MX on a Dynamic IP Address

I often see posting asking about running a mail server on a Dynamic IP address.  Twenty years ago I started running my server on a dynamic IP address.  However, times have changed, and it is more difficult to do so.   However, there are mail server roles that work reasonable well on a dynamic IP address.  

I would not recommend sending email directly from a dynamic as it will look very spamish.  Many dynamic IP addresses are listed on blacklists only because they are dynamic.  This is for good reason as most spambots run on compromised servers with dynamic addresses.  Also dynamic addresses are likely to fail rDNS (thanks to the ISPs that do this).   Use your ISP’s relay server to deliver messages to other hosts on the internet.

It is simple to configure “Exim”, and other mail servers, to use your ISP’s relay to send mail, even if it is acting as your MX.  This is known as a smarthost configuration.  With a little work, it is possible to use different relay servers for different destinations.

You should have your email server use a different domain name than you use for email addresses and web server.  Typically this would be something like “smtp.example.com”, “example.com” and “www.example.com”.    You may also want a separate name for reading and submitting mail such as “mail.example.com”.  This allows you to secure the domains with SPF,  but it may be difficult to manage the names with a dynamic IP address.

The simplest role to implement is a submission server. It listens on the Submission port (587) and require authentication after a STARTTLS command. You use this server to send email from mail server regardless of where you are. ISPs are unlikley to block traffic to this port. Authentication over TLS should prevent loss of email if your IP address has changed, but the client is using the old IP address.

You can put your MX on a dynamic IP address.  However, you risk losing messages when the IP address changes.  This is less likely if you have a stable IP address. (Mine changed once over a period of several years.) Your ISP may block incoming traffic to the SMTP port (25). If this is the case, you won’t be able to run an MX on your server.

Consider looking for an ISP that provides a static IP address on request. Some ISPs provide static IPs for modest to excessive costs, sometimes requiring that you use a business service.  Local ISPs may offer one or more static IP addresses for free. You may still need to request that they unblock port 25.

If you have a dynamic IP, running bind on your server will not help publishing your IP addresses.  You However, I recommend configuring it as a caching name server so DNS requests generated by incoming email gets cached.  If you are filtering for Spam, you will generate a lot of DNS requests and it is best practice to cache the results locally.

IPv6

Your ISP may provide a static IPv6 address if they support IPv6.   They may provide this even if you connect via a dynamic IPv6 address.   Alternatively, you could use a tunnel broker to get a static IPv6 address.

IPv6 allocations are in the form of a subnet for which you can have the PTR records delegated .  This will allow you to configure your email server on a static IPv6 address even if you have a dynamic IPv4 address.   You can then have full email support on the IPv6 network and limited services as described above on the IPv4 network.  This will allow you to gain experience and decide if you want to run your own mail server.

Sending Mail

Sending email directly from a mail server without it being flagged as Spam requires a bit of configuration. Mostly, this is DNS setup.

  • You will want rDNS (Reverse DNS) validation to work.  You will need your IP provider to configure the PTR record for your IP address to return the DNS name of your mail server.
  • Properly configured SPF will help your credibility.
  • DKIM provides more credibility if configured correctly.
  • Configuring DMARC will allow you to get feedback about your delivery success, and the use of your domain in spoofed email.