Postal Kitchen # 1: DNS
I think many will be interested in finally learning how mail works. In several articles, I will try to describe in a simple language all the basic issues related to the operation of e-mail in general and the necessary settings - in particular.
For simplicity and reducing the number of letters, we will consider the simplest (and most common) situation:
1 domain name (example.com).
1 email domain (*@example.com).
1 mail server (mail.example.com).
1 IP address (127.127.127.127).
Regarding mail, we are interested in four types of records in DNS.
The second is mandatory, without it, in 99% of cases mail will not go at all. You can do without the others, in principle, but the chances that your message will be rejected as spam increase at times - the same mail.ru discards almost all mail whose IP addresses do not have PTR, or PTR refers to dial-up providers. And it is right.
A ( A ddress) is a record indicating the IP address of the domain name we need. For mail to work correctly, an A-record of the mail server (mail.example.com) is required. In our case, it will look like this:
Where:
mail - domain.
IN A - record type.
127.127.127.127 - IP of our mail server.
The MX ( M ail an e the X change) - the main entry for the DNS-elektopochty. It indicates which servers process mail for our domain.
We have one mail domain - example .com. And one mail server is mail.example.com. Accordingly, the entry will look like this: Where: example.com is the domain for which mail is processed. IN MX - record type. 10 - recording priority (Details - below). mail.example.com - A-name of the mail server. The MX record must point specifically to the A record of the mail server. Setting MX to IP or CNAME is not correct.
MX record priority is needed when there is more than one mail server for one domain (for example, Google Mail has six of them). It indicates which server is being accessed in the first place, in the second and so on (if the first (second, tenth) server is unavailable or congested, or for other reasons cannot receive the letter). The logic is simple - the one whose number is smaller is more priority. The order of numbers is not limited, at least 10-20-30, at least 1000-2000-3000.
If the domain does not have any MX records, or none of the MX servers is available, the sender server will try to deliver mail to the IP specified in the domain A record. This is called A-delivery, but in principle it is not kosher and is not used by many servers - you need to specify MX, even if it is only one.
PTR ( P oin T e R ) - the so-called " writeback ". It allows reverse resolving IP addresses to an FQDN host.
Our reverse IP will look like this: 127.127.127.127.in-addr.arpa. In this example, it is poorly visible, but the address is inverted in the reverse zone. Those. IP 192.168.0.1 will look like 1.0.168.192.in-addr.arpa.
For correct recognition of the host, the record of the IP address from which it is sent must match the hostname of the mail server sent to HELO \ EHLO.
PTR record in our case, respectively: The
owner of the block of IP addresses can write this record ( Read my article on the allocation of address space) If you are not one and have received addresses from the provider, please contact your provider or data center to set up the record.
TXT ( T e XT ) - DNS text entry. We are interested in it only in that it can (and in the modern world - should) contain SPF.
An SPF ( the S ender P olicy the F ramework) - entry, which allows you to specify which servers are allowed to send email from your domain name (imagine your server or with a return address in your domain).
If this entry is not there, and someone is trying to send an email (usually spam) with a return address in your domain - it will be rejected by most servers. Or it won’t, and you get big problems with your data center or provider and the reputation of a spammer :) An
SPF record looks like this:
v = spf1 ip4: 1.1.1.1 + a + mx -all (example).
Where:
v = spf1 - protocol version.
(+ \ -) a - enable or disable sending mail from IP corresponding to the domain A-record.
(+ \ -) mx - enable or disable sending mail from IP corresponding to the domain MX record.
ip4: IP - explicit IP indication from which you can receive mail on behalf of a domain
(~ \ -all) - reject or accept mail from IPs not listed and not explicitly specified.
In our case, the TXT SPF record will be like this:
Thus, we allowed reception of mail on behalf of a domain with IP corresponding to A or MX records and prohibited reception from other addresses - no one can spoof us by pretending or deceive our users by sending a phishing link on behalf of those. support.
I will be glad to comment, ready to answer questions.
In the following articles I will write about SMTP, Greylisting and RBL.
And you can join the blog and also talk about something.
For simplicity and reducing the number of letters, we will consider the simplest (and most common) situation:
1 domain name (example.com).
1 email domain (*@example.com).
1 mail server (mail.example.com).
1 IP address (127.127.127.127).
Regarding mail, we are interested in four types of records in DNS.
- A
- MX
- Ptr
- Txt
The second is mandatory, without it, in 99% of cases mail will not go at all. You can do without the others, in principle, but the chances that your message will be rejected as spam increase at times - the same mail.ru discards almost all mail whose IP addresses do not have PTR, or PTR refers to dial-up providers. And it is right.
A record
A ( A ddress) is a record indicating the IP address of the domain name we need. For mail to work correctly, an A-record of the mail server (mail.example.com) is required. In our case, it will look like this:
mail IN A 127.127.127.127
Where:
mail - domain.
IN A - record type.
127.127.127.127 - IP of our mail server.
MX records.
The MX ( M ail an e the X change) - the main entry for the DNS-elektopochty. It indicates which servers process mail for our domain.
We have one mail domain - example .com. And one mail server is mail.example.com. Accordingly, the entry will look like this: Where: example.com is the domain for which mail is processed. IN MX - record type. 10 - recording priority (Details - below). mail.example.com - A-name of the mail server. The MX record must point specifically to the A record of the mail server. Setting MX to IP or CNAME is not correct.
example.com. IN MX 10 mail.example.com
MX record priority is needed when there is more than one mail server for one domain (for example, Google Mail has six of them). It indicates which server is being accessed in the first place, in the second and so on (if the first (second, tenth) server is unavailable or congested, or for other reasons cannot receive the letter). The logic is simple - the one whose number is smaller is more priority. The order of numbers is not limited, at least 10-20-30, at least 1000-2000-3000.
If the domain does not have any MX records, or none of the MX servers is available, the sender server will try to deliver mail to the IP specified in the domain A record. This is called A-delivery, but in principle it is not kosher and is not used by many servers - you need to specify MX, even if it is only one.
PTR record.
PTR ( P oin T e R ) - the so-called " writeback ". It allows reverse resolving IP addresses to an FQDN host.
Our reverse IP will look like this: 127.127.127.127.in-addr.arpa. In this example, it is poorly visible, but the address is inverted in the reverse zone. Those. IP 192.168.0.1 will look like 1.0.168.192.in-addr.arpa.
For correct recognition of the host, the record of the IP address from which it is sent must match the hostname of the mail server sent to HELO \ EHLO.
PTR record in our case, respectively: The
127.127.127.127.in-addr.arpa IN PTR mail.example.com.
owner of the block of IP addresses can write this record ( Read my article on the allocation of address space) If you are not one and have received addresses from the provider, please contact your provider or data center to set up the record.
TXT record and SPF.
TXT ( T e XT ) - DNS text entry. We are interested in it only in that it can (and in the modern world - should) contain SPF.
An SPF ( the S ender P olicy the F ramework) - entry, which allows you to specify which servers are allowed to send email from your domain name (imagine your server or with a return address in your domain).
If this entry is not there, and someone is trying to send an email (usually spam) with a return address in your domain - it will be rejected by most servers. Or it won’t, and you get big problems with your data center or provider and the reputation of a spammer :) An
SPF record looks like this:
v = spf1 ip4: 1.1.1.1 + a + mx -all (example).
Where:
v = spf1 - protocol version.
(+ \ -) a - enable or disable sending mail from IP corresponding to the domain A-record.
(+ \ -) mx - enable or disable sending mail from IP corresponding to the domain MX record.
ip4: IP - explicit IP indication from which you can receive mail on behalf of a domain
(~ \ -all) - reject or accept mail from IPs not listed and not explicitly specified.
In our case, the TXT SPF record will be like this:
example.com. IN TXT "v=spf1 +mx +a -all"
Thus, we allowed reception of mail on behalf of a domain with IP corresponding to A or MX records and prohibited reception from other addresses - no one can spoof us by pretending or deceive our users by sending a phishing link on behalf of those. support.
I will be glad to comment, ready to answer questions.
In the following articles I will write about SMTP, Greylisting and RBL.
And you can join the blog and also talk about something.