Differences

This shows you the differences between two versions of the page.

Link to this comparison view

Both sides previous revision Previous revision
Next revision
Previous revision
mail_servers [2015/06/01 16:52]
steve
mail_servers [2018/10/28 19:57] (current)
steve
Line 3: Line 3:
   * [[SendGrid]]   * [[SendGrid]]
   * [[mailx]]   * [[mailx]]
 +  * [[opendkim]]
   * [[postfix]]   * [[postfix]]
   * [[sendmail]]   * [[sendmail]]
Line 21: Line 22:
 SPF records are DNS ''​TXT''​ records that verify that the server that is sending outgoing email from your domain name is authorized. SPF records are DNS ''​TXT''​ records that verify that the server that is sending outgoing email from your domain name is authorized.
  
-As an example, ​here is an ''​@'' ​''​TXT''​ entry for Digital Trike that allows A2 Hosting (75.98.175.91) and GMail (_spf.google.com):+Here's a basic example where any email sent out from the domain'​s A record is authorized. Otherwise, do a hard fail. 
 + 
 +Using as an example, ''​beandog.org'':​
  
 <​code>​ <​code>​
-v=spf1 a mx ip4:​75.98.175.91 include:​_spf.google.com ~all+v=spf1 a -all
 </​code>​ </​code>​
  
-If you want to add multiple IP addressesthen add an extra ''​ip4:''​ rule to the existing record:+Authorize only servers that have MX entries in DNS (such as mail.beandog.org)or in other words, for mail servers that receive incoming mail for that domain:
  
 <​code>​ <​code>​
-v=spf1 ​mx ip4:75.98.175.91 ip4:12.34.56.78 include:_spf.google.com ~all+v=spf1 mx -all 
 +</​code>​ 
 + 
 +Find the current MX servers using dig: 
 + 
 +<​code>​ 
 +dig +short mx beandog.org 
 +0 mail.beandog.org. 
 +</​code>​ 
 + 
 +Allow a specific IP address to send mail: 
 + 
 +<​code>​ 
 +v=spf1 ​ip4:208.111.40.179 -all 
 +</​code>​ 
 + 
 +=== MX Records === 
 + 
 +To create DNS entries for an MX server, there are two partsthe A entry for the mail server, and the MX entry for the name assigned to the A entry. 
 + 
 +This example uses a subdomain to set to the mail serverEven though it's not needed, it make using the exampler simpler. 
 + 
 +First add an A address for ''​mx.beandog.org''​ assigned to IP ''​144.202.87.191''​. 
 + 
 +Next, add an MX entry for entry ''​@''​ and assign to ''​mx.beandog.org''​ with the priority at whatever number you'd like (0 or 10 is fine). 
 + 
 +This approach allows an external server that may or may not have ''​beandog.org''​ as its main address send mail for your domain. By adding a DNS entry, and flagging its A address as allowed to send mail, the ''​mx''​ part of the SPF record will allow for that server to be authenticated. 
 + 
 +=== DKIM === 
 + 
 +Use [[openssl]] to generate a private/​public key pair (using here similar naming scheme to SSH so it makes more sense): 
 + 
 +<​code>​ 
 +openssl genrsa -out dkim_rsa 1024 
 +openssl rsa -in dkim_rsa -pubout -out dkim_rsa.pub 
 +</​code>​ 
 + 
 +Here's **an example** of a private and public key pair: 
 + 
 +<​code>​ 
 +-----BEGIN RSA PRIVATE KEY----- 
 +MIICXAIBAAKBgQCt5N5njq8VngIYr9S6KbIcfqkVAUdo2Bi7JoAa0G6TuOzCg73/​ 
 +ByfJzOZFaKlOLdihVfJy2LqaciMtseBJoXhMgH/​eE2tLEXM3Sw4ub4PSXsXsYysS 
 +SqzFdberGaiRTDbavdTIDfpYmX8jyyP1Rg5j1S3rppeHeBixA2fcdrWSRQIDAQAB 
 +AoGActPKuP9TRicMo1iYVEXsQzywUhqCGQ15ZzvJI+u22P0n+locQCdtcqhG9lZi 
 +VimX/​xFOA+BxeEMeT7JBtN1XHbZmWheWC1xxLoY/​R9M7fLfpKYKYXtq4kf70h4Gi 
 +PAgy05DJkXHSZhhlWZvCffC385DuIIaqYnW3DUZOyGvLdBECQQDcHJzUBjvFrI6j 
 +8I+tvk4vIy5hcKgimnr+kYmTo2wBr54KWtTKX+Vq2zbXNCz+yJ/​Zclxn+XDreLe6 
 +ONqRgsbjAkEAyj8kxUwyd4AUuItCCLbqydSQ7pMOWmFjkt2v0H9+Do05moejK+sj 
 +Wn1MF23eE2rv3wtQ18/​v+sNOpo3IEtfitwJAVoptYrNcttikcHJ5mx8SkFftuWPY 
 +x1ojd4lzJPgA1BzfL0UNGtBfXAb6ZdxewIHSz2S2Ti71pa8d1Xra/​JEFbwJBALL4 
 +EYfuF7KbyrpLsRGZHEeiLOaRh1//​UmgCeLRePaSO4GyYnpIcr9pBinYpKR2xwbZ0 
 +gwOW5FvZPN4yFNxn4h0CQBfaCVymFJM+hkwlCLwHxg0PUZChlHgSa/​9AqPV1j3UU 
 +kibarRT1Lfl8FY4XWeXMi+8pt3Nma2FuHFPY8+M5Y78= 
 +-----END RSA PRIVATE KEY----- 
 +</​code>​ 
 + 
 +<​code>​ 
 +-----BEGIN PUBLIC KEY----- 
 +MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCt5N5njq8VngIYr9S6KbIcfqkV 
 +AUdo2Bi7JoAa0G6TuOzCg73/​ByfJzOZFaKlOLdihVfJy2LqaciMtseBJoXhMgH/​e 
 +E2tLEXM3Sw4ub4PSXsXsYysSSqzFdberGaiRTDbavdTIDfpYmX8jyyP1Rg5j1S3r 
 +ppeHeBixA2fcdrWSRQIDAQAB 
 +-----END PUBLIC KEY----- 
 +</​code>​ 
 + 
 +You'll need the pubkey string to add to a DNS TXT record: 
 + 
 +<​code>​ 
 +grep -v "​^-"​ dkim_rsa.pub | awk 1 ORS=''​ 
 +</​code>​ 
 + 
 +<​code>​ 
 +MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCt5N5njq8VngIYr9S6KbIcfqkVAUdo2Bi7JoAa0G6TuOzCg73/​ByfJzOZFaKlOLdihVfJy2LqaciMtseBJoXhMgH/​eE2tLEXM3Sw4ub4PSXsXsYysSSqzFdberGaiRTDbavdTIDfpYmX8jyyP1Rg5j1S3rppeHeBixA2fcdrWSRQIDAQAB 
 +</​code>​ 
 + 
 +Choose a name selector to use in the DNS text record which will prefix the name ''​._domainkey''​. Here, the selector is named ''​nx''​. 
 + 
 +<​code>​ 
 +nx._domainkey.beandog.org 
 +</​code>​ 
 + 
 +For the value of the TXT record, use DKIM version, the key type, and the public key string: 
 + 
 +<​code>​ 
 +v=DKIM1; k=rsa; p=MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCt5N5njq8VngIYr9S6KbIcfqkVAUdo2Bi7JoAa0G6TuOzCg73/​ByfJzOZFaKlOLdihVfJy2LqaciMtseBJoXhMgH/​eE2tLEXM3Sw4ub4PSXsXsYysSSqzFdberGaiRTDbavdTIDfpYmX8jyyP1Rg5j1S3rppeHeBixA2fcdrWSRQIDAQAB
 </​code>​ </​code>​
  
Line 36: Line 124:
  
 [[http://​www.mail-tester.com/​|Mail Tester]] is a great site that you can send emails to and see how it is regarded by other mail servers. ​ It will give recommendations on how to improve SPF records, DKIM signing, SpamAssassin results, etc. [[http://​www.mail-tester.com/​|Mail Tester]] is a great site that you can send emails to and see how it is regarded by other mail servers. ​ It will give recommendations on how to improve SPF records, DKIM signing, SpamAssassin results, etc.
- 
-Here is an example one sent from the A2 Hosting shared account: http://​www.mail-tester.com/​web-yLwB8z 
  
 You can use ''​mailx''​ to send email directly. ​ When using it, set the ''​From:''​ address properly as it would be sent: You can use ''​mailx''​ to send email directly. ​ When using it, set the ''​From:''​ address properly as it would be sent:
  
 <​code>​ <​code>​
-echo testing email | mail -r website@digitaltrike.com -s testing [mail-checker address] ​+echo testing email | mail -r website@domain.com -s testing [mail-checker address] ​
 </​code>​ </​code>​