Pike, I am sorry, I disagree.
We do not need to argue about if it is meaningfull or not. It is meaningfull. But is is not necassary. It is a simple redundancy / load blance tool. There is no judgemente of “accept / decline” E-Mail from / to another server if no MX is defined. To the best of my knowledge, there is no protocol in which MX is defined as such.
But in fact this does not solve my problem:
My ISP / DNS Provider seems not to have correct rDNS / PTR records …
According to this, the DIKM provided by Nethserver is not validated. the record seems to be to long - it was not validated. Is this an issue on Nethserver side?
Are you shure? SPF can be configured without MX. However I do not understand SPF at all. Even though it is considered weak, it is wildly used. There are even settings to report “Mail server owner does not care about SPF” as a valid entry (which is not very well documentet …) Seems to be the least common denominator …
I did not get that … I replaced domain.com by mydomain.tld and added my DKIM Also there are / before each ; on the wiki example. What should be the output from that command. I?
Somehow strange:
mxtoolbox reports my DKIM to be OK, but the string provided by Nethserver / pasted as a TXT record is very much longer. Approximatly just 50 % of the p-String is used / reported within mx-Toolbox. Also the string from Nethserver UI contains //
is this normal?
I read through your wiki artikle and I like to thank you so much for sharing all the know how. This was really, really helpfull.
May I kindly ask how you set up your mx within your netwerk? Is it an different / second Nethserver or is it just a DNS to one Nethserver instance or is it a different host / service at all?
MX (mail exchanger)is just another field that you must provide in the dns panel of you DNS host provider, it is relevant to a domain name, nothing related to nethserver.
for example, this is my dns domain fields
dig any de-labrusse.fr @8.8.4.4
; <<>> DiG 9.11.4-P1-RedHat-9.11.4-5.P1.fc28 <<>> any de-labrusse.fr @8.8.4.4
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 49702
;; flags: qr rd ra; QUERY: 1, ANSWER: 9, AUTHORITY: 0, ADDITIONAL: 1
;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags:; udp: 512
;; QUESTION SECTION:
;de-labrusse.fr. IN ANY
;; ANSWER SECTION:
de-labrusse.fr. 3599 IN A 164.132.77.216
de-labrusse.fr. 21599 IN NS ns1092.ui-dns.biz.
de-labrusse.fr. 21599 IN NS ns1092.ui-dns.org.
de-labrusse.fr. 21599 IN NS ns1092.ui-dns.de.
de-labrusse.fr. 21599 IN NS ns1092.ui-dns.com.
de-labrusse.fr. 21599 IN SOA ns1092.ui-dns.biz. hostmaster.1and1.fr. 2017072501 28800 7200 604800 300
de-labrusse.fr. 3599 IN MX 10 mail.de-labrusse.fr.
de-labrusse.fr. 3599 IN MX 20 mx00.1and1.fr.
de-labrusse.fr. 3599 IN MX 21 mx01.1and1.fr.
;; Query time: 245 msec
;; SERVER: 8.8.4.4#53(8.8.4.4)
;; WHEN: ven. août 17 15:30:05 CEST 2018
;; MSG SIZE rcvd: 298
I thougth mx might be more than one server for failover. Also I can use an mx server from an alternative provider. for example web.de has several mx entries defined with different TTL values
consequently there is more than on (virtual) servers behind the standard DNS, at least for large providers, correct?
OK, I see: You have one MX at mail.de-labrusse.fr while using two other external mx from 1and1.fr which are in a lower priority. Initial handshake is with mail.de-labrusse.fr (IP = 164.132.77.216) and on failover with mx00.1and1.fr (IP = 212.227.15.41) and mx01.1and1.fr (IP = 217.72.192.67).
Solved at all, my mail server seems to work properly.
While most stuff really was neglectable, there were three points really important:
PTR - after it was set / corrected by my provider E-Mail passes to obviously any other server in the wild.
SPF - besides that it is weak it seems to be wildly applied
A - individual A Records for each FQDN were better for my new provider than “wildcards” (which worked perfectly for my old provider)
From trail and error with different stoic server (e.g. web.de or sixhop.net) I found less important (but usfull) things:
MX
dmarc
dkim
I hope this helps other hobby admins to set up their own DNS