elmau
/
iredmail-doc
1
0
Fork 0
Code Issues Pull Requests Projects Releases Wiki Activity

Update SPF DNS record related info.

This commit is contained in:
Zhang Huangbin 2020-01-15 15:28:34 +08:00
parent d0def4810e
commit 6952855736
4 changed files with 36 additions and 45 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

4
en_US/howto/additional.smtp.port.md
View File

@ -24,14 +24,12 @@ in `/etc/postfix/master.cf` (on Linux/OpenBSD) or
-o smtpd_sasl_auth_enable=yes
-o smtpd_sasl_security_options=noanonymous
-o smtpd_tls_security_level=may
-o smtpd_sender_restrictions=permit_mynetworks,permit_sasl_authenticated,reject
-o smtpd_sender_restrictions=permit_sasl_authenticated,reject
```
* `2525` is the new port number for smtp service, you're free to change it to
your favourite port number.
* `smtpd_tls_security_level=may` allows both secure (TLS) and insecure connections.
* Restriction rule `permit_mynetworks` will allow clients listed in Postfix
parameter `mynetworks` to send email __WITHOUT__ smtp auth.
Restarting Postfix service is required. After restarting, you can check whether
it's listening on this new port:

37
en_US/installation/0-setup.dns.md
View File

@ -125,7 +125,7 @@ be delivered to server `mail.mydomain.com`.
SPF is a spam and phishing scam fighting method which uses DNS SPF-records to
define which hosts are permitted to send e-mails for a domain. For details on
SPF, please see [http://www.openspf.org/](http://www.openspf.org/)
SPF, please check [wikipedia](https://en.wikipedia.org/wiki/Sender_Policy_Framework).
This works by defining a DNS SPF-record for the e-mail domain name specifying
which hosts (e-mail servers) are permitted to send e-mail from the domain name.
@ -136,33 +136,33 @@ IP address.
### How to setup the SPF record
A new SPF-record type was recently added to the DNS protocol to support this
([RFC4408](http://www.rfc-editor.org/rfc/rfc4408.txt)).
However not all DNS and e-mail servers support this new record type yet, so
SPF can also be configured in DNS using the TXT-record type.
Examples:
* SPF record refer to MX record. It means emails sent from all servers defined
in MX record of `mydomain.com` are permitted by sender organization.
SPF is a TXT type DNS record, you can list IP address(es) or MX domains in it.
For example:
```
mydomain.com. 3600 IN TXT "v=spf1 mx mx:mydomain.com -all"
mydomain.com. 3600 IN TXT "v=spf1 mx -all"
```
This SPF record means emails sent from all servers defined in MX record of
`mydomain.com` are permitted to send as `someone@mydomain.com`.
* or SPF record refer to IP address directly. it means emails sent from
specified IP address are permitted by sender organization.
`-all` means prohibit emails sent from all other servers. If it's too strict
for you, you can use `~all` instead which means soft fail (uncertain).
You can specify IP address(es) directly too:
```
mydomain.com. 3600 IN TXT "v=spf1 ip4:192.168.1.100 -all"
mydomain.com. 3600 IN TXT "v=spf1 ip4:111.111.111.111 ip4:111.111.111.222 -all"
```
`-all` means prohibit all others.
Of course you can have them both or more in same record:
```
mydomain.com. 3600 IN TXT "v=spf1 mx ip4:111.111.111.222 -all"
```
There're more valid mechanisms available, please check
[OpenSPF web site](http://www.openspf.org/SPF_Record_Syntax) for more details.
[wikipedia](https://en.wikipedia.org/wiki/Sender_Policy_Framework) for more details.
## DKIM record for the mail domain name {: id="dkim" }
@ -388,6 +388,5 @@ take a look:
## References
* [http://en.wikipedia.org/wiki/MX_record](http://en.wikipedia.org/wiki/MX_record)
* [http://www.openspf.org/](http://www.openspf.org/)
* [wikipedia: Sender Policy Framework](https://en.wikipedia.org/wiki/Sender_Policy_Framework)
* [http://www.dkim.org/](http://www.dkim.org/)

4
html/additional.smtp.port.html
View File

@ -46,15 +46,13 @@ in <code>/etc/postfix/master.cf</code> (on Linux/OpenBSD) or
-o smtpd_sasl_auth_enable=yes
-o smtpd_sasl_security_options=noanonymous
-o smtpd_tls_security_level=may
-o smtpd_sender_restrictions=permit_mynetworks,permit_sasl_authenticated,reject
-o smtpd_sender_restrictions=permit_sasl_authenticated,reject
</code></pre>
<ul>
<li><code>2525</code> is the new port number for smtp service, you're free to change it to
your favourite port number.</li>
<li><code>smtpd_tls_security_level=may</code> allows both secure (TLS) and insecure connections.</li>
<li>Restriction rule <code>permit_mynetworks</code> will allow clients listed in Postfix
parameter <code>mynetworks</code> to send email <strong>WITHOUT</strong> smtp auth.</li>
</ul>
<p>Restarting Postfix service is required. After restarting, you can check whether
it's listening on this new port:</p>

36
html/setup.dns.html
View File

@ -156,35 +156,32 @@ be delivered to server <code>mail.mydomain.com</code>.</p>
<h3 id="what-is-a-spf-record">What is a SPF record</h3>
<p>SPF is a spam and phishing scam fighting method which uses DNS SPF-records to
define which hosts are permitted to send e-mails for a domain. For details on
SPF, please see <a href="http://www.openspf.org/">http://www.openspf.org/</a></p>
SPF, please check <a href="https://en.wikipedia.org/wiki/Sender_Policy_Framework">wikipedia</a>.</p>
<p>This works by defining a DNS SPF-record for the e-mail domain name specifying
which hosts (e-mail servers) are permitted to send e-mail from the domain name.</p>
<p>Other e-mail servers can lookup this record when receiving an e-mail from this
domain name to verify that sending e-mail server is connecting from a permitted
IP address.</p>
<h3 id="how-to-setup-the-spf-record">How to setup the SPF record</h3>
<p>A new SPF-record type was recently added to the DNS protocol to support this
(<a href="http://www.rfc-editor.org/rfc/rfc4408.txt">RFC4408</a>).</p>
<p>However not all DNS and e-mail servers support this new record type yet, so
SPF can also be configured in DNS using the TXT-record type.</p>
<p>Examples:</p>
<ul>
<li>SPF record refer to MX record. It means emails sent from all servers defined
in MX record of <code>mydomain.com</code> are permitted by sender organization.</li>
</ul>
<pre><code>mydomain.com. 3600 IN TXT &quot;v=spf1 mx mx:mydomain.com -all&quot;
<p>SPF is a TXT type DNS record, you can list IP address(es) or MX domains in it.
For example:</p>
<pre><code>mydomain.com. 3600 IN TXT &quot;v=spf1 mx -all&quot;
</code></pre>
<ul>
<li>or SPF record refer to IP address directly. it means emails sent from
specified IP address are permitted by sender organization.</li>
</ul>
<pre><code>mydomain.com. 3600 IN TXT &quot;v=spf1 ip4:192.168.1.100 -all&quot;
<p>This SPF record means emails sent from all servers defined in MX record of
<code>mydomain.com</code> are permitted to send as <code>someone@mydomain.com</code>.</p>
<p><code>-all</code> means prohibit emails sent from all other servers. If it's too strict
for you, you can use <code>~all</code> instead which means soft fail (uncertain).</p>
<p>You can specify IP address(es) directly too:</p>
<pre><code>mydomain.com. 3600 IN TXT &quot;v=spf1 ip4:111.111.111.111 ip4:111.111.111.222 -all&quot;
</code></pre>
<p>Of course you can have them both or more in same record:</p>
<pre><code>mydomain.com. 3600 IN TXT &quot;v=spf1 mx ip4:111.111.111.222 -all&quot;
</code></pre>
<p><code>-all</code> means prohibit all others.</p>
<p>There're more valid mechanisms available, please check
<a href="http://www.openspf.org/SPF_Record_Syntax">OpenSPF web site</a> for more details.</p>
<a href="https://en.wikipedia.org/wiki/Sender_Policy_Framework">wikipedia</a> for more details.</p>
<h2 id="dkim">DKIM record for the mail domain name</h2>
<h3 id="what-is-a-dkim-record">What is a DKIM record</h3>
<p>DKIM allows an organization to take responsibility for a message in a way that
@ -393,8 +390,7 @@ take a look:</p>
</ul>
<h2 id="references">References</h2>
<ul>
<li><a href="http://en.wikipedia.org/wiki/MX_record">http://en.wikipedia.org/wiki/MX_record</a></li>
<li><a href="http://www.openspf.org/">http://www.openspf.org/</a></li>
<li><a href="https://en.wikipedia.org/wiki/Sender_Policy_Framework">wikipedia: Sender Policy Framework</a></li>
<li><a href="http://www.dkim.org/">http://www.dkim.org/</a></li>
</ul><div class="footer">
<p style="text-align: center; color: grey;">All documents are available in <a href="https://github.com/iredmail/docs/">GitHub repository</a>, and published under <a href="http://creativecommons.org/licenses/by-nd/3.0/us/" target="_blank">Creative Commons</a> license. You can <a href="https://github.com/iredmail/docs/archive/master.zip">download the latest version</a> for offline reading. If you found something wrong, please do <a href="https://www.iredmail.org/contact.html">contact us</a> to fix it.</p>