I don’t have any rules configured in my firewall. Mailcow is installed according to the documentation on Ubuntu 25.04 on a virtual machine in Proxmox. I use CloudFlare DNS, I add the settings:
;;
;; Domain: balbulator.pp.ua.
;; Exported: 2025-07-02 16:25:49
;;
;; This file is intended for use for informational and archival
;; purposes ONLY and MUST be edited before use on a production
;; DNS server. In particular, you must:
;; -- update the SOA record with the correct authoritative name server
;; -- update the SOA record with the contact e-mail address information
;; -- update the NS record(s) with the authoritative name servers for this domain.
;;
;; For further information, please consult the BIND documentation
;; located on the following website:
;;
;; http://www.isc.org/
;;
;; And RFC 1035:
;;
;; http://www.ietf.org/rfc/rfc1035.txt
;;
;; Please note that we do NOT offer technical support for any use
;; of this zone data, the BIND name server, or any other third-party
;; DNS software.
;;
;; Use at your own risk.
;; SOA Record
balbulator.pp.ua 3600 IN SOA austin.ns.cloudflare.com. dns.cloudflare.com. 2050314014 10000 2400 604800 3600
;; NS Records
balbulator.pp.ua. 86400 IN NS austin.ns.cloudflare.com.
balbulator.pp.ua. 86400 IN NS maya.ns.cloudflare.com.
;; A Records
mail.balbulator.pp.ua. 1 IN A 45.89.89.105 ; cf_tags=cf-proxied:false
;; AAAA Records
mail.balbulator.pp.ua. 1 IN AAAA ****:**** ; cf_tags=cf-proxied:false
;; CNAME Records
autoconfig.balbulator.pp.ua. 1 IN CNAME mail.balbulator.pp.ua. ; cf_tags=cf-proxied:false
autodiscover.balbulator.pp.ua. 1 IN CNAME mail.balbulator.pp.ua. ; cf_tags=cf-proxied:false
balbulator.pp.ua. 1 IN CNAME 96421.bodis.com. ; cf_tags=cf-proxied:false
;; MX Records
balbulator.pp.ua. 1 IN MX 10 mail.balbulator.pp.ua.
;; NS Records
aws.balbulator.pp.ua. 1 IN NS parked2.uadns.com.
aws.balbulator.pp.ua. 1 IN NS parked1.uadns.com.
balbulator.pp.ua. 1 IN NS parked2.uadns.com.
balbulator.pp.ua. 1 IN NS parked1.uadns.com.
dev.balbulator.pp.ua. 1 IN NS parked2.uadns.com.
dev.balbulator.pp.ua. 1 IN NS parked1.uadns.com.
e.balbulator.pp.ua. 1 IN NS parked2.uadns.com.
e.balbulator.pp.ua. 1 IN NS parked1.uadns.com.
email.balbulator.pp.ua. 1 IN NS parked2.uadns.com.
email.balbulator.pp.ua. 1 IN NS parked1.uadns.com.
info.balbulator.pp.ua. 1 IN NS parked2.uadns.com.
info.balbulator.pp.ua. 1 IN NS parked1.uadns.com.
k8s.balbulator.pp.ua. 1 IN NS parked2.uadns.com.
k8s.balbulator.pp.ua. 1 IN NS parked1.uadns.com.
mail1.balbulator.pp.ua. 1 IN NS parked2.uadns.com.
mail1.balbulator.pp.ua. 1 IN NS parked1.uadns.com.
news.balbulator.pp.ua. 1 IN NS parked2.uadns.com.
news.balbulator.pp.ua. 1 IN NS parked1.uadns.com.
newsletter.balbulator.pp.ua. 1 IN NS parked2.uadns.com.
newsletter.balbulator.pp.ua. 1 IN NS parked1.uadns.com.
ns1.balbulator.pp.ua. 1 IN NS parked2.uadns.com.
ns1.balbulator.pp.ua. 1 IN NS parked1.uadns.com.
ns2.balbulator.pp.ua. 1 IN NS parked2.uadns.com.
ns2.balbulator.pp.ua. 1 IN NS parked1.uadns.com.
spf.balbulator.pp.ua. 1 IN NS parked2.uadns.com.
spf.balbulator.pp.ua. 1 IN NS parked1.uadns.com.
test.balbulator.pp.ua. 1 IN NS parked2.uadns.com.
test.balbulator.pp.ua. 1 IN NS parked1.uadns.com.
track.balbulator.pp.ua. 1 IN NS parked2.uadns.com.
track.balbulator.pp.ua. 1 IN NS parked1.uadns.com.
www.balbulator.pp.ua. 1 IN NS parked2.uadns.com.
www.balbulator.pp.ua. 1 IN NS parked1.uadns.com.
;; SRV Records
_autodiscover._tcp.balbulator.pp.ua. 1 IN SRV 0 1 443 mail.balbulator.pp.ua.
;; TLSA Records
_25._tcp.mail.balbulator.pp.ua. 1 IN TLSA 3 1 1 ****
;; TXT Records
balbulator.pp.ua. 1 IN TXT "v=spf1 a mx ip4:45.89.89.105 ip6:****:**** -all"
dkim._domainkey.balbulator.pp.ua. 1 IN TXT "v=DKIM1;k=rsa;t=s;s=email;p=******"
_dmarc.balbulator.pp.ua. 1 IN TXT "v=DMARC1; p=reject"
**** - long codes