Creating DNS records and receiving emails via Postfix

So far, we have prepared the Cloud Server, installed Postfix, and had a quick look at the postfix file.

From that solid base, we can send mail and we know it all works according to plan. Now we can move onto receiving emails. To do that, we need to create the correct MX records and open port 25 in our iptables firewall.

Remember that at this stage we are dealing with a single domain. In the example articles I am using the domain ''. You would, of course, replace that with your main domain.



DNS Records

Although there are existing articles on creating MX records (see here), let's have a quick run through of what we need.

A record

Keeping with traditional naming conventions we need a subdomain named 'mail' (thus giving and the MX record for pointing to that subdomain.

Please refer to the article below for details of how to add the records to the DNS panel in the Control Panel.


MX record

It is possible to have multiple MX records and have multiple mail servers for your mail. The way a request works out which one to use is based on this figure: The lower the number the higher the priority.

I entered '10' as I don't know what the future will hold. I may set up a 'super' mail server and want to give that one a higher MX priority, As such, when I created records for the 'super' mail server I would enter '0'.

A little 'future proofing' never does any harm.

Verify with dig

Once the records have been created they can be checked using the 'dig' command.

The moment the records have been created, you can check them on the nameserver itself. This saves waiting for the records to propagate only to find you made a mistake.

So, to check the 'mail' subdomain is correctly entered on the Cloud Servers nameserver:


The section we are looking for is:

;; ANSWER SECTION:     86400   IN      A

Looks good.

Now we can check the MX record for the domain:

dig mx

The answer:

;; ANSWER SECTION:          86400   IN      MX      10

Again, that is correct.


When we set up the Cloud Server we created a simple firewall using an iptables script (please see the Cloud Server setup article for details).

The common port for receiving mail is port 25 and base setup didn't have that port open.

If you tried to send mail to the domain you would get an undeliverable notification.

Using the same files from the Cloud Server setup article, let's open the iptables test file:

sudo nano /etc/iptables.test.rules

To open port 25, we need to add the following just after the 'Allows all outbound traffic' entry:

# Allows postfix to accept incoming connections
-A INPUT -p tcp --dport 25 -j ACCEPT

Note the line starting with the '#' is not compulsory but I find commenting a file makes for much easier administration at a later date when you have no idea what you entered.

Once done and saved, we need to make the new rule set active:

sudo iptables-restore < /etc/iptables.test.rules

The port will now be open but it's always good practice to check something so important:

sudo iptables -L

Amongst the output is the new line:

ACCEPT     tcp  --  anywhere             anywhere            tcp dpt:smtp

So now we can accept smtp connections - it is named smtp as the default port (25) has been opened.

To save the final configuration to the script that is executed on a reboot, you need to be root rather than just use sudo:

sudo -i

The command is:

iptables-save > /etc/iptables.up.rules

Once done, exit root:


We now have the correct port open in our iptables firewall.


Now we have the Cloud Server setup to receive mail for our domain.

The next article will look at the telnet package to conduct some final tests on the setup to ensure postfix is sending the correct identification details. We'll also take a look at checking the email from the command line.

Previous Article
Next Article
Table of Contents

Was this content helpful?

© 2015 Rackspace US, Inc.

Except where otherwise noted, content on this site is licensed under a Creative Commons Attribution-NonCommercial-NoDerivs 3.0 Unported License

See license specifics and DISCLAIMER