Difference between revisions of "Emails/DNS"

From wiki
(Created page with " == MX == The most important DNS record, is the MX one. It is the one that allows other persons to find your server and send you emails<syntaxhighlight lang="text"> @...")
 
(Add instructions for DMARC)
 
(One intermediate revision by the same user not shown)
Line 6: Line 6:
 
</syntaxhighlight>
 
</syntaxhighlight>
 
* '''Name''' (@): This must point to the root of your domain
 
* '''Name''' (@): This must point to the root of your domain
* '''Type''' (MX):
+
* '''Type''' (MX): MX record indicate the recipient of emails
* '''Value''' (10 smtp): Indicate that the server smtp.example.org will handle the emails of your domain. The number 10 represent the priority. YOu can add other servers with increasing priority (10, 20, 30...).
+
* '''Value''' (10 smtp): Indicate that the server smtp.example.org will handle the emails of your domain. The number 10 represent the priority. YOu can add other servers with increasing priority (10, 20, 30...)
  
 
== SMTP ==
 
== SMTP ==
Line 19: Line 19:
 
</syntaxhighlight>
 
</syntaxhighlight>
 
* '''Name''' (smtp): This will be expanded to smtp.example.org
 
* '''Name''' (smtp): This will be expanded to smtp.example.org
* '''Type''' (A/AAAA): A for IPV4 and AAAA for IPV6. Note that as the above MX record is pointing to this one, you cannot use a CNAME here.
+
* '''Type''' (A/AAAA): A for IPV4 and AAAA for IPV6. Note that as the above MX record is pointing to this one, you cannot use a CNAME here
 
* '''Value''': The IP address of your server
 
* '''Value''': The IP address of your server
  
Line 27: Line 27:
  
 
</syntaxhighlight>
 
</syntaxhighlight>
 +
* '''Name''' (imap): This will be expanded to imap.example.org
 +
* '''Type''' (CNAME): A for IPV4 and AAAA for IPV6. Note that as the above MX record is pointing to this one, you cannot use a CNAME here
 +
* '''Value''' (server): The name of your server. You must have a corresponding server.example.org record with the IP address
  
 
== SPF ==
 
== SPF ==
Line 33: Line 36:
  
 
</syntaxhighlight>
 
</syntaxhighlight>
 +
* '''Name''' (@): This must point to the root of your domain
 +
* '''Type''' (TXT): The SPF record is of type TXT. You might might find some example using a SPF record, but this type of record is deprecated and should not be used
 +
* '''Value''': The SPF record must follow a strict syntax. The example above allow the server pointed by the MX record to send emails and disallow all others. For more options, you can use a [http://www.mailradar.com/spf/ SPF record generator]
  
 
== DKIM ==
 
== DKIM ==
Line 38: Line 44:
  
 
== DMARC ==
 
== DMARC ==
<syntaxhighlight lang="text">
+
DMARC is a technology built on top of SPF and DKIM. While the previous two allow to determine if an email from your domain is legitimate, DMARC indicate the recipient what to do when an email fail the test. A DMARC record look like this:<syntaxhighlight lang="text">
 
_dmarc                TXT    "v=DMARC1;p=none;rua=mailto:you@example.org"
 
_dmarc                TXT    "v=DMARC1;p=none;rua=mailto:you@example.org"
  
 
</syntaxhighlight>
 
</syntaxhighlight>
 +
* '''Name''' (_dmarc): This is a well known value. You cannot change it
 +
* '''Type''' (TXT): The DMARC record is of type TXT
 +
* '''Value''': A DMARC record consist of several fields. The most notable ones are:
 +
** policy: indicate what to do with an email that fail the test. Values are:
 +
*** none: Don't treat the email specifically. This is a good value to start with. Use it in combination with the reporting option to get reports before blocking emails.
 +
*** quarantine: Mails are put in the Spam folder
 +
*** reject: Mails are rejected. Recipient cannot see them anywhere
 +
** aggregate reports: Use this to receive a daily report of emails failing the test. You can parse them and get reports at websites like [https://www.dmarcanalyzer.com/ dmarcanalyzer.com]
 +
** forensic reports:  Same as the aggregate but get one report per email with more details. The site above parses them in their paid version To generate a valid record is is recommanded to use a [https://www.unlocktheinbox.com/dmarcwizard/ dmarc wizard].
  
 
== Mail ==
 
== Mail ==
<syntaxhighlight lang="text">
+
This record is used to access [[Roundcube]].<syntaxhighlight lang="text">
imap                  CNAME  server
 
 
mail                  CNAME  server
 
mail                  CNAME  server
  
 
</syntaxhighlight>
 
</syntaxhighlight>
 +
* '''Name''' (mail): This will be expanded to mail.example.org
 +
* '''Type''' (CNAME): A for IPV4 and AAAA for IPV6. Note that as the above MX record is pointing to this one, you cannot use a CNAME here
 +
* '''Value''' (server): The name of your server. You must have a corresponding server.example.org record with the IP address

Latest revision as of 06:38, 5 April 2017

MX

The most important DNS record, is the MX one. It is the one that allows other persons to find your server and send you emails

@                      MX     10 smtp
  • Name (@): This must point to the root of your domain
  • Type (MX): MX record indicate the recipient of emails
  • Value (10 smtp): Indicate that the server smtp.example.org will handle the emails of your domain. The number 10 represent the priority. YOu can add other servers with increasing priority (10, 20, 30...)

SMTP

This record is used for two purposes:

  • It is the one pointed by the MX record above. External server will send emails here.
  • It is also the one that you will use in your email client to send emails from your machine to other persons.
smtp                   A      198.51.100.42
                       AAAA   2001:db8:57:12::1
  • Name (smtp): This will be expanded to smtp.example.org
  • Type (A/AAAA): A for IPV4 and AAAA for IPV6. Note that as the above MX record is pointing to this one, you cannot use a CNAME here
  • Value: The IP address of your server

IMAP

This record is used for Dovecot.

imap                   CNAME  server
  • Name (imap): This will be expanded to imap.example.org
  • Type (CNAME): A for IPV4 and AAAA for IPV6. Note that as the above MX record is pointing to this one, you cannot use a CNAME here
  • Value (server): The name of your server. You must have a corresponding server.example.org record with the IP address

SPF

The SPF record is a spam fighting tool. It allows to tell other mail server who is allowed to send emails on your behalf.

@                      TXT    "v=spf1 mx -all"
  • Name (@): This must point to the root of your domain
  • Type (TXT): The SPF record is of type TXT. You might might find some example using a SPF record, but this type of record is deprecated and should not be used
  • Value: The SPF record must follow a strict syntax. The example above allow the server pointed by the MX record to send emails and disallow all others. For more options, you can use a SPF record generator

DKIM

See Exim/DKIM

DMARC

DMARC is a technology built on top of SPF and DKIM. While the previous two allow to determine if an email from your domain is legitimate, DMARC indicate the recipient what to do when an email fail the test. A DMARC record look like this:

_dmarc                 TXT    "v=DMARC1;p=none;rua=mailto:you@example.org"
  • Name (_dmarc): This is a well known value. You cannot change it
  • Type (TXT): The DMARC record is of type TXT
  • Value: A DMARC record consist of several fields. The most notable ones are:
    • policy: indicate what to do with an email that fail the test. Values are:
      • none: Don't treat the email specifically. This is a good value to start with. Use it in combination with the reporting option to get reports before blocking emails.
      • quarantine: Mails are put in the Spam folder
      • reject: Mails are rejected. Recipient cannot see them anywhere
    • aggregate reports: Use this to receive a daily report of emails failing the test. You can parse them and get reports at websites like dmarcanalyzer.com
    • forensic reports: Same as the aggregate but get one report per email with more details. The site above parses them in their paid version To generate a valid record is is recommanded to use a dmarc wizard.

Mail

This record is used to access Roundcube.

mail                   CNAME  server
  • Name (mail): This will be expanded to mail.example.org
  • Type (CNAME): A for IPV4 and AAAA for IPV6. Note that as the above MX record is pointing to this one, you cannot use a CNAME here
  • Value (server): The name of your server. You must have a corresponding server.example.org record with the IP address