SMTP server configuration: Difference between revisions

This page is, for now, notes towards trying to configure our outgoing email servers so that at least GMail won't bounce notifications from apps like phpBB. The primary return-address domains I want to configure are:

• hypertwins.org
• woozalia.com
• wooz.dev

There seem to be several necessary anti-spam protocols: SPF, DKIM, and DMARC.

For clues, I can look at the configuration of toot.cat -- I'm pretty sure we configured it with all three.

Protocols

The contents of the DNS records for all three of these use name=value tags separated by semicolons.

SPF (Sender Policy Framework)

SPF is relatively simple, I think? Last I remember, there's a web tool to help build the necessary TXT records... but I think those domains may already be configured. Will check that.

DKIM (DomainKeys Identified Mail)

This has two parts:

• public key in domain's DNS record
• public key attached to email somehow (shouldn't that be "email signed by private key"?

DMARC (Domain-based Message Authentication, Reporting and Conformance)

This also requires a DNS entry. (I started to document here how it works, but decided to move the generally-applicable stuff to HTYP. It looks like it can be very simple, but also can be quite complex depending on how you want it to work.

This is also the protocol which lets you request reports from other SMTP servers (like GMail) regarding compliance -- so that looks like a powerful tool for finding out if your configuration passes muster with them.

Domains

Relevant DNS entries for relevant domains include:

hypertwins.org

toot.cat