Post Kitchen # 1: DNS
I think many will be interested to finally find out how mail works. In a few articles, I will try to paint in as simple a language as possible all the main issues related to the operation of e-mail in general and the necessary settings - in particular.
For simplicity and reducing the number of letters, we will consider the simplest (and most common) situation:
')
1 domain name (example.com).
1 mail domain (* example .com).
1 mail server (mail.example.com).
1 IP address (127.127.127.127).
Regarding mail, in the DNS we are interested in four types of records.
The second is mandatory, without it, in 99% of cases, the mail will not go at all. You can do without the rest, in principle, but the chances that your email will be rejected as spam increase significantly - the same mail.ru discards almost all mail whose IP addresses do not have PTR, or PTR refers to dial-up providers. And it is right.
A ( A ddress) - record indicating the IP address of the domain name we need. For correct work of mail, an A-record of the mail server (mail.example.com) is required. Look, in our case, it will be like this:
Where:
mail - domain.
IN A - record type.
127.127.127.127 - IP of our mail server.
MX ( M ail e X change) - the main DNS record for electromail. It indicates which servers process mail for our domain.
We have one mail domain - example .com. And one mail server - mail.example.com. Accordingly, the record will look like this:
Where:
example.com is the domain for which mail is processed.
IN MX is a record type.
10 - recording priority (More details - below).
mail.example.com is the A-name of the mail server.
The MX record should point exactly to the A-record of the mail server. Putting MX pointer to IP or CNAME is not correct.
The priority of the MX record is needed when there is more than one mail server for one domain (for example, Google Mail has six). It indicates which server goes to the first place, the second and so on (if the first (second, tenth) server is unavailable or overloaded or for other reasons cannot receive a letter). The logic is simple - the priority is the one whose figure is smaller. The order of numbers is not limited, at least 10-20-30, at least 1000-2000-3000.
If the domain does not have any MX records, or none of the MX servers is available, the sender server will try to deliver mail to the IP specified in the A-records of the domain. This is called A-delivery, but in principle is not kosher and not used by many servers - you need to specify the MX, even if it is only one.
PTR ( P oin T e R ) - the so-called "writeback". It allows the reverse resolution ( reverse resolving ) of the IP address in the FQDN host.
Our IP in the form of reverse will look like this: 127.127.127.127.in-addr.arpa. In this example, it is seen badly, but the address is inverted in the reverse zone. Those. IP 192.168.0.1 will look like 1.0.168.192.in-addr.arpa.
For correct recognition of the host, the entry of the IP address from which it is sent must match the hostname of the mail server sent to HELO \ EHLO.
PTR-record in our case, respectively:
The owner of the block of IP addresses can register this entry ( Read my article about address space allocation ). If you are not such and received addresses from the provider, contact your provider or data center for the record to be set by him.
TXT ( T e XT ) - DNS text entry. We are interested in it only because it can (and in the modern world - should) contain SPF.
SPF ( S ender P olicy F ramework) - an entry that allows you to specify which servers are allowed to send mail on behalf of your domain (by providing your server name, or with a return address in your domain).
If this record does not exist, and someone tries to send an email (usually spam) with a return address in your domain, it will be rejected by most servers. Or will not, and you will get big problems with your data center or provider and the reputation of the spammer :)
SPF record looks like this:
v = spf1 ip4: 1.1.1.1 + a + mx -all (example).
Where:
v = spf1 - protocol version.
(+ \ -) a - enable or disable the sending of mail from the IP of the corresponding A-domain record.
(+ \ -) mx - enable or disable sending mail from the IP corresponding to the MX record of the domain.
ip4: IP - an explicit indication of the IP from which you can receive mail on behalf of the domain.
(~ \ -all) - reject or accept mail from IPs that are not listed and not specified explicitly.
In our case, the TXT SPF record will be like this:
Thus, we allowed reception of mail on behalf of a domain with IP, corresponding to A or MX records and prohibited reception from other addresses - no one can spam by pretending to be us or fool our users by sending a phishing link on behalf of those. support
I will be glad to comment, ready to answer questions.
In the following articles I will write about SMTP, Greylisting and RBL.
And you can join the blog and also talk about something.
For simplicity and reducing the number of letters, we will consider the simplest (and most common) situation:
')
1 domain name (example.com).
1 mail domain (* example .com).
1 mail server (mail.example.com).
1 IP address (127.127.127.127).
Regarding mail, in the DNS we are interested in four types of records.
- A
- MX
- PTR
- Txt
The second is mandatory, without it, in 99% of cases, the mail will not go at all. You can do without the rest, in principle, but the chances that your email will be rejected as spam increase significantly - the same mail.ru discards almost all mail whose IP addresses do not have PTR, or PTR refers to dial-up providers. And it is right.
A-record
A ( A ddress) - record indicating the IP address of the domain name we need. For correct work of mail, an A-record of the mail server (mail.example.com) is required. Look, in our case, it will be like this:
mail IN A 127.127.127.127Where:
mail - domain.
IN A - record type.
127.127.127.127 - IP of our mail server.
MX records.
MX ( M ail e X change) - the main DNS record for electromail. It indicates which servers process mail for our domain.
We have one mail domain - example .com. And one mail server - mail.example.com. Accordingly, the record will look like this:
example.com. IN MX 10 mail.example.com
Where:
example.com is the domain for which mail is processed.
IN MX is a record type.
10 - recording priority (More details - below).
mail.example.com is the A-name of the mail server.
The MX record should point exactly to the A-record of the mail server. Putting MX pointer to IP or CNAME is not correct.
The priority of the MX record is needed when there is more than one mail server for one domain (for example, Google Mail has six). It indicates which server goes to the first place, the second and so on (if the first (second, tenth) server is unavailable or overloaded or for other reasons cannot receive a letter). The logic is simple - the priority is the one whose figure is smaller. The order of numbers is not limited, at least 10-20-30, at least 1000-2000-3000.
If the domain does not have any MX records, or none of the MX servers is available, the sender server will try to deliver mail to the IP specified in the A-records of the domain. This is called A-delivery, but in principle is not kosher and not used by many servers - you need to specify the MX, even if it is only one.
PTR record.
PTR ( P oin T e R ) - the so-called "writeback". It allows the reverse resolution ( reverse resolving ) of the IP address in the FQDN host.
Our IP in the form of reverse will look like this: 127.127.127.127.in-addr.arpa. In this example, it is seen badly, but the address is inverted in the reverse zone. Those. IP 192.168.0.1 will look like 1.0.168.192.in-addr.arpa.
For correct recognition of the host, the entry of the IP address from which it is sent must match the hostname of the mail server sent to HELO \ EHLO.
PTR-record in our case, respectively:
127.127.127.127.in-addr.arpa IN PTR mail.example.com.The owner of the block of IP addresses can register this entry ( Read my article about address space allocation ). If you are not such and received addresses from the provider, contact your provider or data center for the record to be set by him.
TXT recording and SPF.
TXT ( T e XT ) - DNS text entry. We are interested in it only because it can (and in the modern world - should) contain SPF.
SPF ( S ender P olicy F ramework) - an entry that allows you to specify which servers are allowed to send mail on behalf of your domain (by providing your server name, or with a return address in your domain).
If this record does not exist, and someone tries to send an email (usually spam) with a return address in your domain, it will be rejected by most servers. Or will not, and you will get big problems with your data center or provider and the reputation of the spammer :)
SPF record looks like this:
v = spf1 ip4: 1.1.1.1 + a + mx -all (example).
Where:
v = spf1 - protocol version.
(+ \ -) a - enable or disable the sending of mail from the IP of the corresponding A-domain record.
(+ \ -) mx - enable or disable sending mail from the IP corresponding to the MX record of the domain.
ip4: IP - an explicit indication of the IP from which you can receive mail on behalf of the domain.
(~ \ -all) - reject or accept mail from IPs that are not listed and not specified explicitly.
In our case, the TXT SPF record will be like this:
example.com. IN TXT "v=spf1 +mx +a -all"Thus, we allowed reception of mail on behalf of a domain with IP, corresponding to A or MX records and prohibited reception from other addresses - no one can spam by pretending to be us or fool our users by sending a phishing link on behalf of those. support
I will be glad to comment, ready to answer questions.
In the following articles I will write about SMTP, Greylisting and RBL.
And you can join the blog and also talk about something.
Source: https://habr.com/ru/post/59417/
All Articles