Some ideas for fixing mail deliverability issues
Websites of any complexity, whether Wordpress, Drupal or anything else, generally require some outbound mail functionality - lost passwords, commerce order notification etc. Wherever possible, I try to use an external SMTP provider, such as gmail or zoho, with a website as the overheads for managing Postfix/Dovecote are generally not warranted. However, sometimes I need to run Postfix and here are some tips to give your mail the best chance of arriving from your server. In this example I will be using mygreatmail.com as the domain and mail.mygreatmail.com as the mail server domain name.
Check your server is not blacklisted
Run the ip address of the server that you are running your mail server from through a blacklist checker such as this one from mxtoolbox
You might find that you don't get a perfect list of 'OK's but this is not necessarily anything to worry about. Some of the blacklists are more significant than others so check the validity of any lists that your ip is on. Hosting providers such as linode and digital ocean require that you contact them before they allow you to send mail out of your server, this reduces the likelihood of them providing blacklisted ip addresses.
DNS and Reverse DNS
Reverse DNS lookup or reverse DNS resolution (rDNS) is the determination of a domain name that is associated with a given IP address.
Some companies such as AOL will reject any message sent from a server without rDNS, so you must ensure that you have one.
You cannot associate more than one domain name with a single IP address.
Send to an email tester
This is a really good tool that gives you a score and a breakdown of the problems you need to fix. It's limited to three sends in a 24 hour period so its best to try and fix as much as you can with available knowledge and use the tool to fine tune. The tool provides you with a randomized email address to send to which you can then send from from the command line.
Once you have sent it, using something like this from the command line
echo "This is the body of the email" | mail -s "This is from the mail server" firstname.lastname@example.org
click on 'Then check your score' in the website, making sure you have not closed and reopened as the score is specific to the email address given to you, and will change if you reload the page in any way.
Add an SPF record to your domain zone
Sender Policy Framework (SPF) records allow domain owners to publish a list of IP addresses or subnets that are authorized to send email on their behalf. The goal is to reduce the amount of spam and fraud by making it much harder for malicious senders to disguise their identity.
The SPF record should be like this and set for the mail domain and the server domain as a record of type TXT
v=spf1 a mx ip4:220.127.116.11 ~all
* replace ip with your own server ip address.
Add an MX record to your domain zone
Add an mx record to your domain zone, such as mail.mygreatmail.com. This should match the hostname that you give to postfix, which is set on initial setup or can be amended in /etc/postfix/main.cf. If you amend this file you will need to restart postfix.
myhostname = mail.mygreatmail.com
sudo systemctl restart postfix
Add an A record to your mail sub-domain
Add a DNS A record for your mail server sub-domain.
Add a DMARC DNS record
DMARC is designed to give receivers of email better judgment control based on sending domain reputations. It provides a platform where the sending side can publish policies to improve effectiveness against spam and phishing, in effect building domain reputations. This helps to provide guidelines on how to address messages that do not align according to those policies published by the sending domains.