no way to compare when less than two revisions

Differences

This shows you the differences between two versions of the page.


mail_servers [2018/10/29 01:57] (current) – created - external edit 127.0.0.1
Line 1: Line 1:
 +====== Mail Servers ======
  
 +  * [[SendGrid]]
 +  * [[mailx]]
 +  * [[opendkim]]
 +  * [[postfix]]
 +  * [[sendmail]]
 +  * [[ssmtp]]
 +
 +  * [[http://www.mail-tester.com/|Mail Tester]]
 +  * [[http://www.microsoft.com/mscorp/safety/content/technologies/senderid/wizard/default.aspx|Sender ID Framework SPF Record Wizard]] - very nice interface to generate SPF DNS records.
 +  * [[http://www.openspf.org/FAQ/Common_mistakes|SPF Common Mistakes]]
 +  * [[http://www.openspf.org/Project_Overview|Sender Policy Framework - Project Overview]]
 +  * [[http://www.openspf.org/SPF_Record_Syntax|SPF Record Syntax]]
 +  * [[http://www.kitterman.com/spf/validate.html|SPF Query Tool]]
 +  * [[http://mxtoolbox.com/SuperTool.aspx|MX Toolbox]]
 +  * [[https://toolbox.googleapps.com/apps/checkmx/|Google Apps Toolbox: Check MX]]
 +  * [[https://support.google.com/a/answer/174125|Google Apps MX record values]]
 +
 +=== SPF Records ===
 +
 +SPF records are DNS ''TXT'' records that verify that the server that is sending outgoing email from your domain name is authorized.
 +
 +Here's a basic example where any email sent out from the domain's A record is authorized. Otherwise, do a hard fail.
 +
 +Using as an example, ''beandog.org'':
 +
 +<code>
 +v=spf1 a -all
 +</code>
 +
 +Authorize only servers that have MX entries in DNS (such as mail.beandog.org), or in other words, for mail servers that receive incoming mail for that domain:
 +
 +<code>
 +v=spf1 mx -all
 +</code>
 +
 +Find the current MX servers using dig:
 +
 +<code>
 +dig +short mx beandog.org
 +0 mail.beandog.org.
 +</code>
 +
 +Allow a specific IP address to send mail:
 +
 +<code>
 +v=spf1 ip4:208.111.40.179 -all
 +</code>
 +
 +=== MX Records ===
 +
 +To create DNS entries for an MX server, there are two parts: the A entry for the mail server, and the MX entry for the name assigned to the A entry.
 +
 +This example uses a subdomain to set to the mail server. Even though it's not needed, it make using the exampler simpler.
 +
 +First add an A address for ''mx.beandog.org'' assigned to IP ''144.202.87.191''.
 +
 +Next, add an MX entry for entry ''@'' and assign to ''mx.beandog.org'' with the priority at whatever number you'd like (0 or 10 is fine).
 +
 +This approach allows an external server that may or may not have ''beandog.org'' as its main address send mail for your domain. By adding a DNS entry, and flagging its A address as allowed to send mail, the ''mx'' part of the SPF record will allow for that server to be authenticated.
 +
 +=== DKIM ===
 +
 +Use [[openssl]] to generate a private/public key pair (using here similar naming scheme to SSH so it makes more sense):
 +
 +<code>
 +openssl genrsa -out dkim_rsa 1024
 +openssl rsa -in dkim_rsa -pubout -out dkim_rsa.pub
 +</code>
 +
 +Here's **an example** of a private and public key pair:
 +
 +<code>
 +-----BEGIN RSA PRIVATE KEY-----
 +MIICXAIBAAKBgQCt5N5njq8VngIYr9S6KbIcfqkVAUdo2Bi7JoAa0G6TuOzCg73/
 +ByfJzOZFaKlOLdihVfJy2LqaciMtseBJoXhMgH/eE2tLEXM3Sw4ub4PSXsXsYysS
 +SqzFdberGaiRTDbavdTIDfpYmX8jyyP1Rg5j1S3rppeHeBixA2fcdrWSRQIDAQAB
 +AoGActPKuP9TRicMo1iYVEXsQzywUhqCGQ15ZzvJI+u22P0n+locQCdtcqhG9lZi
 +VimX/xFOA+BxeEMeT7JBtN1XHbZmWheWC1xxLoY/R9M7fLfpKYKYXtq4kf70h4Gi
 +PAgy05DJkXHSZhhlWZvCffC385DuIIaqYnW3DUZOyGvLdBECQQDcHJzUBjvFrI6j
 +8I+tvk4vIy5hcKgimnr+kYmTo2wBr54KWtTKX+Vq2zbXNCz+yJ/Zclxn+XDreLe6
 +ONqRgsbjAkEAyj8kxUwyd4AUuItCCLbqydSQ7pMOWmFjkt2v0H9+Do05moejK+sj
 +Wn1MF23eE2rv3wtQ18/v+sNOpo3IEtfitwJAVoptYrNcttikcHJ5mx8SkFftuWPY
 +x1ojd4lzJPgA1BzfL0UNGtBfXAb6ZdxewIHSz2S2Ti71pa8d1Xra/JEFbwJBALL4
 +EYfuF7KbyrpLsRGZHEeiLOaRh1//UmgCeLRePaSO4GyYnpIcr9pBinYpKR2xwbZ0
 +gwOW5FvZPN4yFNxn4h0CQBfaCVymFJM+hkwlCLwHxg0PUZChlHgSa/9AqPV1j3UU
 +kibarRT1Lfl8FY4XWeXMi+8pt3Nma2FuHFPY8+M5Y78=
 +-----END RSA PRIVATE KEY-----
 +</code>
 +
 +<code>
 +-----BEGIN PUBLIC KEY-----
 +MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCt5N5njq8VngIYr9S6KbIcfqkV
 +AUdo2Bi7JoAa0G6TuOzCg73/ByfJzOZFaKlOLdihVfJy2LqaciMtseBJoXhMgH/e
 +E2tLEXM3Sw4ub4PSXsXsYysSSqzFdberGaiRTDbavdTIDfpYmX8jyyP1Rg5j1S3r
 +ppeHeBixA2fcdrWSRQIDAQAB
 +-----END PUBLIC KEY-----
 +</code>
 +
 +You'll need the pubkey string to add to a DNS TXT record:
 +
 +<code>
 +grep -v "^-" dkim_rsa.pub | awk 1 ORS=''
 +</code>
 +
 +<code>
 +MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCt5N5njq8VngIYr9S6KbIcfqkVAUdo2Bi7JoAa0G6TuOzCg73/ByfJzOZFaKlOLdihVfJy2LqaciMtseBJoXhMgH/eE2tLEXM3Sw4ub4PSXsXsYysSSqzFdberGaiRTDbavdTIDfpYmX8jyyP1Rg5j1S3rppeHeBixA2fcdrWSRQIDAQAB
 +</code>
 +
 +Choose a name selector to use in the DNS text record which will prefix the name ''._domainkey''. Here, the selector is named ''nx''.
 +
 +<code>
 +nx._domainkey.beandog.org
 +</code>
 +
 +For the value of the TXT record, use DKIM version, the key type, and the public key string:
 +
 +<code>
 +v=DKIM1; k=rsa; p=MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCt5N5njq8VngIYr9S6KbIcfqkVAUdo2Bi7JoAa0G6TuOzCg73/ByfJzOZFaKlOLdihVfJy2LqaciMtseBJoXhMgH/eE2tLEXM3Sw4ub4PSXsXsYysSSqzFdberGaiRTDbavdTIDfpYmX8jyyP1Rg5j1S3rppeHeBixA2fcdrWSRQIDAQAB
 +</code>
 +
 +=== Mail Tester ===
 +
 +[[http://www.mail-tester.com/|Mail Tester]] is a great site that you can send emails to and see how it is regarded by other mail servers.  It will give recommendations on how to improve SPF records, DKIM signing, SpamAssassin results, etc.
 +
 +You can use ''mailx'' to send email directly.  When using it, set the ''From:'' address properly as it would be sent:
 +
 +<code>
 +echo testing email | mail -r [email protected] -s testing [mail-checker address] 
 +</code>

Trace:

Navigation
QR Code
QR Code mail_servers (generated for current page)