Differences

This shows you the differences between two versions of the page.

Link to this comparison view

Both sides previous revision Previous revision
Next revision
Previous revision
email_protection_resources [2018/01/14 04:10]
Stephane de Labrusse [How to configure it ?]
email_protection_resources [2018/05/26 15:24] (current)
Dan Brown [How to configure it?] remove errant italics
Line 3: Line 3:
 The email server is a central communication hub for your company. It needs to be protected and secured against spam, but also you must be sure that your emails are correctly delivered to your recipients and not rejected or tagged as spam by other platforms like Google Apps, Outlook 365, etc. The email server is a central communication hub for your company. It needs to be protected and secured against spam, but also you must be sure that your emails are correctly delivered to your recipients and not rejected or tagged as spam by other platforms like Google Apps, Outlook 365, etc.
  
-Around an Email Server, you have always methods to verify the emails are not sent by a spam host, like SPF, DKIM, DMARC, rDNS: This is what we will talk. In all probability if you do not configure properly all of these authentication methods your email will be refused.+Around an Email Server, you have always methods to verify the emails are not sent by a spam host, like SPF, DKIM, DMARC, rDNS: This is what we will talk. In all probability if you do not configure properly all of these authentication methods your email will be refused. For the impatient, they can check now and see what they have to configure: go to https://​www.mail-tester.com and send an email to the address given (only three free tests per day). Think to remove your smarthost sender if you have one configured.
  
-For the impatientthey can check now and see what they have to configure: go to https://www.mail-tester.com and send an email to the address given (only three free tests per day). Think to remove your smarthost sender if you have one configured.+It is easy to install and create a mail server with nethserver, but you must configure ​the DNS zone of your domain name in the settings of your public DNS providerwe want to detail all the mandatory DNS recordsThis settings are really important it is likely the phone number of your serverAs a side note, the DNS is not relevant of the email server, it is used by all services which need to be reachable on internet.
  
 <WRAP center round important 60%> <WRAP center round important 60%>
Line 38: Line 38:
 The purpose of DNS is to use easy to remember domain names for websites instead of their numeric IP addresses. It also enables website owners to change their web hosts without changing domain names. Website owners can simply change the DNS entry for their domain name and point to their new web host’s name servers. The purpose of DNS is to use easy to remember domain names for websites instead of their numeric IP addresses. It also enables website owners to change their web hosts without changing domain names. Website owners can simply change the DNS entry for their domain name and point to their new web host’s name servers.
  
-<WRAP center round todo 60%> +
-It is easy to install and create a mail server with nethserver, but you must configure the DNS zone of your domain name in the settings of your public DNS provider, we want to explain all the mandatory DNS records. ​  +
-</​WRAP>​ +
- +
 ===== DNS ===== ===== DNS =====
  
Line 331: Line 328:
 Dkim is really simple with NethServer, go to the email panel and allow DKIM in the setting of your domain, then retrieve the digital key of this domain. Then this key must be saved in a **TXT record** in your (external) public DNS provider. Dkim is really simple with NethServer, go to the email panel and allow DKIM in the setting of your domain, then retrieve the digital key of this domain. Then this key must be saved in a **TXT record** in your (external) public DNS provider.
  
-DKIM needs to be configured in the public DNS. You must create a **TXT** record '​default._domainkey'​ or '​default._domainkey.domain.com'​ in the DNS zone of your provider. **Your DKIM selector is default**+DKIM needs to be configured in the public DNS. You must create a **TXT** record '%%default._domainkey%%' or '%%default._domainkey.domain.com%%' in the DNS zone of your provider. **Your DKIM selector is default**
  
 <​file>​ <​file>​
Line 380: Line 377:
 </​file>​ </​file>​
  
 +Here's a more complex DMARC entry for the test domain DMARC site:
 +
 +<​file>​
 +v=DMARC1; p=quarantine;​ rua=mailto:​reports@dmarc.site;​ ruf=mailto:​reports@dmarc.site;​ adkim=r; aspf=r; rf=afrf
 +</​file>​
 +
 +  * The "​p"​ option has three options: none, quarantine, or reject, for how email that violates policies should be handled
 +  * The adkim and aspf options define how strictly DKIM and SPF policy should be applied, with '​s'​ indicating strict and '​r'​ indicating relaxed
 +  * The RUA provides an address for aggregate data reports, while the RUF provides an address for forensic reports
 ==== How to check it ?==== ==== How to check it ?====
   * Web tools   * Web tools