Part 14. DNS configuring for the mail server. SPF, DKIM, DMARC

The list of articles cycle

 

For correct operation of the mail server requires correct DNS configuration.

In our domain zone, at least, we must have MX records. It is also desirable to create the reverse record, SPF, DKIM and DMARC

 

Basic DNS settings

In order for other servers to know that our server is accepting mail for our domain, the following settings must be created in the zone description:

  1. Create an A record for our server (forward zone)
  2. Create MX record specifying priority and with our domain name
  3. Send request to the provider, hoster, or other entity that provided us with an IP address, requesting to provide a reverse zone (PTR-record) for our IP address with the name from the forward zone.

Part 13. GreyListing.

The list of articles cycle

The work of gray lists is based on the fact that spammers in case of sending errors often do not send the letter a second time, and legitimate mail servers will try to send a letter for at least two days.

When the message is received for the first time our server returns an error 450 (message not accepted due to a temporary error) and terminates the session,

After a specified timeout (default 300 seconds) the message will be accepted and address of the sender server will be temporary whitelisted. The server will stay in this list for 35 days since the last successful session by default

 

Let’s install the necessary software

# apt install postgrey

Part 9. Encrypt mail traffic

The list of articles cycle

 

It's quite dangerous to use unencrypted traffic on the mail server.This is not due to the interception of emails, but to the fact that an attacker can intercept a user's login and password from a user and use this information to send spam messages.

Encryption uses SSL certificates. If we can buy a certificate from a certification authority - then buy, if not, generate self-signed certificate. This is done by the command:

openssl req -new -nodes -x509 -out smtpd.pem -keyout smtpd.pem -days 3650

Part 8. Set up mail server authentication through the OpenLDAP

The list of articles cycle

OpenLDAP is an open implementation of LDAP, developed by the OpenLDAP project, distributed under its own free OpenLDAP Public License.

OpenLDAP consists of three main components:

  • slapd - an independent LDAP daemon and related overlays and tools;
  • libraries that implement LDAP protocol;
  • utilities, tools and auxiliary clients

Part 7. Alternative methods for storing user settings. Using Windows AD.

The list of articles cycle

In large organizations, mail servers and other services are often integrated with the Windows AD

Assume that we have Windows domain named the study.local and there is a special user mailadmin with the password mailadmin. And he has permissions to read from the LDAP tree. The domain controller has the address 192.168.0.10. Domain users must have aт attribute “mail filled in. It should contain the mailing address of the user. Domain groups are created to work with mail aliases. They also fill in the attribute mail”. Letters that arrive to such groups must be forwarded to all users who are their members.  

Part 5. Mail traffic routing. Authorization on a upstream server.

The list of articles cycle

Typically, you do not need to configure mail traffic routing. All messages will be routed automatically, according to MX records in the DNS of the recipient domain. But there are exceptions to this rule. Using the transport_maps option, you can explicitly specify the server to which the mail will be sent for the specific domain.

Part 4. Set up the automatic creation of hidden copies of messages.

The list of articles cycle

Sometimes it is necessary to create copies of messages and send them to another address. For this purpose, Postfix has a mechanism for creating hidden copies (bcc – blind carbon copy)

You can create these copies based on the sender or recipient addresses. To do this, you can use the sender_bcc_maps or recipient_bcc_maps parameters in the main.cf file.

Mail server configuring. Part 3. RoundCube Webmail

The list of articles cycle

Mail web client RoundCube

RoundCube Webmail is a web-based IMAP email client. Roundcube's most prominent feature is the pervasive use of Ajax technology. After about two years of development, the first stable release of Roundcube was announced in early 2008. Roundcube is written in PHP and can be employed in conjunction with a LAMP "stack", or any other operating system that supports PHP are supported as well.

Roundcube is free and open-source software subject to the terms of the GNU General Public License (GPL) with exceptions for skins and plugins.

Mail server configuring. Part 1. Installation and basic configuration for Postfix and Dovecot.

I'm starting to publish a series articles about Postfix and Dovecot mail server configuring.

Today will be the first part - Installation and basic configuration of Postfix and Dovecot.

The list of articles cycle