Managing PTR Record with Cloudflare - reverse DNS email problem

OS type and version Ubuntu 22.04
Webmin version 2.111
Virtualmin version 7.10.0 Pro


I’ve been researching the forum but can’t seem to find a post that matches my ask. I’d like to use emails with Virtualmin, and all my DNS is managed through cloudflare. The seetings in Virtualmin, DKIM, DMARC are all enabled, all looking good IMHO. However when sending emails to GMAIL, I get this:

The IP address sending this message does not have a PTR record setup, or the corresponding forward DNS entry does not point to the sending IP. As a policy, Gmail does not accept messages from IPs with missing PTR records.

Now, in Plesk, the PTR record (i.e. reverse DNS) is automatically “managed” by Plesk, if it is connected to external DNS providers such as cloudflare. However I understand, that Virtualmin doesn’t manage the PTR record. Things to note:

  • in cloudflare, I’ve set SSL settings to “full/strict”. I’m not really willing to compromise on this unless there is a really good reason, as any setting below leads to a lot of redirect issues, particularly from HTTP to HTTPS request etc.
  • all domains are let’s encrypt SSL’ed
  • DOMAINKEY and DKIM are all properly set up
  • services like mail-tester appreciate all other mail server settings, just the PTR is a problem


  • While I understand that I can create a PTR record manually in each of my cloudflare domains, I’d prefer to automate this and retain the “push” set up of Virtualmin pushing updates to cloudflare somehow and avoid having to do anything cloudflare DNS settings manually.
    As I use cloudflare for all my domains managed within virtualmin, is there a way to easily set this up? The advice from mail-tester suggests that: "You may want to publish a pointer (PTR type) DNS record with a value of or use as hostname in your mail software.

  • Equally, I’m aware that I can put my mailserver somewhere else, but I’d like to keep things together, and the DNS-proxy to obfuscate my IPs isn’t that important to me.

I’m trying to find a step-by-step guide on how to set up virtualmin with cloudflare, so that a test gets me close to the 10 points. Ironically, I think I actually had gotten there, but I messed up something in the process, and now I’m getting these error message…

I have to admit, that email and mail server handling isn’t my forte, so appreciate a bit of a helping hand.
Cheers team, you rock, loving this piece of software as I get to know it a bit better…

So while it’s not the solution I wanted, the temporary fix I’m applying (that passes the gmail and mail-tester tests) is as follows:

  • in postfix mail server configuration, selected “What domain to use in outbound mail” as “Use hostname”.
  • in network configuration, Hostname and DNS Client, put the RDNS entry from the ISP

Why does this solve things?

  • the hostname is now the RDNS entry, so the nslookup of the IP resolves to the hostname
  • the mail server uses the hostname to send emails.

Why does this not solve things?

  • Ideally, I’d like the host name to be a different domain from the RDNS entry of the ISP, so the hosname URL is “prettier” than the lengthy subdomain assigned from the ISP

  • I’d like to avoid having to use RDNS entry from my ISP as the domain used to send email, I’d prefer to have the domain of the email to be the domain used for sending email.

This again leads to the automated PTR record creation discussion above, which remains unresolved by this work-around.


You cannot set the Reverse DNS / PTR entry.

Your ISP needs to set it for your IP.

Ask them that you want hostname.domain.tld for your IP

from your end you set the A record in DNS. But PTR is set by ISP.

Most VPS / dedicated server companies let you set it in their panel.

sometimes they allow to set it even for residential connections.

Thanks for your offer to help! I’m afraid that’s not neccessarilyy accurate, as it depends on the hosting panel you have. My ISP for example DOES allow what, as I run my own VPS.

That doesn’t solve my problem though, as I will stil lhave a single hostname I need to use for all emails, which I don’t want to do. What I’m aiming to get at, is: should have sendmails from should have sendmails from

Does that make sense? So changing my hostname from:

doesn’t solve my issue…

PTR is controled by whoever “owns” the IP.
If your IP is supplied by a VPS then you should have a way to edit the PTR on there system.

Who supplies the IP?

Whats response to you get at Mxtools for a reverse lookup.

On vultr this is where I set the reverse lookup.

This is off topic.

you can not do that unless you have more than 1 IP address a ptr record eludes to the IP address and not multiple domain names. As long as whatever the contents of ptr record is resolves to your allocated IP there should be no problem sending mail

Are you proxying the A record for the mail server?

No it’s not :slight_smile: As I created the topic and the intent is to use PTR records to overcome the limitations of the 1:1 relationship betweena an IP and a domain name…

A DNS pointer record (PTR for short) provides the domain name associated with an IP address, and that is what I am trying to achieve here, i.e. having virtualmin “spoof” the RDNS by managing the cloudflare PTR record to ensure that the domain is mapped to the IP…

Apologies if that wansn’t clear, but that’s really my only issue.

Hi there, I’m all good with this. I know what the reverse look up of my IP is, as mentioned in the post before. My problem is not finding the domain to the IP, my problem is trying to allow emails to pass the RDNS test by automatically managing the PTR records in cloudflare through webmin…

no, I am not (sorry, misread initially)

You can’t proxy the A records for mail, its in cloudflare docs, they say to set to DNS only.

Yes, but in cloudflare, for every single domain, I can set a PTR record that will confirm that the IP = domain, even if there are numerous domains on the same IP.

Am I misunderstanding what you are trying to say?

Let me backup a little, this is what mail-tester outputs for a domain that is managed by plesk through cloudflare. Every domain sends email through their own domain name as the host name. I’m wondering whether what I’m try to accomplish can be managed through SPF, but as mentioned in my initial post, I’m not great with email and the security parametrs in recent years…

Sender Policy Framework (SPF) is an email validation system designed to prevent email spam by detecting email spoofing, a common vulnerability, by verifying sender IP addresses.

What we retained as your current SPF record is:
v=spf1 +a +mx -all

Verification details:
dig +short TXT :
“v=spf1 +a +mx -all”

dig +short TXT :
“v=spf1 +a +mx -all”

spfquery --scope mfrom --id --ip --helo-id :

pass is authorized to use '' in 'mfrom' identity (mechanism 'a' matched) is authorized to use '' in 'mfrom' identity (mechanism 'a' matched)
Received-SPF: pass ( is authorized to use '' in 'mfrom' identity (mechanism 'a' matched)); identity=mailfrom; envelope-from="";; client-ip=

no, I am not (sorry, misread initially)

You mean SPF not PTR I think, PTR is a reverse setting.

I’m a bit confuse about the PTR in the subject.

try a simple SPF like

“v=spf1 +a +mx -all” being the IP of the server, add ip6: or other IP’s of servers sending mail for that domain.

that is the way, you use the ip’sin spf record. Then you can have different domain that does not match hostname or PTR record.

To set PTR from cloudflare or any other DNS, it would need to the authorative nameserver for that IP.

At least that is my understanding.

So this can only be set by the Hoster/VPS provider/Dedicated Server provider/Residential ISP if hosting at homelab.

You have read this Reverse zones and PTR records · Cloudflare DNS docs and your setup compiles?

So I imagine you can set the PTR record at Cloudflare when proxing HTTP traffic for and, because those will resolve to Cloudflare’s IPs for which they also control the PTR.

But they don’t proxy email (SMTP protocol), so it would make no sense for to resolve to a Cloudflare IP, and thus they don’t control the PTR record for it. Instead this would need to be managed by your ISP or hosting company.

1 Like

You have misunderstood what a PTR record is.

There is nothing to overcome. A PTR record maps an IP address to a name. That’s it.

Reverse DNS for an IP is managed by the owner of the network block your IP is in. Some providers will delegate it to your name servers if requested, some will allow you to set it directly, some require you to file a ticket and have them update it, some just expect you to use the automatically assigned PTR. Any of those is fine, as long as the name the PTR resolves to has an A record that resolves back to your IP. But, you don’t “own” the IP PTR record, so there is nothing a control panel can do about it without it being delegated to you.

You can manage reverse zones in Webmin, so you can certainly manage PTR records in Webmin, if your host has delegated the zone(s) for the IPs of your server(s) to your DNS servers. For most folks, that is an unnecessary bit of complexity.

And, Plesk cannot magically make PTR records do something they aren’t meant to do.

This topic was automatically closed 60 days after the last reply. New replies are no longer allowed.