Creating DNS records and receiving emails via Postfix

So far in this series of articles, you have prepared the cloud server to be a mail server, installed Postfix, and performed some basic configuration in the Postfix file. With that preparation, you can send mail and know that the system works as expected.

To move on to receiving emails, you need to create the correct DNS records and open port 25 in your iptables firewall. This article explains how to complete these tasks.

Note: This article assumes that you are using a single domain. The examples in these articles use the domain. Be sure to replace that with your main domain.

DNS records

This section describes what DNS records you need to create and how to verify their creation.

Create A and MX records

Keeping with traditional naming conventions, you need a subdomain (in this example, mail, resulting in and an MX record for the domain that points to that subdomain.

You can have multiple MX records and multiple mail servers for your mail. A request determines which one to use based on the priority number. The lower the number, the higher the priority.

This example uses 10 as the priority number. That allows for setting up another mail server in the future with a higher MX priority number (such as 0).

See the following article for details about how to add the records to the DNS page in the Cloud Control Panel: Create DNS Records for cloud servers with the Control Panel.

Verify with dig

After you create the DNS records, you can check them on the name server itself by using the dig command.

To check that the mail subdomain is correctly entered on the Cloud Servers name server, use the following command:


The verification should look as follows:

;; ANSWER SECTION:     86400   IN      A

To check the MX record for the domain, use the following command:

dig mx

The answer should look as follows:

;; ANSWER SECTION:          86400   IN      MX      10


When you set up the cloud server, you created a simple firewall using an iptables script (see the server setup article for details).The common port for receiving mail is port 25 and the basic setup didn't have that port open. So, if you tried to send mail to the domain, you would get an notification that the mail is undeliverable.

Open port 25 in the iptables firewall

  1. Using the same files from the server setup article, open the iptables test file, as follows:
    sudo nano /etc/iptables.test.rules
  2. To open port 25, add the following lines just after the Allows all outbound traffic entry:
    # Allows postfix to accept incoming connections
    -A INPUT -p tcp --dport 25 -j ACCEPT

    Note: The line starting with # is not required, but commenting a file makes administration at a later date easier.

  3. After you have updated and saved the file, make the new rule set active, as follows:
    sudo iptables-restore < /etc/iptables.test.rules
  4. The port is now open, but you should verify it as follows:
    sudo iptables -L

    The following new line is included in the output:

    ACCEPT     tcp  --  anywhere             anywhere            tcp dpt:smtp

    Now SMTP connections can be accepted.

  5. To save the final configuration to the script that is executed on a restart, you need to be root rather than just using sudo, so run the following command:
    sudo -i
  6. Run the save command as follows:
    iptables-save > /etc/iptables.up.rules
  7. After you are done, exit root:

Now the correct port is open in your iptables firewall.


You have set up the server to receive mail for your domain.

Where to go from here

The next article shows how to use the Telnet package to conduct some final tests on the setup to ensure that Postfix is sending the correct identification details. It also describes checking the email from the command line.

© 2015 Rackspace US, Inc.

Except where otherwise noted, content on this site is licensed under a Creative Commons Attribution-NonCommercial-NoDerivs 3.0 Unported License

See license specifics and DISCLAIMER