Differences
This shows you the differences between two versions of the page.
| Both sides previous revision Previous revision Next revision | Previous revision | ||
|
mail_servers [2018/10/18 02:07] steve |
mail_servers [2018/10/28 19:57] steve |
||
|---|---|---|---|
| Line 3: | Line 3: | ||
| * [[SendGrid]] | * [[SendGrid]] | ||
| * [[mailx]] | * [[mailx]] | ||
| + | * [[opendkim]] | ||
| * [[postfix]] | * [[postfix]] | ||
| * [[sendmail]] | * [[sendmail]] | ||
| Line 29: | Line 30: | ||
| </code> | </code> | ||
| - | Authorize only servers that have MX entries in DNS (such as mail1.beandog.org, mail2.beandog.org): | + | Authorize only servers that have MX entries in DNS (such as mail.beandog.org), or in other words, for mail servers that receive incoming mail for that domain: |
| <code> | <code> | ||
| Line 42: | Line 43: | ||
| </code> | </code> | ||
| + | Allow a specific IP address to send mail: | ||
| + | |||
| + | <code> | ||
| + | v=spf1 ip4:208.111.40.179 -all | ||
| + | </code> | ||
| + | |||
| + | === MX Records === | ||
| + | |||
| + | To create DNS entries for an MX server, there are two parts: the A entry for the mail server, and the MX entry for the name assigned to the A entry. | ||
| + | |||
| + | This example uses a subdomain to set to the mail server. Even though it's not needed, it make using the exampler simpler. | ||
| + | |||
| + | First add an A address for ''mx.beandog.org'' assigned to IP ''144.202.87.191''. | ||
| + | |||
| + | Next, add an MX entry for entry ''@'' and assign to ''mx.beandog.org'' with the priority at whatever number you'd like (0 or 10 is fine). | ||
| + | |||
| + | This approach allows an external server that may or may not have ''beandog.org'' as its main address send mail for your domain. By adding a DNS entry, and flagging its A address as allowed to send mail, the ''mx'' part of the SPF record will allow for that server to be authenticated. | ||
| + | |||
| + | === DKIM === | ||
| + | |||
| + | Use [[openssl]] to generate a private/public key pair (using here similar naming scheme to SSH so it makes more sense): | ||
| + | |||
| + | <code> | ||
| + | openssl genrsa -out dkim_rsa 1024 | ||
| + | openssl rsa -in dkim_rsa -pubout -out dkim_rsa.pub | ||
| + | </code> | ||
| + | |||
| + | Here's **an example** of a private and public key pair: | ||
| + | |||
| + | <code> | ||
| + | -----BEGIN RSA PRIVATE KEY----- | ||
| + | MIICXAIBAAKBgQCt5N5njq8VngIYr9S6KbIcfqkVAUdo2Bi7JoAa0G6TuOzCg73/ | ||
| + | ByfJzOZFaKlOLdihVfJy2LqaciMtseBJoXhMgH/eE2tLEXM3Sw4ub4PSXsXsYysS | ||
| + | SqzFdberGaiRTDbavdTIDfpYmX8jyyP1Rg5j1S3rppeHeBixA2fcdrWSRQIDAQAB | ||
| + | AoGActPKuP9TRicMo1iYVEXsQzywUhqCGQ15ZzvJI+u22P0n+locQCdtcqhG9lZi | ||
| + | VimX/xFOA+BxeEMeT7JBtN1XHbZmWheWC1xxLoY/R9M7fLfpKYKYXtq4kf70h4Gi | ||
| + | PAgy05DJkXHSZhhlWZvCffC385DuIIaqYnW3DUZOyGvLdBECQQDcHJzUBjvFrI6j | ||
| + | 8I+tvk4vIy5hcKgimnr+kYmTo2wBr54KWtTKX+Vq2zbXNCz+yJ/Zclxn+XDreLe6 | ||
| + | ONqRgsbjAkEAyj8kxUwyd4AUuItCCLbqydSQ7pMOWmFjkt2v0H9+Do05moejK+sj | ||
| + | Wn1MF23eE2rv3wtQ18/v+sNOpo3IEtfitwJAVoptYrNcttikcHJ5mx8SkFftuWPY | ||
| + | x1ojd4lzJPgA1BzfL0UNGtBfXAb6ZdxewIHSz2S2Ti71pa8d1Xra/JEFbwJBALL4 | ||
| + | EYfuF7KbyrpLsRGZHEeiLOaRh1//UmgCeLRePaSO4GyYnpIcr9pBinYpKR2xwbZ0 | ||
| + | gwOW5FvZPN4yFNxn4h0CQBfaCVymFJM+hkwlCLwHxg0PUZChlHgSa/9AqPV1j3UU | ||
| + | kibarRT1Lfl8FY4XWeXMi+8pt3Nma2FuHFPY8+M5Y78= | ||
| + | -----END RSA PRIVATE KEY----- | ||
| + | </code> | ||
| + | |||
| + | <code> | ||
| + | -----BEGIN PUBLIC KEY----- | ||
| + | MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCt5N5njq8VngIYr9S6KbIcfqkV | ||
| + | AUdo2Bi7JoAa0G6TuOzCg73/ByfJzOZFaKlOLdihVfJy2LqaciMtseBJoXhMgH/e | ||
| + | E2tLEXM3Sw4ub4PSXsXsYysSSqzFdberGaiRTDbavdTIDfpYmX8jyyP1Rg5j1S3r | ||
| + | ppeHeBixA2fcdrWSRQIDAQAB | ||
| + | -----END PUBLIC KEY----- | ||
| + | </code> | ||
| + | |||
| + | You'll need the pubkey string to add to a DNS TXT record: | ||
| + | |||
| + | <code> | ||
| + | grep -v "^-" dkim_rsa.pub | awk 1 ORS='' | ||
| + | </code> | ||
| + | |||
| + | <code> | ||
| + | MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCt5N5njq8VngIYr9S6KbIcfqkVAUdo2Bi7JoAa0G6TuOzCg73/ByfJzOZFaKlOLdihVfJy2LqaciMtseBJoXhMgH/eE2tLEXM3Sw4ub4PSXsXsYysSSqzFdberGaiRTDbavdTIDfpYmX8jyyP1Rg5j1S3rppeHeBixA2fcdrWSRQIDAQAB | ||
| + | </code> | ||
| + | |||
| + | Choose a name selector to use in the DNS text record which will prefix the name ''._domainkey''. Here, the selector is named ''nx''. | ||
| + | |||
| + | <code> | ||
| + | nx._domainkey.beandog.org | ||
| + | </code> | ||
| + | |||
| + | For the value of the TXT record, use DKIM version, the key type, and the public key string: | ||
| + | |||
| + | <code> | ||
| + | v=DKIM1; k=rsa; p=MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCt5N5njq8VngIYr9S6KbIcfqkVAUdo2Bi7JoAa0G6TuOzCg73/ByfJzOZFaKlOLdihVfJy2LqaciMtseBJoXhMgH/eE2tLEXM3Sw4ub4PSXsXsYysSSqzFdberGaiRTDbavdTIDfpYmX8jyyP1Rg5j1S3rppeHeBixA2fcdrWSRQIDAQAB | ||
| + | </code> | ||
| === Mail Tester === | === Mail Tester === | ||
| [[http://www.mail-tester.com/|Mail Tester]] is a great site that you can send emails to and see how it is regarded by other mail servers. It will give recommendations on how to improve SPF records, DKIM signing, SpamAssassin results, etc. | [[http://www.mail-tester.com/|Mail Tester]] is a great site that you can send emails to and see how it is regarded by other mail servers. It will give recommendations on how to improve SPF records, DKIM signing, SpamAssassin results, etc. | ||
| - | |||
| - | Here is an example one sent from the A2 Hosting shared account: http://www.mail-tester.com/web-yLwB8z | ||
| You can use ''mailx'' to send email directly. When using it, set the ''From:'' address properly as it would be sent: | You can use ''mailx'' to send email directly. When using it, set the ''From:'' address properly as it would be sent: | ||
