Jump to: navigation, search

Our mail server is hosted at srv1.

Configuration[edit]

We use:

SPF record[edit]

SPF (Sender Policy Framework) records essentially tell others (servers) to not trust e-mails:

  1. originating from different ip addresses than the one specified in the record
  2. with From set to a @tolabaki.gr address.


The SPF record we use was generated with spfwizard and currently is set to:

tolabaki.gr.      IN TXT     "v=spf1 mx a ip4:85.17.23.115 -all"

TO DO[edit]

Remove mx and a and test (in an effort to be trusted by GGL and HM)

DKIM[edit]

DKIM (DomainKeys Identified Mail) provides protection against middle-man attacks that aim to modify the content of the messages after they leave the mail server.

We use OpenDKIM to generate and manage the DKIM key and record for our server. DKIM records are also included as DNS records.

The DKIM record:

; ----- DKIM key 20150420 for tolabaki.gr
20150420._domainkey	IN	TXT	"v=DKIM1; k=rsa; p=MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCb0X4ykrEwlZo58UAYhIdZkAbA9cVlfencAnrOY3wiD/w71Z3KES/uz6l7AL1fCivYH+XAIE9fbCoQKkQYdFyahHB9ZzzvmIuaML/dSGvfwtz6vpxMpjg6SpZGVfqib63g+5mbyyD0G06Jo73X3pD7Wwqb9ySwqXRWTyWnlXwd5wIDAQAB"

Note that the DKIM key must be owned by the Debian-exim user (i.e., the user running the exim server).

DMARC policy[edit]

To generate the DMARC record we used kittterman DMARC assistant.

Our current record is:

; DMARC policy
_dmarc.tolabaki.gr.	IN	TXT	"v=DMARC1; p=none; rua=mailto:xestra@tolabaki.gr; ruf=mailto:xestra@tolabaki.gr; adkim=r; aspf=r; rf=afrf; sp=none"

To test the setup one can use the DKIMvalidator.

To Do[edit]