Differences
This shows you the differences between two versions of the page.
Next revision | Previous revision Next revision Both sides next revision | ||
mail_servers [2014/10/10 12:45] 127.0.0.1 external edit |
mail_servers [2018/10/19 23:34] steve |
||
---|---|---|---|
Line 1: | Line 1: | ||
====== Mail Servers ====== | ====== Mail Servers ====== | ||
- | * [[Hosting]] | ||
* [[SendGrid]] | * [[SendGrid]] | ||
* [[mailx]] | * [[mailx]] | ||
+ | * [[opendkim]] | ||
* [[postfix]] | * [[postfix]] | ||
* [[sendmail]] | * [[sendmail]] | ||
Line 22: | Line 22: | ||
SPF records are DNS ''TXT'' records that verify that the server that is sending outgoing email from your domain name is authorized. | SPF records are DNS ''TXT'' records that verify that the server that is sending outgoing email from your domain name is authorized. | ||
- | As an example, here is the ''@'' ''TXT'' entry for Digital Trike that allows A2 Hosting (75.98.175.91) and GMail (_spf.google.com): | + | Here's a basic example where any email sent out from the domain's A record is authorized. Otherwise, do a hard fail. |
+ | |||
+ | Using as an example, ''beandog.org'': | ||
+ | |||
+ | <code> | ||
+ | v=spf1 a -all | ||
+ | </code> | ||
+ | |||
+ | Authorize only servers that have MX entries in DNS (such as mail.beandog.org), or in other words, for mail servers that receive incoming mail for that domain: | ||
+ | |||
+ | <code> | ||
+ | v=spf1 mx -all | ||
+ | </code> | ||
+ | |||
+ | Find the current MX servers using dig: | ||
+ | |||
+ | <code> | ||
+ | dig +short mx beandog.org | ||
+ | 0 mail.beandog.org. | ||
+ | </code> | ||
+ | |||
+ | Allow a specific IP address to send mail: | ||
+ | |||
+ | <code> | ||
+ | v=spf1 ip4:208.111.40.179 -all | ||
+ | </code> | ||
+ | |||
+ | === DKIM === | ||
+ | |||
+ | Use [[openssl]] to generate a private/public key pair (using here similar naming scheme to SSH so it makes more sense): | ||
+ | |||
+ | <code> | ||
+ | openssl genrsa -out dkim_rsa 1024 | ||
+ | openssl rsa -in dkim_rsa -pubout -out dkim_rsa.pub | ||
+ | </code> | ||
+ | |||
+ | Here's **an example** of a private and public key pair: | ||
+ | |||
+ | <code> | ||
+ | -----BEGIN RSA PRIVATE KEY----- | ||
+ | MIICXAIBAAKBgQCt5N5njq8VngIYr9S6KbIcfqkVAUdo2Bi7JoAa0G6TuOzCg73/ | ||
+ | ByfJzOZFaKlOLdihVfJy2LqaciMtseBJoXhMgH/eE2tLEXM3Sw4ub4PSXsXsYysS | ||
+ | SqzFdberGaiRTDbavdTIDfpYmX8jyyP1Rg5j1S3rppeHeBixA2fcdrWSRQIDAQAB | ||
+ | AoGActPKuP9TRicMo1iYVEXsQzywUhqCGQ15ZzvJI+u22P0n+locQCdtcqhG9lZi | ||
+ | VimX/xFOA+BxeEMeT7JBtN1XHbZmWheWC1xxLoY/R9M7fLfpKYKYXtq4kf70h4Gi | ||
+ | PAgy05DJkXHSZhhlWZvCffC385DuIIaqYnW3DUZOyGvLdBECQQDcHJzUBjvFrI6j | ||
+ | 8I+tvk4vIy5hcKgimnr+kYmTo2wBr54KWtTKX+Vq2zbXNCz+yJ/Zclxn+XDreLe6 | ||
+ | ONqRgsbjAkEAyj8kxUwyd4AUuItCCLbqydSQ7pMOWmFjkt2v0H9+Do05moejK+sj | ||
+ | Wn1MF23eE2rv3wtQ18/v+sNOpo3IEtfitwJAVoptYrNcttikcHJ5mx8SkFftuWPY | ||
+ | x1ojd4lzJPgA1BzfL0UNGtBfXAb6ZdxewIHSz2S2Ti71pa8d1Xra/JEFbwJBALL4 | ||
+ | EYfuF7KbyrpLsRGZHEeiLOaRh1//UmgCeLRePaSO4GyYnpIcr9pBinYpKR2xwbZ0 | ||
+ | gwOW5FvZPN4yFNxn4h0CQBfaCVymFJM+hkwlCLwHxg0PUZChlHgSa/9AqPV1j3UU | ||
+ | kibarRT1Lfl8FY4XWeXMi+8pt3Nma2FuHFPY8+M5Y78= | ||
+ | -----END RSA PRIVATE KEY----- | ||
+ | </code> | ||
+ | |||
+ | <code> | ||
+ | -----BEGIN PUBLIC KEY----- | ||
+ | MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCt5N5njq8VngIYr9S6KbIcfqkV | ||
+ | AUdo2Bi7JoAa0G6TuOzCg73/ByfJzOZFaKlOLdihVfJy2LqaciMtseBJoXhMgH/e | ||
+ | E2tLEXM3Sw4ub4PSXsXsYysSSqzFdberGaiRTDbavdTIDfpYmX8jyyP1Rg5j1S3r | ||
+ | ppeHeBixA2fcdrWSRQIDAQAB | ||
+ | -----END PUBLIC KEY----- | ||
+ | </code> | ||
+ | |||
+ | You'll need the pubkey string to add to a DNS TXT record: | ||
+ | |||
+ | <code> | ||
+ | grep -v "^-" dkim_rsa.pub | awk 1 ORS='' | ||
+ | </code> | ||
+ | |||
+ | <code> | ||
+ | MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCt5N5njq8VngIYr9S6KbIcfqkVAUdo2Bi7JoAa0G6TuOzCg73/ByfJzOZFaKlOLdihVfJy2LqaciMtseBJoXhMgH/eE2tLEXM3Sw4ub4PSXsXsYysSSqzFdberGaiRTDbavdTIDfpYmX8jyyP1Rg5j1S3rppeHeBixA2fcdrWSRQIDAQAB | ||
+ | </code> | ||
+ | |||
+ | Choose a name selector to use in the DNS text record which will prefix the name ''._domainkey''. Here, the selector is named ''nx''. | ||
<code> | <code> | ||
- | v=spf1 a mx ip4:75.98.175.91 include:_spf.google.com ~all | + | nx._domainkey.beandog.org |
</code> | </code> | ||
- | If you want to add multiple IP addresses, then add an extra ''ip4:'' rule to the existing record: | + | For the value of the TXT record, use DKIM version, the key type, and the public key string: |
<code> | <code> | ||
- | v=spf1 a mx ip4:75.98.175.91 ip4:12.34.56.78 include:_spf.google.com ~all | + | v=DKIM1; k=rsa; p=MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCt5N5njq8VngIYr9S6KbIcfqkVAUdo2Bi7JoAa0G6TuOzCg73/ByfJzOZFaKlOLdihVfJy2LqaciMtseBJoXhMgH/eE2tLEXM3Sw4ub4PSXsXsYysSSqzFdberGaiRTDbavdTIDfpYmX8jyyP1Rg5j1S3rppeHeBixA2fcdrWSRQIDAQAB |
</code> | </code> | ||
Line 43: | Line 118: | ||
<code> | <code> | ||
- | echo testing email | mail -r website@digitaltrike.com -s testing [mail-checker address] | + | echo testing email | mail -r website@domain.com -s testing [mail-checker address] |
</code> | </code> |