Do you have a valid PTR (Reverse DNS) record?
PTR records are created for your Droplet during deployment, though can be modified by changing the name of your Droplet post-deployment.
For example, if you deployed a Droplet named
mail, the PTR record is not valid. If you named your Droplet
mail.yourdomain.ext, a FQDN/FQHN, your PTR record will be valid. This is the only way to setup a PTR record with DigitalOcean for the time being and the documentation doesn't actually put this out there.
The same applies for any Droplet, whether it's a web/database server, proxy server, etc. You can set a valid PTR record by just changing the name of the Dropet.
Valid Droplet Name Examples
Invalid Droplet Name Examples
domain.ext is your domain (
ext = extension -- .com, .net, etc).
Once the PTR is set, make sure you've set the hostname to match from the CLI using
mail.domain.ext is the same as the [new] name of your Droplet (as per my examples).
Even though for web, database, proxy, and similar servers, a valid PTR may not do much, when it comes to mail servers, it needs to be valid.
About the only time I don't bother is when setting up a VPN.