Re: How to setup a "clean MTA" in 2019?
Hello, - setup the mta to use a EHLO name matching DNS for the IP I continually get that the two do not match using the various email testers. Yet the domain names do indeed match. Care to share the logs of one of those testers? When your server says "EHLO mx1.example.com" then the reverse DNS of the connected IP also has to be mx1.example.com. A beginner's trap on systems with more than one IP address is to forget to explicitly set the right outgoing address. (Via src in the action directive.) Don't forget IPv6. -- You received this mail because you are subscribed to misc@opensmtpd.org To unsubscribe, send a mail to: misc+unsubscr...@opensmtpd.org
Re: How to setup a "clean MTA" in 2019?
On Wed, Apr 03, 2019 at 11:36:22AM +0200, Gilles Chehade wrote: > My very own minimal would be: > - have a dedicated IP address for mail with correct rDNS and fc-rDNS Right now I am using the same IP as the websites I have for each. Should I use a different IP just for email? This is not a problem to do. > - setup the mta to support TLS (if needed, not the case on OpenSMTPD) Got this > - setup the mta to use a EHLO name matching DNS for the IP I continually get that the two do not match using the various email testers. Yet the domain names do indeed match. I don't know what to make of this. I have no problems sending or receiving email at all. Godaddy is where I have my domains registered, but they specifically say that they do not support DNS for sites not hosted on their servers. That has led me down the path of learning to be my own hostmaster. I have finally found a page that explains the strange setup I need to request for only a small range of IP addresses. Hurrah! But I'm not quite ready to venture out into that myself. But learning this has been fun so far. Do you think that being hostmaster will solve that problem? > - setup SPF Good here > - setup DKIM Not yet, given above problems > > That would be my very very very very minimum requirements. > Thanks, Chris Bennett -- You received this mail because you are subscribed to misc@opensmtpd.org To unsubscribe, send a mail to: misc+unsubscr...@opensmtpd.org
Re: How to setup a "clean MTA" in 2019?
On Wed 03/04 11:36, Gilles Chehade wrote: > On Tue, Apr 02, 2019 at 01:02:20PM +0200, Joel Carnat wrote: > > Hi, > > > > Hi, > > > Reading the Internet and looking at actual public DNS records and email > > headers, there seem to be disagreements regarding the usage of things > > like DMARC/DKIM/SPF. Some discussions are sometimes old (like 2014) and > > have not been rediscussed recently. > > > > So far, I identified the followings: > > - MUST: have a proper Reverse DNS > > - MUST: have a proper HELO/EHLO value (matching DNS) > > - MAY: have SPF configured to announce official MTA > > - MAY: have DKIM configured to sign outgoing emails > > - MAY: have DMARC set with p=none // many MTA won't check > > - DONT: have DMARC set with p=(quarantine|reject) // may break things > > > > What would be the recommandations from the OpenSMTPD project as of 2019 > > when one want to setup an MTA? Are those MUST/MAY/DONT correct? Are > > there more things to add to this checklist? > > > > Thank you. > > > > No wonder there is no consensus: there's no "right" list, it depends for > the most part on the reputation of the sender (reputation being trickier > than just "IP reputation" as most people think) so different people will > have different experience of what works and what doesn't. > > I will write an in-depth article describing my way of modeling this, but > in the mean time I'll tell you the following: > > Today, SMTP exchanges rely on a proof of work. > > Some recipient domains require a lot of work from senders, others won't, > and with that in mind your list of things to setup may differ on who you > are sending from, who you are sending to, the volumes of mails you send, > the type of mails you send, etc... > > My very own minimal would be: > - have a dedicated IP address for mail with correct rDNS and fc-rDNS > - setup the mta to support TLS (if needed, not the case on OpenSMTPD) > - setup the mta to use a EHLO name matching DNS for the IP > - setup SPF > - setup DKIM > > That would be my very very very very minimum requirements. Great. Thanks! -- You received this mail because you are subscribed to misc@opensmtpd.org To unsubscribe, send a mail to: misc+unsubscr...@opensmtpd.org
Re: How to setup a "clean MTA" in 2019?
On Tue, Apr 02, 2019 at 01:02:20PM +0200, Joel Carnat wrote: > Hi, > Hi, > Reading the Internet and looking at actual public DNS records and email > headers, there seem to be disagreements regarding the usage of things > like DMARC/DKIM/SPF. Some discussions are sometimes old (like 2014) and > have not been rediscussed recently. > > So far, I identified the followings: > - MUST: have a proper Reverse DNS > - MUST: have a proper HELO/EHLO value (matching DNS) > - MAY: have SPF configured to announce official MTA > - MAY: have DKIM configured to sign outgoing emails > - MAY: have DMARC set with p=none // many MTA won't check > - DONT: have DMARC set with p=(quarantine|reject) // may break things > > What would be the recommandations from the OpenSMTPD project as of 2019 > when one want to setup an MTA? Are those MUST/MAY/DONT correct? Are > there more things to add to this checklist? > > Thank you. > No wonder there is no consensus: there's no "right" list, it depends for the most part on the reputation of the sender (reputation being trickier than just "IP reputation" as most people think) so different people will have different experience of what works and what doesn't. I will write an in-depth article describing my way of modeling this, but in the mean time I'll tell you the following: Today, SMTP exchanges rely on a proof of work. Some recipient domains require a lot of work from senders, others won't, and with that in mind your list of things to setup may differ on who you are sending from, who you are sending to, the volumes of mails you send, the type of mails you send, etc... My very own minimal would be: - have a dedicated IP address for mail with correct rDNS and fc-rDNS - setup the mta to support TLS (if needed, not the case on OpenSMTPD) - setup the mta to use a EHLO name matching DNS for the IP - setup SPF - setup DKIM That would be my very very very very minimum requirements. -- Gilles Chehade @poolpOrg https://www.poolp.org tip me: https://paypal.me/poolpOrg -- You received this mail because you are subscribed to misc@opensmtpd.org To unsubscribe, send a mail to: misc+unsubscr...@opensmtpd.org
