My next step in adding Email services to my lab domain is to configure DNS for Email. This involves adding the required MX, CNAME, and A records on the Pi-Hole so external email traffic can route correctly to the Globomantics domain.

Configure DNS for Email

Prerequisite: Create My Own Email Server: Install and Configure Email on an LXC

To enable Email services, I first need to add an A record for my new server. I used the Pi-Hole admin panel to create this record mapping the name “mx” to 10.10.1.5. After creation the new record is visible in the admin panel.

Local domain list in Pi-Hole with new record for host mx
Pi-Hole admin panel after creating the new A record

Next, I am going to add a CNAME to my DNS configuration that creates an alias for mx.globomantics.local. The alias I am assigning is mail.globomantics.local. I am using the Pi-Hole admin panel again for this change.

Adding a CNAME record to Pi-Hole
Adding a CNAME record to Pi-Hole

Last I need to add an MX record which directs mail to my new Email server for the Globmantics domain. In the Pi-Hole configuration panel there is no option to add an MX record, so I need to add a custom file to dnsmasq. To create the file, I use the command below and then edit using Nano.

# touch /etc/dnsmasq.d/99-mail.conf

Within the file, I add this line to create the MX record mapping incoming mail destined to the globomantics.local domain to my MX host.

mx-host=globomantics.local,mx.globomantics.local,1
Configure DNS for email, dnsmasq MX record line
Custom file with MX record for dnsmasq

Once created, the last step in DNS configuration is testing that the records resolve correctly. I used nslookup on the Windows 10 Admin PC. Using the commands below queries MX records tied to the globomantics.local domain.

C:\Users\BAdmin>nslookup
> set q=mx
> globomantics.local
Output of nslookup command query for MX records
Output from nslookup shows that the domain MX record resolves correctly

A Quick Firewall Change

To enable the server to send outbound email I need to open a few firewall ports on the DMZ. Reading through the iRedMail configuration, the minimum ports I need open are 25 (SMTP), 587 (Submission), and 143 (IMAP). I added those in the same method used previously.

pfsense firewall changes to enable required services
Added ports 25, 587, and 143 to DMZ interface on pfsense

Testing Login to Postmaster Account

Now that DNS and firewall configuration is done, I can test logging in to the Postmaster account and check my email. I am going to login to the Roundcube webmail by navigating to the alias address: mail.globomantics.local and then logging in as Postmaster.

Roundcube login page
Roundcube login page loaded after navigating to MX alias
Postmaster mailbox view on initial login
Successful login to Postmaster account and inbox view in Roundcube

That’s all there is to it! My server is ready for user Email. That is the topic for my next post where I will create users in bulk, and create their mailboxes.

Next: Setting up Users and Email
Previous: Create My Own Email Server