Difference between revisions of "Emails/DNS"
From wiki
< Emails
(Created page with " == MX == The most important DNS record, is the MX one. It is the one that allows other persons to find your server and send you emails<syntaxhighlight lang="text"> @...") |
(Add instructions for DMARC) |
||
(One intermediate revision by the same user not shown) | |||
Line 6: | Line 6: | ||
</syntaxhighlight> | </syntaxhighlight> | ||
* '''Name''' (@): This must point to the root of your domain | * '''Name''' (@): This must point to the root of your domain | ||
− | * '''Type''' (MX): | + | * '''Type''' (MX): MX record indicate the recipient of emails |
− | * '''Value''' (10 smtp): Indicate that the server smtp.example.org will handle the emails of your domain. The number 10 represent the priority. YOu can add other servers with increasing priority (10, 20, 30...) | + | * '''Value''' (10 smtp): Indicate that the server smtp.example.org will handle the emails of your domain. The number 10 represent the priority. YOu can add other servers with increasing priority (10, 20, 30...) |
== SMTP == | == SMTP == | ||
Line 19: | Line 19: | ||
</syntaxhighlight> | </syntaxhighlight> | ||
* '''Name''' (smtp): This will be expanded to smtp.example.org | * '''Name''' (smtp): This will be expanded to smtp.example.org | ||
− | * '''Type''' (A/AAAA): A for IPV4 and AAAA for IPV6. Note that as the above MX record is pointing to this one, you cannot use a CNAME here | + | * '''Type''' (A/AAAA): A for IPV4 and AAAA for IPV6. Note that as the above MX record is pointing to this one, you cannot use a CNAME here |
* '''Value''': The IP address of your server | * '''Value''': The IP address of your server | ||
Line 27: | Line 27: | ||
</syntaxhighlight> | </syntaxhighlight> | ||
+ | * '''Name''' (imap): This will be expanded to imap.example.org | ||
+ | * '''Type''' (CNAME): A for IPV4 and AAAA for IPV6. Note that as the above MX record is pointing to this one, you cannot use a CNAME here | ||
+ | * '''Value''' (server): The name of your server. You must have a corresponding server.example.org record with the IP address | ||
== SPF == | == SPF == | ||
Line 33: | Line 36: | ||
</syntaxhighlight> | </syntaxhighlight> | ||
+ | * '''Name''' (@): This must point to the root of your domain | ||
+ | * '''Type''' (TXT): The SPF record is of type TXT. You might might find some example using a SPF record, but this type of record is deprecated and should not be used | ||
+ | * '''Value''': The SPF record must follow a strict syntax. The example above allow the server pointed by the MX record to send emails and disallow all others. For more options, you can use a [http://www.mailradar.com/spf/ SPF record generator] | ||
== DKIM == | == DKIM == | ||
Line 38: | Line 44: | ||
== DMARC == | == DMARC == | ||
− | <syntaxhighlight lang="text"> | + | DMARC is a technology built on top of SPF and DKIM. While the previous two allow to determine if an email from your domain is legitimate, DMARC indicate the recipient what to do when an email fail the test. A DMARC record look like this:<syntaxhighlight lang="text"> |
_dmarc TXT "v=DMARC1;p=none;rua=mailto:you@example.org" | _dmarc TXT "v=DMARC1;p=none;rua=mailto:you@example.org" | ||
</syntaxhighlight> | </syntaxhighlight> | ||
+ | * '''Name''' (_dmarc): This is a well known value. You cannot change it | ||
+ | * '''Type''' (TXT): The DMARC record is of type TXT | ||
+ | * '''Value''': A DMARC record consist of several fields. The most notable ones are: | ||
+ | ** policy: indicate what to do with an email that fail the test. Values are: | ||
+ | *** none: Don't treat the email specifically. This is a good value to start with. Use it in combination with the reporting option to get reports before blocking emails. | ||
+ | *** quarantine: Mails are put in the Spam folder | ||
+ | *** reject: Mails are rejected. Recipient cannot see them anywhere | ||
+ | ** aggregate reports: Use this to receive a daily report of emails failing the test. You can parse them and get reports at websites like [https://www.dmarcanalyzer.com/ dmarcanalyzer.com] | ||
+ | ** forensic reports: Same as the aggregate but get one report per email with more details. The site above parses them in their paid version To generate a valid record is is recommanded to use a [https://www.unlocktheinbox.com/dmarcwizard/ dmarc wizard]. | ||
== Mail == | == Mail == | ||
− | <syntaxhighlight lang="text"> | + | This record is used to access [[Roundcube]].<syntaxhighlight lang="text"> |
− | |||
mail CNAME server | mail CNAME server | ||
</syntaxhighlight> | </syntaxhighlight> | ||
+ | * '''Name''' (mail): This will be expanded to mail.example.org | ||
+ | * '''Type''' (CNAME): A for IPV4 and AAAA for IPV6. Note that as the above MX record is pointing to this one, you cannot use a CNAME here | ||
+ | * '''Value''' (server): The name of your server. You must have a corresponding server.example.org record with the IP address |
Latest revision as of 06:38, 5 April 2017
MX
The most important DNS record, is the MX one. It is the one that allows other persons to find your server and send you emails
@ MX 10 smtp
- Name (@): This must point to the root of your domain
- Type (MX): MX record indicate the recipient of emails
- Value (10 smtp): Indicate that the server smtp.example.org will handle the emails of your domain. The number 10 represent the priority. YOu can add other servers with increasing priority (10, 20, 30...)
SMTP
This record is used for two purposes:
- It is the one pointed by the MX record above. External server will send emails here.
- It is also the one that you will use in your email client to send emails from your machine to other persons.
smtp A 198.51.100.42
AAAA 2001:db8:57:12::1
- Name (smtp): This will be expanded to smtp.example.org
- Type (A/AAAA): A for IPV4 and AAAA for IPV6. Note that as the above MX record is pointing to this one, you cannot use a CNAME here
- Value: The IP address of your server
IMAP
This record is used for Dovecot.
imap CNAME server
- Name (imap): This will be expanded to imap.example.org
- Type (CNAME): A for IPV4 and AAAA for IPV6. Note that as the above MX record is pointing to this one, you cannot use a CNAME here
- Value (server): The name of your server. You must have a corresponding server.example.org record with the IP address
SPF
The SPF record is a spam fighting tool. It allows to tell other mail server who is allowed to send emails on your behalf.
@ TXT "v=spf1 mx -all"
- Name (@): This must point to the root of your domain
- Type (TXT): The SPF record is of type TXT. You might might find some example using a SPF record, but this type of record is deprecated and should not be used
- Value: The SPF record must follow a strict syntax. The example above allow the server pointed by the MX record to send emails and disallow all others. For more options, you can use a SPF record generator
DKIM
See Exim/DKIM
DMARC
DMARC is a technology built on top of SPF and DKIM. While the previous two allow to determine if an email from your domain is legitimate, DMARC indicate the recipient what to do when an email fail the test. A DMARC record look like this:
_dmarc TXT "v=DMARC1;p=none;rua=mailto:you@example.org"
- Name (_dmarc): This is a well known value. You cannot change it
- Type (TXT): The DMARC record is of type TXT
- Value: A DMARC record consist of several fields. The most notable ones are:
- policy: indicate what to do with an email that fail the test. Values are:
- none: Don't treat the email specifically. This is a good value to start with. Use it in combination with the reporting option to get reports before blocking emails.
- quarantine: Mails are put in the Spam folder
- reject: Mails are rejected. Recipient cannot see them anywhere
- aggregate reports: Use this to receive a daily report of emails failing the test. You can parse them and get reports at websites like dmarcanalyzer.com
- forensic reports: Same as the aggregate but get one report per email with more details. The site above parses them in their paid version To generate a valid record is is recommanded to use a dmarc wizard.
- policy: indicate what to do with an email that fail the test. Values are:
This record is used to access Roundcube.
mail CNAME server
- Name (mail): This will be expanded to mail.example.org
- Type (CNAME): A for IPV4 and AAAA for IPV6. Note that as the above MX record is pointing to this one, you cannot use a CNAME here
- Value (server): The name of your server. You must have a corresponding server.example.org record with the IP address