Differences
This shows you the differences between two versions of the page.
| Next revision | Previous revision Next revision Both sides next revision | ||
|
mail_servers [2014/10/10 12:45] 127.0.0.1 external edit |
mail_servers [2018/10/19 23:33] steve |
||
|---|---|---|---|
| Line 1: | Line 1: | ||
| ====== Mail Servers ====== | ====== Mail Servers ====== | ||
| - | * [[Hosting]] | ||
| * [[SendGrid]] | * [[SendGrid]] | ||
| * [[mailx]] | * [[mailx]] | ||
| Line 22: | Line 21: | ||
| SPF records are DNS ''TXT'' records that verify that the server that is sending outgoing email from your domain name is authorized. | SPF records are DNS ''TXT'' records that verify that the server that is sending outgoing email from your domain name is authorized. | ||
| - | As an example, here is the ''@'' ''TXT'' entry for Digital Trike that allows A2 Hosting (75.98.175.91) and GMail (_spf.google.com): | + | Here's a basic example where any email sent out from the domain's A record is authorized. Otherwise, do a hard fail. |
| + | |||
| + | Using as an example, ''beandog.org'': | ||
| + | |||
| + | <code> | ||
| + | v=spf1 a -all | ||
| + | </code> | ||
| + | |||
| + | Authorize only servers that have MX entries in DNS (such as mail.beandog.org), or in other words, for mail servers that receive incoming mail for that domain: | ||
| + | |||
| + | <code> | ||
| + | v=spf1 mx -all | ||
| + | </code> | ||
| + | |||
| + | Find the current MX servers using dig: | ||
| + | |||
| + | <code> | ||
| + | dig +short mx beandog.org | ||
| + | 0 mail.beandog.org. | ||
| + | </code> | ||
| + | |||
| + | Allow a specific IP address to send mail: | ||
| + | |||
| + | <code> | ||
| + | v=spf1 ip4:208.111.40.179 -all | ||
| + | </code> | ||
| + | |||
| + | === DKIM === | ||
| + | |||
| + | Use [[openssl]] to generate a private/public key pair (using here similar naming scheme to SSH so it makes more sense): | ||
| + | |||
| + | <code> | ||
| + | openssl genrsa -out dkim_rsa 1024 | ||
| + | openssl rsa -in dkim_rsa -pubout -out dkim_rsa.pub | ||
| + | </code> | ||
| + | |||
| + | Here's **an example** of a private and public key pair: | ||
| + | |||
| + | <code> | ||
| + | -----BEGIN RSA PRIVATE KEY----- | ||
| + | MIICXAIBAAKBgQCt5N5njq8VngIYr9S6KbIcfqkVAUdo2Bi7JoAa0G6TuOzCg73/ | ||
| + | ByfJzOZFaKlOLdihVfJy2LqaciMtseBJoXhMgH/eE2tLEXM3Sw4ub4PSXsXsYysS | ||
| + | SqzFdberGaiRTDbavdTIDfpYmX8jyyP1Rg5j1S3rppeHeBixA2fcdrWSRQIDAQAB | ||
| + | AoGActPKuP9TRicMo1iYVEXsQzywUhqCGQ15ZzvJI+u22P0n+locQCdtcqhG9lZi | ||
| + | VimX/xFOA+BxeEMeT7JBtN1XHbZmWheWC1xxLoY/R9M7fLfpKYKYXtq4kf70h4Gi | ||
| + | PAgy05DJkXHSZhhlWZvCffC385DuIIaqYnW3DUZOyGvLdBECQQDcHJzUBjvFrI6j | ||
| + | 8I+tvk4vIy5hcKgimnr+kYmTo2wBr54KWtTKX+Vq2zbXNCz+yJ/Zclxn+XDreLe6 | ||
| + | ONqRgsbjAkEAyj8kxUwyd4AUuItCCLbqydSQ7pMOWmFjkt2v0H9+Do05moejK+sj | ||
| + | Wn1MF23eE2rv3wtQ18/v+sNOpo3IEtfitwJAVoptYrNcttikcHJ5mx8SkFftuWPY | ||
| + | x1ojd4lzJPgA1BzfL0UNGtBfXAb6ZdxewIHSz2S2Ti71pa8d1Xra/JEFbwJBALL4 | ||
| + | EYfuF7KbyrpLsRGZHEeiLOaRh1//UmgCeLRePaSO4GyYnpIcr9pBinYpKR2xwbZ0 | ||
| + | gwOW5FvZPN4yFNxn4h0CQBfaCVymFJM+hkwlCLwHxg0PUZChlHgSa/9AqPV1j3UU | ||
| + | kibarRT1Lfl8FY4XWeXMi+8pt3Nma2FuHFPY8+M5Y78= | ||
| + | -----END RSA PRIVATE KEY----- | ||
| + | </code> | ||
| + | |||
| + | <code> | ||
| + | -----BEGIN PUBLIC KEY----- | ||
| + | MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCt5N5njq8VngIYr9S6KbIcfqkV | ||
| + | AUdo2Bi7JoAa0G6TuOzCg73/ByfJzOZFaKlOLdihVfJy2LqaciMtseBJoXhMgH/e | ||
| + | E2tLEXM3Sw4ub4PSXsXsYysSSqzFdberGaiRTDbavdTIDfpYmX8jyyP1Rg5j1S3r | ||
| + | ppeHeBixA2fcdrWSRQIDAQAB | ||
| + | -----END PUBLIC KEY----- | ||
| + | </code> | ||
| + | |||
| + | You'll need the pubkey string to add to a DNS TXT record: | ||
| + | |||
| + | <code> | ||
| + | grep -v "^-" dkim_rsa.pub | awk 1 ORS='' | ||
| + | </code> | ||
| + | |||
| + | <code> | ||
| + | MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCt5N5njq8VngIYr9S6KbIcfqkVAUdo2Bi7JoAa0G6TuOzCg73/ByfJzOZFaKlOLdihVfJy2LqaciMtseBJoXhMgH/eE2tLEXM3Sw4ub4PSXsXsYysSSqzFdberGaiRTDbavdTIDfpYmX8jyyP1Rg5j1S3rppeHeBixA2fcdrWSRQIDAQAB | ||
| + | </code> | ||
| + | |||
| + | Choose a name selector to use in the DNS text record which will prefix the name ''._domainkey''. Here, the selector is named ''nx''. | ||
| <code> | <code> | ||
| - | v=spf1 a mx ip4:75.98.175.91 include:_spf.google.com ~all | + | nx._domainkey.beandog.org |
| </code> | </code> | ||
| - | If you want to add multiple IP addresses, then add an extra ''ip4:'' rule to the existing record: | + | For the value of the TXT record, use DKIM version, the key type, and the public key string: |
| <code> | <code> | ||
| - | v=spf1 a mx ip4:75.98.175.91 ip4:12.34.56.78 include:_spf.google.com ~all | + | v=DKIM1; k=rsa; p=MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCt5N5njq8VngIYr9S6KbIcfqkVAUdo2Bi7JoAa0G6TuOzCg73/ByfJzOZFaKlOLdihVfJy2LqaciMtseBJoXhMgH/eE2tLEXM3Sw4ub4PSXsXsYysSSqzFdberGaiRTDbavdTIDfpYmX8jyyP1Rg5j1S3rppeHeBixA2fcdrWSRQIDAQAB |
| </code> | </code> | ||
| Line 43: | Line 117: | ||
| <code> | <code> | ||
| - | echo testing email | mail -r website@digitaltrike.com -s testing [mail-checker address] | + | echo testing email | mail -r website@domain.com -s testing [mail-checker address] |
| </code> | </code> | ||
