Differences
This shows you the differences between two versions of the page.
Both sides previous revision Previous revision Next revision | Previous revision | ||
email_protection_resources [2018/01/14 09:51] Stephane de Labrusse |
email_protection_resources [2021/03/23 18:02] (current) Stephane de Labrusse [How to check it ?] |
||
---|---|---|---|
Line 3: | Line 3: | ||
The email server is a central communication hub for your company. It needs to be protected and secured against spam, but also you must be sure that your emails are correctly delivered to your recipients and not rejected or tagged as spam by other platforms like Google Apps, Outlook 365, etc. | The email server is a central communication hub for your company. It needs to be protected and secured against spam, but also you must be sure that your emails are correctly delivered to your recipients and not rejected or tagged as spam by other platforms like Google Apps, Outlook 365, etc. | ||
- | Around an Email Server, you have always methods to verify the emails are not sent by a spam host, like SPF, DKIM, DMARC, rDNS: This is what we will talk. In all probability if you do not configure properly all of these authentication methods your email will be refused. | + | Around an Email Server, you have always methods to verify the emails are not sent by a spam host, like SPF, DKIM, DMARC, rDNS: This is what we will talk. In all probability if you do not configure properly all of these authentication methods your email will be refused. For the impatient, they can check now and see what they have to configure: go to https:// |
- | For the impatient, they can check now and see what they have to configure: go to https://www.mail-tester.com and send an email to the address given (only three free tests per day). Think to remove your smarthost sender if you have one configured. | + | It is easy to install and create a mail server with nethserver, but you must configure |
<WRAP center round important 60%> | <WRAP center round important 60%> | ||
Line 38: | Line 38: | ||
The purpose of DNS is to use easy to remember domain names for websites instead of their numeric IP addresses. It also enables website owners to change their web hosts without changing domain names. Website owners can simply change the DNS entry for their domain name and point to their new web host’s name servers. | The purpose of DNS is to use easy to remember domain names for websites instead of their numeric IP addresses. It also enables website owners to change their web hosts without changing domain names. Website owners can simply change the DNS entry for their domain name and point to their new web host’s name servers. | ||
- | <WRAP center round todo 60%> | + | |
- | It is easy to install and create a mail server with nethserver, but you must configure the DNS zone of your domain name in the settings of your public DNS provider, we want to explain all the mandatory DNS records. | + | |
- | </ | + | |
- | + | ||
===== DNS ===== | ===== DNS ===== | ||
Line 64: | Line 61: | ||
</ | </ | ||
- | ===How to check it=== | + | ===How to check it ?=== |
The domain must be tested | The domain must be tested | ||
Line 80: | Line 77: | ||
164.132.xxx.xxx | 164.132.xxx.xxx | ||
</ | </ | ||
+ | |||
=== sub.domain.com === | === sub.domain.com === | ||
- | Nethserver creates several sub domain by default to be reached from outside or internally (check / | + | Nethserver creates several sub domain by default to be reached from outside or internally (check / |
**At minimal you must create these sub.domains and set the ' | **At minimal you must create these sub.domains and set the ' | ||
Line 116: | Line 114: | ||
</ | </ | ||
- | ===How to check it=== | + | ===How to check it ?=== |
Each subdomain must be tested | Each subdomain must be tested | ||
Line 160: | Line 158: | ||
</ | </ | ||
- | ===How to check it=== | + | ===How to check it ?=== |
* Web tools | * Web tools | ||
Line 206: | Line 204: | ||
- | ====How to check it==== | + | ====How to check it ?==== |
* Web tools | * Web tools | ||
Line 240: | Line 238: | ||
< | < | ||
- | PTR record YourIpProvider | + | set PTR record YourIpProvider |
</ | </ | ||
- | ====How to check it==== | + | ====How to check it ?==== |
* Web tools | * Web tools | ||
Line 259: | Line 257: | ||
</ | </ | ||
+ | You can check also by comparing this two commands in the terminal | ||
+ | |||
+ | < | ||
+ | / | ||
+ | reverseIP. | ||
+ | / | ||
+ | publicIP. | ||
+ | </ | ||
+ | |||
+ | the reverseIP. found must match the publiIP retrieved in the second command line. | ||
=====SPF and SenderID===== | =====SPF and SenderID===== | ||
Line 304: | Line 312: | ||
* [[https:// | * [[https:// | ||
- | ====How to check it==== | + | ====How to check it ?==== |
* Web tools | * Web tools | ||
https:// | https:// | ||
Line 330: | Line 338: | ||
Dkim is really simple with NethServer, go to the email panel and allow DKIM in the setting of your domain, then retrieve the digital key of this domain. Then this key must be saved in a **TXT record** in your (external) public DNS provider. | Dkim is really simple with NethServer, go to the email panel and allow DKIM in the setting of your domain, then retrieve the digital key of this domain. Then this key must be saved in a **TXT record** in your (external) public DNS provider. | ||
- | DKIM needs to be configured in the public DNS. You must create a **TXT** record ' | + | DKIM needs to be configured in the public DNS. You must create a **TXT** record '%%default._domainkey%%' or '%%default._domainkey.domain.com%%' in the DNS zone of your provider. **Your DKIM selector is default** |
< | < | ||
Line 341: | Line 349: | ||
====How to configure it ?==== | ====How to configure it ?==== | ||
* [[https:// | * [[https:// | ||
- | ====How to check it==== | + | ====How to check it ?==== |
* Web tools | * Web tools | ||
https:// | https:// | ||
Line 379: | Line 387: | ||
</ | </ | ||
- | ==== How to check it ==== | + | Here's a more complex DMARC entry for the test domain DMARC site: |
+ | |||
+ | < | ||
+ | v=DMARC1; p=quarantine; | ||
+ | </ | ||
+ | |||
+ | * The " | ||
+ | * The adkim and aspf options define how strictly DKIM and SPF policy should be applied, with ' | ||
+ | * The RUA provides an address for aggregate data reports, while the RUF provides an address for forensic reports | ||
+ | ==== How to check it ?==== | ||
* Web tools | * Web tools | ||