:207.192.69.xxx mx:smtp.example.com -all

Anyway, that's what I use and I can send mail to hotmail. 207.192.69.xxx resolves to example.com, and smtp.example.com is a simple A record, also pointing to 207.192.69.xxx.

I wouldn't use CNAME. It has a completely different purpose.

You're right that the rDNS doesn't have to be the same as the MX record however i have heard that some SMTP servers are picky and want the host listed in the MX record for a domain to have matching rDNS records for the IP.

As i said earlier, i've no idea if it's (still) true but since no one will know what host email is sent to for your domain without actually looking it up, what does it matter if it's going to a less aesthetically pleasing flanders.example.org rather than smtp.example.org?

But, as you say, the OPs solution should work fine. The only thing i really disagree on is the choice of using just grunkalunka.net as the rDNS when he's named the machine flanders.grunkalunka.net. But maybe that's just me. :D

@Middling:

i have heard that some SMTP servers are picky and want the host listed in the MX record for a domain to have matching rDNS records for the IP.

Then such a host is broken. I've not seen this. It is perfectly legitimate to have multiple A records pointing to 1 IP address; of course there can only be one rDNS entry :-)

mail.host.example    IN A 1.2.3.4
my.host.example      IN A 1.2.3.4
host.example         IN MX 10 mail.host.example.
4.3.2.1.in-addr.arpa IN PTR my.host.example.

My own MX record is such an example.

What is required is that the IP address of your host maps to an A record that maps back to the same IP address.

eg 1.2.3.4 -> my.host.example -> 1.2.3.4

Many thanks for the help everyone. In the end, I've decided to set postfix to use flanders.grunkalunka.net for both myorigin and myhostname. I also set the RDNS to it. I hope keeping it consistent will help more mail make it through picky servers.

My final SPF is the one I mentioned before: "v=spf1 mx ~all"

Just a note about SPF. It may not be all it's cracked up to be. I forget all the specifics, but when I looked into it a while back, I concluded that it shouldn't be implemented. Here's a link that appears to explain why.

http://www.advogato.org/article/816.html

Reply

Please enter an answer
Tips:

You can mention users to notify them: @username

You can use Markdown to format your question. For more examples see the Markdown Cheatsheet.

> I’m a blockquote.

I’m a blockquote.

[I'm a link] (https://www.google.com)

I'm a link

**I am bold** I am bold

*I am italicized* I am italicized

Community Code of Conduct