The received headers in the email are basically the addresses of the email servers that the email was passed to reach their destination. The last received header is originating address for the email coming from a domain.
So If I am receiving a mail from a domain "example.com", the originating received header should be an outgoing SMTP server address of the "example.com" domain.
Is there any way I can verify the address in the email header with the expected address of the domain?
From what I understood by reading blogs, is that the MX record is only for receiving the emails and not for sending emails. Is there something similar to the MX record but only for outbound/outgoing mails?
Please correct me If I am wrong anywhere.
Thanks.
You are correct that only a domain's inbound mail server are stored in MX (mail exchange) DNS records. A domain's outbound servers are stored in SPF (sender permitted from / sender policy framework) DNS records. These state what machines may send email for a given domain.
(This is important for outsourcing your email sending, so that e.g., Gmail's servers are considered valid senders for example.com.)
You can query the domain's txt records, e.g., with dig:
$ dig -t txt stackoverflow.com | grep spf
stackoverflow.com. 203 IN TXT "v=spf1 ip4:198.252.206.0/24 include:_spf1.stackoverflow.com ~all"
Here you see that the machines in the 198.252.206.0/24 CIDR range are allowed to send email for #stackoverflow.com addresses.
Normally, your inbound mail server should do all these checks for you, plus DKIM and DMARC.
Related
I'm trying to implement a SMTP server at the moment and I've question regarding the routing...
Imagine, a client (foo#bar.com) sends a mail to foo1#bar1.com, foo2#bar2.com and foo3#bar3.com.
What happens when the SMTP server sees the message? Now, I'm not sure if the following sequence is correct:
The SMTP server will put the mail into the outbox of foo#bar.com
For each recipient (except foo#bar.com) in the envelope, the SMTP server will do:
Retrieve the MX record
Connect to the SMTP server determined by the MX record
Send HELO/EHLO command
Send MAIL FROM command (foo#bar.com)
Send RCPT TO command (e.g. foo1#bar1.com)
Send DATA command
Send QUIT command
Are these steps correct? For me it makes sense that the SMTP of the sender processes all the communication, but I've found some pages (e.g. https://www.msxfaq.de/internet/envelope.htm) where a mail server only forwards the message to the next SMTP server and each SMTP server removes one recipient from envelop's rcpt-to list, e.g.
So, what's correct...?
Sender's SMTP handles all the routing
Sender's SMTP removes one recipient (in this case foo#bar.com) and then forwards the message to the next SMTP server
The steps you listed are basically correct.
The complexity arises when you compose an email and try to send it to a lot of different domains, e.g. steve#apple.com, woz#apple.com, and bill#microsoft.com.
In this case, the server must do MX lookups on each one of these domains and split the email. Steve and Woz are both at the same domain, so the server can send an email with those two recipients to the MX record for apple.com. The server must open a separate connection to the MX record for microsoft.com and attempt to send the email to Bill over that connection.
I have a domain name, mysite.com registered with a provider at ns1.dnsprovider.com and ns2.dnsprovider.com.
mysite.com is a Wordpress site on WHM/cPanel at IP: 111.222.333.444
I can set my DNS records at DNSProvider to point at 111.222.333.444 for the websites - no problem. I also need to set up email facilities.
This I'm struggling with. I'm simply running the standard Exim package in cPanel.
I figure I need to set up an A record mail.mysite.com for IP 111.222.333.444 but I also need to set up MX records. Would this be to mail.mysite.com with priority 0 and 10?
Also what about DKIM and SPF records? What would I need to enter?
First a quick note: If the mail server is on the same IP address you do not need the extra A record, since there is already an A record the MX record can use.
As for the MX record, it depends on what the mail addresses will be. For the one you mentioned the mail addresses will be user#mail.example.com, if you want them to be user#example.com, then the MX record must be for example.com, like this:
# MX 10 mail.example.com.
Where mail.example.com is the extra A record you wanted to create, you can also point the record to example.com, since it has an A record pointed to the IP of the mail server.
Now for the SPF record it depends on which servers will be send mails on behalf of your domain. If only your server (this includes your web site, since they are on the same IP) the SPF record can be like this:
# TXT "v=spf1 a -all"
This allows the IP of your A record to send mails and "forbids" everybody else.
The DKIM record is in the following format:
default._domainkey TXT "v=DKIM1; p=yourPublicKey"
You should generate yourPublicKey and also a private key, with which you will sign your mails (note that you can simply skip the whole DKIM part)
Our email server was blocked, I need find a way to solve this.
About the outbound SMTP IP, when I send emails from my email server, if I send them to a SMTP relay on my other server, which IP the receive side will check for the reverse DNS? the email server IP or the relay server IP?
The receiving mail server will do a reverse dns check on the mail server that it received the message from. So, if your mail server sends a message through a relaying mail server, which then sends the message to the receiving mail server, the receiving mail server will do a reverse dns check on the relaying mail server.
The reverse DNS check works like so: Say the receiving mail server receives an incoming connection from 209.85.160.179. The receiving mail server will do a reverse DNS lookup on this IP, which (in this case) will resolve to mail-yk0-f179.google.com. To confirm that the sending mail server is in fact in the google.com domain (and 209.85.160.179 is not run by a spammer or spoofer who simply setup a PTR record for 209.85.160.179 that points to mail-yk0-f179.google.com), the receiving mail server then does a forward DNS lookup on mail-yk0-f179.google.com, to make sure that this FQDN does in fact resolve to 209.85.160.179 (a spammer would not be able to setup a DNS record for a FQDN in google.com's domain).
So, legitimate senders should have a PTR record setup for the IP address that their mail server sends from, and the FQDN that the PTR record points to should resolve back to this same IP. This is how spam filters identify mail from home computers that have been taken over by bots or zombies for sending spam - as most IPs used for home internet connections will not pass a reverse DNS check.
We send out mail via Microsoft Exchange 2010 running on a Windows Server set up as server.organization.local.
When error messages are generated it shows:
Generating server: server.organization.local
I am confused as to what our SPF records should look like based on this. Should it simply contain the external IP address that this server uses to send out mail, or both this .local address and external IP address?
Currently it is set as:
# 10800 IN SPF "v=spf1 mx a:server.organization.local ip4:10.10.10.10 -all"
The mx is included to be safe but I'm not sure if it needs to be? The MX records on the domain name is set to a third-party filtering service, no mail is sent via it.
You need to specify the public IPs if you want to send emails to the internet.
If you are sending emails to another mail server on the LAN then you might have to add the private IPs as well.
I suggest to use a testing utility to check your SPF records.
I have two websites, we'll call them a.com and b.com. I already have a mail server running on b.com. What I would like to do is have any email sent to #a.com to be automatically forwarded to b.com. I edited the only MX record in the a.com DNS settings to be...
Priority: 10
Host: #
Points To: b.com
After setting this up and giving it time to propagate, mail sent to a.com does not go through and I get a "Message not delivered" response from my email client.
Thanks for any help!
The MX-Record does only tell the webserver where to deliver mail for that specific domain. So any mail sent to user#a.com will be sent to the mailserver at b.com, that does not mean that they get forwarded to user#b.com. You will have to configure your mailserver at b.com to accept mails for the a.com domain.