Hi,
does anybody like is able to help me setting up the correct record typs for my tiny little Nethserver as it should be in compliance to accept incomming e-Mails, serves a web server, especially sogo and www.
Please let me know by private mail.
THX
Thorsten
Why does anything need to go by private mail? Assuming you do in fact own a domain, set an A record pointing to your public IP address (yourdomain.com IN A 1.2.3.4). Then, the simplest thing to do is probably set up an alias for everything under your domain (*.yourdomain.com IN CNAME yourdomain.com). Optionally, you can set a MX record, though it isn’t really necessary (yourdomain.com IN MX mail.yourdomain.com).
Actually, you do need an MX record, as well as an SPF record and a reverse lookup record. If you opt-out of those, your mail will be marked as spam by every other (public) server, if it is accepted at all.
(True story™)
Follow this, DKIM is optional. How to get rid smarthost (and use rdns,spf,dkim,dmarc)
MX is necessary only if the FQDN that the Internet should connect to in order to deliver mail is different than your domain name. If you have users@example.com, and the Internet connects to example.com to deliver mail, no MX is necessary (a good idea, probably, but not necessary). If the Internet needs to connect to mail.example.com (or otherdomain.com, or anything other than example.com), you need an MX record specifying that.
Um, no, no it won’t. Again, yes, they’re good ideas, but no, they aren’t mandatory. Yes, they’ll most likely improve the chances of successful mail delivery, but it isn’t a binary thing. Reverse DNS in particular is pretty much impossible to get with residential Internet service, and a substantial extra charge even with business service.
IME,
mail acceptance is quit not a problem as long as you have a real static ip. Im am running a dyndns.org mail for severeal years. I had some trouble to be considered as spam without a static IP. Recieving mails ist a little more critial (which I do not really understand).
I am in a troubel in defining an A record as “*”. It seems that this does not really work well for mail. This is the reason why I am asking…
I don’t think you can have a wildcard A record, but you can most certainly have a wildcard CNAME record. Alternatively, you can set up CNAME records for www, mail, and any other specific hostnames you want to use, rather than a wildcard.
Thats what my dns host provider told me to set up … *.mydomain.tld
I think this is what currently causes most problems on recieving e-mails.
To the best of my knowledge Outlook / Office 365 as well as Exchange seems to be quite tolerant while e.g. “community.nethserver.org” is not 
EDIT:
… and mxtoolbox.com gives evidence…
We have 30 clients, and 8 of them gave us issues due to absent SPF records. We work in medical environments, so security is a bit more strict, but yeah … that. Our mails went straight to junk.
MX is mandatory from the email standards. That most servers guess based on CNAME and not having a MX record generally works, doesnt change that a proper configuration (and thus HAM rating) requires it.
I will agree my answer is less valid for home setups, but an absolute must for business applications.
(citation needed). RFC 974, which seems relevant, says:
…IOW, lack of an MX record is a valid configuration, and in such a case, it works as I described above. RFC 5321 agrees:
If there’s an authoritative reference that requires MX records, I haven’t found it.
Huh. I was sure you need that from both standards as proper configuration perspective. Not having one, will decrease your HAM rating on some more strict systems. But as you rightfully remark, it is not in the standards as a requirement as there is a fallback scenario.
From my experience, this does not reliably work. See for instance
This is an exception, I will grant you that, but corporate mailservers are a lot less forfiving then your average gmail or live.com and not receiving an email or having it handled as spam is missing revenue or responding late and bad for business. Thanks for correcting me on the requirement part, I must admit I never checked the actual RFC.
Example: Name, Type, TTL, Data
“@ A 1H SERVER_IP”
“* A 1H SERVER_IP”
“@ MX 1H mail.server.com”
“@ PTR 1H ISP_DOMAIN_FOR_YOU”
“@ TXT 1H v=spf1 a mx ip4:YOUR_IP ~all”
“_dmarc TXT 1H v=DMARC1; p=none; rua=mailto:root@domain.com”
“default_domainkey TXT 1H DKIM_CODE_FROM_NETHSERVER”
you can have a wildcar A record
we use this for a SAAS for our clients, so that is a clinet decides to have clientname.domain.com then the system quesries and identifies if the record of the client is present, if its present it uses the db specified for the client nme
OK, quite complex…
at least I managed:
I did not implemt but want to use
I do not want / will not implement
In genereall dyndns.org seems to set up that stuff in the background while my new DNS/ISP requires more efford.
Still requried and I do not know how to implement:
PTR and rDNS
Does anybody know how to implement this in the TXT record? Do I need to set up indiviudal TXT records Or do I have to put everything in one record?
THX
Thorsten
That’s a separate type of record, and needs to be implemented by your ISP.
My ISP simply allows me to set TXT records…
I thought PTR and rDNS must be set (similiar to SPF) as a separte or within the same TXT record, see current setup:
The SPF is the third from top containing the “allowed sender IP”
THX
Thorsten
No, PTR records are not TXT records, they’re a separate record type. They would be set, if at all, by your ISP (or if you’re using a VPS, as I am, by your VPS host), not by your DNS provider or domain registrar.
OK, I am running my own host / physical machine behind my router. The DNS provider is my ISP provider, too. It is "green.ch, I got a statik IP from there. So do I need to set something up within my DNS record and / or my nethserver environment? Can I somehow check PTR and rDNS?
THX
Thorsten
This looks like it might be relevant to you:
https://www.green.ch/Support/Helpdesk/HelpdeskSub/TabId/1545/ArtMID/11603/ArticleID/301/Dedicated-Server-allgemeine-Informationen.aspx
My German isn’t the greatest, but it appears to address reverse DNS settings.
MX record is not optional at all. You were quite too lucky during years.
Yes, it is, per the relevant standards, already pointed out up-thread. It may improve the chances of your mail being delivered, but it is not required.
