Is our MX Set Up Correct

Hi Everyone,

We are having MX problems recently and not sure if the issue might be how the MX record is set up in Cloudflare.

The domain is

Thanks for your feedback.

Not really I am afraid. You pointed it to a proxied record. I’d suggest you create an additional unproxied mail A record and point your MX record to that one instead.

The bigger issue, however, is that you do not have a valid certificate on your server and an insecure encryption mode on Cloudflare.

1 Like

This topic was automatically closed 3 days after the last reply. New replies are no longer allowed.

Hi Everyone,

With the holiday weekend, we were not able to reply back to this thread Is our MX Set Up Correct - #2 by sandro and the topic got closed.

@sandro suggesting a setup that we’re unclear how to complete within Cloudflare.

Also, there was a question in that thread about the SSL cert on the server… which is a self-signing SSL cert from cPanel.

Any further help on this topic is greatly appreciated.

Hi @mktg,

I have merged your new post to the original topic and re-opened it.

You should have 2 records, firstly the A record with the name mail pointing to the IP address of your server, with the cloud :grey: so it’s not proxied through Cloudflare.

Then edit your mx record to point to your new mail hostname.

This isn’t a publicly trusted certificate, so you can only be using Full SSL/TLS mode, which isn’t secure. You should either get a valid certificate or install a Cloudflare Origin Certificate so you can switch that to Full (strict).

1 Like

What was unclear about my description?

That’s the precise issue I referred to. You need to switch to “Full strict” and have a proper certificate.

Hi @sandro and @domjh ,

Thanks for your feedback.

We are not very technical and to that extent what may come across simple to you, we’re likely to screw up the syntax somewhere.

Would be great with Cloudflare offered a service to do this type of work for users.

We’ll be in touch.

Thanks again.

The bigger issue here really is your non-existing encryption though. You need to fix the certificate.

As for the mail records, it really is just these two records.

This topic was automatically closed 3 days after the last reply. New replies are no longer allowed.