SMTP server configuration: Difference between revisions

From Woozle Writes Code
Jump to navigation Jump to search
No edit summary
 
(6 intermediate revisions by the same user not shown)
Line 20: Line 20:
This is also the protocol which lets you request reports from other SMTP servers (like GMail) regarding compliance -- so that looks like a powerful tool for finding out if your configuration passes muster with them.
This is also the protocol which lets you request reports from other SMTP servers (like GMail) regarding compliance -- so that looks like a powerful tool for finding out if your configuration passes muster with them.
==Domains==
==Domains==
Relevant DNS entries for relevant domains include:
I'll track changes to relevant DNS records on relevant domains here as I make them.
===hypertwins.org===
* [[/v1]]: this is how things were set before I made any changes
{| class="wikitable"
|-
| MX
| hypetwins.org
|
{| class="wikitable"
| mail.vbz.net. || 10
|}
| 14400
|-
| TXT
| hypertwins.org
| v=spf1 mx mx:mail.vbz.net a a:mail.vbz.net  ~all
| 3600
|}


===toot.cat===
Proposed changes:
{| class="wikitable"
==Tests==
{| class="wikitable sortable"
! "from" domain !! software !! sent to !! result
|-
|-
| MX
| woozalia.com || Roundcube || Gmail || OK
| toot.cat
| <table class=wikitable><tr><td>toot.cat.</td><td>10</td></tr></table>
| 14400
|-
|-
| TXT
| wooz.dev || Roundcube || Gmail || no response yet
| toot_cat._domainkey.toot.cat
| v=DKIM1; h=sha256; k=rsa;p=MIIBIjAN''{{faint|[..long string..]}}''4yQIDAQAB
| 1800
|-
|-
| TXT
| woozalia.com || Roundcube || Outlook || IP blocked
| _dmarc.toot.cat
| v=DMARC1; p=reject; rua=mailto:tootmaster2021@wooz.dev
|-
|-
| TXT
| hypertwins.org || Roundcube || Gmail || OK
| toot.cat
| v=spf1 mx ip4:143.244.160.92 ip6:2604:a880:400:d0::2354:2001 -all
| 1800
|}
 
===wooz.dev===
{| class="wikitable"
|-
|-
| TXT
| hypertwins.org || phpBB || wooz.dev || OK
| toot.cat._report._dmarc.wooz.dev
| v=DMARC1
| 3600
|-
|-
| TXT
| woozalia.com || phpBB || wooz.dev || OK
| wooz.dev
| v=spf1 mx mx:hypertwins.org mx:ownedbycats.org mx:woozalia.com a    -all
| 3600
|}
===woozalia.com===
{| class="wikitable"
|-
|-
| TXT
| woozalia.com || phpBB || Gmail || no response yet
| woozalia.com
| v=spf1 mx mx:mail.vbz.net a a:mail.vbz.net  ~all
| 3600
|}
|}
==External Reading==
* '''2022-09-03''' [https://jan.wildeboer.net/2022/09/Email-3-TheRest/ E-Mail Done My Way, Part 3 - DKIM/DMARC/SPF]

Latest revision as of 12:40, 23 August 2023

This page is, for now, notes towards trying to configure our outgoing email servers so that at least GMail won't bounce notifications from apps like phpBB. The primary return-address domains I want to configure are:

  • hypertwins.org
  • woozalia.com
  • wooz.dev

There seem to be several necessary anti-spam protocols: SPF, DKIM, and DMARC.

For clues, I can look at the configuration of TootCat -- I'm pretty sure we configured it with all three.

Protocols

The DNS records for of these are TXT records. DKIM and DMARC use only name=value tags separated by semicolons (SPF is a little different). There appears to have been a lot of controversy around the adoption of these standards, and it seems likely that the unofficial standard of using these particular three is largely defined by what the major players (especially Google) choose to use and support.

SPF (Sender Policy Framework)

SPF is relatively simple, I think? Last I remember, there's a web tool to help build the necessary TXT records... but I think those domains may already be configured. Will check that.

DKIM (DomainKeys Identified Mail)

This has two parts:

  • public key in domain's DNS record
  • public key attached to email somehow (shouldn't that be "email signed by private key"?

DMARC (Domain-based Message Authentication, Reporting and Conformance)

This also requires a DNS entry. (I started to document here how it works, but decided to move the generally-applicable stuff to HTYP. It looks like it can be very simple, but also can be quite complex depending on how you want it to work.

This is also the protocol which lets you request reports from other SMTP servers (like GMail) regarding compliance -- so that looks like a powerful tool for finding out if your configuration passes muster with them.

Domains

I'll track changes to relevant DNS records on relevant domains here as I make them.

  • /v1: this is how things were set before I made any changes

Proposed changes:

Tests

"from" domain software sent to result
woozalia.com Roundcube Gmail OK
wooz.dev Roundcube Gmail no response yet
woozalia.com Roundcube Outlook IP blocked
hypertwins.org Roundcube Gmail OK
hypertwins.org phpBB wooz.dev OK
woozalia.com phpBB wooz.dev OK
woozalia.com phpBB Gmail no response yet

External Reading