DocsAdvanced Guides › MX Records Setup

MX Records & Inbound Email Setup

Configure DNS records to enable receiving emails at use.25cent.cloud for the Temporary Email service.

Contents

How Inbound Email Works

When someone sends an email to [email protected], the following flow occurs:

  Sender  ────────►  Sender's Mail Server
                              │
                     DNS MX lookup for use.25cent.cloud
                              │
                              ▼
                   MX Record: mail.25cent.cloud
                     (resolves to 5.183.9.216)
                              │
                     SMTP connection on port 25
                              │
                              ▼
                   Haraka SMTP Server
                     (running on VPS, port 25)
                              │
                     Parses email, extracts fields
                              │
                     POST /api/temp-email/incoming
                              │
                              ▼
                   25cent.cloud API
                     (matches inbox, stores message)
                              │
                              ▼
                   User sees email in dashboard

Required DNS Records

Add these records to your DNS provider (Cloudflare) for the 25cent.cloud zone:

1. MX Record Required

This tells other mail servers where to deliver email for use.25cent.cloud.

TypeNameMail ServerPriorityTTLProxy
MX use mail.25cent.cloud 10 Auto DNS only (no proxy)
Important: MX records cannot be proxied through Cloudflare. Make sure the proxy toggle is OFF (gray cloud / "DNS only").

2. A Record for Mail Server Required

The MX record points to mail.25cent.cloud, so you need an A record resolving that hostname to your VPS IP.

TypeNameContentTTLProxy
A mail 5.183.9.216 Auto DNS only (no proxy)
Note: The mail A record must also be "DNS only" (gray cloud). SMTP traffic (port 25) cannot pass through Cloudflare's proxy.

3. SPF Record Recommended

Prevents spoofing and improves deliverability. Add a TXT record for use.25cent.cloud:

TypeNameContentTTL
TXT use v=spf1 ip4:5.183.9.216 a:mail.25cent.cloud ~all Auto

4. DMARC Record Recommended

Adds policy enforcement and reporting for email authentication:

TypeNameContentTTL
TXT _dmarc.use v=DMARC1; p=none; rua=mailto:[email protected] Auto

5. Reverse DNS (PTR) Optional

Set a PTR record for 5.183.9.216mail.25cent.cloud via your Hostinger VPS control panel. This improves trust with receiving mail servers.

Cloudflare DNS Setup (Step-by-Step)

  1. Log in to Cloudflare → Go to dash.cloudflare.com and select the 25cent.cloud zone.
  2. Navigate to DNS → Records → Click "Add record".
  3. Add the MX record:
    • Type: MX
    • Name: use
    • Mail server: mail.25cent.cloud
    • Priority: 10
    • Proxy status: DNS only (gray cloud)
  4. Add the A record for mail:
    • Type: A
    • Name: mail
    • IPv4 address: 5.183.9.216
    • Proxy status: DNS only (gray cloud)
  5. Add the SPF TXT record:
    • Type: TXT
    • Name: use
    • Content: v=spf1 ip4:5.183.9.216 a:mail.25cent.cloud ~all
  6. Add the DMARC TXT record:
  7. Save all records and wait for DNS propagation (usually 1–5 minutes with Cloudflare, up to 48 hours for other providers).

SMTP Inbound Server Setup

You need an SMTP server running on the VPS to accept inbound mail on port 25 and forward it to the API webhook. Haraka is recommended — it's a Node.js-based mail server that integrates perfectly.

Install Haraka

Terminal 
# Install Haraka globally
sudo npm install -g Haraka

# Create Haraka instance
sudo haraka -i /etc/haraka

# Verify installation
haraka --version

Configure Haraka

/etc/haraka/config/smtp.ini

smtp.ini 
listen=0.0.0.0:25
nodes=1
daemonize=true
max_received_count=10
max_message_size=10485760  ; 10 MB

/etc/haraka/config/host_list — Domains to accept mail for:

host_list 
use.25cent.cloud

/etc/haraka/config/plugins — Enable required plugins:

plugins 
# Connection-level
max_unrecognized_commands
tls
dnsbl
# Envelope
rcpt_to.in_host_list
# Data
data.headers
# Queue — forward to your API
queue/webhook

Create Webhook Queue Plugin

Create the file /etc/haraka/plugins/queue/webhook.js to forward incoming emails to your API:

webhook.js 
const http = require('http');

exports.hook_queue = function(next, connection) {
  const txn = connection.transaction;
  const rcptTo = txn.rcpt_to[0].original.replace(/[<>]/g, '');
  const mailFrom = txn.mail_from.original.replace(/[<>]/g, '');

  let body = '';
  txn.message_stream.on('data', (chunk) => body += chunk);
  txn.message_stream.on('end', () => {
    const payload = JSON.stringify({
      to: rcptTo,
      from: mailFrom,
      fromName: txn.header.get('From').replace(/<.*>/, '').trim(),
      subject: txn.header.get('Subject').trim(),
      text: body,
      html: '',
      messageId: txn.header.get('Message-ID').trim(),
      size: Buffer.byteLength(body),
    });

    const req = http.request({
      hostname: '127.0.0.1',
      port: 3005,
      path: '/api/temp-email/incoming',
      method: 'POST',
      headers: {
        'Content-Type': 'application/json',
        'Content-Length': Buffer.byteLength(payload),
      },
    }, (res) => {
      if (res.statusCode === 201) {
        next(OK, 'Message accepted');
      } else {
        next(DENY, 'Mailbox not found or inactive');
      }
    });

    req.on('error', (err) => {
      connection.logerror('Webhook error: ' + err.message);
      next(DENYSOFT, 'Temporary failure, try again later');
    });

    req.write(payload);
    req.end();
  });
};

Start Haraka with PM2

Terminal 
# Start Haraka with PM2 for process management
sudo pm2 start haraka --name "mail-server" -- -c /etc/haraka

# Save PM2 config so it restarts on reboot
sudo pm2 save

# Check status
sudo pm2 status mail-server

Open Port 25

Terminal 
# Open port 25 for inbound SMTP
sudo ufw allow 25/tcp

# Verify
sudo ufw status | grep 25
Hostinger Note: Some VPS providers block port 25 by default to prevent spam. If port 25 is blocked, open a support ticket with Hostinger to request it be unblocked for legitimate mail receiving. Mention that you are running an inbound-only mail server (not sending spam).

Testing & Verification

1. Verify DNS Propagation

Terminal 
# Check MX record
dig MX use.25cent.cloud +short
# Expected: 10 mail.25cent.cloud.

# Check A record
dig A mail.25cent.cloud +short
# Expected: 5.183.9.216

# Check SPF
dig TXT use.25cent.cloud +short
# Expected: "v=spf1 ip4:5.183.9.216 a:mail.25cent.cloud ~all"

# Test MX resolution
nslookup -type=MX use.25cent.cloud

2. Test SMTP Connection

Terminal 
# Test raw SMTP connection
telnet mail.25cent.cloud 25

# Or with openssl:
openssl s_client -connect mail.25cent.cloud:25 -starttls smtp

# Quick test with swaks (SMTP testing tool):
swaks --to [email protected] --from [email protected] \
  --server mail.25cent.cloud --port 25 \
  --header "Subject: Test Email" --body "Hello from test!"

3. Send a Test Email

  1. Create a temp inbox via the dashboard or API
  2. Send an email from any external provider (Gmail, Outlook, etc.) to the inbox address (e.g., [email protected])
  3. Check the dashboard — the email should appear within seconds
  4. Verify via API: GET /api/temp-email/inboxes/{id}/messages

4. Check Server Logs

Terminal 
# Haraka logs
sudo pm2 logs mail-server --lines 50

# API logs (check for incoming webhook calls)
sudo pm2 logs 25cent-api --lines 50 | grep temp-email

SPF, DKIM & DMARC (Detailed)

SPF (Sender Policy Framework)

Already configured above. SPF tells receiving servers which IPs are authorized to send on behalf of use.25cent.cloud.

v=spf1 ip4:5.183.9.216 a:mail.25cent.cloud ~all

DKIM (DomainKeys Identified Mail)

DKIM adds a cryptographic signature to outgoing emails. Generate a DKIM key pair and add to DNS:

Terminal 
# Generate DKIM keys
openssl genrsa -out /etc/haraka/config/dkim/use.25cent.cloud.key 2048
openssl rsa -in /etc/haraka/config/dkim/use.25cent.cloud.key \
  -pubout -out /etc/haraka/config/dkim/use.25cent.cloud.pub

# Extract the public key for DNS (remove header/footer, join lines)
grep -v "^-" /etc/haraka/config/dkim/use.25cent.cloud.pub | tr -d '\n'

Add DNS record:

TypeNameContent
TXT default._domainkey.use v=DKIM1; k=rsa; p=YOUR_PUBLIC_KEY_HERE

DMARC (Domain-based Message Authentication)

Already configured above. DMARC tells receiving servers what to do when SPF/DKIM fail.

v=DMARC1; p=none; rua=mailto:[email protected]

Troubleshooting

ProblemCauseSolution
Emails not arriving MX record not set or proxied Check dig MX use.25cent.cloud — should return mail.25cent.cloud. Ensure Cloudflare proxy is OFF.
Connection refused on port 25 Port blocked or Haraka not running Run sudo ufw status, check Haraka with pm2 status. Contact Hostinger if port 25 is ISP-blocked.
Emails bouncing with 550 Inbox doesn't exist or expired Verify the inbox is active. Check pm2 logs mail-server for webhook response codes.
Emails delayed (minutes/hours) DNS propagation or greylisting Wait for DNS propagation (up to 48h). Check if any spam filter is greylisting first-time senders.
Webhook returning 500 API server issue Check pm2 logs 25cent-api. Verify the API is running on port 3005.
"Host not found" when sending to @use.25cent.cloud Missing A record for mail.25cent.cloud Add the A record pointing to 5.183.9.216 with proxy OFF.
Quick Reference — Records Summary:
MX use → mail.25cent.cloud (priority 10, DNS only)
A mail → 5.183.9.216 (DNS only)
TXT use → v=spf1 ip4:5.183.9.216 a:mail.25cent.cloud ~all
TXT _dmarc.use → v=DMARC1; p=none; rua=mailto:[email protected]
Back to Documentation