Differences
This shows you the differences between two versions of the page.
Both sides previous revision Previous revision Next revision | Previous revision Next revision Both sides next revision | ||
mail_servers [2018/10/18 02:07] steve |
mail_servers [2018/10/19 23:28] steve |
||
---|---|---|---|
Line 29: | Line 29: | ||
</code> | </code> | ||
- | Authorize only servers that have MX entries in DNS (such as mail1.beandog.org, mail2.beandog.org): | + | Authorize only servers that have MX entries in DNS (such as mail.beandog.org), or in other words, for mail servers that receive incoming mail for that domain: |
<code> | <code> | ||
Line 42: | Line 42: | ||
</code> | </code> | ||
+ | Allow a specific IP address to send mail: | ||
+ | |||
+ | <code> | ||
+ | v=spf1 ip4:208.111.40.179 -all | ||
+ | </code> | ||
+ | |||
+ | === DKIM === | ||
+ | |||
+ | Use [[openssl]] to generate a private/public key pair (using here similar naming scheme to SSH so it makes more sense): | ||
+ | |||
+ | <code> | ||
+ | openssl genrsa -out dkim_rsa 1024 | ||
+ | openssl rsa -in dkim_rsa -pubout -out dkim_rsa.pub | ||
+ | </code> | ||
+ | |||
+ | Here's **an example** of a private and public key pair: | ||
+ | |||
+ | <code> | ||
+ | -----BEGIN RSA PRIVATE KEY----- | ||
+ | MIICXAIBAAKBgQCt5N5njq8VngIYr9S6KbIcfqkVAUdo2Bi7JoAa0G6TuOzCg73/ | ||
+ | ByfJzOZFaKlOLdihVfJy2LqaciMtseBJoXhMgH/eE2tLEXM3Sw4ub4PSXsXsYysS | ||
+ | SqzFdberGaiRTDbavdTIDfpYmX8jyyP1Rg5j1S3rppeHeBixA2fcdrWSRQIDAQAB | ||
+ | AoGActPKuP9TRicMo1iYVEXsQzywUhqCGQ15ZzvJI+u22P0n+locQCdtcqhG9lZi | ||
+ | VimX/xFOA+BxeEMeT7JBtN1XHbZmWheWC1xxLoY/R9M7fLfpKYKYXtq4kf70h4Gi | ||
+ | PAgy05DJkXHSZhhlWZvCffC385DuIIaqYnW3DUZOyGvLdBECQQDcHJzUBjvFrI6j | ||
+ | 8I+tvk4vIy5hcKgimnr+kYmTo2wBr54KWtTKX+Vq2zbXNCz+yJ/Zclxn+XDreLe6 | ||
+ | ONqRgsbjAkEAyj8kxUwyd4AUuItCCLbqydSQ7pMOWmFjkt2v0H9+Do05moejK+sj | ||
+ | Wn1MF23eE2rv3wtQ18/v+sNOpo3IEtfitwJAVoptYrNcttikcHJ5mx8SkFftuWPY | ||
+ | x1ojd4lzJPgA1BzfL0UNGtBfXAb6ZdxewIHSz2S2Ti71pa8d1Xra/JEFbwJBALL4 | ||
+ | EYfuF7KbyrpLsRGZHEeiLOaRh1//UmgCeLRePaSO4GyYnpIcr9pBinYpKR2xwbZ0 | ||
+ | gwOW5FvZPN4yFNxn4h0CQBfaCVymFJM+hkwlCLwHxg0PUZChlHgSa/9AqPV1j3UU | ||
+ | kibarRT1Lfl8FY4XWeXMi+8pt3Nma2FuHFPY8+M5Y78= | ||
+ | -----END RSA PRIVATE KEY----- | ||
+ | </code> | ||
+ | |||
+ | <code> | ||
+ | -----BEGIN PUBLIC KEY----- | ||
+ | MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCt5N5njq8VngIYr9S6KbIcfqkV | ||
+ | AUdo2Bi7JoAa0G6TuOzCg73/ByfJzOZFaKlOLdihVfJy2LqaciMtseBJoXhMgH/e | ||
+ | E2tLEXM3Sw4ub4PSXsXsYysSSqzFdberGaiRTDbavdTIDfpYmX8jyyP1Rg5j1S3r | ||
+ | ppeHeBixA2fcdrWSRQIDAQAB | ||
+ | -----END PUBLIC KEY----- | ||
+ | </code> | ||
+ | |||
+ | You'll need the pubkey string to add to a DNS TXT record: | ||
+ | |||
+ | <code> | ||
+ | grep -v "^-" dkim_rsa.pub | awk 1 ORS='' | ||
+ | </code> | ||
+ | |||
+ | <code> | ||
+ | MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCt5N5njq8VngIYr9S6KbIcfqkVAUdo2Bi7JoAa0G6TuOzCg73/ByfJzOZFaKlOLdihVfJy2LqaciMtseBJoXhMgH/eE2tLEXM3Sw4ub4PSXsXsYysSSqzFdberGaiRTDbavdTIDfpYmX8jyyP1Rg5j1S3rppeHeBixA2fcdrWSRQIDAQAB | ||
+ | </code> | ||
=== Mail Tester === | === Mail Tester === |