From that solid base, we can send mail and we know it all works according to plan. Now we can move onto receiving emails. To do that, we need to create the correct MX records and open port 25 in our iptables firewall.
Remember that at this stage we are dealing with a single domain. In the example articles I am using the domain 'demoslice.com'. You would, of course, replace that with your main domain.
Although there are existing articles on creating MX records (see here), let's have a quick run through of what we need.
Keeping with traditional naming conventions we need a subdomain named 'mail' (thus giving mail.demoslice.com). and the MX record for demoslice.com pointing to that subdomain.
Please refer to the article shown above for details of how to add the records to the DNS panel in the Slicemanager. However the two records will look like this when being created:
You may note I entered the figure '10' in the Auxliliary information section when adding the MX record.
It is possible to have multiple MX records and have multiple mail servers for your mail. The way a request works out which one to use is based on this figure: The lower the number the higher the priority.
I entered '10' as I don't know what the future will hold. I may set up a 'super' mail server and want to give that one a higher MX priority, As such, when I created records for the 'super' mail server I would enter '0'.
A little 'future proofing' never does any harm.
Once the records have been created they can be checked using the 'dig' command.
The moment the records have been created, you can check them on the nameserver itself. This saves waiting for the records to propagate only to find you made a mistake.
So, to check the 'mail' subdomain is correctly entered on the Slicehost nameserver:
dig mail.demoslice.com @dns1.stabletransit.com
The section we are looking for is:
;; ANSWER SECTION: mail.demoslice.com. 86400 IN A 188.8.131.52
Now we can check the MX record for the demoslice.com domain:
dig demoslice.com MX @dns1.stabletransit.com
;; ANSWER SECTION: demoslice.com. 86400 IN MX 10 mail.demoslice.com.
Again, that is correct.
When we set up the Slice we created a simple firewall using an iptables script (please see the Slice setup article for details).
The common port for receiving mail is port 25 and base setup didn't have that port open.
If you tried to send mail to the domain you would get an undeliverable notification.
Using the same files from the Slice setup article, let's open the iptables test file:
sudo nano /etc/iptables.test.rules
To open port 25, we need to add the following just after the 'Allows all outbound traffic' entry:
# Allows postfix to accept incoming connections -A INPUT -p tcp --dport 25 -j ACCEPT
Note the line starting with the '#' is not compulsory but I find commenting a file makes for much easier administration at a later date when you have no idea what you entered.
Once done and saved, we need to make the new rule set active:
sudo iptables-restore < /etc/iptables.test.rules
The port will now be open but it's always good practice to check something so important:
sudo iptables -L
Amongst the output is the new line:
ACCEPT tcp -- anywhere anywhere tcp dpt:smtp
So now we can accept smtp connections - it is named smtp as the default port (25) has been opened.
To save the final configuration to the script that is executed on a reboot, you need to be root rather than just use sudo:
The command is:
iptables-save > /etc/iptables.up.rules
Once done, exit root:
Done. We now have the correct port open in our iptables firewall.
Now we have the Slice setup to receive mail for our domain.
The next article will look at the telnet package to conduct some final tests on the setup to ensure postfix is sending the correct identification details, we'll also take a look at checking the email from the command line (future articles will look at pop and imap access).
Setting the Slice to receive email for our domain requires the correct DNS entries and an open port in our iptables firewall.
Once done, the Slice can receive email.