Stuff I'm Up To

Technical Ramblings

Mozilla Thunderbird Logging — March 2, 2017

Mozilla Thunderbird Logging

I had the need to view the actual SMTP server conversation to confirm TLS and authentication were being used. I could have done this from server logs, but as we transmit thousands of SMTP messages a day it was easier to look to the client for logs, rather than for the needle in a stack of other needles.

Continue reading

Advertisements
DKIM Signature Testing — November 24, 2016

DKIM Signature Testing

After setting up a DKIM DNS entry and then sending email we were seeing one of authorised 3rd parties failing to pass the DKIM checks. The DNS record looked OK but the mail systems like Google and Yahoo were saying it was failing. So how do I go about testing a message I received so I can see for myself what’s going on?

Looks like the answer is to use a Perl module “Mail::DKIM::Verifier”

Continue reading

SPF Testing — November 17, 2016
DMARC, SPF and DKIM — November 11, 2016

DMARC, SPF and DKIM

For several ears now we’ve run a fairly tight ship on our email server. It consumes an awful lot of resources mainly because of how many businesses out there fail to properly configure their email server correctly. By far the biggest failing is not using the proper HELO/EHLO name and not having a reverse DNS (RNDS/PTR) record that matches.

So please, if you’re an email admin, get it sorted. This is an internet standard from way back in the 1980’s and beyond!

Adding to our anti-spam systems using DKIM and SPF we’ve brought in DMARC to enforce compliance with these standards. So in future we’ll be telling recipients to reject mail claiming to be from our domain that fails to meet the SPF and DKIM checks.

Continue reading

Set up Government Email Services Securely — October 25, 2016
Exim4, DKIM & Smarthost — October 13, 2016
Exim4 & DKIM — October 8, 2016

Exim4 & DKIM

Where possible I try to get mail systems setup so that they can be verified as true senders by the recipient by using SPF and DKIM. Seems a shame that few mail systems actually seem to do this as it would trim a lot of spam from the net.

Having moved to another server I needed to move the mail sender with it. This particular system only needs to send email out as there is another system that receives mail for this domain. So All I need do is install an SMTP service and make sure it signs it’s messages with the same private key as I previously used, so it matches the public key that is published in DNS.

Previously the system used Postfix and OpenDKIM, but as this needs to be a barebones simple system I figured I’d stick with Debian’s default mailer Exim4. Turns out this was a good choice as it has DKIM built in.

Continue reading

Synology & SMTP — October 12, 2015

Synology & SMTP

This box runs Linux and many of my favourite services so can handle Postfix, Dovecot, SpamAssassin and many others that are documented here. There are a few quirks though. After all it is highly stylised and GUI based so the configs are driven by the web interface. That just needs some careful consideration as they will be overwritten every time the server starts. So you just need to ensure you edit the “template” files that the GUI will apply.

Continue reading