Warning

 

Close

Confirm Action

Are you sure you wish to do this?

Confirm Cancel
BCM
Member Login

Posted: 1/20/2021 11:04:29 PM EST
I started doing web design projects a couple years ago. At some point, I want to get away from using GSuite for email.

I have a Digital Ocean VPS that serves as the webserver. I use Virtualmin (kind of like an open source Plesk/CPanel) as a web UI to manage it.

In the future, I want to set up a separate box to serve as the email server.

How does one use @url.com for their email address, but also url.com as their site url, since those would be 2 different IPs (the two different VPSs).

I know I can create a subdomain (mail.url.com) and point that to the new VPS, but wouldn't that give me an email address of [email protected] instead of [email protected]?
Link Posted: 1/20/2021 11:10:51 PM EST
[Last Edit: 1/20/2021 11:16:00 PM EST by vim]
DNS MX records contain the info about where mail for a domain is sent.  You can point those records where you want.

So you want domain.com e-mail to be handled by the host mail.domain.com.  Set the MX record to specify that.  Make sure your e-mail client sets Reply-To the way you want.
Link Posted: 1/20/2021 11:32:59 PM EST
Discussion ForumsJump to Quoted PostQuote History
Originally Posted By vim:
DNS MX records contain the info about where mail for a domain is sent.  You can point those records where you want.

So you want domain.com e-mail to be handled by the host mail.domain.com.  Set the MX record to specify that.  Make sure your e-mail client sets Reply-To the way you want.
View Quote


So, then how does SSL via something like Lets Encrypt work? Will it matter if url.com and mail.url.com live on different VPS?
Link Posted: 1/20/2021 11:42:21 PM EST
[Last Edit: 1/20/2021 11:48:32 PM EST by OdinsWolf]
Thats where a wildcard ssl comes into play. Wildcards are *.url.com, meaning they can cover anything and every that is before your domain.  you'd use a wild card for url.com, then the wildcard for mail.url.com, or dev.url.com, etc

Youd need to install the wildcard on various servers still, like it doesnt auto pick it up.  If you were using lets say apache to host your website, youd have to install the ssl on the server and make sure your config files pointed to it. Also if you used a system that runs proxies such as haproxy or nginx youd have to point those config files to the ssl. Then if you ran a mail system (for brevity lets just say exchange) the ssl would need to be on that server and set up for it.

If its a simple system with one server, its mainly just pointing config files to the ssl.
Link Posted: 1/20/2021 11:42:42 PM EST
You're setting up two different services.  They operate independently.  SSL for web is unaffected by mail things.  The SSL cert matches up to webserver.domain.com, and its IP address.

Setting up mail is separate, even the certs.
Link Posted: 1/20/2021 11:50:45 PM EST
Discussion ForumsJump to Quoted PostQuote History
Originally Posted By vim:
You're setting up two different services.  They operate independently.  SSL for web is unaffected by mail things.  The SSL cert matches up to webserver.domain.com, and its IP address.

Setting up mail is separate, even the certs.
View Quote

Could do individual certs, but a wildcard cert was pretty much designed for this case of scenarios.
Link Posted: 1/20/2021 11:57:57 PM EST
Discussion ForumsJump to Quoted PostQuote History
Originally Posted By OdinsWolf:

Could do individual certs, but a wildcard cert was pretty much designed for this case of scenarios.
View Quote View All Quotes
View All Quotes
Discussion ForumsJump to Quoted PostQuote History
Originally Posted By OdinsWolf:
Originally Posted By vim:
You're setting up two different services.  They operate independently.  SSL for web is unaffected by mail things.  The SSL cert matches up to webserver.domain.com, and its IP address.

Setting up mail is separate, even the certs.

Could do individual certs, but a wildcard cert was pretty much designed for this case of scenarios.


Yup.  I was focused more on his last sentence ("I know I can create a subdomain (mail.url.com) and point that to the new VPS, but wouldn't that give me an email address of [email protected] instead of [email protected]?") when I started responding.
Link Posted: 1/20/2021 11:59:58 PM EST
So as far as DNS goes a CNAME record of mail.url.com would point to the mail server vps and then an mx record would point to mail.url.com?
Link Posted: 1/21/2021 12:10:44 AM EST
[Last Edit: 1/21/2021 12:16:32 AM EST by OdinsWolf]
*read wrong lol.  Brain getting old these days.

Edited due to old eyes, old brain
Link Posted: 1/21/2021 12:17:40 AM EST
Discussion ForumsJump to Quoted PostQuote History
Originally Posted By vim:


Yup.  I was focused more on his last sentence ("I know I can create a subdomain (mail.url.com) and point that to the new VPS, but wouldn't that give me an email address of [email protected] instead of [email protected]?") when I started responding.
View Quote

Typed out a long response and my wife pointed out im getting old and sleepy as i read this wrong. Lol.  

Makes sense!
Link Posted: 1/21/2021 12:18:12 AM EST
Discussion ForumsJump to Quoted PostQuote History
Originally Posted By OdinsWolf:

Could do individual certs, but a wildcard cert was pretty much designed for this case of scenarios.
View Quote


I THINK virtualmin doesn't support Wildcard certificates for it's automatic update functionality, so I might be better off just using two certs if I can do it that way. That way, I can let Virtualmin handle updating the certs.
Link Posted: 1/21/2021 12:24:40 AM EST
Discussion ForumsJump to Quoted PostQuote History
Originally Posted By gumbatron:
So as far as DNS goes a CNAME record of mail.url.com would point to the mail server vps and then an mx record would point to mail.url.com?
View Quote


Close, cname wouldnt be a good fit since you'd also need mx records.  Id use an A record to point to mail server vps and then the mx record.  

It well past going to sleep here, so ill double check myself in the morning, but VIM can probably chime in and get you on the right path if my tiredness isnt correct
Link Posted: 1/21/2021 12:31:46 AM EST
Discussion ForumsJump to Quoted PostQuote History
Originally Posted By OdinsWolf:


Close, cname wouldnt be a good fit since you'd also need mx records.  Id use an A record to point to mail server vps and then the mx record.  

It well past going to sleep here, so ill double check myself in the morning, but VIM can probably chime in and get you on the right path if my tiredness isnt correct
View Quote View All Quotes
View All Quotes
Discussion ForumsJump to Quoted PostQuote History
Originally Posted By OdinsWolf:
Originally Posted By gumbatron:
So as far as DNS goes a CNAME record of mail.url.com would point to the mail server vps and then an mx record would point to mail.url.com?


Close, cname wouldnt be a good fit since you'd also need mx records.  Id use an A record to point to mail server vps and then the mx record.  

It well past going to sleep here, so ill double check myself in the morning, but VIM can probably chime in and get you on the right path if my tiredness isnt correct


Nah, you got it.  I'd do A and MX records.
Link Posted: 1/21/2021 1:37:41 AM EST
[Last Edit: 1/21/2021 1:38:14 AM EST by gumbatron]
As I think through this, if my mail server has a domain of mail.url.com won't my mail client, by default, probably try to send email as [email protected] instead of [email protected]?

How do remedy this? Just change the "From" settings? Won't each user have to do this in their email client? That seems like it would create all kinds of problems if you set up email accounts for other users. For example, Joe might configure his mail client, and start sending the mail as [email protected] but if Jane forgets to, she would be sending email as [email protected]mail.url.com.


Unless I am missing something here (I probably am).

How do I force email to be sent as [email protected] instead of [email protected] (which is the A record for the mail server box).
Link Posted: 1/21/2021 4:27:15 AM EST
Keep in mind that Digital Ocean is EXTREMELY spam friendly, and routinely gets firewalled by pissed off mail admins.

Take a look at their listings on Spamhaus....


https://www.spamhaus.org/sbl/listings/digitalocean.com
Link Posted: 1/21/2021 8:22:56 AM EST
Discussion ForumsJump to Quoted PostQuote History
Originally Posted By gumbatron:
As I think through this, if my mail server has a domain of mail.url.com won't my mail client, by default, probably try to send email as [email protected] instead of [email protected]?

How do remedy this? Just change the "From" settings? Won't each user have to do this in their email client? That seems like it would create all kinds of problems if you set up email accounts for other users. For example, Joe might configure his mail client, and start sending the mail as [email protected] but if Jane forgets to, she would be sending email as [email protected]mail.url.com.


Unless I am missing something here (I probably am).

How do I force email to be sent as [email protected] instead of [email protected] (which is the A record for the mail server box).
View Quote

So the mail.url.com the name of your mail server, not the name of your email address.  Mx records will just tell it "hey this traffic is mail its handled by: mail.url.com"  the mail server itself is configured in what to handle, inside the mail server itself is where you attach domains.  For example, we have one exchange server, it resides at mail.url.com. In the exchange settings we have @url.com set up for the email, and in some parts of the company we have @url2, or @url3 depending on what division they fall in. All that is handled in the mail server itself.
Link Posted: 1/21/2021 8:27:08 AM EST
Discussion ForumsJump to Quoted PostQuote History
Originally Posted By OdinsWolf:

So the mail.url.com the name of your mail server, not the name of your email address.  Mx records will just tell it "hey this traffic is mail its handled by: mail.url.com"  the mail server itself is configured in what to handle, inside the mail server itself is where you attach domains.  For example, we have one exchange server, it resides at mail.url.com. In the exchange settings we have @url.com set up for the email, and in some parts of the company we have @url2, or @url3 depending on what division they fall in. All that is handled in the mail server itself.
View Quote


So the MX record makes sure that email addressed to @url.com will reach my mail server at mail.url.com?

Somewhere in the mail server configuration, I have to tell it to receive mail for @url.com, instead of @mail.url.com?
Link Posted: 1/21/2021 8:47:16 AM EST
Discussion ForumsJump to Quoted PostQuote History
Originally Posted By the-fly:
Keep in mind that Digital Ocean is EXTREMELY spam friendly, and routinely gets firewalled by pissed off mail admins.

Take a look at their listings on Spamhaus....


https://www.spamhaus.org/sbl/listings/digitalocean.com
View Quote

I say it in every email thread. If you have to ask pay for email. I've done operations for email service providers and wouldn't want to run my own. It's a pain to do right, and your IP reputation is going to be garbage. Hell, even goatboy has his issues.
Link Posted: 1/21/2021 9:54:58 AM EST
Discussion ForumsJump to Quoted PostQuote History
Originally Posted By packingXDs:

I say it in every email thread. If you have to ask pay for email. I've done operations for email service providers and wouldn't want to run my own. It's a pain to do right, and your IP reputation is going to be garbage. Hell, even goatboy has his issues.
View Quote



People said the same thing about hosting websites... Then people end up getting horrific shared hosting...

Isn't using something like Sendgrid/Mailgun/Whatever to handle the outgoing a good fix for the IP reputation aspect?
Link Posted: 1/21/2021 1:36:43 PM EST
Discussion ForumsJump to Quoted PostQuote History
Originally Posted By gumbatron:



People said the same thing about hosting websites... Then people end up getting horrific shared hosting...

Isn't using something like Sendgrid/Mailgun/Whatever to handle the outgoing a good fix for the IP reputation aspect?
View Quote View All Quotes
View All Quotes
Discussion ForumsJump to Quoted PostQuote History
Originally Posted By gumbatron:
Originally Posted By packingXDs:

I say it in every email thread. If you have to ask pay for email. I've done operations for email service providers and wouldn't want to run my own. It's a pain to do right, and your IP reputation is going to be garbage. Hell, even goatboy has his issues.



People said the same thing about hosting websites... Then people end up getting horrific shared hosting...

Isn't using something like Sendgrid/Mailgun/Whatever to handle the outgoing a good fix for the IP reputation aspect?


Most of the ESP's in my opinion are simply spammers for hire.  My 2 cents is that if you want the best chance for your mails to go through, find a provider that isn't listed on Spamhaus.  Most of the big mega hosting outfits are lazy and stop caring about [email protected] reports, and end up getting large chunks of their network firewalled off.
Link Posted: 1/21/2021 3:05:11 PM EST
[Last Edit: 1/21/2021 3:06:31 PM EST by gumbatron]
Discussion ForumsJump to Quoted PostQuote History
Originally Posted By the-fly:


Most of the ESP's in my opinion are simply spammers for hire.  My 2 cents is that if you want the best chance for your mails to go through, find a provider that isn't listed on Spamhaus.  Most of the big mega hosting outfits are lazy and stop caring about [email protected] reports, and end up getting large chunks of their network firewalled off.
View Quote


So when IPs are blacklisted, are these the result of somebody just blacklisting an entire Subnet (say the one belonging to Vultr/Digital Ocean)? Or somebody actually use that specific IP Address and sending spam from it?

Couldn't you just play round-robin with your VPS provider until you get an IP address that isn't blacklisted? As in, just keep rolling the dice and checking the IP they give you until you finally get given one that isn't?

Or are all of Digital Oceans (Or Linodes or Vultrs, or whoevers) IPs going to be blacklisted?
Link Posted: 1/21/2021 11:16:08 PM EST
Discussion ForumsJump to Quoted PostQuote History
Originally Posted By gumbatron:


So when IPs are blacklisted, are these the result of somebody just blacklisting an entire Subnet (say the one belonging to Vultr/Digital Ocean)? Or somebody actually use that specific IP Address and sending spam from it?

Couldn't you just play round-robin with your VPS provider until you get an IP address that isn't blacklisted? As in, just keep rolling the dice and checking the IP they give you until you finally get given one that isn't?

Or are all of Digital Oceans (Or Linodes or Vultrs, or whoevers) IPs going to be blacklisted?
View Quote

Depends entirely on who is running it. It may be the specific IP or maybe a /24 or maybe every block you own. When I did email we had to rotate through entire IP blocks at times because of issues with blacklists. Good luck having access to multiple IP blocks in good standing. Your best bet is to find a email provider that handles SMB and doesn't touch bulk mailing.
Link Posted: 1/21/2021 11:22:30 PM EST
Discussion ForumsJump to Quoted PostQuote History
Originally Posted By gumbatron:


So when IPs are blacklisted, are these the result of somebody just blacklisting an entire Subnet (say the one belonging to Vultr/Digital Ocean)? Or somebody actually use that specific IP Address and sending spam from it?

Couldn't you just play round-robin with your VPS provider until you get an IP address that isn't blacklisted? As in, just keep rolling the dice and checking the IP they give you until you finally get given one that isn't?

Or are all of Digital Oceans (Or Linodes or Vultrs, or whoevers) IPs going to be blacklisted?
View Quote



1.  Depends on the blacklist.  Some are very conservative, some are very aggressive.  On my own mail server, I get sick of playing whack-a-mole, and I start firewalling large netblocks.  The more an ISP pisses me off with spam attempts, the more aggressive I get.  Eventually I declare them to be "firewall bait" and I pre-emptively take out all known netblocks they own.  DO is in that category on my server.

2. Some VPS's may allow you to change your IP easily.  Most do not as far as I know.  And low reputation providers tend to get blocked whole sale for moving spammers around.  If you live in a "slum", don't expect the pizza guy to deliver to you, even if you move a few apartments over.

Top Top