Securing the SMTP service
If we’re not careful, we can leave a misconfigured e-mail server sitting on the internet, just waiting to be exploited by a spammer looking for an open relay. If we allow spam to be sent from or through our server, then our IP will eventually become blacklisted and mail servers will refuse to accept mail from our server. Obviously, this is an undesirable situation we want to do our best to avoid.
At this point I assume you have obtained a domain name from a registrar (say, “example.com”) and configured the DNS to contain both an A record (host = mail, IP = server’s IP address) and an MX record (host = mail, points to = “mail.example.com”). You should be able to ping mail.example.com and receive a response from the server.
There are several SMTP service test providers, but I like mxToolbox. Point your browser to http://www.mxtoolbox and perform an MX lookup on mail.example.com. If your DNS is properly configured and propagated, you should see mail.example.com listed. Click the “SMTP test” link next to the mx host.
My results returned “SMTP Reverse DNS Mismatch” (Warning – Reverse DNS does not match SMTP Banner) and “SMTP TLS” (Warning – Does not support TLS).
We’ll address both of these issues, and take mail security a few steps further with SPF and DKIM.
Configuring reverse DNS
The DNS system resolves domain names (like jkshay.com, or example.com) into real-world IP addresses. It’s up to you to configure your domain’s DNS to correctly point to your server.
Reverse DNS is the opposite – it resolves an IP address into a domain name. It’s up to your IP provider to configure reverse DNS. However, the Linode Manager gives us the ability to configure reverse DNS for our server.
Browse to your Linode Manager’s Remote Access tab. In the Networking section, click the “Reverse DNS” link next to your public IP addresses.
Enter your server’s complete hostname.domain in the Hostname box and click the “Lookup” button. In this example, that would be mail.example.com. When asked if you’d like to add mail.example.com as a Reverse DNS entry for your IP, click the “Yes” button.
Next step: Configuring TLS