# Setting up Domain at Registrar/Zone Holder

---

To create a mail server, you will need a domain name. You can register it with your Internet service provider or directly with the registrar.

After you register a domain name, you will need to make changes to the zone description on the DNS server (at the domain zone holder, which is often the registrar).

1\. Create an A-type resource record with a name for the mail server in your domain, pointing to the external IP address of SafeUTM. **Make sure that a public address accessible from the Internet is assigned on the UTM external interface.** 2. Add an MX-type resource record pointing to the A record that was created in the previous step. An MX-type record points to a network node that processes mail messages for the domain. It should refer to the domain name of the mail server, not the IP address.

We also recommend

3\. Adding a reverse PTR-type resource record. This entry must be registered in the reverse zone file. These changes must be made on your Internet provider's side. Contact them with a request to register a reverse resource record for your IP address, which should refer to your MX-type record.  
4\. Configuring an SPF record for your mail server.  
5\. After configuring the mail server, also configure the DKIM signature of mail messages. To do this, go to **Mail Relay -> Advanced Settings -> DKIM-signature** and activate the item **Sign outgoing mail with DKIM**.

Also, create a TXT record for your domain from the zone holder with the name from the *Record* *Name* line and with the content that was generated by SafeUTM in **Record Value.**

**Let's look at the set of necessary records using the example of a fictional domain example.net:**

- A-record of the type: **`mail.example.net. IN A 23.45.67.89`**, where 23.45.67.89 is the external IP address of SafeUTM.
- MX-record of the type: `<strong>example.net. MX 10 mx.example.net</strong>`
- Contact your hosting to register a PTR record for the desired IP address of the type: `<strong>89.67.45.23.in-addr.arpa IN PTR mail.example.net</strong>`
- SPF-record that announces to other mail servers on the Internet that sending emails from your domain is allowed only from the mail server host specified in the MX-record: `<strong>example.net. IN TXT "v=spf1 a mx -all"</strong>`

<p class="callout success">SPF syntax:  
"v=spf1" — SPF version, required parameter, always spf1, no other versions work.  
"+" — accept emails (by default).  
"-" — reject.  
"~" — "soft" rejection (the email will be accepted, but will be marked as spam).  
"?" — neutral attitude.  
“MX" — includes all server addresses specified in MX records of the domain.</p>

When using a mail server on UTM as a mail relay, resource records will look the same, since on the Internet your LAN mail server will be represented by an SMTP relay on UTM.