SMTP server configuration: Difference between revisions
No edit summary |
No edit summary |
||
| Line 19: | Line 19: | ||
Relevant DNS entries for relevant domains include: | Relevant DNS entries for relevant domains include: | ||
===hypertwins.org=== | ===hypertwins.org=== | ||
{| | {| class="wikitable" | ||
|- | |- | ||
| MX | | MX | ||
| Line 32: | Line 32: | ||
|} | |} | ||
===toot.cat=== | ===toot.cat=== | ||
{| | {| class="wikitable" | ||
|- | |- | ||
| MX | | MX | ||
| Line 42: | Line 42: | ||
| TXT | | TXT | ||
| toot_cat._domainkey.toot.cat | | toot_cat._domainkey.toot.cat | ||
| v=DKIM1; h=sha256; k=rsa;p=MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAunilnmjRTyC8TOdUEFLZuFTLvav31UKfeMU6v3hLp5VoFVRJHpT4ikc2l4euh8bHgMHO4q8EZpBh4YvWnTDaUYYW804b7r6exacVvK0zA3FQKQR3naPBESJ1k3Fa8ccc4nGCfGozreGeKTtzP14FFkcvClLLLoCSqjNvnM4+PLQXQyR+NTKuiwcKW5PzVKakmoqmBjDDp1mQLGqDmwJ6GhQkUYqzmJ4bhcSZso7zTBGPiRfMD+tW8HPhbXS1/MQluzqMfzrsprT+z8x/aRm7S2NAYee7dhWk6wqc/BS5Yzr9CUB4iHN2GozmKyPhDtlvpDb7fFZYGWzaeMj2btU4yQIDAQAB | | style="overflow:scroll;" | v=DKIM1; h=sha256; k=rsa;p=MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAunilnmjRTyC8TOdUEFLZuFTLvav31UKfeMU6v3hLp5VoFVRJHpT4ikc2l4euh8bHgMHO4q8EZpBh4YvWnTDaUYYW804b7r6exacVvK0zA3FQKQR3naPBESJ1k3Fa8ccc4nGCfGozreGeKTtzP14FFkcvClLLLoCSqjNvnM4+PLQXQyR+NTKuiwcKW5PzVKakmoqmBjDDp1mQLGqDmwJ6GhQkUYqzmJ4bhcSZso7zTBGPiRfMD+tW8HPhbXS1/MQluzqMfzrsprT+z8x/aRm7S2NAYee7dhWk6wqc/BS5Yzr9CUB4iHN2GozmKyPhDtlvpDb7fFZYGWzaeMj2btU4yQIDAQAB | ||
| 1800 | | 1800 | ||
|- | |- | ||
Revision as of 16:22, 12 August 2022
This page is, for now, notes towards trying to configure our outgoing email servers so that at least GMail won't bounce notifications from apps like phpBB. The primary return-address domains I want to configure are:
- hypertwins.org
- woozalia.com
- wooz.dev
There seem to be several necessary anti-spam protocols: SPF, DKIM, and DMARC.
For clues, I can look at the configuration of toot.cat -- I'm pretty sure we configured it with all three.
Protocols
SPF (Sender Policy Framework)
SPF is relatively simple, I think? Last I remember, there's a web tool to help build the necessary TXT records... but I think those domains may already be configured. Will check that.
DKIM (DomainKeys Identified Mail)
This has two parts:
- public key in domain's DNS record
- public key attached to email somehow (shouldn't that be "email signed by private key"?
DMARC (Domain-based Message Authentication, Reporting and Conformance)
This also requires a DNS entry which contains machine-readable instructions for any message recipient to automatically authenticate an incoming message. The server receiving any message can check the "from" domain's DNS for a DMARC record. If one is found, the message will be accepted only if it passes the test. Some large email services (such as GMail) will tend to reject messages whose "from" domain does not have a DMARC record.
Domains
Relevant DNS entries for relevant domains include:
hypertwins.org
| MX | hypetwins.org | mail.vbz.net. | 10 | 14400 |
| TXT | hypertwins.org | v=spf1 mx mx:mail.vbz.net a a:mail.vbz.net ~all |
toot.cat
| MX | toot.cat | toot.cat. | 10 | 14400 |
| TXT | toot_cat._domainkey.toot.cat | v=DKIM1; h=sha256; k=rsa;p=MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAunilnmjRTyC8TOdUEFLZuFTLvav31UKfeMU6v3hLp5VoFVRJHpT4ikc2l4euh8bHgMHO4q8EZpBh4YvWnTDaUYYW804b7r6exacVvK0zA3FQKQR3naPBESJ1k3Fa8ccc4nGCfGozreGeKTtzP14FFkcvClLLLoCSqjNvnM4+PLQXQyR+NTKuiwcKW5PzVKakmoqmBjDDp1mQLGqDmwJ6GhQkUYqzmJ4bhcSZso7zTBGPiRfMD+tW8HPhbXS1/MQluzqMfzrsprT+z8x/aRm7S2NAYee7dhWk6wqc/BS5Yzr9CUB4iHN2GozmKyPhDtlvpDb7fFZYGWzaeMj2btU4yQIDAQAB | 1800 | |
| TXT | _dmarc.toot.cat | v=DMARC1; p=reject; rua=mailto:tootmaster2021@wooz.dev | ||
| TXT | toot.cat | v=spf1 mx ip4:143.244.160.92 ip6:2604:a880:400:d0::2354:2001 -all | 1800 |