Hey David,
yea, I also had the same issue about my mails ending up in spam filters
at first until I figured out the issue. As I'm a german and have to deal
with officials there's another thing specific to germany that can drive
you absolut nuts: EMIG and DE-Mail.
EMIG is short for "e-mail made in germany" and was/is some rather stupid
idea of politicians to increase security of e-mails overall - but it has
many flaws.
DE-Mail is a collab with physical postal mail. The reason are some
german laws about what counts as valid and what is just an information.
In germany, if you have a law case, or even just want to cancel a
contract, this has to be done via postal mail - a real world physical
letter. Only this way the german law accept it as valid. If you just
write a simple mail with "I hereby cancel my contract" is only "an
information" - but not a valid cancelation. DE-Mail is a paid service my
german mail Deutsche Post where you have to register in person at your
next post office, and pay for every single mail/letter. The postal
service then takes care that this e-mail is handled like any other
regular letter. By this, it has the same "right" to be accepted as a
valid contract cancelation.
Here's the catch: Both systems, EMIG and DE-Mail, are closed systems to
only their participants, namely german government, german post service,
1&1, Vodafone and german Telekom. Only mails between them are accepted
by these to special services, and mails from officials can only send to
these three companies.
No matter what of a fort knox you set up as your mail server - if you're
not part of that party you lost - end of story. Ok, it doesn't really
matter as a) every customer of the three mentioned companies have at
least one of such special mailbox anyway - and all three offer free
mailboxes.
What I'd like to say with this little WoT: Although SPF, DKIM, DMARC and
even things like S/MIME and PGP are things a mail server admin has to
care about - there'Re even government size oddities one has to consider.
And although the mess in germany is one of its kind - I guess there're
similar stuff all over the world.
Matt
Am 29.09.2020 um 08:40 schrieb David Matthews:
hello aain
I got "inspired" by this topic to write down a guide myself. Although I
only have SPF set up right now I may take the time to also have a look
into DKIM and DMARC. It won't be perfect, but same as with Davids guide:
It should others new to James get started.
I should clarify my attitude to SPF/DKIM/DMARC
I do check incoming mail SPF coz it's easy in both James and exim4, so why not,
although checking incoming mail against online blacklists (DNSBL) pretty much
solves the spam problem. I don't bother to check DKIM or DMARC.
My experience is that you must implement SPF and DKIM for domains you are
hosting as if you don't gmail, hotmail and other mega providers will put your
outgoing mail in spam boxes without warning you - the logs will say queued for
delivery / accepted. You may as well have DMARC as well although I can't see
the point of it from a technical point of view.
SPF and DMARC for your hosted domains is a DNS issue rather than an issue for
james/exim4 or whatever. DKIM is a two part thing - you must have a public key
in the domains' DNS and james/exim4 must sign outgoing mail with the
corresponding private key.
Fully dealt with at
https://dmatthews.org/email_auth.html
except that I've only done the DNS on a tinyDNS based system. I'd love to add
info for BIND and I'll credit anyone who provides that in my writeup.
--
David Matthews
m...@dmatthews.org
---------------------------------------------------------------------
To unsubscribe, e-mail: server-user-unsubscr...@james.apache.org
For additional commands, e-mail: server-user-h...@james.apache.org
---------------------------------------------------------------------
To unsubscribe, e-mail: server-user-unsubscr...@james.apache.org
For additional commands, e-mail: server-user-h...@james.apache.org
