0

Background

I have a VPS, with one external IP hosting <10 domains (DOMAIN.TLD). Each domain receives and sends email. Each domain has associated DKIM / SPF / MX entries. The PTR record exists and is associated with the main domain (MAINDOMAIN.TLD) on the VPS.

Problems

  1. Mails end up in the spam folder (yahoo) for some receivers and do not get received at all by others (outlook). Gmail (and others emails hosted at different hosting providers like one.com) receives inbox immediately.

  2. Not having a clear idea on how to configure each domain DNS in regards to email.

What I've done so far

Initially (the non-tested ones still have), each domain had an A record (mail.domain.tld ) and a MX record that pointed to the A record, but no PTR associated with the VPS IP. Email sending worked but I had Problem #1

A     -> MAIL -> VPS_IP
MX    -> 10   -> MAIL.DOMAIN.TLD.

After finding out about and setting up the PTR record (which is the main reason why some email servers disregarded my emails, thus not having them received), I considered pointing each domain MX record to the domain resolved by PTR (MAINDOMAIN.TLD -> VPS_IP). I tried using CNAME to point and then directly MX to point.

CNAME -> MAIL -> MAINDOMAIN.TLD.
MX    -> 10   -> MAIL.DOMAIN.TLD.

and then 

MX    -> 10   -> MAINDOMAIN.TLD.

In both cases, I had the same situation as described in Problem #1.

Questions

  1. What's wrong with the setup ?
  2. Whats the best way to approach this - having all domains using the MAINDOMAIN.TLD as MX (via CNAME or directly?) or having all domains using their own domain as MX ? (I think the 1st variant is to go for, because of the PTR record and the fact that I only have a single external IP address - but I'm not getting why it's not working)
  3. Are there any free and reliable (wanting too much?) external email providers that can handle email sending instead of doing it myself ?

Additional info that might be relevant

  • how do I know DNS records are/were according to my description - using linux cli tools like host, dig, nslookup + https://mxtoolbox.com/
  • i'm using ISPconfig3 as a hosting control panel
  • the VPS is bought from DigitalOcean ,DNS management being done in the DigitalOcean dashboard
  • SMTP server is postfix
  • my IP is not blacklisted - checked with https://mxtoolbox.com/SuperTool.aspx?action=blacklist ; mail-blacklist-checker.online-domain-tools.com/
  • nothing relevant in /var/log/mail.log - shows that emails are being sent but there is nothing answer related
gotgameg
  • 1
  • 2

3 Answers3

1

Easy-n-Good way

Hire good postmaster and hostmaster, they can fast and easy fix all your noob mistakes (alot of)

Hard-n-Glorious way

RTFM, beсome competent postmaster and hostmaster and do The Right Things (tm)

Your current (related and unrelated) errors

  1. Never point MX to CNAME, only to A
@    MX mail
mail CNAME some.name

is BAD

@    MX mail
mail A some.ip.here

is GOOD, even if some.ip.here is shared across any|all your domains

  1. MX config (any) is unrelated to your undeliverable e-mail: for extremely paranoid checks (but still RFC-compliant) MX for domain just: 1) must exist 2) be resolvable to routeable IP

  2. All IP-related tests on receiver's side include (AFAICR, I'm out of *master business for a long time), to the maximum extent (I done it on my MXes):

    • Pure hostmaster area: Paranoid IP-check (IP1-hostname-IP2) for connected IP, all resolves must be successful and IP1=IP2
    • Mix of 2 areas: hostname in EHLO(HELO) parameter (SMTP-related config) must be resolvable (DNS-game) (just resolvable to any real IP, it is RFC-compliant also) and can not correlate to e-mail's domain in any way or hostname of emitter (but in current lame world using hostname of your VPS will be safer)
  3. Spam-filtering can be (most probably) result of content-analysis, not related directly to your DNS-settings
Lazy Badger
  • 3,137
  • 15
  • 13
0

Consider a mail filtering company like MimeCast - they need to send and receive mail for many thousands of domains. Your problem is a small version of their setup.

  • Each MX can happily point to maindomain.tld, they do not need to be personalized/changed for each domain. You must follow standards for MX records which, as any fule kno, does not allow CNAMEs.

  • Each SPF record must be correct in all ways and could include the statement include:maindomain.tld.

  • It would be sensible for the PTR record for maindomain.tld to correctly refer to the A record used for sending mail (e.g. mail.maindomain.tld).

  • All mail servers should be configured to announce themselves in EHLO as the hostname above.

Daniel K
  • 649
  • 1
  • 4
  • 16
-2

So how to become a good postmaster / hostmaster ? So far, what I've read and finally applied was according to best practices - In this case I would appreciate pointing me to the FM that you are referring to.

For my questions 1) and 2) and for your suggestions : 1) I have corrected that before your answer, I just explained what I tried 2) Yes, it existed and was resolvable 3) Hostname in EHLO is resolvable and is the same with servers hostname. 4) Tried a lot of text variants - that was not the problem.

For my 3rd question Free solutions would include ZohoMail and Yandex Payed solutions are many but really do not make sense from a financial perspective.

Conclusion I had the correct config/DNS settings but the problem is microsofts mail filtering and the fact that the domain was barely created (affecting DNS propagation + filters that check the age of the domain)

gotgameg
  • 1
  • 2
  • I think you are answering your own question. It might be better to use comments to reply to @Lazy-Badger. – Daniel K Sep 16 '15 at 07:33
  • @gotgameg: Please adjust your attitude. People are here to help you. Lashing back like this is not acceptable. Also, your answer doesn't really answer your question, it's a mix of commentary and a bit of what you consider the solution. – Sven Sep 16 '15 at 10:39