Setting up Domain at Registrar/Zone Holder
To create a mail server, you will need a domain name. You can register it with your Internet service provider or directly with the registrar.
After you register a domain name, you will need to make changes to the zone description on the DNS server (at the domain zone holder, which is often the registrar).
1. Create an A-type resource record with a name for the mail server in your domain, pointing to the external IP address of SafeUTM. Make sure that a public address accessible from the Internet is assigned on the UTM external interface.
2. Add an MX-type resource record pointing to the A record that was created in the previous step. An MX-type record points to a network node that processes mail messages for the domain. It should refer to the domain name of the mail server, not the IP address.
We also recommend
3. Adding a reverse PTR-type resource record. This entry must be registered in the reverse zone file. These changes must be made on your Internet provider's side. Contact them with a request to register a reverse resource record for your IP address, which should refer to your MX-type record.
4. Configuring an SPF record for your mail server.
5. After configuring the mail server, also configure the DKIM signature of mail messages. To do this, go to Mail Relay -> Advanced Settings -> DKIM-signature and activate the item Sign outgoing mail with DKIM.
Also, create a TXT record for your domain from the zone holder with the name from the Record Name line and with the content that was generated by SafeUTM in Record Value.
Let's look at the set of necessary records using the example of a fictional domain example.net:
- A-record of the type:
mail.example.net. IN A 23.45.67.89
, where 23.45.67.89 is the external IP address of SafeUTM. - MX-record of the type:
example.net. MX 10 mx.example.net
- Contact your hosting to register a PTR record for the desired IP address of the type:
89.67.45.23.in-addr.arpa IN PTR mail.example.net
- SPF-record that announces to other mail servers on the Internet that sending emails from your domain is allowed only from the mail server host specified in the MX-record:
example.net. IN TXT "v=spf1 a mx -all"
SPF syntax:
"v=spf1" — SPF version, required parameter, always spf1, no other versions work.
"+" — accept emails (by default).
"-" — reject.
"~" — "soft" rejection (the email will be accepted, but will be marked as spam).
"?" — neutral attitude.
“MX" — includes all server addresses specified in MX records of the domain.
When using a mail server on UTM as a mail relay, resource records will look the same, since on the Internet your LAN mail server will be represented by an SMTP relay on UTM.