Normally, when we send emails, we expect them to reach within a few seconds to the recipient’s inbox. However, it is not obvious that your email reaches your recipients inbox. It may reach the spam folder or bounce back to your inbox.
Before an email can successfully land into the inbox, some work needs to be done by the mail administrator to ensure this happens. The mail server must be properly set up to ensure emails keep going to the inbox, 99.9999% of times. Sorry, I can’t promise you a clean 100% on this one.
Lets see how to get this done.
My idea of a perfect mail system includes:
- A webmail interface that users can use to access mail if they don’t want to configure mail clients.
- Mail access URL to this interface should be accessed via https.
- Mail server supports TLS/SSL encryption.
- Enhanced email deliverability by making all DNS records okay i.e PTR, SPF, DKIM and DMARC records
- Not open relay to control spamming.
- Has a backup MX so that just in case primary mail server is down, users don’t loose emails coming in during downtime
So, we’ll be looking to build a solution that provides these features. Of course there will be other things involved in the mail server.
After creating our mail server, we will test it using mxtoolbox.com and see if it passes their test.
Prerequisites
We’ll use Centos 7, Postfix, Roundcube, MySQL for our email. In my case, I simplify the task a bit by using Centos Web Panel that comes with all these pre-installed.
Procedure
1. Login to your Centos 7 box via SSH and install Centos Web Panel (CWP). It comes with all our needed software pre-installed making it much easier for us to create our mail server.
2. Install SSL certificate for the hostname.
Login to CWP as root. On the Navigation Pane, click Server Settings>>Change Hostname. Enter your new hostname then click Change Hostname.
NB: A hostname must be an A record that we can ping and get a response. It must be created and pointed to the server’s IP.
This SSL Certificate will allow your webmail to be accessible via https and will also be used for TLS/SSL encryption for your emails. Its Free Let’s Encrypt that auto renews. You can install a premium SSL if you want. Here is a guide on how to.
The server automatically configures TLS on postfix config file.
3. Configure DNS records
a)Configure rDNS
At your server provider, configure PTR for the domain to be the server hostname. Most providers already have a working PTR pre-configured. But you can replace that with your server hostname. Changes take upto 24hours to reflect.
b)Configure SPF
Login as root to CWP and on the Navigation pane, scroll down to SPF Manager. Fill the form with the heading Add SPF record with recommended settings as shown in the image below. Some fields will be left blank for now but if you have an extra mail server you wish to permit, you’ll add its IP and hostname on this form so its updated at the SPF. We’ll look into that concept later when we configure our backup MX server.
c) Configure DKIM
Still logged in as root, on the Navigation pane, click DKIM Manager, select your domain name and click Add DKIM button. Once added, you should see the domain having 4 green ticks as shown below.
4. Configure Antispam and Antivirus
CWP provides three free antispam fighting tools in SpamAssassin, ClamAV and Amavis. To enable these services go to the Navigation Pane and click MailServer Manager. Under Rebuild Postfix Configuration section, select AntiSpam/AntiVirus (recommended) and click Rebuild Mailserver. Once done, Restart All Mail Server services.
This should configure everything for you in relevant config files.
Additionally, enable SpamHaus by clicking AntiSpam on the Navigation Pane. Then Install SpamHaus. Note that this needs you to activate CSF Firewall.
Your mail server is now all set and you should now create email accounts for the domain added. To do this, simply go to the Navigation pane and click Email>>Email Accounts>>Add New Domain Email
To access the email, type SERVER_IP/webmail or preferably, hostname/webmail
Well, now that we are through, we can test one domain hosted on our mail server via mxtoolbox.com This is the result I got for my domain. Perfect score!
From there, our next task is to configure a Backup mail server also know as backup MX. It’ll make the system more reliable so as to ensure users never loose email even if the mail server goes down.
I really appreciate this post. I?¦ve been looking everywhere for this! Thank goodness I found it on Bing. You’ve made my day! Thank you again
Very thank you for that so complete guide. The rDNS setup is essential for mail function please?
Yes, without rDNS modern mail servers are configured to reject mail from such a server. Its important to onfigure rDNS.
Thanks for that. Also, can I use CloudFlare’s DNS for domain records management?