Some cloud business offers "always-free" VM instances. Not quite big, but enough for me, so I’m going to migrate my infrastructure there, including mail.example.com. That machine handles incoming mail for @example.com (example.com MX 10 mail.example.com). However to also send email from @example.com the machine needs a PTR record (192.0.2.1 PTR mail.example.com). The cloud provider, however, doesn't allow to add PTR records. So, maybe I just use a relay for outgoing email, hosted at some another cloud provider who allows setting PTR records?
That relay VM would just need a PTR record called... mail.example.com? Or would smtp.example.org also do? And – if it would also do – would the eMail recipient’s server – pechora1.icann.org – just check that smtp.example.org is smtp.example.org and accept my eMail from... @example.com? W/o additional DNS requirements? (And – if yes – why?)
Notice you absolutely need not to always use
mail,smtp,mxor other "well known" host names for the email server. Any valid DNS host name will do. More, these "well known" names are never checked, so even if you use such a name, nothing will work until you set up everything coherently. I used genericserver-nameXto illustrate this. The "incoming" and "outgoing" servers may be completely different machines. It is not important for outgoing server to be able to receive any email. However, the incoming server sometimes needs to originate a delivery status notification.MX records control the mail reception. This is needed if you want this host to receive mail for the domain. Of course, the mail server need not to be in the same domain. If you want the mail for
example.netto be served by theserver-name1.example.com, you add the following MX record into theexample.net:The mail origination is trickier.
Email servers usually behave better if the PTR record points to the corresponding A or AAAA record. For example, if you have
you'd better have also
(of course, this only helps if your server really connects from the
192.0.2.1).You'll need this IP address or name to be listed in the SPF record of the served domain (where the "sender" email address belongs). E.g. if you want this server to serve
example.net, the latter must have the following somewhere in the SPF TXT record:... a:server-name2.example.com ...or... ip4:192.0.2.1 ....Let this server to have its own DKIM private key and let it use that key to sign mail using the selector
server-name2. In this case, you must also publish the corresponding public key under this selector in the served domain:Also it's best if the server advertises this
server-name2.example.comin various places, especially in theHELO/EHLO. Some servers check this to correspond to the IP address from which the connection was received, in addition to the PTR check.