Currently, using mail on a Yandex domain is available within the Yandex.Connect service.

4. Find the domain for which you plan to make changes, click on the gear icon and select "DNS Settings".

5. Click on “Add DNS record”, select “TXT” and specify the record received in Yandex.Connect.

Typically, it takes 10-15 minutes for the changes to take effect.

7. After the changes are applied, click “Run scan” in Yandex.Connect. Wait for the domain confirmation (usually very fast).

8. Set up DNS records for the domain using the instructions below.

MX record

SPF entry

2. Find the domain for which you plan to make changes, click on the gear icon and select "DNS Settings".

3. Delete existing TXT records (copy the SPF record value first if you plan to send mail from the servers specified in it as well).

V=spf1 ip4:IP1 ip4:IP2 ip4:IP3 include:_spf.yandex.net ~all

where IP1, IP2, IP3 are the IP addresses of additional servers.

6. Save your changes using the "Add" button.

DKIM signature

1. Get a TXT record with a public key in Yandex.Connect:

• Open the Mail administration page.
• Go to the DKIM Signings tab.
• Copy the DKIM signature for the desired domain.

2. Find the domain for which you plan to make changes, click on the gear icon and select "DNS Settings".

3. Delete existing MX records.

4. Click on "Add DNS record", select "MX" and in the window that opens, check the "Yandex.Mail" item:

5. Save your changes using the "Add" button.

6. Wait for the DNS changes to take effect. This process can take up to 72 hours.

SPF entry

2. Find the domain for which you plan to make changes, click on the gear icon and select "DNS Settings".

3. Delete existing TXT records (copy the value of the spf record first if you plan to send mail from the servers specified in it as well).

4. Click on "Add DNS record", select "TXT" and in the window that opens, place the following value:

V=spf1 redirect=_spf.yandex.net

5. If you want to send letters not only from Yandex servers, specify additional servers in this format:

V=spf1 ip4:IP-1 ip4:IP-2 ip4:IP-3 include:_spf.yandex.net ~all

where IP-1, IP-2, IP-3 are the IP addresses of additional servers.

6. Save your changes using the "Add" button.

7. Wait for the DNS changes to take effect. This process can take up to 72 hours.

DKIM signature

2. Find the domain for which you plan to make changes, click on the gear icon and select "DNS Settings".

3. Click on "Add DNS Record" and select "TXT".

4. In the settings window, specify "mail._domainkey" in the "Host" field and enter the DKIM parameters with the public key received in Mail for the domain in the "Value" field. For example, "v=DKIM1; k=rsa; t=s; p=MIGfMA0GCSEBtaCOteH4EBqJlKpe..."

5. Save your changes using the "Add" button.

6. Wait for the DNS changes to take effect. This process can take up to 72 hours.

CNAME record

2. Find or create a subdomain mail.your_domain and click on the gear icon.

3. Click on "Add DNS Record" and select "CNAME".

4. In the settings window, enter the value "domain.mail.yandex.net":

5. Save your changes using the "Add" button.

6. Wait for the DNS changes to take effect. This process can take up to 72 hours.

• No tags

3. Delete existing MX records.

4. Click on “Add DNS record”, select “MX” and in the window that opens, check the box Mail.ru:

5. Save your changes using the "Add" button.

6. Wait for the DNS changes to take effect. This process can take up to 72 hours.

SPF entry

2. Find the desired domain, click on the gear icon and select "DNS Settings".

3. Delete existing TXT records starting with v=spf1 (copy the value of the spf record first if you plan to send mail from the servers specified in it as well).

4. Click on "Add DNS record", select "TXT" and in the window that opens, place the following value:

V=spf1 redirect=_spf.mail.ru

5. If you want to send letters not only from Mail.ru servers, specify additional servers in this format:

V=spf1 ip4:IP1 ip4:IP2 ip4:IP3 include:_spf.mail.ru ~all

where IP-1, IP-2, IP-3 are the IP addresses of additional servers.

6. Save your changes using the "Add" button.

7. Wait for the DNS changes to take effect. This process can take up to 72 hours.

DKIM signature

2. Find the desired domain, click on the gear icon and select "DNS Settings".

3. Click on "Add DNS Record" and select "TXT".

4. In the settings window that opens:

• in the "Host" field specify mailru._domainkey
• In the "Value" field, enter the DKIM parameters received in your personal account https://biz.mail.ru/ in the " " section.

DNS is a network of digital and household appliances, which is widely represented in Russia. The stores have a wide selection of products. On the official DNS website you can choose and purchase any product from the comfort of your home. The purchase can be picked up at the selected store (the purchase will be prepared by the store manager by the specified time) or ordered delivery. To use all the capabilities of the resource, there is a convenient “personal account” service. Service running customer support, which can be contacted through a special form to request a call back.

Features of your personal DNS account

To gain access to your personal account, you must register on the site. To do this, you will need to provide an email address and create a password. It is important to indicate a valid mailbox, as confirmation is required to complete the registration process specified address. After this, the user is asked to provide a mobile number (this item is optional). Messages about changes in the status of the current order will be sent to the specified number. This completes the registration process, you can log into your personal account and use all its features.

The service operates around the clock. It allows you to place orders for products presented on the site and track them. You can also activate your card in your personal account to become a member bonus program. To receive a card you must provide a number mobile phone to an employee in any of the chain’s stores (it is issued free of charge and is valid for 5 years). You can view the quantity in your account at any time. bonus points, the history of their accrual. Also the owners personal accounts can see all promotions and other profitable offers, company news. Current information is sent to your phone or email, which are linked to the account.

Through the service you can ask a question to the service technical support chat online. The history of orders and payments is saved. Based on it, the company employee creates profitable individual offers for registered users

For the mail server to work properly, it is important to have a correctly configured DNS zone. We have already touched on some aspects related to the DNS system, today we will dwell on this issue in more detail. Setting up a DNS zone is one of the preparatory operations before deploying a mail server, and the performance of the email system directly depends on it.

Incorrect settings can result in mail being unable to be delivered to your mail server or recipient servers rejecting your mail. Indeed, if your zone records do not contain information about the mail server, where should mail be sent? To the village for grandfather? You can, of course, ask your provider to configure the DNS zone, but it is better to do it yourself.

What do we need? A dedicated IP address (let's say 11.22.33.44), which you must obtain from your provider. A domain name (for example example.com) can be registered with any registrar or their partner. When registering with a partner, check whether he provides access to DNS zone management, otherwise you will have to spend additional time, nerves and money transferring the domain to the registrar.

If you already have a domain and, most likely, a website operates on it, check whether it is possible to manage the DNS zone from the hosting provider's panel; otherwise, it is better to transfer the domain to the registrar; to do this, contact the provider's support.

So, we have a domain. What records does its DNS zone contain? Firstly, this is an SOA record - a description of the zone. We will not analyze all the entries in detail, this is beyond the scope of our article, but it is necessary to have a general understanding of them. There must also be two NS records pointing to the name servers (DNS servers) serving this domain, these will be the registrar’s servers or the hosting provider.

The first record to be added will be the A record or name record. It should point to the IP address of your server if you decide to serve all requests to the domain yourself or to the IP address of the hosting provider if you decide to host your website. When hosting a website with a hoster, the domain is usually delegated to its DNS server (the corresponding NS records are registered) and an A record will be created automatically when parking the domain.

This option is most common, but if necessary, you can always create an A record yourself. This entry looks like

Example.com. IN A 22.11.33.44

In our example, 22.11.33.44 is the address of our hosting provider where the site is located. Pay attention to the dot at the end of the name, this indicates that the name is absolute; in the absence of a dot, the name is considered relative and the domain name from SOA is added to it. You can check the entry with the command nslookup.

For the mail server to work, you need to create an MX record, which should point to our mail server. To do this, let's create a record:

Example.com. IN MX 10 mail.example.com.

You can also simply write:

Example.com. IN MX 10 mail

Example.com will be automatically added to this name (without a dot at the end). The number 10 determines the server priority; the lower it is, the higher the priority. By the way, the DNS zone may already contain an MX record like:

Example.com. IN MX 0 example.com.

Typically, this entry is automatically created by the hosting provider when hosting the site; it needs to be deleted.

Now let's create an A record for mail.example.com

Mail.example.com. IN A 11.22.33.44

Now all mail for the example.com domain will be sent to the mail host with the address 11.22.33.44, i.e. your mail server, while at the same time the example.com site will continue to work on the provider’s server at 22.11.33.44.
The question may arise: why can’t you immediately specify the IP address of the mail server in the MX record? In principle it is possible, some people do it, but it does not comply with DNS specifications.

You can also make aliases for a mail server like pop.example.ru And smtp.example.ru. Why is this necessary? This will allow the client not to depend on the features of your infrastructure, having specified the settings once. Let's say that your company has grown and allocated a separate mail server to serve external clients. mail1, all you need is to change two DNS records, clients will not notice that they are working with a new server. To create aliases, CNAME type records are used:

Pop IN CNAME mail.example.com.
smtp IN CNAME mail.example.com.

At this point, setting up the forward DNS zone can be considered complete; the most interesting thing remains - the reverse zone. The reverse zone is managed by the provider that issued you the IP address and you cannot manage it yourself (unless you are the owner of a block of IP addresses). But you need to add at least one entry to the reverse zone. As we wrote in the previous article, many mail servers check PTR records (reverse zone records) for the sending server, and if they are absent or do not match the sender’s domain, the letter will be rejected. Therefore, ask your provider to add an entry like this for you:

44.33.22.11.in-addr.arpa. IN PTR mail.example.com.

A bit strange looking, isn't it? Let's look at the PTR record structure in more detail. For reverse name resolution, a special top-level domain in-addr.arpa is used. This is done in order to use the same software mechanisms for forward and reverse name conversion. The fact is that mnemonic names are written from left to right, and IP addresses are written from right to left. So mail.example.com. means that host mail is in the example domain, which is in the top-level domain com., 11.22.33.44 means that host 44 is in subnet 33, which is part of subnet 22, which belongs to network 11. To maintain a uniform order, PTR records contain the IP address " backwards" appended with a top-level domain in-addr.arpa.

You can also check MX and PTR records with the command nslookup using additional parameter -type=MX or -type=PTR

And of course, we should not forget that any changes in DNS zones do not occur instantly, but within several hours or even days, which are necessary for the changes to propagate throughout the global DNS system. This means that although your mail server will start working 2 hours after making changes, your partner may not send mail to you for a longer time.

It’s a mystery to me why deploying even a primitive mail server configuration for many system administrators is such a serious problem. Nevertheless, it is true. It would never have occurred to me to write an entire article about this, but judging by the inexhaustible number of questions, it is still necessary to do so. The most difficult ones are the basic DNS records for the mail server, so we’ll talk about them.

If you are interested in the topic of mail servers, I recommend that you refer to the corresponding tags on my blog - and .

The article discusses basic records that are either necessary or highly desirable for the normal functioning of a mail server.

Well, now let’s start figuring out what needs to be done before creating records.

Buying a domain name

You need to start by purchasing a domain name. It's not as difficult as it seems and not as expensive. New domain in the.ru-zone it can cost no more than 100-200 rubles.

Once the domain is purchased, you can start creating records. All registrars have different admin panels, but knowing the theory, it’s easy to understand the specifics of adding records.

Note: when you specify the A-record that the CNAME refers to when creating it, some registrars may need to enter the entire A-record with a dot (for example, record.bissquit.com.), while for others it is enough to enter just the part before the domain (just record without everything, as in the previous example).

I would like to immediately warn you that distributing newly created posts takes some time, usually from 15 minutes to several hours (or in theory even a day, but I have never seen this happen).

A

First, create a master A record that will point to the external address of your mail server. Any options are acceptable, but usually choose something similar to mail.domain.tld or mx1.domain.tld. If you are using your own bind DNS server, the A record within the zone might look like this:

Shell

mail IN A 1.2.3.4

mail IN A 1.2.3.4

This entry will subsequently be pointed to by MX.

MX

This entry translates as mail-exchanger and, in fact, it is the main one for mail servers. There can be several such records and each of them necessarily has a priority value - the lower it is, the higher the priority. What is it used for? Mainly to determine the order of access to MX records, if there are several of them.

It is common for multiple MX records for the same domain to have the same priority. In this case, incoming traffic will be evenly balanced between servers.

Note: strictly speaking, having an associated MX record for your sending server is not that necessary. You can send mail without problems and the servers of the target domain will even receive it. But on the receiving servers, the mail will probably immediately end up in spam, since sending domains without MX are immediately flagged as suspicious. Problems may also arise with receiving mail, although in theory, delivery of a letter in the absence of an MX record should be performed to the main A-record of the domain (according to RFC 5321).

If we delve deeper into the architecture of mail solutions, very often the MX record points to a mail-relay or antispam server (spamassasin, for example, or Exchange Server Edge), and not to the final mail server that stores incoming/outgoing messages. This is a completely reasonable approach, where a separate server acts as an edge gateway, and another with business-critical data acts as a backend. I will say more - this is even best practice.

How much MX do you need to be happy?

A savvy reader may come up with a very interesting thought: “What is better - two MX records or one MX record, but referencing two identical A-records?” Visually it looks like this:

When b. it turns out to be a kind of Round Robin. But, if we ignore the nuances, option a. similar! After all, the same priority of MX records provides the same function.

However, even in this case, many have doubts. They are mainly driven by the belief that in case b., if the sending server hits a broken server in the first attempt to send, then it will postpone sending and try next time, after a timeout. But this is fundamentally wrong - it will try to send it to the second server from the RR issue immediately. This is demonstrated by a clear experiment.

When both servers from option b. respond to requests, we see the following entry in the smtp session when we try to send a letter to them ( Queued mail for delivery— the letter has been accepted for delivery):

Shell

Feb 14 13:57:37 mail postfix/smtp: ACF0D140073: to= , relay=mail.domain.tld:25, delay=1.7, delays=0.17/0/0.09/1.5, dsn=2.6.0, status=sent (250 2.6.0 Queued mail for delivery

If for some reason one of the servers went offline and the sending party got into the first attempt at it, the second attempt will immediately go to send mail to the second server from the issue (after Connection timed out the first time there is a successful second attempt):

Shell

Feb 14 14:02:16 mail postfix/smtp: connect to mail.domain.tld:25: Connection timed out Feb 14 14:02:17 mail postfix/smtp: 35E8F140073: to=

Feb 14 14:02:16 mail postfix/smtp: connect to mail.domain.tld:25: Connection timed out Feb 14 14:02:17 mail postfix/smtp: 35E8F140073: to= , relay=mail.domain.tld:25, delay=31, delays=0.15/0/30/0.7, dsn=2.6.0, status=sent (250 2.6.0 Queued mail for delivery

Note: If anyone is interested in the dilemma of choosing the “correct” MX hierarchy, I advise you to refer to the DNS topic - MX, A, TLL and mail server on the Technet forums. The example with sending logs was taken from there, and I am also its author.

Now let’s go back from theory to practice and see how things are going for large public companies. postal services:

Shell

# dig -t MX mail.ru +short 10 mxs.mail.ru. # dig -t A mxs.mail.ru +short 94.100.180.104 94.100.180.31 # # # dig -t MX yandex.ru +short 10 mx.yandex.ru. # dig -t A mx.yandex.ru +short 213.180.204.89 77.88.21.89 213.180.193.89 87.250.250.89 93.158.134.89

# dig -t MX mail.ru +short # dig -t A mxs.mail.ru +short # dig -t MX yandex.ru +short 10 mx.yandex.ru. # dig -t A mx.yandex.ru +short

Mail and Yandex use the option with RR for A-records for their services, but Google does not:

Shell

# dig -t MX gmail.com +short 5 gmail-smtp-in.l.google.com. 20 alt2.gmail-smtp-in.l.google.com. 30 alt3.gmail-smtp-in.l.google.com. 40 alt4.gmail-smtp-in.l.google.com. 10 alt1.gmail-smtp-in.l.google.com.

# dig -t MX gmail.com +short 5 gmail-smtp-in.l.google.com. 20 alt2.gmail-smtp-in.l.google.com. 30 alt3.gmail-smtp-in.l.google.com. 40 alt4.gmail-smtp-in.l.google.com. 10 alt1.gmail-smtp-in.l.google.com.

Therefore, it is up to you to decide which option to choose.

PTR

With PTR there is no such space for creativity as in the case of MX and this only makes it easier. The PTR record belongs to the reverse zone and is designed to match the IP address with the DNS name (that is, the address must be resolved into a name).

In the most ideal case, there should be a “circular” resolution of records. What this is is easy to understand with an example: from MX we get an A-record, from an A-record we get an IP address, from this address we take a PTR record, which ideally should resolve to the A-record that MX initially pointed to. And so in a circle:

But in reality, this is clearly excessive perfectionism. Besides, what will you do if your server serves several domains at the same time (and this is a very common situation)?

Note: hypothetically, you can create several PTRs for one IP address, because the RFC does not directly prohibit this. However, client-side software usually does not know how to correctly handle such a situation and will simply pull out the first entry it comes across from the search results. This entry may not be the one you need. Beyond this, most providers will simply refuse your request to create multiple PTRs. So use one entry for one address and make sure the mail server in the HELO greeting issues a name that resolves to the server address, that's all.

Just for fun, let's check the same public providers:

Shell

# dig -t MX mail.ru +short 10 mxs.mail.ru. # dig -t A mxs.mail.ru +short 94.100.180.104 94.100.180.31 # dig -x 94.100.180.104 +short mxs.mail.ru.

And, of course, their addresses will have a PTR completely unrelated to the name, for example, bk.ru. So essentially hard matching is not necessary and you can use PTR with any of your domain name. The main thing is that the entry exists, because many servers check for PTR and, if it is not there, they sharply increase the spam rating of your messages.