Using Sucuri Firewall the mx record must be changed.

[Jason Lee Hayes]

I'm using Sucuri WAF for an account. When setting it up--which is much like setting up Cloudflare--the email stops working. The support staff said the mx record had to be changed.

Their support staff required a cname record be created to point to the mail. Does that work for cpanel accounts in general. Will it help conceal my server's ip from attackers? Any advice to help resolve this question would be fantastic.

 

[cPRex]

Hey there! In general, when cPanel creates a DNS zone, the MX record configuration looks like this:

domain.com.   14400   IN      MX      0       domain.com.
mail    14400   IN      CNAME   domain.com.

If you wanted to point the MX record to a different location, you can adjust the records to look like this, so the MX points specifically at mail.domain.com:

domain.com.   14400   IN      MX      0       mail.domain.com.
mail    14400   IN      A   1.2.3.4

As to "will it help conceal the server's IP" I don't think so - anyone sending mail still needs to connect to the mailserver, and querying the MX record will still return the IP address of the server/mailserver.

 

[Jason Lee Hayes]

Thanks. That helps. When setting up their WAF, it was similar to using cloudflare. However, my mail immediately stopped working, they said I need to change it like you pointed out above. After changing from the cpanel default mail settings to the second set of code you put above it worked.

 

[Jason Lee Hayes]

I have two mail records:

domain.com.	14400	MX	Priority: 0 Destination: domain.com	Edit Delete
mail.domain.com.	14400	CNAME	domain.com

 

[Jason Lee Hayes]

What do I change the records to?

 

[cPRex]

I'm a bit confused - you mentioned that after changing it to the first recommendation that things are working. If that's the case, you should leave things as they are. Is something still not behaving how you expect?

 

[Jason Lee Hayes]

Sorry about that. I was confused, too.

I just wanted to know which was better and for what reason (the default by cpanel or the second mail setting). what would the use-case(s) be.

 

[cPRex]

Neither is better, it's just a different way to handle mail. The default setting here:

domain.com.   14400   IN      MX      0       domain.com.
mail    14400   IN      CNAME   domain.com.

is what gets used for most domains, when you want the mail to be delivered locally. These records just configure the DNS so that domain.com and mail.domain.com point to the same place.

The second example:

domain.com.   14400   IN      MX      0       mail.domain.com.
mail    14400   IN      A   1.2.3.4

is what you'd use when you have the website on one server but want the mail to go to a different location, allowing you to specify the IP address of mail.domain.com.

So neither is "better" or "correct" - just different implementations to accomplish different configurations.