liph
5.6 KiB
Executable File
Replace example.com with your actual domain
Replace YOUR_PUBLIC_IP with your mail server's public IP address
Required DNS Records
1. MX Record (Mail Exchange)
Type: MX
Name: @
Content: mail.example.com
Priority: 10
Proxy: DNS only (gray cloud)
TTL: Auto
2. A Record (Mail Server)
Type: A
Name: mail
Content: YOUR_PUBLIC_IP
TTL: Auto
Proxy: DNS only (gray cloud)
3. SPF Record (Sender Policy Framework)
Type: TXT
Name: @
Content: v=spf1 mx ~all
TTL: Auto
For stricter policy, use:
v=spf1 mx -all
4. DKIM Record (DomainKeys Identified Mail)
Type: TXT
Name: mail._domainkey
Content: v=DKIM1; k=rsa; p=YOUR_PUBLIC_KEY_FROM_MAIL_TXT_FILE
TTL: Auto
To get your DKIM public key:
cat /etc/opendkim/keys/example.com/mail.txt
Important:
- Remove quotes from the key
- Remove line breaks (make it one continuous line)
- Format:
v=DKIM1; k=rsa; p=MIGfMA0GCSq...
5. DMARC Record (Email Authentication)
Type: TXT
Name: _dmarc
Content: v=DMARC1; p=none; rua=mailto:dmarc@example.com
TTL: Auto
Policy Levels (in order of strictness):
p=none- Monitor only (start here)p=quarantine- Mark suspicious emailsp=reject- Reject failing emails (most strict)
6. PTR Record (Reverse DNS)
⚠️ This MUST be configured at your hosting provider, NOT Cloudflare
Contact your VPS/hosting provider and request:
PTR for YOUR_PUBLIC_IP → mail.example.com
Example request email:
Subject: PTR Record Configuration Request
Hello,
Please configure the reverse DNS (PTR record) for my IP address:
IP: YOUR_PUBLIC_IP
PTR Record: mail.example.com
Thank you!
Optional But Recommended
7. Autodiscover (Easy client setup)
Type: CNAME
Name: autodiscover
Content: mail.example.com
TTL: Auto
Proxy: DNS only
8. Autoconfig (Mozilla clients)
Type: CNAME
Name: autoconfig
Content: mail.example.com
TTL: Auto
Proxy: DNS only
Verification Commands
After adding DNS records, verify them with these commands:
Check MX Record
dig example.com MX
# or
nslookup -type=MX example.com
Check A Record
dig mail.example.com A
# or
nslookup mail.example.com
Check SPF Record
dig example.com TXT
# or
nslookup -type=TXT example.com
Check DKIM Record
dig mail._domainkey.example.com TXT
# or
nslookup -type=TXT mail._domainkey.example.com
Check DMARC Record
dig _dmarc.example.com TXT
# or
nslookup -type=TXT _dmarc.example.com
Check PTR Record (Reverse DNS)
dig -x YOUR_PUBLIC_IP
# or
nslookup YOUR_PUBLIC_IP
Important Notes
-
Proxy Status: Always use "DNS only" (gray cloud) for mail-related records. Never use Cloudflare proxy (orange cloud) for MX, A records pointing to mail servers, or mail-related TXT records.
-
Propagation Time: DNS changes can take 1-48 hours to fully propagate worldwide. Be patient!
-
Testing Tools: Use these to verify your setup:
- https://www.mail-tester.com (sends test email)
- https://mxtoolbox.com/SuperTool.aspx (DNS checker)
- https://dmarcian.com/dmarc-inspector/ (DMARC validator)
- https://www.dmarcanalyzer.com/dkim/dkim-check/ (DKIM validator)
-
Common Mistakes:
- Forgetting to set PTR record at hosting provider
- Using Cloudflare proxy on mail records
- Not removing quotes/spaces from DKIM key
- Typos in subdomain names (_dmarc, _domainkey)
-
Priority Order:
- Day 1: Add MX, A, and SPF records
- Day 2: Add DKIM record (after generating keys on server)
- Day 3: Add DMARC with
p=nonefor monitoring - Week 2+: Change DMARC to
p=quarantineorp=reject
Cloudflare Specific Settings
API Mode (Optional)
If you want to automate DNS updates via API, you'll need:
- Your Cloudflare Zone ID
- An API token with DNS edit permissions
SSL/TLS Settings
In Cloudflare dashboard:
- Go to SSL/TLS → Overview
- Set to "Full" or "Full (strict)" if you have valid certificates
- Do NOT use "Flexible"
Email Routing
Cloudflare offers Email Routing that can forward emails. If you're running your own server, make sure:
- Email Routing is DISABLED, or
- Configure it to work alongside your MX records
Quick Setup Checklist
- Add MX record pointing to mail.example.com
- Add A record for mail.example.com with your IP
- Add SPF TXT record
- Generate DKIM keys on server
- Add DKIM TXT record
- Add DMARC TXT record (start with p=none)
- Contact hosting provider for PTR record
- Wait 24-48 hours for propagation
- Test with dig/nslookup commands
- Send test email to mail-tester.com
- Check MXToolbox for any issues
Example Complete DNS Setup
For domain: example.com
Mail server IP: 203.0.113.50
| Type | Name | Content | Priority | TTL | Proxy |
|---|---|---|---|---|---|
| MX | @ | mail.example.com | 10 | Auto | DNS only |
| A | 203.0.113.50 | - | Auto | DNS only | |
| TXT | @ | v=spf1 mx ~all | - | Auto | - |
| TXT | mail._domainkey | v=DKIM1; k=rsa; p=MIGfM... | - | Auto | - |
| TXT | _dmarc | v=DMARC1; p=none; rua=mailto:dmarc@example.com | - | Auto | - |
| CNAME | autodiscover | mail.example.com | - | Auto | DNS only |
PTR Record (at hosting provider):
- 203.0.113.50 → mail.example.com
Support Resources
- Cloudflare DNS Documentation: https://developers.cloudflare.com/dns/
- SPF Record Checker: https://www.kitterman.com/spf/validate.html
- DKIM Validator: https://dkimvalidator.com/
- DNS Propagation Checker: https://www.whatsmydns.net/
Good luck with your DNS setup! 🚀