Setup

Once Hyvor Relay is installed and you have access to Sudo, you can set up your email delivery configuration. This guide will help you configure your email delivery settings to ensure your emails are accepted by the recipient's mail servers and land in the inbox.

Checklist:

• (1) Primary Domain
• (2) PTR & DNS Records
• (3) Return-Path & SPF

(1) Primary Domain

First, visit Sudo of your Hyvor Relay installation (http://<server-ip>/sudo). On the left sidebar, edit the primary domain.

You can use any domain you own, but we recommend using a subdomain of your main domain (e.g., relay. or hyvor-relay.). The primary usage of this domain is to use for PTR records for IP addresses. Note that sending emails is not restricted to this domain.

Then, optionally, you can point that domain to your Hyvor Relay server's IP address using an A record. This is not required for email delivery, but it can ease Sudo and API access.

A record: relay.yourdomain.com → <server-ip>

(2) PTR & DNS Records

Each SMTP message has a EHLO yourdomain.com command, which identifies the sending server. In Hyvor Relay, each IP address uses a unique (sub)domain name for this purpose, which you can find in Sudo.

PTR Record

PTR, also known as reverse DNS, is a DNS record that maps an IP address to a domain name. Email servers use this record to verify the legitimacy of the sending server.

To set up a PTR record, check the documentation of your IP address provider (cloud provider). Set the domain name to the one provided by Hyvor Relay for your IP address. Note that this domain is a subdomain of your Primary Domain.

Ex:

• 8.8.8.8 → smtp1.relay.yourdomain.com
• 9.9.9.9 → smtp2.relay.yourdomain.com

DNS Record

SMTP servers now know the domain name of the sending IP address. However, most email providers will also check the DNS records of that domain to verify its legitimacy. To pass this check, for each IP address, point its designated domain name to the IP address using an A record.

Ex:

(3) Return-Path (SPF & MX)

In a SMTP message, MAIL FROM, a.k.a Return-Path, is set to the email address where you want to receive bounces and other delivery notifications. The domain of this email address is also used for SPF verification, which is an important part of email deliverability.

In Hyvor Relay, the Return-Path domain is your Primary Domain.

SPF

SPF (Sender Policy Framework) is a DNS record that specifies which mail servers are allowed to send emails on behalf of a domain. The MAIL FROM (Return-Path) domain is used for the verification, not the From address domain of the email. Therefore, you need to only set up for your primary domain.

Example SPF record:

You should add all sending IP addresses of your Hyvor Relay installation to the SPF record.

• Add all IPs one by one: v=spf1 ip4:1.1.1.1 ip4:2.2.2.2 -all

  If you have many IP addresses, this can be tedious. You can copy the full value of the SPF record from the Sudo → Health section.

• Add IP ranges: v=spf1 ip4:1.1.1.0/24 -all

  If all your IP addresses are in a range, you can use CIDR notation to specify the range. Make sure you control all the IP addresses in that range to avoid spoofing.

SPF Breakdown:

• v=spf1: Indicates that the TXT record is an SPF record.
• ip4:<ip>: Allow the specified IPv4 address or range to send emails for this domain.
• -all: Indicates that all other IP addresses are not allowed to send emails for this domain. This is a strict policy. You can use ~all (with tilde) for a soft policy, which allows other IPs but marks them as suspicious.

MX

When you send a SMTP message, sometimes, the recipient's mail server will accept the email but later fail to deliver it to the recipient's mailbox in cases like the mailbox being full. Such cases cannot be known by the sender just by looking at the SMTP response. The standard way that email providers handle such cases is to send a bounce email to the Return-Path address.

First, in sudo enable "Incoming" setting for at least one of your IP addresses. This will start a process that listens to port 25 of the IP address and accepts incoming emails. In production systems, we recommend enabling one IP per server and having at least two servers for redundancy.

Then, create an MX record for your primary domain. Here we chose mx. subdomain.

Then, set up one A record for each IP address that you have enabled for incoming emails.