dusko + mailserver   625

SMTP Sequence Diagram
Sequence diagram describing SMTP e-mail send. DNS MX record interactions.
Simple Mail Transfer Protocol (SMTP) is the most widely used e-mail sending protocol. This sequence diagram describes the steps involved
in sending an e-mail. The DNS queries involved in this process have also been covered.
In this example luke@sender.com is trying to send an e-mail to aibo, c3po and r2d2 at receiver.com.
mailserver  smtp  networking  mta  dns  diagram 
8 days ago by dusko
[SOLVED] DKIM, DMARC, and third-party senders - Office 365 - Spiceworks
Ask the vendor NOT to forge your email address in SMTP envelope (MAIL FROM). It is okay to do it in the email header (From header).

DMARC - This will pass as long as either SPF or DKIM passes.

SPF - This is done against envelope MAIL FROM, not email header. Therefore, if the vendor uses their own domain in MAIL FROM, this will pass

DKIM - They should not be signing the email with DKIM. That is because the From header in email will be yours.

Since SPF will pass, so will DMARC and your recipients will not block the message. Check this page (http://www.xeams.com/difference-envelope-header.htm) for differences between Envelope From and Header From.
mailserver  mta  spam  spf  dkim  dmarc 
10 days ago by dusko
SMTP Gateway - Free SMTP Gateway - XEAMS - eXtended Email And Messaging Server
Pricing for SMTP Gateway
There is no charge for the software. It is free for both commercial as well as non-commercial use.

SMTP Gateway is a free SMTP server that can be used either as a backup server to your primary email server to provide load balancing. Its built-in queue holds messages until the primary server comes up. Hence providing an uninterrupted e-mail infrastructure for any company. SMTP Gateway provides a web-based administration allowing users to modify configuration and monitor its status remotely from any machine.
mailserver  mta  backup  sysadmin 
10 days ago by dusko
Envelope vs Header FROM - Difference between envelope and header from
The sender's email address is specified twice when email messages are delivered from a sender to recipient. This article explains the difference between these two addresses in non-technical terms.

As described in another article that talks about SMTP Relay, the design of our modern email system is based upon snail mail. Therefore, in order to understand how email works, we are going to analyze how snail mail works.

There are two parts of any package you receive from your regular postal mail: An envelope and a letter inside that envelope.

Similarities with Email
Since email systems are designed based on snail mail, it also contains an Envelope and Letter. There are a few differences, which are mentioned below. This communication is based on RFC 5321 (https://tools.ietf.org/html/rfc5321).

When users receive the email, they do not see the envelope. Email clients only display the "Letter". This message must conform to rules specified in RFC 5322 (https://tools.ietf.org/html/rfc5322).
mailserver  mta  smtp  spam  spf  dkim  dmarc 
10 days ago by dusko
Prevent spoofing with DKIM – workaround.org
# Domain to use for DKIM signing: can be “header” (MIME From), “envelope” (SMTP From) or “auth” (SMTP username)
use_domain = “header”;
mailserver  spam  mta  spf  dkim  dmarc 
10 days ago by dusko
Vulnerability - Spoof any Domain - SmarterTools
There needs to be some kind of check between the From address inside the envelope (what the user sees) and the from address on the outside of the envelope (sending mail server).
mailserver  mta  spam 
10 days ago by dusko
alum - A forwarding mail server inspired by @alum.mit.edu
What's in the package

A secure Postfix instance that will ONLY forward mail, according to the aliases file
Full opportunistic TLS support
Automatic security updates, with reboot, and emails on error to postmaster@alum.example.com
Daily Tarsnap backups of the aliases file
A Ansible playbook to setup all of this
mailserver  mta  smtp 
11 days ago by dusko
SPF/PTR records
For mail you should alaays have a PTR record which matches the HELO / A record of your outgoing server. I'm talking purely a PTR DNS record here, not SPF.

The PTR record has to be set by the person owning the subnet. It can't be set on your DNS server (unless you own the subnet, that is).

The reverse record for your mailserver IP. Your typical PTR will be something like for a forward address of, linking to a hostname of mail.contoso.com.

So for us, it would just be (mailserverip).in-addr.arpa?

Yes, but make sure you get the format correct, the IP address is specified in reverse.

mx already covers your mx record, why are you adding a ptr for it as well?

include is to include another domain's spf record, so that's wrong.

Use one of the many testers to see what it shows. I like Dmarcian's:

https://www.spfwizard.net/ - use this for future spf needs, no need for PTR record.
mailserver  mta  spf  spam  dns 
5 weeks ago by dusko
Office365 - Use DKIM to validate outbound email
Why use DKIM when you already utilize SPF? It’s simple! They will work in tandem.
SPF adds information to a message envelope but DKIM actually encrypts a signature within the message header.
mailserver  mta  spf  dkim  spam 
5 weeks ago by dusko
The Spamhaus Project - ZEN

ZEN is the combination of all Spamhaus IP-based DNSBLs into one single powerful and comprehensive blocklist to make querying faster and simpler. It contains the SBL, SBLCSS, XBL and PBL blocklists.

zen.spamhaus.org should be the only spamhaus.org DNSBL in your IP blocklist configuration. You should not use ZEN together with other Spamhaus IP blocklists, or with blocklists already included in our zones (such as the CBL) or you will simply be wasting DNS queries and slowing your mail queue.

zen.spamhaus.org replaces sbl-xbl.spamhaus.org in most configurations. If you are currently using sbl-xbl.spamhaus.org you should replace sbl-xbl.spamhaus.org with zen.spamhaus.org.

Caution: Because ZEN includes the XBL and PBL lists, do not use ZEN on smarthosts or SMTP AUTH outbound servers for your own customers (or you risk blocking your own customers). Do not use ZEN in filters that do any ‘deep parsing’ of Received headers, or for anything other than checking IP addresses that hand off to your mailservers.
mailserver  mta  sendmail 
5 weeks ago by dusko

Catches mail and serves it through a dream.

MailCatcher runs a super simple SMTP server which catches any message sent to it to display in a web interface. Run mailcatcher, set your favourite app to deliver to smtp:// instead of your default SMTP server, then check out to see the mail that's arrived so far.
mailserver  mta 
5 weeks ago by dusko
8.8.2 and "X-MIME-Autoconverted"? - Google Groups
Sendmail will do it automatically if it sees a ESMTP/8BITMIME capable mailer at the other end.
mailserver  mta  sendmail 
5 weeks ago by dusko
[CentOS] Re: How to size an email server to handle 5 million emails per day
On Thu, Jan 03, 2008, Joshua Gimer wrote:
>I can only talk from experience; we are currently doing spam and anti-virus checks in our inbound flow of around 600,000 messages per day.
>To do this we have three inbound SMTP gateways running Sophos Puremessage with Sendmail as the MTA. These systems are quad proc systems with 6 to 8 GB of ram. This is still not enough to handle the inbound flow efficiently at our organization.
sendmail  mta  smtp  sysadmin  mailserver 
6 weeks ago by dusko
AuthSMTP - Global Outgoing SMTP Email Service
Outgoing authenticated SMTP server and email relay service (solves most SMTP and email relay errors).

Global Outgoing SMTP Email Service

AuthSMTP is the outgoing SMTP email service for your e-commerce website, mailing list or email application on most current computers and mobile devices. With instant setup, a money back guarantee and very low cost starter accounts you can test and start sending email in minutes with no risk.
mta  mailserver  smtp 
6 weeks ago by dusko
Postfix MySQL Howto
Configure several postfix servers to auth the same users.
mailserver  mta  smtp  postfix  mysql  mariadb 
6 weeks ago by dusko
Mail Filtering - Introduction
Or, how to block a few million spams per day without breaking a sweat.
mailserver  spam 
11 weeks ago by dusko
Sendmail - NST Wiki
How To Flush Out All Email Messages From The Sendmail Queue

Sometimes email messages can be queued up with the Mail Transport Agent: "sendmail". The following command line can be used to manually try to immediately flush out All emails queued up by "sendmail". Even though a "sendmail" service may be running, this command is Ok to use, it will only run once and then terminate.
Try To Flush Out The Entire "sendmail" Queue:
[root@probe-222 root]# /usr/local/sbin/sendmail -q -v
sendmail  mailserver  sysadmin 
july 2018 by dusko
Sendmail Evolution
Gregory Neil Shapiro and Eric Allman
sendmail  mailserver  sysadmin 
july 2018 by dusko
Sendmail Howtos - Sendmail SMTP AUTH Howto

In case you have no idea what SMTP AUTH is good for, basically it allows you to provide relaying to people outside your trusted network by authenticating them in a secure manner. This is in contrast to an "open relay" which will allow anybody, anywhere to use your server to email whomever they want. As you can imagine, an open relay is a spammers dream as they are using YOUR precious resources to spam ten million people with your IP as the source….a very very bad thing!

As with most internet services we must break them down into two categories: client and server. Client-side SMTP AUTH is useful when your ISP's mail server requires you to authenticate yourself in order to relay through it using SMART_HOST; if you are on DSL you probably know what I'm talking about. Now this begs the question "why bother using the ISP's mail server when I'm setting up my own?" Good question, here is the answer. If you are like me and you run your own sendmail server using a residential (usually dynamic) IP, chances are 80% of your mail is going to be either bounced or plain out dropped due to SPAM filters running on most enterprise SMTP servers. Fortunately there is a way around this and that is by telling sendmail to relay all its outgoing mail to your ISP's SMTP server and have them send the mail on your behalf via SMART_HOST.

Server-side SMTP AUTH is exactly what the ISP's mail server is doing in the client-side example. It allows you to give relay access to only those that you specify, usually users listed in your /etc/passwd file. Unfortunately many email clients, Outlook and Outlook Express are especially notorious, will send the SMTP AUTH password in plain text format which is a bad thing. This is where the STARTTLS command comes into play. It will encrypt the password end to end by use of SSL so that if anybody were to sniff packets on our network they would only see garbage.
sendmail  mailserver  smtp  mta 
july 2018 by dusko
example_mail Cookbook
A Chef cookbook to setup a proper mail server for production usage.
Sources for this Cookbook



Mad props to those two links above. Thanks the documentation of these two guys, most of this configuration was possible and is indeed shamelessly copied from their links above.
mailserver  sysadmin  devops 
july 2018 by dusko
Sendmail Delay?
By default sendmail sends out a queue runner every 5 minutes. The default Timeout.hoststatus is 30 minutes, which means if a timeout occurs attempting a delivery (a temporary failure) that host will be ignored for 30 minutes, even though queue runners are being sent every 5 minutes. You might try playing with the Timeout.hoststatus settings - confTO_HOSTSTATUS in sendmail.mc and send out a couple of queue runners to see if you can clear the queue more quickly.
sendmail  mailserver  mta  sysadmin 
july 2018 by dusko
Linux Mail Server Setup and Howto Guide
Rapidly deploy Linux based mail solutions.
mailserver  mta 
july 2018 by dusko
Search for ALL DNS TXT records of a domain and subdomains
The approach of making a single DNS query to get all that information in one fell swoop is misguided. It assumes that the data for a single zone is a) static and b) managed by a single name server. DNS imposes no such limitations on zone data.

Both SPF and DKIM (and DMARC, if you want to throw that in the mix) use TXT records on specific domains. There is no need to get all the TXT records for a domain and its subdomains to view the relevant configuration.

If you want to get the SPF and DKIM information, just query the appropriate domains. Assuming you're doing Return-Path domains and DKIM signatures on md.rosposhop.com and mg.rosposhop.com then you should be interested in TXT records on

md.rosposhop.com - SPF
mg.rosposhop.com - SPF
(selector)._domainkey.md.rosposhop.com - DKIM
(selector)._domainkey.mg.rosposhop.com - DKIM

where (selector) is the selector you're using for that DKIM record. You may have more than one selector for each of md.rosposhop.com and mg.rosposhop.com domains. TXT records on other domains are irrelevant.
mailserver  spf  dkim  dmarc  spam  dns 
june 2018 by dusko
imap-backup -- Backup GMail (or other IMAP) accounts to disk
Backup GMail (or other IMAP) accounts to disk.

Each folder is saved to an mbox file. Alongside each mbox is a file with extension '.imap', which lists the source IMAP UIDs to allow a full restore.
mailserver  email  backup  imap 
june 2018 by dusko
Larch - a tool to copy messages from one IMAP server to another
Note: I no longer actively develop or use Larch, so it is effectively unmaintained. Many people claim it still works well for them, so feel free to use it, but please don't expect support, bug fixes, or new features.

Larch is a tool to copy messages from one IMAP server to another quickly and safely. It's smart enough not to copy messages that already exist on the destinati
mailserver  email  backup  imap 
june 2018 by dusko
How to prove that an email has been sent?
Most people are shocked to hear this, but email is not actually guaranteed to ever reach the intended destination.

It might fail for a variety of reasons. It could simply fail to arrive (for several reasons) or could be getting redirected to the recipients spam folder for some reason. If you think an email hasn't been delivered, you should send it again. I usually forward the original so that recipient knows I've been trying.

You can turn on “read receipt” or “return receipt”, which will send an email back to you automatically, but this feature is often disabled by recipients because it has been so often abused by spammers in the past.

Will covered just about everything else in his answer (https://superuser.com/questions/77131/how-to-prove-that-an-email-has-been-sent/77143#77143):

There is nothing 100% that you can use to prove on your own.

If you had your own mail server, you can show outgoing logs - however, they can be falsified.

You can use read receipts, but again, they can be falsified.

The best bet is if you use a third party mail server that is impartial, and they can provide logs, that should stand as proof.

You may have luck if you email Yahoo (and say you are willing to pay for their time on the matter) and try to get a log / proof that an email was sent on a time/date.

I am not sure you can force them in to this unless the place you need it for are involved in a criminal matter... It may work for civil, but you would need a court order.

Failing this, if it is in your outbox with a time and date, this is hard/impossible to fake on a web based email server (just check that changing your date/time and sending doesn't fake this). Then, print out and if you need to go to court, you could always have a laptop, 3g stick and projector and prove that it was sent... but again, only if it can be prooved that you can't fake this.
mailserver  email 
june 2018 by dusko
How to submit spam and false positive spam samples to SophosLabs
From the Recipient (To...) area, enter the necessary email address:
is-spam@labs.sophos.com - for email not detected as spam
not-spam@labs.sophos.com - for email that is genuine

Send the newly created email to SophosLabs at the address you selected above, with the subject line of your choice.
mailserver  spam  email 
april 2018 by dusko
« earlier      
per page:    204080120160

Copy this bookmark: