Properly configuring DNS for email sending on multi-domain hosting VPS
Background
I have a VPS, with one external IP hosting <10 domains (DOMAIN.TLD). Each domain receives and sends email. Each domain has associated DKIM / SPF / MX entries. The PTR record exists and is associated with the main domain (MAINDOMAIN.TLD) on the VPS.
Problems
Mails end up in the spam folder (yahoo) for some receivers and do not get received at all by others (outlook). Gmail (and others emails hosted at different hosting providers like one.com) receives inbox immediately.
Not having a clear idea on how to configure each domain DNS in regards to email.
What I've done so far
Initially (the non-tested ones still have), each domain had an A record (mail.domain.tld ) and a MX record that pointed to the A record, but no PTR associated with the VPS IP. Email sending worked but I had Problem #1
A -> MAIL -> VPS_IP
MX -> 10 -> MAIL.DOMAIN.TLD.
After finding out about and setting up the PTR record (which is the main reason why some email servers disregarded my emails, thus not having them received), I considered pointing each domain MX record to the domain resolved by PTR (MAINDOMAIN.TLD -> VPS_IP). I tried using CNAME to point and then directly MX to point.
CNAME -> MAIL -> MAINDOMAIN.TLD.
MX -> 10 -> MAIL.DOMAIN.TLD.
and then
MX -> 10 -> MAINDOMAIN.TLD.
In both cases, I had the same situation as described in Problem #1.
Questions
- What's wrong with the setup ?
- Whats the best way to approach this - having all domains using the MAINDOMAIN.TLD as MX (via CNAME or directly?) or having all domains using their own domain as MX ? (I think the 1st variant is to go for, because of the PTR record and the fact that I only have a single external IP address - but I'm not getting why it's not working)
- Are there any free and reliable (wanting too much?) external email providers that can handle email sending instead of doing it myself ?
Additional info that might be relevant
- how do I know DNS records are/were according to my description - using linux cli tools like host, dig, nslookup + https://mxtoolbox.com/
- i'm using ISPconfig3 as a hosting control panel
- the VPS is bought from DigitalOcean ,DNS management being done in the DigitalOcean dashboard
- SMTP server is postfix
- my IP is not blacklisted - checked with https://mxtoolbox.com/SuperTool.aspx?action=blacklist ; mail-blacklist-checker.online-domain-tools.com/
- nothing relevant in /var/log/mail.log - shows that emails are being sent but there is nothing answer related
Easy-n-Good way
Hire good postmaster and hostmaster, they can fast and easy fix all your noob mistakes (alot of)
Hard-n-Glorious way
RTFM, beсome competent postmaster and hostmaster and do The Right Things (tm)
Your current (related and unrelated) errors
- Never point MX to CNAME, only to A
@ MX mail mail CNAME some.name
is BAD
@ MX mail mail A some.ip.here
is GOOD, even if some.ip.here is shared across any|all your domains
MX config (any) is unrelated to your undeliverable e-mail: for extremely paranoid checks (but still RFC-compliant) MX for domain just: 1) must exist 2) be resolvable to routeable IP
-
All IP-related tests on receiver's side include (AFAICR, I'm out of *master business for a long time), to the maximum extent (I done it on my MXes):
- Pure hostmaster area: Paranoid IP-check (IP1-hostname-IP2) for connected IP, all resolves must be successful and IP1=IP2
- Mix of 2 areas: hostname in EHLO(HELO) parameter (SMTP-related config) must be resolvable (DNS-game) (just resolvable to any real IP, it is RFC-compliant also) and can not correlate to e-mail's domain in any way or hostname of emitter (but in current lame world using hostname of your VPS will be safer)
- Spam-filtering can be (most probably) result of content-analysis, not related directly to your DNS-settings