Secure Mail Server Checklist

edited April 2016 in Performance and Security
Setup of email server in Linux is simple, but your job does not end there. Customer had experiences where mail gateway has been misconfigured and has caused open relay for a spammer attack. Always pay extra careful attention when you deal with related internet services such as web and email.

1. MX record

The Mail Exchanger (MX) is critical to email related information in your DNS. The MX record tells the internet email servers how to handle the your email routing. If you host your own DNS server, please remember to add a MX record. You can perform a simple MX record test. Please change your internal dns server to an external dns server.

2. IP address

Use the mail security tool below to check your IP status:

3. Secure Mail Test tool

4. Reverse DNS

Usually anti-spam applications check if you have a valid reverse DNS IP. If you are sending mail from a non reverse DNS IP mail server, your 'mail reputation' will be lower than those who have a valid reserve IP. You might not see the impact instantly, however, since it might have a consequence in the long run such as sending valid bulk emails that might get your IP blacklisted or dropped.

5. SPF DNS Record

Most anti-spam application / gateway applies a Sender Policy Framework (SPF) checking. This is an additonal layer of spam filtering, where it checks if the mail is genuinely from a domain. It is advised to include SPF record in your DNS.


  • crarchile
    I would add DKIM, SPF and SpamAssassin Score validation to be sure your emails are being signed correctly with DKIM & SPF and that aren't being blocked by Spam filters.

    A good tool to verify the DKIM, SPF and SpamAssassin score is:
  • crarchile
    The site noted on point 3 is deprecated and is not working at present.

    The site says: "The relay tester is no longer available. Mail software is rarely an open relay any more unless it is badly misconfigured."

    Please delete the step 3 or change it by this site:
Sign In or Register to comment.
© 2013 - 2017 Time4VPS. All rights reserved. Powered by Vanilla
The opinions or views of users on the forum are those of the author and not of Time4VPS.