[...] I didn't bother with DKIM until Google started mandating it for
example [...[
Hm... do you have a reference for that? I don't have that experience
with gmail servers. Also I don't find info about that being mandatory,
online.
On Fri, Sep 08, 2023 at 08:24:38AM +1000, Stuart Longland wrote:
On 7/9/23 20:44, Sagar Acharya wrote:
Let the mail providers have their setups. Is it possible to have a
configuration where I have 2 servers, example.com example2.com where I can send
and receive emails on ports say, 777 on plaintext, starttls optional and port
778 with smtps?
Give me a configuration for such a thing.
humaaraartha.in. TXT "v=spf1 ipv4:{myipv4address} -all"
humaaraartha.in. TXT "resports:777,778"
humaaraartha.in. humaaraartha.in. MX 10 humaaraartha.in.
humaaraartha.in. A {myipv4address}
That is all you have, nothing more for both servers. Can you help me send and recieve mails on ports 777,778 with just above DNS and smtpd? I can add SRV records for detection of ports 777, 778 if you want.
Okay, not quite sure what the "resports" TXT record is achieving (a
quick search on the topic didn't reveal any documentation on how it
was supposed to work or correct syntax). I won't labour the point
about outgoing port 25 traffic since others have covered this already.
You can of course use different ports between servers on an
agreed-upon manner. e.g. say we have a server, bnemx.vk4msl.com,
running OpenSMTPD:
vk4msl-bne# cat /etc/mail/smtpd.conf
# $OpenBSD: smtpd.conf,v 1.14 2019/11/26 20:14:38 gilles Exp $
# This is the smtpd server system-wide configuration file.
# See smtpd.conf(5) for more information.
#table aliases file:/etc/mail/aliases
table virtualdomains file:/etc/mail/virtualdomains
table virtualusers file:/etc/mail/virtualusers
pki bnemx cert "/etc/ssl/bnemx.vk4msl.com.fullchain.pem"
pki bnemx key "/etc/ssl/private/bnemx.vk4msl.com.key"
pki bnemx dhe auto
listen on socket
listen on all tls pki bnemx
… etc, I won't post the full config.
Those `listen` lines are the key, from smtpd.conf manpage:
listen on interface [family] [options]
Listen on the interface for incoming connections, using the same
syntax as ifconfig(8). The interface parameter may also be an
interface group, an IP address, or a domain name. Listening can
optionally be restricted to a specific address family, which can
be either inet4 or inet6.
In amongst the options:
port [port]
Listen on the given port instead of the default port 25.
So if I chose to, I could add:
listen on all port 777
and then re-start smtpd, I'd now be listening on port 777.
You could then tell your SMTP server to send to port 777 when sending
to my domain.
But doing so would be useless:
- no one else would bother using port 777/tcp: they would most likely
use port 25
- you wouldn't be able to send to any other server, unless they too,
chose to use port 777/tcp.
If you have a good proposal for how such alternative ports could be
advertised (maybe via DNS TXT record), perhaps you could propose that
as a Request For Comment to the Internet Engineering Task Force… and
maybe if enough people thought it was a good idea, it would be adopted
with its own official RFC number (like RFC-821, later replaced by
RFC-2821 and RFC-5321).
That though, won't mean instant ability to pick your own port number.
The "alternate port number" feature would then need to be added to the
various SMTP servers out there. Then sysadmins would need to install
that version.
This may take years, or even never happen in some cases. (Qmail is
still IPv4-only because the author believes IPv6 is unnecessary.)
Regardless of what you think of spam or how to fight it, the truth is
the small fish don't make the rules in this game. You and I are small
fish. I've been mucking around with mail servers pretty much this
whole century so far.
I started with trialling something over dial-up (ever seen a 56kbps
modem screaming under the strain of an outbound mail queue stuffed
with spam? I have!)… moved to using Sendmail on an old Slackware
server hosted on ADSL with 2GB SCSI disks and a self-signed HTTPS
certificate for webmail in 2001. Been running my own server ever
since.
It's not impossible to do it yourself, and dealing with spam is a
constant cat-and-mouse game. Things have become more complex out of
necessity (I didn't bother with DKIM until Google started mandating it
for example), but even then, not overly difficult.
The minimum standard however has changed over the years as
requirements changed. That includes:
- outbound SMTP unblocked -- pretty much since forever since that's
how TCP/IP works
- static IPv4 -- dynamic IPv4 has not been possible since ~2004 or so
- SPF DNS records -- since ~2010 or so
- DKIM signing and DMARC policies -- since ~2020
Some day, IPv6 may be a requirement as the IPv4 address space dries up.
It's no good "wishing" it to be different. In the future it may
become impossible for me to run my own server on the home connection,
and I may have to look into alternate mail arrangements.
At least you don't have to ask for your chosen host name to be added
to the "master" /etc/hosts file. We have this thing called "DNS".
Unless you can convince some very high-profile SMTP server operators,
many of whom do not read this list (e.g. the admins of Gmail,
Office365, etc), nothing much will change.
--
Stuart Longland (aka Redhatter, VK4MSL)
I haven't lost my mind...
...it's backed up on a tape somewhere.
