Zimbra, confused in DNS zones

Started by friv10games, Sep 21, 2022, 02:47 AM

Previous topic - Next topic

friv10gamesTopic starter

Installed Zimbra, I work with mail servers for the first time. Created a legend "mydomain.com" in the local DNS server. I registered MX, A, DKIM, SPF in the local DNS server.

Mail goes inside the network via Zimbra. The mail is sent to external mailers, although it gets into spam right away, not surprising.
Now the task is to open access to receive emails from the external network. Address "mydomain.com" registered with web hosting provider "hoster.com", in his DNS record, he tried to register A, MX data to be sent to our external address. And then I got confused, how to implement this scheme?

The name of the server inside the domain (in the lock. networks) "mail.mydomain.com"
Server name in the host (ubuntu) file on the Zimbra server itself: " mail.mydomain.com mail"

It turns out that you need something on the domain "mydomain.com" in the dns records of the hosting provider " "hoster.com" prescribe something that, when sending a letter, for instance with @gmail.com he will turn to the outside "mydomain.com", received our external ip, then the request was processed by our internal dns server and the letter got to our Zimbra server in the lock. networks.

Or is everything fundamentally wrong?
 I have already reread a ton of all sorts of information and in the end I got confused at all.
And then there's the question, it turns out where you need to prescribe DKIM and SPF? On our local dns server in the zone "mydomain.com" or on the external dns zone of the domain "mydomain.com" from the hosting provider "?


In order for incoming mail to work, it is necessary to correctly configure the MX record of the mailbox domain.
In the local network, the address was set to, instead of it for the domain, you need to register the external IP address of the network and configure port 25 redirection to the internal network to the address

With this approach, when mail is sent from an external address, the mail server will connect to an external IP address that you use on the local network.
For incoming mail to work, it is necessary to register all entries in the DNS domain settings of the hosting provider. But it is worth noting that you can organize DNS servers on your web servers, delegate the domain to them and edit records locally.

I don't know how to send emails by hand. But my task was different - sending notifications about registration and payment of services, data from services for clients.
Emails were sent from the website (no spam, only at the request of the user, about 10 thousand emails were sent in total per month). DKIM, DMARC, SPF, PTR were configured, but emails still often ended up in spam. I transferred the delivery to Amazon SES, the problem was solved. So think about why large services are better than your own. I suspect the anti-spam systems are more loyal to large services and skip more mail.


I threw these
chain=dstnat action=dst-nat to-addresses=ip_of_zimbra.server protocol=tcp dst-port=22,25,110,143,465,587,993,995,3443,7071,7143,7993,9071,10000
The question is a long-standing one, maybe someone else will need it.
The mail goes back and forth. Moreover, there were no public certificates on the test server yet, Gmail received mail from the test zimbra and received it from them.