Reverse DNS for multiple subdomains
We're setting up a system where each of our users gets their own subdomain of companymail.com
for sending / receiving emails, and they can set up multiple mailboxes under that subdomain. We also want to allow them to use their own domain. E.g.:
Main domain: companymail.com
.
User 1 has two mailboxes set up:
[email protected]
[email protected]
User 2 has one mailbox set up:
[email protected]
We've set up a single GMail inbox and have routed all incoming mail to <anything>@<anything>.companymail.com
into it, and can successfully pull it into our system from there by adding DNS MX records for:
companymail.com -> aspmx.l.google.com
*.companymail.com -> aspmx.l.google.com
(plus the other altX.aspmx.l.google.com ones)
For receiving on their own domain, they'll need to forward their mail to their appropriate mailbox. E.g. User 1 would need to set up mail forwarding on their domain to [email protected]
. They'll also need to add SPF and DKIM records to their domain. I think this should all work fine as it's currently set up.
We're now trying to sort out sending. This is where the question of how to set up the reverse DNS comes up. Our next steps are:
- Set up a local instance of postfix to send outgoing emails and bind it to its own public IP, as the servers we're running
companymail.com
on (which is our dedicated email domain) are the same as the servers we're runningcompany.com
on. - Once that's set up, then we can set up reverse DNS to point our dedicated IP to our domain.
The question is how would we handle subdomains for the reverse DNS entry? Do we just point it to our main companymail.com
domain?
Solution 1:
A reverse DNS is associated with IP address, not subdomain. In principle, reverse DNS must exist, but that could be anything. In practice, remote servers often employ tighter security and they require the particular setting of reverse DNS RR. In case of email, the IP address in question is the IP address of server which originates mail. If you are owner or otherwise control that IP address, it's your responsibility to set up a reverse DNS RR for it.
Let's suppose your sending server has the system name mail.companymail.com
, therefore the first command it issues in the outgoing ESMTP session would be EHLO mail.companymail.com
. Then, let the IP-address from which this connection is seen by the receiving server be pointer to this name, mail.companymail.com
. Also it's better that mail.companymail.com
have A record to this IP address. That's the safest setting.
Then you may add this IP-address and/or this DNS name into SPF and DKIM records of each domain for which this server sends mail. You may have less hassle if you set up these records in the root domain and only "import" this in all other served domains. Please learn details of SPF and DKIM on how to do this.
This sending server doesn't have to be also receiving server (MX) for your root domain or any subdomains, so you may also direct your MX records elsewhere, if you desire so. If there are other servers which are supposed to send mail for these domains, each of them must have different mail name and so it should have the setup as depicted above.
Gmail servers and other major providers are already set up their reverse DNS like this, so you only need to insert their addresses into your SPF and DKIM and MX records as they recommend when you setup mail for your domain. You don't have to set up reverse DNS for them (actually you just can't do that, because you don't control their IPs).