DNS Configuration¶
Add these records at your domain registrar (e.g., Gandi, Cloudflare).
A Records¶
All subdomains point to your VPS. If you have a wildcard record (* A <vps-ip>), these are already covered:
| Type | Name | Value |
|---|---|---|
| A | messages |
<vps-ip> |
| A | api.messages |
<vps-ip> |
| A | auth.messages |
<vps-ip> |
| A | s3.messages |
<vps-ip> |
| A | calendars |
<vps-ip> |
| A | api.calendars |
<vps-ip> |
| A | mx |
<vps-ip> |
MX Record¶
Routes inbound email to the Messages MTA-in server:
| Type | Name | Value | Priority |
|---|---|---|---|
| MX | @ |
mx.<domain>. |
10 |
Verify with dig +short <domain> MX.
SPF Record¶
Authorizes Brevo and your VPS to send email on behalf of your domain:
| Type | Name | Value |
|---|---|---|
| TXT | @ |
v=spf1 include:spf.brevo.com ip4:<vps-ip> -all |
DKIM Record¶
The DKIM public key is generated by Messages on first boot. Find it in the Messages admin DNS page. It looks like:
| Type | Name | Value |
|---|---|---|
| TXT | stmessages._domainkey |
v=DKIM1; k=rsa; p=MIIBIjAN... |
Important: The DKIM value shown in Messages admin is the actual public key — copy it exactly. The selector name (stmessages) is auto-generated.
DMARC Record¶
Reports policy for email authentication failures:
| Type | Name | Value |
|---|---|---|
| TXT | _dmarc |
v=DMARC1; p=quarantine; |
Verification¶
After adding all records, wait for propagation (5-30 minutes), then verify: