Mail server DNS records - setup and configuration explained

00:18:21
https://www.youtube.com/watch?v=o66UFsodUYo

Ringkasan

TLDRThe video tutorial by Christian explains how to run a mail server on the public internet by configuring essential DNS records. It covers A records, MX records, and reverse DNS records as necessary components for mail servers, along with SPF, DKIM, and DMARC records to enhance email deliverability and protect against spoofing. The tutorial demonstrates step-by-step how to set each record using GoDaddy as an example, highlights the importance of a good reputation in email delivery, and provides best practices for maintaining a reliable mail server setup.

Takeaways

  • 📧 Understand the importance of DNS records for mail servers.
  • 🛠️ Learn to set up A and MX records for email sending and receiving.
  • 🔍 Configure Reverse DNS to improve email deliverability.
  • ☑️ Implement SPF to prevent email spoofing effectively.
  • 🔑 Use DKIM for added security in email validation.
  • 📜 Set up DMARC for handling unverified emails properly.
  • ⚙️ Utilize SRV records for auto-discovery of mail client settings.
  • 🔧 Test DNS configurations using tools like MX Toolbox.

Garis waktu

  • 00:00:00 - 00:05:00

    The video introduces the necessary DNS records for running a mail server on the public internet, emphasizing the importance of reputation management to prevent spam filtering. It highlights the main types of records required, starting with the A record, which should point to the mail server's public IP address. The video sets the context by explaining how these records help ensure the successful sending and receiving of emails, particularly for the host 'thedigitallife.com'.

  • 00:05:00 - 00:10:00

    Following the A record, the video discusses the MX record, which directs mail servers to the correct destination for email delivery. It explains how to set the MX record, including adding a host name and prioritizing mail servers, as well as the technical necessity of the reverse DNS (rDNS) record for anti-spam checks. The focus is on maintaining the association between the server's IP address and its fully qualified domain name (FQDN) to avoid email rejections.

  • 00:10:00 - 00:18:21

    Finally, the video covers additional records to enhance email server reputation, illustrating the SPF, DKIM, and DMARC records as protective measures against spoofing and phishing. This section includes detailed instructions on implementing each record, along with how to handle potential issues through diagnostic tools like MX Toolbox to ensure all settings are configured correctly for reliable email service.

Peta Pikiran

Video Tanya Jawab

  • What are the necessary DNS records for a mail server?

    The necessary DNS records include A records, MX records, and Reverse DNS records.

  • Why is it important to have a good reputation for your mail server?

    A good reputation is crucial because many mail servers reject emails from servers with poor reputations to combat spam.

  • What does an MX record do?

    An MX record indicates which mail server is responsible for receiving emails for a domain.

  • How do SPF records help with email delivery?

    SPF records prevent spoofing by specifying which IP addresses or hosts are allowed to send emails for a domain.

  • What is DKIM and why is it important?

    DKIM stands for DomainKeys Identified Mail and it verifies that an email was indeed sent from the domain owner using a digital signature.

  • What does a DMARC record do?

    DMARC records provide instructions to receiving mail servers on how to handle emails that fail SPF or DKIM checks.

  • How can I test if my DNS records are set up correctly?

    You can use diagnostic tools like MX Toolbox to check if DNS records are correct and functioning.

Lihat lebih banyak ringkasan video

Dapatkan akses instan ke ringkasan video YouTube gratis yang didukung oleh AI!
Teks
en
Gulir Otomatis:
  • 00:00:00
    if you want to run a mail server on the
  • 00:00:01
    public internet you need to add a few
  • 00:00:03
    records on your dns server
  • 00:00:05
    so there are some dns records that are
  • 00:00:07
    absolutely necessary to send and receive
  • 00:00:10
    emails
  • 00:00:10
    but also some other ones that are
  • 00:00:12
    recommended to build a good reputation
  • 00:00:15
    and why is that so important well
  • 00:00:17
    because spam emails are really big
  • 00:00:19
    problem on the internet and most mail
  • 00:00:21
    servers will just reject your emails
  • 00:00:23
    if your mail server has a bad reputation
  • 00:00:26
    so in this video we talk about all the
  • 00:00:27
    different dns records
  • 00:00:29
    i will explain how they work and also
  • 00:00:31
    come up with some examples how i
  • 00:00:33
    configured that on my own domain the
  • 00:00:35
    digitallive.com
  • 00:00:36
    so if you want to know how to run a
  • 00:00:38
    fully functional email server on the
  • 00:00:40
    public internet
  • 00:00:41
    keep watching
  • 00:00:47
    hi everybody my name is christian and
  • 00:00:49
    welcome to the digital life
  • 00:00:50
    the right place for you to start your it
  • 00:00:52
    career achieve new skills
  • 00:00:54
    and learn how to become a real i.t
  • 00:00:56
    professional i always do
  • 00:00:58
    great videos and free training courses i
  • 00:01:00
    also do a lot
  • 00:01:01
    live streaming on youtube and twitch so
  • 00:01:03
    if that sounds all amazing to you
  • 00:01:05
    don't forget to subscribe to my channel
  • 00:01:07
    in this video we want to talk about dns
  • 00:01:09
    records for your mail server and how to
  • 00:01:11
    configure
  • 00:01:12
    them on your dns provider so i'm using
  • 00:01:14
    godaddy as my dns provider
  • 00:01:16
    so depending on what dns provider you
  • 00:01:19
    are using that can look
  • 00:01:20
    different but the dns records should all
  • 00:01:23
    work the same way
  • 00:01:25
    let's jump right into the dns
  • 00:01:27
    configuration for your mail server and
  • 00:01:28
    we will start with the most
  • 00:01:30
    simple dns record and this is an a
  • 00:01:32
    record so i strongly recommend you to
  • 00:01:34
    add an a record for your mail server
  • 00:01:36
    that will resolve to the public ip
  • 00:01:38
    address and this is very important we
  • 00:01:40
    will have a look at this later why
  • 00:01:42
    and this is also absolutely necessary if
  • 00:01:45
    your web server
  • 00:01:46
    is on a different ip address than your
  • 00:01:48
    mail server so when you add an a record
  • 00:01:50
    to your dns server you usually choose a
  • 00:01:52
    name like mail or
  • 00:01:53
    anything like this and this will be
  • 00:01:55
    added in front of your domain
  • 00:01:57
    so in my case this is
  • 00:01:59
    mail.thedigitallife.com
  • 00:02:00
    and this is also called the fully
  • 00:02:02
    qualified domain name of your mail
  • 00:02:04
    server
  • 00:02:04
    which will resolve to the public ip
  • 00:02:06
    address so everyone knows
  • 00:02:08
    how to contact your mail server if you
  • 00:02:10
    want to set up an a record for your mail
  • 00:02:12
    server you just go to the home page of
  • 00:02:14
    your dns provider in my case this is go
  • 00:02:17
    daddy and after login i select dns
  • 00:02:20
    manage zones and then i will enter the
  • 00:02:22
    name of my domain
  • 00:02:24
    in my case this is thedigitallife.com
  • 00:02:26
    and if we scroll down we can see a list
  • 00:02:28
    of all the different dns records that
  • 00:02:30
    are currently active so of course i have
  • 00:02:32
    added all the necessary records
  • 00:02:34
    already because otherwise i wouldn't be
  • 00:02:36
    able to receive emails
  • 00:02:38
    but i will show you step by step how you
  • 00:02:40
    would add those records yourself
  • 00:02:42
    but if you want to create a new one you
  • 00:02:43
    just scroll down click on add
  • 00:02:45
    and then select the type a record then
  • 00:02:48
    you should add the
  • 00:02:49
    name i would just recommend you to use
  • 00:02:50
    mail
  • 00:02:53
    and then you will need to enter the
  • 00:02:54
    public ip address of your mail server
  • 00:02:57
    click on save and you should see the a
  • 00:02:59
    records on top of that list here
  • 00:03:01
    the next dns record we need to add is
  • 00:03:03
    the mx record that stands for mail
  • 00:03:05
    exchanger and that will tell
  • 00:03:07
    anyone which mail server is responsible
  • 00:03:09
    for that specific domain let me do a
  • 00:03:11
    quick
  • 00:03:12
    example so when you want to send an
  • 00:03:13
    email to christian
  • 00:03:15
    thedigitallife.com your mail server will
  • 00:03:17
    first need to check
  • 00:03:18
    what mail server is responsible for the
  • 00:03:20
    domain the digitallive.com
  • 00:03:22
    so your mail server will do a dns lookup
  • 00:03:24
    to the mx record on my dns server
  • 00:03:27
    and that will tell you where should a
  • 00:03:30
    connection be established to so the mx
  • 00:03:32
    record on my dns server will point
  • 00:03:34
    to the a record of my mail server which
  • 00:03:36
    is the fully qualified domain name
  • 00:03:38
    so let me just show you how that works
  • 00:03:41
    to add a mail exchanger record just
  • 00:03:43
    click on add
  • 00:03:44
    and select the type mx then you need to
  • 00:03:47
    add a host name so this can be an ad
  • 00:03:51
    and this should point to the fully
  • 00:03:52
    qualified domain name of your maid
  • 00:03:54
    server so this is the a record we have
  • 00:03:56
    just created so in my case this is male
  • 00:03:58
    dot mail.thedigitallife.com
  • 00:04:01
    now we need to add a priority so when
  • 00:04:02
    you have different mail servers
  • 00:04:04
    you can add a priority so when one mail
  • 00:04:07
    server is offline for example you can
  • 00:04:09
    have a backup mail server so in my case
  • 00:04:10
    i just choose
  • 00:04:11
    zero because i only have one mail server
  • 00:04:13
    and 0 is the highest priority
  • 00:04:16
    just click on save note it could take
  • 00:04:18
    some time for your dns settings to get
  • 00:04:20
    updated but no you should be able to
  • 00:04:22
    receive any emails
  • 00:04:23
    but what about sending emails well
  • 00:04:25
    there's one particular dns record that
  • 00:04:27
    is absolutely necessary
  • 00:04:29
    for sending emails and this is the rdns
  • 00:04:31
    record
  • 00:04:32
    that stands for reverse dns and it's
  • 00:04:35
    also sometimes called the ptr for point
  • 00:04:37
    or resource record and this is very
  • 00:04:38
    important when you want to send emails
  • 00:04:40
    because most mail servers will
  • 00:04:42
    perform a simple reverse dns lookup to
  • 00:04:45
    perform simple anti-spam checks how does
  • 00:04:47
    that work
  • 00:04:48
    well the reverse dns lookup is what it
  • 00:04:51
    sounds like well it is a dns query but
  • 00:04:53
    just backward
  • 00:04:54
    so the receiving mail server will check
  • 00:04:58
    if your ip address is matching to the
  • 00:05:00
    fully qualified domain name of your maid
  • 00:05:02
    server
  • 00:05:03
    if you don't have a matching rdns record
  • 00:05:06
    that looks suspicious
  • 00:05:07
    so the receiving melter will probably
  • 00:05:09
    just reject your email and send you an
  • 00:05:11
    arrow
  • 00:05:11
    554 with pdr or just drop that email
  • 00:05:15
    silently
  • 00:05:16
    so we need to make sure you have set up
  • 00:05:17
    your rdns record correctly
  • 00:05:19
    note this is not a record you need to
  • 00:05:22
    set up on your dns provider because
  • 00:05:24
    it is a reverse lookup on your ip
  • 00:05:26
    address so that typically needs to be
  • 00:05:28
    added
  • 00:05:29
    on your provider where you have hosted
  • 00:05:31
    the public ip address of your server
  • 00:05:33
    so in my case i'm hosting that at vps at
  • 00:05:36
    a german hosting provider so don't worry
  • 00:05:38
    about the german here
  • 00:05:39
    so what you need to take care of is that
  • 00:05:41
    our dns record here
  • 00:05:42
    and this is the ipv4 address of my mail
  • 00:05:46
    server
  • 00:05:47
    and the host name should be set to
  • 00:05:49
    mail.thedigitallife.com remember this is
  • 00:05:51
    the a record
  • 00:05:52
    that will resolve to the public ip
  • 00:05:53
    address so you have
  • 00:05:55
    one dns query that will resolve from the
  • 00:05:57
    name to the ip address
  • 00:05:59
    and the rdns record vice versa so the
  • 00:06:02
    rdns server will resolve
  • 00:06:03
    from that ip address to this fully
  • 00:06:05
    qualified domain name
  • 00:06:07
    and these two things need to match okay
  • 00:06:10
    so we now have covered all the necessary
  • 00:06:12
    dns records for sending and receiving
  • 00:06:14
    mail so everything should work fine
  • 00:06:15
    right
  • 00:06:16
    well we are not finished yet because
  • 00:06:18
    there are a few dns records you can add
  • 00:06:20
    to improve the reputation of your mail
  • 00:06:22
    server and as i said
  • 00:06:23
    at the beginning this is very important
  • 00:06:26
    because sometimes
  • 00:06:27
    other mail servers will reject emails
  • 00:06:29
    from servers with a bad reputation and
  • 00:06:31
    they will even not send you an error
  • 00:06:33
    message so if you're missing those
  • 00:06:34
    additional dns records you cannot be
  • 00:06:36
    sure that your mail is really received
  • 00:06:38
    by the recipient
  • 00:06:40
    so you need to take care of that and we
  • 00:06:42
    will cover three different dns records
  • 00:06:44
    that are recommended to build a good
  • 00:06:45
    reputation let's start with the first
  • 00:06:47
    one
  • 00:06:48
    and this is the spf record also called a
  • 00:06:50
    sender policy framework
  • 00:06:52
    why do we need that well the problem is
  • 00:06:54
    that you can send an email
  • 00:06:56
    with any domain in the envelope from
  • 00:06:58
    type
  • 00:06:59
    even if the domain doesn't belong to you
  • 00:07:01
    so this is a very common method and this
  • 00:07:03
    is called spoofing so that is used by
  • 00:07:05
    attackers
  • 00:07:06
    spam mails and so on so they will try to
  • 00:07:08
    send emails in behalf of your domain
  • 00:07:11
    and this can be a threat the sender
  • 00:07:13
    policy framework is basically a txt
  • 00:07:15
    record on your dns server
  • 00:07:17
    that tells everybody which ip addresses
  • 00:07:19
    or which hosts are allowed
  • 00:07:21
    to send an email from your domain so
  • 00:07:23
    this is a very common method
  • 00:07:25
    and many many email servers will check
  • 00:07:27
    that spf record and when they cannot
  • 00:07:29
    validate
  • 00:07:30
    that a message is allowed to be sent
  • 00:07:32
    from your ip address
  • 00:07:33
    they can just reject that so we need to
  • 00:07:35
    make sure that you add an spf record on
  • 00:07:38
    your dns
  • 00:07:39
    provider as well let's take a look at my
  • 00:07:41
    spf records so this is this one here and
  • 00:07:43
    this is a txt
  • 00:07:45
    record for the host add and this will
  • 00:07:47
    start with the v equal
  • 00:07:49
    spf one so that tells us a protocol and
  • 00:07:52
    this is mandatory you need to set this
  • 00:07:54
    exactly to this name here then you type
  • 00:07:57
    ip4
  • 00:07:59
    column and then the public ip address of
  • 00:08:01
    your mail server so this will tell
  • 00:08:03
    everyone
  • 00:08:03
    so this ip address and only this ip
  • 00:08:06
    address
  • 00:08:07
    is allowed to send emails in behalf of
  • 00:08:09
    your domain
  • 00:08:10
    so if you want to add an spf record to
  • 00:08:12
    your domain you basically just click on
  • 00:08:14
    add
  • 00:08:15
    select the type txt and then add this
  • 00:08:18
    spf record as a txt value
  • 00:08:20
    so in my case this is this one here so
  • 00:08:22
    click on save and you should be fine
  • 00:08:24
    note you can add a few changes or
  • 00:08:26
    adjustments to this spf record
  • 00:08:28
    so that will tell the receiving mail
  • 00:08:30
    server how to react
  • 00:08:32
    when the spf check fails so if you want
  • 00:08:35
    to see all the different options i've
  • 00:08:36
    prepared you a cheat sheet for all these
  • 00:08:38
    different mails server dns records you
  • 00:08:40
    can just have a look at the video
  • 00:08:41
    description below
  • 00:08:42
    and have a look at the link to my cheat
  • 00:08:44
    sheet and then you will see all the
  • 00:08:45
    different options for all different dns
  • 00:08:47
    records so you don't need to remember
  • 00:08:49
    everything in this video
  • 00:08:50
    so spf is a good method to protect
  • 00:08:52
    against spoofing but it has some
  • 00:08:54
    limitations so
  • 00:08:55
    therefore we have another dns record
  • 00:08:57
    that is called deckim and that stands
  • 00:08:59
    for the main key identified mail
  • 00:09:01
    and this is an advanced protection
  • 00:09:03
    method and this allows receiving mail
  • 00:09:04
    server to check if that email was indeed
  • 00:09:07
    sent by the owner of this domain so when
  • 00:09:09
    you add deckim to your mail server your
  • 00:09:11
    mail server will add
  • 00:09:12
    a digital signature to every email you
  • 00:09:15
    send out
  • 00:09:16
    and this digital signature contains a
  • 00:09:18
    hash value that is encrypted with a
  • 00:09:20
    private key
  • 00:09:21
    and the public key is stored as a dns
  • 00:09:23
    record on your dns provider
  • 00:09:25
    so when the receiving mail server
  • 00:09:26
    receives the email with your decam
  • 00:09:28
    signature
  • 00:09:29
    that will tell the mail server where to
  • 00:09:31
    look up the public key of this signature
  • 00:09:34
    and that can be used to verify if the
  • 00:09:36
    decamp signature is valid
  • 00:09:37
    and this method effectively protects
  • 00:09:39
    your domain and spoofing and this is
  • 00:09:41
    very important
  • 00:09:42
    to add a dickham record to your mail
  • 00:09:44
    server you need to do a few things so as
  • 00:09:46
    i said this is encrypted via a private
  • 00:09:48
    key and validated via a public key
  • 00:09:50
    so you need to add a corresponding
  • 00:09:53
    private and public key pair on your mail
  • 00:09:55
    server
  • 00:09:56
    your mail server will know the private
  • 00:09:58
    key and only your mail server so don't
  • 00:10:00
    share the private key with anyone
  • 00:10:02
    and the public key is added as a dns
  • 00:10:05
    record on your dns provider adding dqm
  • 00:10:07
    keys in a mail call server is pretty
  • 00:10:09
    easy if you don't know what a mail call
  • 00:10:10
    server is well i've lately made a video
  • 00:10:13
    about
  • 00:10:13
    setting up a mail server with mail
  • 00:10:15
    called dockerized version
  • 00:10:16
    on a linux server in just about 10
  • 00:10:18
    minutes so if you want to know that
  • 00:10:20
    check out the video but you could also
  • 00:10:22
    use a free dickhim
  • 00:10:23
    generator on the public internet i've
  • 00:10:25
    put your link in the description below
  • 00:10:27
    so you could check out thedikimcore.org
  • 00:10:29
    that will generate a dickham private and
  • 00:10:31
    public
  • 00:10:32
    key for you you can copy on your mail
  • 00:10:33
    server and the public key you can add on
  • 00:10:35
    your public dns provider
  • 00:10:37
    if you are running a mail call server
  • 00:10:38
    you just go to the web interface
  • 00:10:40
    go to configuration arc dqm keys
  • 00:10:43
    and you can now add the dkpg you can see
  • 00:10:46
    i've just added
  • 00:10:47
    one key for the domain the
  • 00:10:48
    digitallive.com so this is a public key
  • 00:10:51
    and i can absolutely share with you
  • 00:10:52
    because
  • 00:10:53
    everyone can just look that up and the
  • 00:10:55
    public key is only for validating the
  • 00:10:57
    dqm signature
  • 00:10:59
    but the private key is actually stored
  • 00:11:01
    on the mail code server
  • 00:11:03
    if you want to generate a key pair on
  • 00:11:05
    mail code you just go
  • 00:11:06
    here and click on add dqm key enter the
  • 00:11:09
    name of your domain
  • 00:11:10
    don't miss to enter a correct selector
  • 00:11:12
    so by default this is dkim
  • 00:11:14
    so don't forget that this is very
  • 00:11:16
    important what you enter here as a
  • 00:11:18
    selector you need to enter on your
  • 00:11:19
    public dns server as well
  • 00:11:21
    then i would recommend you to select a
  • 00:11:23
    key length of 2048 bits
  • 00:11:26
    and just click on add so this will
  • 00:11:28
    generate a key pair like this here
  • 00:11:30
    and you can just copy this value here
  • 00:11:32
    and on your dns provider you click on
  • 00:11:34
    add
  • 00:11:36
    click on txt and now you need to enter
  • 00:11:39
    the host name beginning with the dkim
  • 00:11:40
    selector you have just used to create
  • 00:11:42
    the private and public key pair
  • 00:11:44
    so in my case this is a default dickhem
  • 00:11:48
    dodge underscore domain key
  • 00:11:52
    and then we can just paste the value we
  • 00:11:53
    have just copied as a txt value
  • 00:11:56
    so this starts with a dkm1 so this is a
  • 00:11:59
    version
  • 00:12:00
    and this should be always dkm1
  • 00:12:03
    then we have the encryption method so
  • 00:12:05
    this is rsa and this is the default
  • 00:12:07
    then we have some other optional
  • 00:12:09
    parameters you could also change if you
  • 00:12:11
    want to do that
  • 00:12:12
    remember if you want to know what all
  • 00:12:14
    these different arguments mean you can
  • 00:12:16
    have a look at the cheat sheet
  • 00:12:17
    on my written blog article and then the
  • 00:12:20
    p identifies the public key so everyone
  • 00:12:22
    can just look up
  • 00:12:23
    and use to verify your dkim signature
  • 00:12:26
    click on save so i hope this was not too
  • 00:12:28
    difficult well
  • 00:12:30
    it really depends on what mail server
  • 00:12:31
    you are using if you're not running
  • 00:12:33
    maleco and you don't have a graphical
  • 00:12:34
    user interface
  • 00:12:35
    well it probably could have been more
  • 00:12:37
    difficult to add this dickham key to
  • 00:12:39
    your mail server
  • 00:12:40
    and this is really depending on what
  • 00:12:41
    software you are using so i
  • 00:12:43
    can just show you the easy method with
  • 00:12:45
    mako because i don't want to cover
  • 00:12:47
    all these different mail servers that
  • 00:12:48
    are out there so if you're not sure how
  • 00:12:50
    to do that you should just refer
  • 00:12:52
    to the documentation of your mail server
  • 00:12:54
    and check out the documentation how to
  • 00:12:55
    add a diken key
  • 00:12:56
    and last but not least we have the next
  • 00:12:58
    record that is called the dmarc record
  • 00:13:00
    and that stands for
  • 00:13:01
    well i need to look up domain based
  • 00:13:03
    message authentication reporting and
  • 00:13:05
    conformance
  • 00:13:06
    wow so this extends your spf and dkim
  • 00:13:10
    record
  • 00:13:10
    so this will make sure that all your
  • 00:13:12
    emails are protected with spf and
  • 00:13:14
    dickhim and it will also tell the
  • 00:13:16
    receiving mail server what to do with
  • 00:13:18
    this email
  • 00:13:19
    when those checks fail to add a dmarc
  • 00:13:22
    record just click on add
  • 00:13:23
    select the type txt and the host name
  • 00:13:26
    should be
  • 00:13:27
    underscore demark
  • 00:13:31
    and now you need to fill in the value so
  • 00:13:32
    always start with v
  • 00:13:34
    equal d mark one and that always needs
  • 00:13:36
    to be this value
  • 00:13:38
    then enter p equal and then you can
  • 00:13:41
    choose
  • 00:13:42
    from three different values we have none
  • 00:13:44
    quarantine and reject
  • 00:13:46
    and that will tell the receiving mail
  • 00:13:48
    server what it should do
  • 00:13:49
    with an email that fails those spf or
  • 00:13:53
    dkm checks
  • 00:13:54
    so in case of quarantine the receiving
  • 00:13:56
    email server
  • 00:13:57
    should quarantine the email that is
  • 00:13:59
    failing those checks
  • 00:14:00
    but you could also choose none for do
  • 00:14:02
    nothing or reject so that will just
  • 00:14:04
    reject the email
  • 00:14:05
    there are also some other optional
  • 00:14:07
    arguments you could use to send daily
  • 00:14:08
    reports or specific
  • 00:14:10
    percentage of suspicious mails the dmarc
  • 00:14:13
    policy should apply to
  • 00:14:14
    so you can find all the different
  • 00:14:16
    options in my mail server dns record
  • 00:14:18
    cheat sheet
  • 00:14:19
    okay so now you should be able to send
  • 00:14:21
    receive emails and your domain should be
  • 00:14:23
    protected
  • 00:14:23
    against spoofing and other bad things
  • 00:14:26
    but we are not finished yet because
  • 00:14:28
    there are also some other dns records
  • 00:14:29
    they could be useful
  • 00:14:31
    when you want to use email clients like
  • 00:14:32
    outlook or thunderbird
  • 00:14:34
    and they should be able to auto discover
  • 00:14:36
    the settings of your mail server so you
  • 00:14:38
    don't need to specify
  • 00:14:39
    an imap server with a port number and so
  • 00:14:41
    on so this is also done via some dns
  • 00:14:44
    records
  • 00:14:44
    and they are defined in an rfc standard
  • 00:14:47
    6186 i remember
  • 00:14:49
    and you will find a link to that
  • 00:14:50
    standard in my written blog article
  • 00:14:52
    but this is not really so important
  • 00:14:54
    because i will show you all the
  • 00:14:56
    different dns records that are very
  • 00:14:57
    important
  • 00:14:58
    to enable those auto discovery features
  • 00:15:01
    on male clients
  • 00:15:02
    so if you want to add those auto
  • 00:15:04
    discovery dns records you need to add
  • 00:15:06
    those
  • 00:15:07
    srv records and there are a bunch of
  • 00:15:09
    different records that tell
  • 00:15:11
    the email client where to look up the
  • 00:15:13
    specific settings for your mail server
  • 00:15:15
    for example the imap setting
  • 00:15:17
    so there you will define the fully
  • 00:15:18
    qualified domain name of your imap
  • 00:15:20
    server
  • 00:15:20
    the port number and so on so those dns
  • 00:15:23
    records are defined in the rfc standard
  • 00:15:25
    but i also have added this one here so
  • 00:15:27
    this is used by some outlook
  • 00:15:29
    clients because outlook is always a
  • 00:15:32
    special thing i think
  • 00:15:33
    if you want to add those sov records
  • 00:15:35
    just click on add
  • 00:15:36
    select the type srv and then you will
  • 00:15:39
    need to start with the service so the
  • 00:15:41
    service could be
  • 00:15:42
    underscore as mtps imap or imaps
  • 00:15:46
    let's start with imap as for example
  • 00:15:49
    then you will need to specify the
  • 00:15:50
    protocol so this should always be
  • 00:15:52
    underscore tcp because this is always a
  • 00:15:54
    tcp connection
  • 00:15:55
    the name should be add and the target
  • 00:15:58
    should be the fully qualified domain
  • 00:15:59
    name of your imap s server
  • 00:16:01
    the priority is zero so there you could
  • 00:16:04
    also add a priority for fallback servers
  • 00:16:06
    and so on
  • 00:16:07
    the weight is one and the port number
  • 00:16:10
    for imap s in this case is 993. click on
  • 00:16:13
    save and then you just need to continue
  • 00:16:15
    with all the different records that are
  • 00:16:16
    defined in the rfc standards
  • 00:16:18
    remember you find all of these things in
  • 00:16:20
    my cheat sheet
  • 00:16:21
    if you want to test if all your settings
  • 00:16:23
    are correct i can just recommend you the
  • 00:16:25
    tool mx toolbox so this is a diagnostic
  • 00:16:28
    tool where you can check up a domain
  • 00:16:30
    name
  • 00:16:30
    so for example let's just check the
  • 00:16:32
    digital
  • 00:16:34
    live.com and let's perform an mx lookup
  • 00:16:37
    so this will automatically do some
  • 00:16:39
    diagnostic settings
  • 00:16:41
    and check if everything is working fine
  • 00:16:43
    so this is mail.thedigitallife.com this
  • 00:16:45
    is a public ip address the ttl value the
  • 00:16:48
    dmarc record is published
  • 00:16:50
    the dmarc policy is enabled and a dns
  • 00:16:54
    record is also found
  • 00:16:55
    you can also check other settings like
  • 00:16:58
    the blacklist check so that will reveal
  • 00:17:01
    if your mail server or the ip address of
  • 00:17:03
    your mail server is on one of these
  • 00:17:04
    blacklists
  • 00:17:05
    you could also do an spf record lookup
  • 00:17:07
    let's check that
  • 00:17:08
    and if we perform that we can see
  • 00:17:10
    there's our spf record
  • 00:17:12
    spf1 with the ip address dash all and
  • 00:17:14
    this is set up
  • 00:17:15
    correct so mx toolbox is a very useful
  • 00:17:18
    tool and i think it's absolutely
  • 00:17:20
    necessary to check if your dns records
  • 00:17:22
    are correct on your mail server
  • 00:17:23
    it also could reveal some warnings or
  • 00:17:26
    some things you could improve
  • 00:17:28
    so like ttl values or something like
  • 00:17:30
    that and i don't want to cover too much
  • 00:17:31
    in this video because i think we have
  • 00:17:33
    covered a lot
  • 00:17:34
    so i hope this helps you to configure
  • 00:17:36
    your mail server and your dns records
  • 00:17:38
    for your mail server
  • 00:17:39
    and you could understand some of the
  • 00:17:41
    advanced techniques how to
  • 00:17:42
    protect your domain again spam and
  • 00:17:44
    spoofing so
  • 00:17:46
    don't forget to hit the like button if
  • 00:17:47
    you enjoyed that video and if you have
  • 00:17:49
    any question you can also leave me a
  • 00:17:51
    comment or just join my discord
  • 00:17:53
    community a link in the video
  • 00:17:54
    description below check it out
  • 00:17:56
    before i go i need to thank mason who is
  • 00:17:58
    the producer of this show and all my
  • 00:18:00
    patreon supporters
  • 00:18:01
    so without you the community this
  • 00:18:03
    wouldn't be possible at all
  • 00:18:05
    so thanks everybody for watching enjoy
  • 00:18:07
    the rest of your day
  • 00:18:08
    take care of yourself and i see
  • 00:18:17
    [Music]
  • 00:18:20
    you
Tags
  • DNS
  • Mail Server
  • Email Configuration
  • SPF
  • DKIM
  • DMARC
  • A Record
  • MX Record
  • Reverse DNS
  • Email Security