MX Records for New Virtual Servers

Hi,

When creating a new virtual server, Virtualmin Pro creates an MX record in the format of "mail.clientdomain.tld" which we believe is a problem.

In the modern world, many/most mail servers will not accept mail from another mail server without doing a reverse DNS lookup on the IP address. This means you have to have a proper reverse pointer record for your IP address...usually configured by your ISP (IP provider).

Ultimately, this means that all domains with mail being hosted on this server must have the same (our) MX record, not "mail.clientdomain.tld".

The secondary MX records are being created correctly.

I See in the "Edit Server Template -> BIND DNS records for new domain" section where new records can be added, but I don't see how to change the default behavior.

How do I configure Virtualmin to create "mail.hosterdomain.com" MX records for each new virtual server instead of "mail.clientdomain.tld"?

TIA,

G

Status: 
Closed (fixed)

Comments

Howdy -- the MX record used shouldn't actually matter for the scenario you're describing, as it would only affect incoming email.

The hostname/IP address used for outgoing email may matter in some cases, but that wouldn't be affected by the MX record used by the domains on your server.

That is, anytime your server sends an outgoing email, it does so using it's primary IP address. So you'd just need to make sure that your hostname (which it send by Postfix to the remote email server) and primary IP address are set correctly, and that reverse DNS is setup for it.

I haven't personally had a problem with MX records like this - as long as your mail server can be reverse-resolved (and the hostname that resolves to can be forward-resolved to the same IP), other mail servers are generally fine with that.

However, if you really want to you can completely customize the DNS records Virtualmin creates for each domain. Just go to System Settings -> Server Templates -> Default Settings -> BIND DNS domain, and in the "BIND DNS records for new domains" box enter something like :

$ttl 3700
@ IN SOA masterserver.com. you.masterserver.com. (
1285350818
10800
3600
604800
38400 )
@ IN NS ns.yourcompany.com.
${DOM}. IN A ${IP}
www.${DOM}. IN A ${IP}
ftp.${DOM}. IN A ${IP}
m.${DOM}. IN A ${IP}
localhost.${DOM}. IN A 127.0.0.1
webmail.${DOM}. IN A ${IP}
admin.${DOM}. IN A ${IP}
mail.${DOM}. IN A ${IP}
${DOM}. IN MX 5 mail.${DOM}.
${DOM}. IN TXT "v=spf1 a mx a:${DOM} ip4:${IP} ?all"

And below it, select "Use only the records above".

Thank you both for the useful comments.

Being a skeptic, I did a bit more research to confirm. ;-)

I always thought mail servers verified MX records to actual pointer records and A records. Apparently that is not true. Apparently, it is exactly as you described where A records are matched to pointer (reverse) records and MX records are only used to find the recipient servers.

I also appreciate the custom DNS tips. I'll save this for reference.

Thanks,

G

Joe's picture
Submitted by Joe on Fri, 09/24/2010 - 15:33 Pro Licensee

I will add that in a world where IPs can have many domain names hosted on them (thousands is not at all unheard of), it would simply be unreasonable for PTR records to match the A record or MX record in even a small percentage of cases. I'm unaware of any mail server that rejects on this kind of mismatch, and as Eric mentioned, it doesn't really even come into play (MX record is for receiving mail, not sending).