Re: Email Server and DNS

[TR Shaw <tshaw () oitc com>]

In addition to all the other reco's below, 

1) only allow sending by your users from the submit port and only with authentication. There should be no client 
sending through the SMTP port.

2) Implement SSL on POP & IMAP if at all possible Otherwise enforce CRAM-MD5

3) Review logs esp pop and imap login failures. 

4) Turn off VRFY. 

On Nov 3, 2013, at 11:49 AM, Private Sender wrote:

> Signed PGP part
> On 11/3/2013 8:39 AM, rwebb () ropeguru com wrote:
> > So I figured a little break from the NSA was in order.
> >
> > I am looking for some info on current practice for an email server 
> > and SMTP delivery. It has been a while since I have had to setup an
> > email server and I have been tasked with setting up a small one for
> > a friend. My question centers around the server sending outgoing
> > email and the current practices requirements for other servers to
> > accept email Things like rDNS, SPF records, etc...
> >
> > I am pretty much set on the issue of incoming spam and virus. 
> > Probably overkill but it is checked at the Sophos UTM firewall and 
> > at the email server itself.
> >
> > Thanks,
> >
> > Robert
>
> MX, PTR, and SPF are really all you need. I would recommend you go a
> step further and use DKIM, ADSP, and DMARC. It will help keep asshat
> spammers from flaming your domain all over the internet.
>
> I use http://www.unlocktheinbox.com/ to verify my configuration.
>
> - -- 
> - -Bret Taylor

Attachment: signature.asc
Description: Message signed with OpenPGP using GPGMail