nickslowinski/mailcow-dockerized-docs
1
0
Fork 0
Code Issues Pull-Requests Projekte Releases Pakete Wiki Aktivität

Merge pull request #237 from grravity/patch-2

Quellcode durchsuchen 
Added headers, and new resources
Dieser Commit ist enthalten in:
André Peters 2020-10-24 22:08:37 +02:00 committet von GitHub
Commit 1bbcb4a392
Es konnte kein GPG-SchlĂĽssel zu dieser Signatur gefunden werden
GPG-SchlĂĽssel-ID: 4AEE18F83AFDEB23
1 geänderte Dateien mit 34 neuen und 16 gelöschten Zeilen
Statistiken anzeigen Patch-Datei herunterladen Diff-Datei herunterladen Alle Dateien ausklappen Alle Dateien einklappen

50
docs/prerequisite-dns.md
Datei anzeigen

@ -8,6 +8,9 @@ Below you can find a list of **recommended DNS records**. While some are mandato
["Best Practices on Email Protection: SPF, DKIM and DMARC"](https://wiki.zimbra.com/wiki/Best_Practices_on_Email_Protection:_SPF,_DKIM_and_DMARC) ["Best Practices on Email Protection: SPF, DKIM and DMARC"](https://wiki.zimbra.com/wiki/Best_Practices_on_Email_Protection:_SPF,_DKIM_and_DMARC)
- An in-depth discussion of SPF, DKIM and DMARC: - An in-depth discussion of SPF, DKIM and DMARC:
["How to eliminate spam and protect your name with DMARC"](https://www.skelleton.net/2015/03/21/how-to-eliminate-spam-and-protect-your-name-with-dmarc/) ["How to eliminate spam and protect your name with DMARC"](https://www.skelleton.net/2015/03/21/how-to-eliminate-spam-and-protect-your-name-with-dmarc/)
- A thorough guide on understanding DMARC:
["Demystifying DMARC: A guide to preventing email spoofing"](https://seanthegeek.net/459/demystifying-dmarc/)
## Reverse DNS of your IP address ## Reverse DNS of your IP address
@ -31,18 +34,21 @@ autoconfig IN CNAME mail
In the example DNS zone file snippet below, a simple **SPF** TXT record is used to only allow THIS server (the MX) to send mail for your domain. Every other server is disallowed but able to ("`~all`"). Please refer to [SPF Project](http://www.open-spf.org/) for further reading. In the example DNS zone file snippet below, a simple **SPF** TXT record is used to only allow THIS server (the MX) to send mail for your domain. Every other server is disallowed but able to ("`~all`"). Please refer to [SPF Project](http://www.open-spf.org/) for further reading.
``` ```
# Name Type Value
@ IN TXT "v=spf1 mx -all" @ IN TXT "v=spf1 mx -all"
``` ```
It is highly recommended to create a **DKIM** TXT record in your mailcow UI and set the corresponding TXT record in your DNS records. Please refer to [OpenDKIM](http://www.opendkim.org) for further reading. It is highly recommended to create a **DKIM** TXT record in your mailcow UI and set the corresponding TXT record in your DNS records. Please refer to [OpenDKIM](http://www.opendkim.org) for further reading.
``` ```
# Name Type Value
dkim._domainkey IN TXT "v=DKIM1; k=rsa; t=s; s=email; p=..." dkim._domainkey IN TXT "v=DKIM1; k=rsa; t=s; s=email; p=..."
``` ```
The last step in protecting yourself and others is the implementation of a **DMARC** TXT record, for example by using the [DMARC Assistant](http://www.kitterman.com/dmarc/assistant.html) ([check](https://dmarcian.com/dmarc-inspector/google.com)). The last step in protecting yourself and others is the implementation of a **DMARC** TXT record, for example by using the [DMARC Assistant](http://www.kitterman.com/dmarc/assistant.html) ([check](https://dmarcian.com/dmarc-inspector/google.com)).
``` ```
# Name Type Value
_dmarc IN TXT "v=DMARC1; p=reject; rua=mailto:mailauth-reports@example.org" _dmarc IN TXT "v=DMARC1; p=reject; rua=mailto:mailauth-reports@example.org"
``` ```
@ -51,18 +57,19 @@ _dmarc IN TXT "v=DMARC1; p=reject; rua=mailto:mailauth-reports@
**SRV** records specify the server(s) for a specific protocol on your domain. If you want to explicitly announce a service as not provided, give "." as the target address (instead of "mail.example.org."). Please refer to [RFC 2782](https://tools.ietf.org/html/rfc2782). **SRV** records specify the server(s) for a specific protocol on your domain. If you want to explicitly announce a service as not provided, give "." as the target address (instead of "mail.example.org."). Please refer to [RFC 2782](https://tools.ietf.org/html/rfc2782).
``` ```
_imap._tcp IN SRV 0 1 143 mail.example.org. # Name Type Priority Weight Port Value
_imaps._tcp IN SRV 0 1 993 mail.example.org. _imap._tcp IN SRV 0 1 143 mail.example.org.
_pop3._tcp IN SRV 0 1 110 mail.example.org. _imaps._tcp IN SRV 0 1 993 mail.example.org.
_pop3s._tcp IN SRV 0 1 995 mail.example.org. _pop3._tcp IN SRV 0 1 110 mail.example.org.
_submission._tcp IN SRV 0 1 587 mail.example.org. _pop3s._tcp IN SRV 0 1 995 mail.example.org.
_smtps._tcp IN SRV 0 1 465 mail.example.org. _submission._tcp IN SRV 0 1 587 mail.example.org.
_sieve._tcp IN SRV 0 1 4190 mail.example.org. _smtps._tcp IN SRV 0 1 465 mail.example.org.
_autodiscover._tcp IN SRV 0 1 443 mail.example.org. _sieve._tcp IN SRV 0 1 4190 mail.example.org.
_carddavs._tcp IN SRV 0 1 443 mail.example.org. _autodiscover._tcp IN SRV 0 1 443 mail.example.org.
_carddavs._tcp IN TXT "path=/SOGo/dav/" _carddavs._tcp IN SRV 0 1 443 Mail.example.org.
_caldavs._tcp IN SRV 0 1 443 mail.example.org. _carddavs._tcp IN TXT "path=/SOGo/dav/"
_caldavs._tcp IN TXT "path=/SOGo/dav/" _caldavs._tcp IN SRV 0 1 443 mail.example.org.
_caldavs._tcp IN TXT "path=/SOGo/dav/"
``` ```
## Testing ## Testing
@ -73,13 +80,24 @@ Here are some tools you can use to verify your DNS configuration:
- [port25.com](https://www.port25.com/dkim-wizard/) (DKIM, SPF) - [port25.com](https://www.port25.com/dkim-wizard/) (DKIM, SPF)
- [Mail-tester](https://www.mail-tester.com/) (DKIM, DMARC, SPF) - [Mail-tester](https://www.mail-tester.com/) (DKIM, DMARC, SPF)
- [DMARC Analyzer](https://www.dmarcanalyzer.com/spf/checker/) (DMARC, SPF) - [DMARC Analyzer](https://www.dmarcanalyzer.com/spf/checker/) (DMARC, SPF)
- [MultiRBL.valli.org](http://multirbl.valli.org/) (DNSBL, RBL, FCrDNS)
## Misc ## Misc
If you are interested in statistics, you can additionally register with the [Postmaster Tool](https://gmail.com/postmaster) by Google and supply a **google-site-verification** TXT record, which will give you details about spam-classified mails by your domain. This is clearly optional. ### Optional DMARC Statistics
If you are interested in statistics, you can additionally register with some of the many below DMARC statistic services, or self-host your own.
``` **NOTE:** It is worth considering that if you request DMARC statistic reports to your mailcow server, if there are issues with that domain you may not get accurate results. You can consider using an alternative email domain for recieving DMARC reports.
@ IN TXT "google-site-verification=..."
```
It is worth mentioning, that the following suggestions are not a comprehensive list of all services and tools avaialble, but only a small few of the many choices.
- [Postmaster Tool](https://gmail.com/postmaster)
- [parsedmarc](https://github.com/domainaware/parsedmarc) (self-hosted)
- [Fraudmarc](https://fraudmarc.com/)
- [Postmark](https://dmarc.postmarkapp.com)
- [Dmarcian](https://dmarcian.com/)
**NOTE:** The services may provide you with a TXT record, which you would insert into your DNS records as the provider specifies. This record will give you details about spam-classified mails by your domain. However, please ensure to read the providers documentation from the service you choose, as this process may vary and not all providers may use a TXT record.
### Fully Qualified Domain Name (FQDN)
[^1]: A **Fully Qualified Domain Name** (**FQDN**) is the complete (absolute) domain name for a specific computer or host, on the Internet. The FQDN consists of at least three parts divided by a dot: the hostname (myhost), the domain name (mydomain) and the top level domain in short **tld** (com). In the example of `mx.mailcow.email` the hostname would be `mx`, the domain name `mailcow` and the tld `email`. [^1]: A **Fully Qualified Domain Name** (**FQDN**) is the complete (absolute) domain name for a specific computer or host, on the Internet. The FQDN consists of at least three parts divided by a dot: the hostname (myhost), the domain name (mydomain) and the top level domain in short **tld** (com). In the example of `mx.mailcow.email` the hostname would be `mx`, the domain name `mailcow` and the tld `email`.