[Lugstuff] new stuff learned rebuilding Annapolislinux

Annapolis Linux Users Group lugstuff at annapolislinux.org
Mon Jan 18 20:04:07 EST 2021


Who is this email from ? 

I have Annapolis Linux setup to hide the identity of senders which makes
it hard to tell who is who. This prevents people from getting spammed
but it is pain. 

As an update, I now have all three layers setup.
   1. SFP 
   2. DKIM  - using OpenDKIM
   3. DMARC - using opendmarc

All three of these layers seem just like hacks to me. 

Intrestingly, all of these require DNS records and mail server hooks.

I am no longer able to forge emails as I did in the past.

Of the two layers, setting up SFP and DMARC were the easier. 

Setting up DKIM is a bit troublesome becuase the public key in a DNS
record can be a bit long and hard to get formatted. 

-tjk, discussion facilitator


On 18/01/21 09:51 -0500, Annapolis Linux Users Group wrote:
> Ted -
> 
> I would be very interested in a sessions on both the web server and the
> email setup. I've read about the various email anti spam mechanisms, but
> I've never implemented them. It would be great to get your actual
> experience point of view.
> 
> On Mon, Jan 18, 2021, 12:07 AM Annapolis Linux Users Group <
> lugstuff at annapolislinux.org> wrote:
> 
> > I learned a few new things rebuilding the site.
> >
> > I am starting to feel really thankful my previous provider booted me.
> >
> > Rebuilding the Annapolis Linux host was really good for refreshing my
> > skills.
> >
> > I could probably do a mini presentation on one or two of the following:
> >
> > * Increasing your mailservers reputation using SFP, DKIM and TLS.
> >   It seems mailservers get rated by the suplements they run. Maybe I
> >   have this wrong. But, I added the following protocols to the server.
> >
> >   - TLS setup using the EFF Let's Encrypt
> >
> >   - SFP setup google and many mail servers require this to prevent your
> >     email from going in the Junk box.
> >         Here is my spf record from dig.
> >
> >         dig annapolislinux.org txt
> >         annapolislinux.org.     1800    IN      TXT     "v=spf1
> > ip4:96.126.117.237 ip6:2600:3c00::f03c:92ff:fe09:31dd ~all"
> >
> >   - OpenDKIM setup - this creates a digital signiture in the header.
> >     A private RSA key is stored in a DNS text record. Lots of big servers
> > require this for mail to go through.
> >     When a mail is received on a server with DKIM setup, it will check
> >     the DKIM header with the entry stored on the DNS to see if it is
> >     valid. If it is not valid, it may get rejected or marked as SPAM.
> >      http://www.opendkim.org/
> >
> >      Here is a cool web tool to check your setup.
> >      https://dkimvalidator.com/
> >
> >   - Todo Setup DMARC
> >
> > * Setting up Let's Encrypt. Free SSL Certificates.
> >   EFF sponsors Let's Encrypt.
> >   Let's Encrypt provides free SSL certificates with a short life.
> >   These certificiates can be used be renewed automatically via a script.
> >   Certbot is the mechanism to install the packages.
> >   https://letsencrypt.org/
> >
> > * Troubleshooting Apache and Mailman
> >   Mainly, running Apache in debug mode will prety much tell you why
> >   apache is not working.
> >
> > * Setting up Dovecot IMAP with Postfix.
> >
> > Is anyone interested ?
> >
> > -tjk
> > Annapolis Linux Users Group
> > _______________________________________________
> > Lugstuff mailing list
> > Lugstuff at annapolislinux.org
> > http://annapolislinux.org/mailman/listinfo/lugstuff
> >

> _______________________________________________
> Lugstuff mailing list
> Lugstuff at annapolislinux.org
> http://annapolislinux.org/mailman/listinfo/lugstuff



More information about the Lugstuff mailing list