Mail server - Slice setup

Following from the Mail server overview, we can start creating our mail server by preparing the Slice and setting the hostname and RDNS.


Assumptions

The series assume you have followed the base setup articles for your Slice and that you are using Ubuntu Hardy.

If you have not followed the setup articles, packages may be missing.

Using another distro will mean it is very unlikely the articles will work as intended.

Ubuntu Hardy Setup - page 1 and page 2.

Hostname and RDNS basics

Once the base setup has been completed we need to set the hostname and RDNS for our Ubuntu Hardy Slice.

The hostname is simply what the Slice calls itself. Although more relevant to single domain setups, it is still important to set the hostname correctly.

The RDNS helps identify the Slice as legitimate and reduce the chances of our emails being classed as spam by the more eager spam filters that exist.

In this series we will be using two example domains:

demoslice.com

and

testslice.com

Both these domains exist and will have the various DNS records (MX, SPF, etc) set according to the articles.

The thing to note in the setup is the 'master' domain is demoslice.com - this is the domain we will use when setting the hostname and the RDNS.

Where confusion can arise is when we start using more than one domain. That is, when we start sending email from testslice.com.

Remember we are setting up postfix to handle multiple domains. The headers in the email will be set to the correct domain.

What is important to understand is that each domain will have its own DNS records. As such, both domains will have the MX records pointing to 'mail.demoslice.com' and have SPF records set to the relevant details.

As long as the details in the DNS records are correct, the email will not be classed as spam. It doesn't matter that mail from testslice.com is being sent via mail.demoslice.com. The reason it doesn't matter is that we will have defined that mail is to sent from that location in the DNS records for testslice.com.

It can be a difficult concept to understand but look at it this way - when you post a physical letter you do so from a genuine and legitimate post box. As long as the post box is both genuine and legitimate, then it will arrive at its destination without issue. The same principle applies here: as long as the email is sent from a legitimate server (which is defined in the DNS records) then you will have no issues.

Set the DNS

As we've discussed, then, set up basic DNS records for your mail server host names. You can make the changes through the SliceManager. If you need some help doing so you can browse through this article on DNS.

Setting the hostname

Check the current hostname of your Slice with:

hostname -f

In my case, the test Slice was built with the name 'slice1'. As such the resulting hostname is:

slice1

Let's change that by configuring two files:

sudo nano /etc/hostname

Replace the hostname with your mail server hostname. In this case, I will replace 'slice1' with 'mail.demoslice.com'.

Secondly:

sudo nano /etc/hosts

Again, replace your current Slice name with your desired hostname.

having replaced my current Slice name (slice1) with my desired hostname (mail.demoslice.com) we need to do a quick reboot of the Slice:

sudo reboot

Once the Slice has rebooted, log back in and check the hostname:

hostname -f

In my case, it now shows:

mail.demoslice.com

If you get an error along the lines of "name or service not found", that means the system is having trouble getting the fully qualified domain name for your system from DNS. Double-check the records you created in DNS for the mail servers.

RDNS

Now we need to set the RDNS for the Slice. This is a very important step in the creation of our mail server. Many mail servers will check the RDNS matches the expected details. If the RDNS does not match then the mail can be classed as spam.

For example, when we set the DNS records for testslice.com we will defined the MX records to point to mail.demoslice.com. If the RDNS of that IP does not match then the mail is likely to be rejected.

We can check the RDNS of the Slice from the Slicemanager.

Log into the Slicemanager

Once done, click the DNS tab and then the 'Reverse DNS' link.

On the demo account, one of the Slices has this record as the default:

Slicemanager - Reverse DNS

All we need to do is change the default entry to match our main domain:

Slicemanager - Changing the RDNS

Done.

Check the RDNS

The RDNS may take a while to propagate and you really need to wait until it has done so before you can fully configure and test any mail setup.

To check the RDNS, you need to input the IP address of the Slice into the 'dig' command.

Note that 'dig' is not installed on a base Ubuntu Hardy Slice:

sudo aptitude install dnsutils

Once installed you can check the RDNS:

dig -x 208.75.84.20

In this case, the output includes the correct answer:

dig -x 208.75.84.20
...
...
;; QUESTION SECTION:
;20.84.75.208.in-addr.arpa.     IN      PTR

;; ANSWER SECTION:
20.84.75.208.in-addr.arpa. 3477 IN      PTR     mail.demoslice.com.

Done.

Summary

Preparing the Slice is a vital step in any setup but is doubly important when it comes to installing a mail server.

The next article will llok at creating a vmail user and mailboxes.

PickledOnion

Article Comments:

ccarey commented Thu Sep 11 18:59:15 UTC 2008:

If the mail server is located on the same slice as the web server for the domain, do any special steps need to be taken?

Branko Vukelic commented Sun Sep 21 09:55:59 UTC 2008:

It would be great if these articles could have links to 'next' and 'previous' articles, because I find it a bit difficult to find the related ones.

Sytse Sijbrandij commented Sun Oct 05 11:09:13 UTC 2008:

If 'hostname -f' fails but 'hostname' produces a valid result you might need to change /etc/hosts. Use 'sudo nano /etc/hosts'

Please refer to: http://linux.dsplabs.com.au/hostname-unknown-host-bug-not-resolving-error-fix-p52/ (note comments in end) http://www.faqs.org/docs/securing/chap9sec95.html

My /etc/hosts file became: 127.0.0.1 localhost localhost.localdomain 209.20.??.?? mail.???????.com mail

(replace ?? with you details, use ifconfig to find your ip address)

Best regards, Sytse Sijbrandij

Conrad VanLandingham commented Sun Oct 12 16:56:25 UTC 2008:

Is it imperative that we set the hostname to mail.domain.com, instead of, lets say, just domain.com?

Luke commented Sat Nov 15 23:51:25 UTC 2008:

Very informative. However, from these articles I get the impression that a single slice is used for just setting up a mail server. Is that correct?

The whole hostname things becomes therefore very confusing because most people will use their slice as a web server as well.

Other than that. Keep up the good work. These articles are gold. You should bundle them in a book of some sort for handy reference. I'll buy it!

Iain Duncan commented Mon Dec 29 23:16:45 UTC 2008:

It seems to me from the hostname man page that instead of rebooting we can edit /etc/hostname ( which will take effect on reboot ) and also do

$ sudo hostname NEWHOSTNAME

which takes effect right away. If that is correct, maybe that could be added to the article?

Thanks for the tutorials!

Victoria commented Tue Dec 30 23:58:23 UTC 2008:

Like many of the other people here, I am also using my slice as both a web server and a mail server for multiple domains.

It does seem like this article is targeted at people who are using their slice as a dedicated mail server.

I am slightly confused, and just want to confirm that I don't have to do anything different from what is described here even if I am using my slice as a web server too? (Eg, do I still set my hostname as mail.mydomain.com?)

Thank you very much for your otherwise very clear instruction!

matthew commented Wed Dec 31 00:42:52 UTC 2008:

I would also like to know whether I need to set the hostname to mail.mydomain.com if I am also using the server as a webhost.

Is it possible to use mydomain.com instead?

sky debaun commented Sat May 16 13:04:04 UTC 2009:

I had problems receiving emails until I straightened out the mail.mydomain.com (hostname) issue. I too was confused by the examples since I did not want to name my domain "mail.mydomain.com."

In /etc/postfix/main.cf I changed "myhostname" to match the Reverse DNS setting which is "mail.mydomain.com."

This did not change my "regular" hostname which is determined in /etc/hostname

Brian Armstrong commented Tue May 19 03:09:32 UTC 2009:

I'd like to echo the comments above. This article is a bit confusing in that I have all this running on the same slice as my web server. Therefore it seems strange to rename is to mail.mydomain.com

I ended up just naming it mydomain.com and went through 100% of the articles. It appears to be working correctly, but it's still not entirely clear to me. For example, I've read elsewhere that it makes sense to make a separate mail.mydomain.com so that in the event you do need to move it, it's easy. But they can still both be on the same slice.

A little more explanation here would be helpful.

Thanks! Brian

chovy commented Sat May 30 06:35:02 UTC 2009:

What do we need to do for DNS to make sure mail.testslice.com works?

Dean Close commented Tue Jun 09 23:36:23 UTC 2009:

DNS records when a single slice runs both web and mail servers

The slice in this article runs the mail service and nothing else. Might as well name it mail.demoslice.com and set that up as an A record. I am a newb with only one slice, running multiple services and it has taken a while for me to figure out how i should proceed.

Many people, like me, will have intuitively created an A record named mydomain.com. and pointed it at our slices ip. This is (so i've found) not best practice and will cause problems when you want to receive mail.

I have the domain name crimsoncrows.com. I have a slice with the host name "cc1.crimsoncrows.com". Maybe if business is good i will have a second slice, and i think i'll call that cc2. I have created a corresponding A record on the DNS with the name "cc1" which points to my slice's IP. Because I have only one slice, I have only one A record. Otherwise I would have one A record for every slice/machine that i wanted to be found at crimsoncrows.com

I want to serve web pages from my domain, so I create a CNAME record called www and point it to the machine hosting the web server. In this case, that's cc1, so I point it to "cc1.crimsoncrows.com.". I can do this because it's a CNAME record not an A record. A records only take IP addresses.

I also want people to be able to access the webserver from crimsoncrows.com as well (not just www.crimsoncrows.com, so I create another CNAME record called "crimsoncrows.com." and point it to "www.crimsoncrows.com." which makes sense. If I move my web server to a different host at some point, I only have to change one DNS record, the www one.

I want a mail service running from my domain, so i create a CNAME record called mail and point it to the machine hosting my mail server. In this case, that's my only slice, cc1, so I point it to "cc1.crimsoncrows.com."

I also create a MX record called "crimsoncrows.com." and point that to my mail service, "mail.crimsoncrows.com.". From the previous paragraph we know that that goes to our host cc1.

The last thing I had to set up was the Reverse DNS for each slice. Rather nicely, this is set to it's fully qualified domain name, which is hopefully our A record for the slice. In this case, "cc1.crimsoncrows.com."

Once I set up spfs to deny email rights to any hosts other than the one referred to in my MX record, i am finished with my DNS setup.

Now I can receive mail and feel good about my well ordered DNS records. (though when I'm less of a newb I might look back on this and wince).

I hope that's as useful as I would have found it a day ago - and thank you pickled onion for these amazing articles!

Brian Armstrong commented Fri Jul 17 22:21:09 UTC 2009:

SliceHost support seems to be mute on this one, but here is the info I've managed to find:

  1. You can use either one (mail.domain.com or domain.com)

  2. Whichever you use, make sure the reverse dns says the same thing

  3. Only reason I can see to use mail.domain.com even if you have both on the same slice, is that it could be easier if you ever need to move to the mail server to it's own slice

Hope it helps someone. Brian

Aaron commented Sun Jul 19 13:16:34 UTC 2009:

Will this work if my server is also a web server, hosting multiple domains?

Brian Armstrong commented Fri Jul 31 07:40:30 UTC 2009:

Awesome writeup Dean, I was wondering could you also mention what you used for /etc/hosts and /etc/hostname. And your main.cf?

Thanks! Brian

Jon M commented Thu Sep 03 15:39:46 UTC 2009:

@Dean Close

Problem with that is, is your website is accessible via:

mail.crimsoncrows.com www.crimsoncrows.com crimsoncrows.com

The bottom two are normal but I don't think you want your mail server address pointing to your website like that...or maybe you do...I dunno really

fred commented Wed Feb 24 14:45:20 UTC 2010:

"The series assume you have followed the base setup articles for your Slice and that you are using Ubuntu Hardy."

I've seen the above msg at the beginning of this article. I'm using Ubuntu Intrepid on slice, is that going to work the same way ? Or this series article is for Ubuntu Hardy only ?

Jered commented Wed Feb 24 14:49:33 UTC 2010:

It means that the article and its instructions were tested on Hardy. Most of the time the same instructions will work on Intrepid, just keep an eye out for any differences that may crop up due to differences in software versions.

Paul Trippett commented Mon May 03 21:23:13 UTC 2010:

I have noticed email getting rejected by some pretty strict mail hosts out there. The problem seems to be that new slicehost ip's are taken from a ip range listed in the SpamHAUS PBL list. I had to request removal manually using http://www.spamhaus.org/pbl/query/PBL369920

--

Ref: PBL369920

173.203.192.0/19 is listed on the Policy Block List (PBL)

Outbound Email Policy of Rackspace US, Inc. for this IP range:

Please review the Rackspace AUP before requesting removal of your IP address.

Jered commented Tue May 04 15:51:12 UTC 2010:

Sorry about that Paul, I need to work out a way to make the Spamhaus PBL hurdle more obvious to people setting up new mail servers. We do have an article here about what the Spamhaus PBL is and how to remove a slice IP address from it, for anyone wanting to read more about the issue.

Paul Trippett commented Fri May 28 18:33:51 UTC 2010:

No problem Jered, It wasn't really an issue for me but this page didn't have that info on it and for me was a landing page when i was finding out what was going on.

dylan oliver commented Fri Jun 11 22:14:41 UTC 2010:

this is wrong. correct configuration given a static ip of 5.5.5.5 and hostname of my.domain.tld:

/etc/hostname: my

/etc/hosts: 127.0.0.1 localhost localhost.localdomain 5.5.5.5 my.domain.tld my

/etc/mailname: my.domain.tld

on ubuntu lucid (10.04), execute "start hostname" to register the change.

hostname should then report: my

hostname -f should report: my.domain.tld

Jered commented Tue Jun 15 06:05:03 UTC 2010:

The hostname property can be set to a fully-qualified domain name, as it was in the article above. It's not "wrong", per se. The article took that approach because it's simpler to set up a fully-qualified hostname property, then let the mail server package's install grab that for its config. The goal of these articles is to let people get systems up and running, and give them a basis for further learning, so we tend to go for simpler approaches for some settings (like the hostname).

Doug Schlenker commented Tue Jun 12 19:14:15 UTC 2012:

Has anyone had any difficulties going through the certified sender/email certification with Return Path? If so, what changes did you have to make from these instructions?

cheers,

doug.

Bridget | Best Apps commented Sun Jul 22 04:16:53 UTC 2012:

Thanks for sharing this post! It helps a lot in making sure that no amount of effort will be wasted in using this mail server.

Want to comment?


(not made public)

(optional)

(use plain text or Markdown syntax)