Suppose you want to test a mail server for a particular domain before going live with DNS change.
For example, when you want to test an HTTP/HTTPS site you can just change your own machine's hosts
file to point to the host-to-be.
With mail, that would be possible only if the server acts as outbound gateway for the particular domain. Let me explain with an example. I have set up authenticated SMTP for example.org
on a host that has to be mapped to mail.example.org
: I can point my DNS to the IP of that machine and tell my SMTP client to use that server, so it will also match the TLS certificate.
With inbound mail, when I need to test the server to accept mail for domain, perform basic antispam/antivirus checks, and don't perform strange things, I need the MX record. Recently I discovered that due to a bad Postfix/DKIM configuration my server did the following:
- When DNS MX was not live yet, it forwared mail directed to
example.org
to canonical MX, which was the old still-running MX - After DNS switch, confident that everything was fine, the server rejected all mails with a routing loop error (Postfix mail for mydomain.com loops back to myself)
I had to dig, dig and dig to find the culprit line, but for future work I'd like to ask if there are best practices for testing mail servers before they go live. Assuming that I might be unable to telnet the server from my local machine because of the antispam checks.
I would setup own private DNS server with MX changed already. For testing the mail server I recommend using swaks.