nanog mailing list archives
Re: Email Server and DNS
From: TR Shaw <tshaw () oitc com>
Date: Sun, 3 Nov 2013 13:10:33 -0500
In addition to all the other reco's below, 1) only allow sending by your users from the submit port and only with authentication. There should be no client sending through the SMTP port. 2) Implement SSL on POP & IMAP if at all possible Otherwise enforce CRAM-MD5 3) Review logs esp pop and imap login failures. 4) Turn off VRFY. On Nov 3, 2013, at 11:49 AM, Private Sender wrote:
Signed PGP part On 11/3/2013 8:39 AM, rwebb () ropeguru com wrote:So I figured a little break from the NSA was in order. I am looking for some info on current practice for an email server and SMTP delivery. It has been a while since I have had to setup an email server and I have been tasked with setting up a small one for a friend. My question centers around the server sending outgoing email and the current practices requirements for other servers to accept email Things like rDNS, SPF records, etc... I am pretty much set on the issue of incoming spam and virus. Probably overkill but it is checked at the Sophos UTM firewall and at the email server itself. Thanks, RobertMX, PTR, and SPF are really all you need. I would recommend you go a step further and use DKIM, ADSP, and DMARC. It will help keep asshat spammers from flaming your domain all over the internet. I use http://www.unlocktheinbox.com/ to verify my configuration. - -- - -Bret Taylor
Attachment:
signature.asc
Description: Message signed with OpenPGP using GPGMail
Current thread:
- Email Server and DNS rwebb (Nov 03)
- Re: Email Server and DNS Rich Kulawiec (Nov 03)
- Re: Email Server and DNS Jimmy Hess (Nov 03)
- Re: Email Server and DNS Rich Kulawiec (Nov 08)
- Re: Email Server and DNS rwebb (Nov 08)
- Re: Email Server and DNS Jimmy Hess (Nov 03)
- Re: Email Server and DNS Rich Kulawiec (Nov 03)
- Re: Email Server and DNS Private Sender (Nov 03)
- Re: Email Server and DNS TR Shaw (Nov 03)
- Re: Email Server and DNS Jim Popovitch (Nov 03)
- Re: Email Server and DNS John Levine (Nov 03)
- Re: Email Server and DNS Dave Crocker (Nov 04)
- Re: Email Server and DNS Franck Martin (Nov 04)
- Re: Email Server and DNS David Conrad (Nov 04)
- Re: Email Server and DNS bmanning (Nov 08)