Kategoriearchive: Postfix

How to send emails properly

To send emails with Postfix, a few things have to be considered. These are either defined in RFCs or generally useful. 1. matching reverse DNS RFC1912 requires that the PTR record and the A record in DNS match. On the one hand it shows that the administrator understands the RFCs, […]

DMARC check on Debian Wheezy 16

I have already described in DMARC Record (Domain-based Message Authentication, Reporting & Conformance), how to set up a DMARC record and why this makes sense. Now we need to pay attention to such DMARC record in the delivery of mail. The verification of a DMARC Records requires valid SPF and […]

The purpose of a Sender Policy Framework (SPF) record 1

I use SPF records for many years. My implementation of SPF records in ISPConfig occurred to me to point out the advantages again. SPF is an authentication method that is stored in the DNS. This entry specifies which server can send mail for a particular domain. And why do I […]

Dovecot and Postfix with PFS (Perfect Forward Secrecy)

Perfect Forward Secrecy (PFS) is a data encoding property that ensures the integrity of a session key in the event that a long-term key is compromised. PFS accomplishes this by enforcing the derivation of a new key for each and every session. Setup Dovecot Dovecot (at least from 2.1.x) already […]

temporarily suspend mail delivery to a specific domain

With postfix and cron delivery of new mail messages may be certain times quite easily prevented. It can for example be prevent from that emails are delivered via push to inopportune times to a user. Add a hash-table in /etc/postfix/main.cf to smtpd_recipient_restrictions: check_recipient_access hash:/etc/postfix/hold In the file /etc/postfix/hold all domains […]

send mail with postfix for certain domains using ipv4 or ipv6 only 4

To send outgoing mail with postfix for certain domains only over IPv6 or IPv4, only a few changes are required. The domains are registered in accordance /etc/postfix/transport examplev4.de smtp-ipv4-only: examplev6.de smtp-ipv6-only: /etc/postfix/master.cf: smtp-ipv4-only unix  –       –       n        –       –       smtp        -o inet_protocols=ipv4 smtp-ipv6-only unix  –       –       n        –       –       smtp        -o inet_protocols=ipv6 /etc/postfix/main.cf: transport_maps = hash:/etc/postfix/transport: Execute postmap hash:/etc/postfix/transport and […]

Part 2 – Backup MX with MySQL (and ISPConfig) 1

Secondary MX servers are a source of accept-then-bounce spam when they don’t reject mail with “recipient unknown”, and when they don’t enforce the same anti-spam policy as the primary MX. Such servers may eventually become blacklisted. That´s the reason why I share the mysql-database between the primary and secondary MX […]

Backup MX with MySQL (and ISPConfig) 3

Anyone who operates a Backup MX should, ensure that it´s configured identical to the actual terms of the accepted messages on the normal MX. Otherwise, the backup MX could for example accept an email for does_not_exists@domain.com that the actual MX will not accept. Since I use ISPConfig, all relevant data […]