If your VPS sends mail but other providers reject it, reverse DNS is often the reason. This rDNS setup tutorial shows how to set a correct PTR record, align it with your HELO and SPF, and verify the result with real SMTP checks.
You’ll use practical commands and a repeatable checklist for every new VPS. The goal is simple: present one consistent identity to spam filters and SMTP policy engines.
What you’re building: a consistent identity for your mail-sending IP
Mail systems don’t only judge your domain. They also score your IP reputation and check whether reverse DNS matches what your server claims during SMTP.
Many recipients—especially business gateways—still enforce PTR-related rules.
- Forward DNS: your hostname points to your VPS IP (A/AAAA records).
- Reverse DNS (PTR): your VPS IP points back to your hostname.
- SMTP HELO/EHLO: your mail server announces a hostname; receivers compare it to PTR and forward DNS.
When those three disagree, you’ll see bounces like “Reverse DNS does not match,” “HELO hostname invalid,” or “Client host rejected.”
Prerequisites (and what to decide before touching DNS)
Pick one canonical hostname for outbound mail. Keep it stable, predictable, and tied to the server.
For example:
mail.example.com(recommended)- or
vps-123.example.comif you host many domains and want a neutral server name
You’ll need:
- A VPS or dedicated server with a static public IPv4 (IPv6 is optional but increasingly useful).
- Control over your domain’s DNS zone (where you set A/AAAA records).
- Access to your hosting provider panel or support channel for PTR/rDNS (PTR is usually set at the IP owner level, not inside your normal DNS zone).
If you’re provisioning a fresh, mail-capable VPS, start with a provider that lets you keep the IP identity stable.
A HostMyCode VPS gives you dedicated resources and an IP you can tie to proper rDNS. That control is hard to get on commodity shared environments.
Step 1 — Confirm your current PTR and forward DNS
From your admin workstation (or the VPS), identify the public IP:
curl -4 ifconfig.me
# optional IPv6
curl -6 ifconfig.meNow query the current reverse DNS:
# Replace 203.0.113.10 with your VPS IPv4
dig -x 203.0.113.10 +short
# Alternative
host 203.0.113.10Then check your intended hostname’s forward DNS (A/AAAA):
dig A mail.example.com +short
dig AAAA mail.example.com +shortHealthy state looks like this:
dig -xreturnsmail.example.com.dig A mail.example.comreturns the same IPv4.- If you use IPv6 for SMTP,
dig AAAAshould return your server IPv6 and you should set IPv6 PTR too.
Step 2 — Create or fix the forward DNS record (A/AAAA)
Set forward DNS first. If the hostname doesn’t resolve, a PTR won’t help.
In your DNS provider (or wherever your zone is hosted), add:
- A record:
mail.example.com→203.0.113.10 - AAAA record (optional):
mail.example.com→ your IPv6
TTL guidance for setup day:
- Use 300 seconds while you’re validating.
- Raise to 3600 or 14400 once stable.
If your domain is registered elsewhere and you want DNS hosting that’s easier to manage alongside the server, use HostMyCode domains. It keeps changes and troubleshooting in one place.
Step 3 — Set the PTR (reverse DNS) at the IP owner level
PTR records usually aren’t created in your normal DNS zone. They live in the reverse zone controlled by whoever owns the IP block (typically your hosting provider).
What to set:
- PTR for IPv4 (recommended always):
203.0.113.10→mail.example.com - PTR for IPv6 (recommended if you send over IPv6): your IPv6 →
mail.example.com
Common rules that reduce rejections:
- Use a FQDN (fully qualified domain name) as the PTR target, not a bare domain.
- Don’t point PTR to a hostname that CNAMEs elsewhere. Use an A/AAAA-backed hostname.
- One IP can have one PTR; choose a single stable hostname for outbound email identity.
After setting PTR, allow time for propagation. Many providers apply changes quickly.
DNS caches can still hold old values for hours.
Step 4 — Align your server hostname and mail HELO/EHLO with rDNS
Receivers often compare your PTR with the name you announce during SMTP. If your server says server1 but your PTR says mail.example.com, you invite avoidable policy failures.
On Ubuntu 24.04 LTS or Debian 12/13, set the system hostname:
sudo hostnamectl set-hostname mail.example.com
hostnamectl statusEnsure /etc/hosts doesn’t fight you. Keep it simple:
127.0.0.1 localhost
127.0.1.1 mail.example.com mail
# If you have a public IPv4 assigned to the interface, you generally do NOT need to map it here.For Postfix, set the HELO name explicitly so it stays predictable:
sudo postconf -e myhostname=mail.example.com
sudo postconf -e mydomain=example.com
sudo postconf -e myorigin=/etc/mailname
sudo systemctl restart postfixIf you run Exim (common on cPanel), set the primary hostname in WHM. Then confirm Exim uses it.
On cPanel systems, correct rDNS plus clean SSL/AutoSSL usually removes the most common identity-related rejections.
It also fits naturally into routine cPanel maintenance.
Step 5 — Run a “PTR + HELO + forward DNS” verification checklist
Run these checks from any Linux shell. They catch most “why am I getting rejected?” issues before you start chasing logs.
Reverse lookup returns your mail hostname
dig -x 203.0.113.10 +shortForward lookup of that hostname returns your IP
dig A mail.example.com +shortHELO name your server announces
Use swaks (small SMTP test tool). Install it:
sudo apt update
sudo apt install -y swaksThen test an SMTP conversation against your own server. Inspect the banner and the HELO flow:
swaks --to postmaster@example.com --server 127.0.0.1 --ehlo mail.example.comIf you relay outbound mail through your server IP, also test from another machine hitting port 25. Make sure your firewall allows it:
swaks --to you@externaldomain.com --server mail.example.com --ehlo mail.example.comIf outbound port 25 is blocked by upstream policy, perfect rDNS won’t matter. Your mail won’t leave.
Use authenticated submission on 587, or route through a relay that matches your compliance requirements.
Step 6 — Don’t stop at PTR: pair rDNS with SPF, DKIM, and DMARC
PTR helps you clear baseline identity checks. SPF/DKIM/DMARC is what moves the needle on deliverability scoring and spoofing policies.
If rDNS is correct and you’re still landing in spam, this is often the missing piece.
Use these HostMyCode guides to finish the job:
- SPF, DKIM, and DMARC setup guide for VPS email deliverability
- Email deliverability troubleshooting with logs, DNS checks, and reputation basics
If you’re building the whole mail stack from scratch, follow a complete build. It helps align TLS, auth, and DNS from day one:
Step 7 — Validate from the receiver’s perspective (real-world tests)
DNS lookups prove the records exist. Receivers care about what they observe during a connection.
Run these two checks before you call it done.
Check your IP and hostname as remote systems see them
# Reverse, then forward
PTR=$(dig -x 203.0.113.10 +short | sed 's/\.$//')
echo "$PTR"
dig A "$PTR" +shortConfirm your server presents a matching identity on SMTP banner
openssl s_client -starttls smtp -crlf -connect mail.example.com:25 -servername mail.example.com </dev/null 2>/dev/null | headYou want a sane banner/hostname and a clean certificate chain.
If TLS is messy, fix termination and certificate handling.
If you run a proxy or need centralized TLS policy, see: TLS termination setup guide with HAProxy (the same principles apply to mail front-ends in controlled environments).
Common pitfalls (and fast fixes)
PTR points to a hostname that doesn’t exist
Fix: create the A/AAAA record first. Then set PTR to that hostname.
PTR points to the root domain (example.com) instead of a host (mail.example.com)
Fix: set PTR to mail.example.com. Many receivers expect a host-style name for SMTP identity.
Your HELO is “localhost” or an internal name
Fix: set myhostname in Postfix or the primary hostname in your control panel. Then restart the MTA.
Firewall blocks inbound 25 or outbound 25 unexpectedly
Fix: confirm your rules and upstream policy.
If you lock yourself out while adjusting firewall, use: firewall troubleshooting steps for locked-out SSH and broken services.
You have multiple domains and don’t know what PTR “should” be
Fix: choose one neutral server name (mail.yourprimarydomain.com) and use it consistently.
DKIM/DMARC handle per-domain authentication. PTR does not need to rotate per domain.
Operational checklist for new VPS provisioning
- Choose mail identity hostname (example:
mail.example.com). - Create A (and AAAA if used) for the hostname.
- Set PTR for IPv4 (and IPv6 if used) to the same hostname.
- Set server hostname to match PTR target.
- Configure MTA HELO to match (
myhostnamein Postfix). - Add SPF for sending IPs.
- Enable DKIM signing for each sending domain.
- Publish DMARC and start with
p=none, then tighten policy. - Send tests to at least two mailbox providers and review headers.
Summary: rDNS is small, but it removes a big deliverability blocker
Reverse DNS won’t magically put you in the inbox. It does give you a credibility baseline.
When PTR, forward DNS, and HELO match, you remove an entire class of SMTP rejections and policy bounces.
If you want a stable platform for outbound email, DNS control, and mail-friendly networking, run it on a managed VPS hosting plan. It helps keep the identity basics (IP, rDNS requests, baseline hardening) consistent as you grow.
rDNS is simplest when your VPS IP, DNS, and support channel live under one roof. HostMyCode can provision a mail-ready server and help you keep DNS identity consistent as you add domains. Start with a HostMyCode VPS, or choose managed VPS hosting if you’d rather keep the number of moving parts low.
FAQ
How long does rDNS (PTR) take to propagate?
Often minutes to a few hours. Some receivers cache reverse lookups longer, so allow up to 24 hours before judging results.
Can I set PTR records in my domain’s DNS zone?
Usually no. PTR is set by the organization that owns the IP block (your hosting provider), inside the reverse DNS zone for that IP range.
Do I need rDNS for sending email through SMTP submission (587)?
If your server’s IP is the one connecting to external recipients, yes. rDNS applies to the sending IP regardless of which local port you use to submit mail internally.
What PTR should I use if I host multiple websites?
Pick one stable hostname like mail.example.com or server1.example.com, set it as PTR, and make sure it resolves back to the same IP. Handle per-domain identity with DKIM/DMARC.
Does rDNS fix emails going to spam?
It can reduce outright rejections and improve baseline trust, but spam placement usually depends on SPF/DKIM/DMARC, content, sending patterns, and IP/domain reputation.