How To Mail 2021

sending and receiving E-Mail - properly

Anton Dollmaier @ MiniDebConf Regensburg

E-Mail

Sending Mail

Submission vs SMTP

Tech

• Postfix
• master.cf:

submission inet n       -       n       -       -       smtpd
  -o syslog_name=postfix/submission
  -o smtpd_sasl_auth_enable=yes
  -o smtpd_client_restrictions=permit_sasl_authenticated,reject
  -o smtpd_helo_required=no
  -o smtpd_helo_restrictions=
  -o smtpd_tls_dh1024_param_file=/etc/postfix/dh1024.pem

aditsystems.de. IN MX 10 mail-int.mailhosting.a1a-server.de.

properly sending: Authentication

SPF: which client are authorized?

aditsystems.de. IN TXT "v=spf1 include:_spf.a1a-server.de -all"
_spf.a1a-server.de. IN TXT "v=spf1 ip4:185.115.178.227/32 ip6:2a02:74a0:a008:414::227/128 ip4:185.115.178.228/32 ip6:2a02:74a0:a008:414::228/128 ip4:82.199.143.64/26 ip6:2a01:4a0:5:3f::2/64"

DKIM: was the content tampered with?

DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple;
  d=dollmaier.name; s=mail2019; t=1555854862;
  bh=Nfty0rbxfEJExATcVw/OX44L3KlO63SZOtpsxwH2WVc=;
  h=To:From:Subject:Date; b=GxYX2xtrvwrmwRI9ONgFlj6pShHS7HAa0YGCYb1qKVyk9EaA9ebm1O6oUhkiq7un0
  GAFSJk4C0BLdTkjl9VdUEjbHNT4xmRcBuUJmECGswSw0N+rUlkCbfVWmD1Euv7wrgA
  E0/cb2T/xgZqCYBmtrZuxfUG42S95K+hWr75JJWk=

validating DKIM

mail._domainkey.aditsystems.de. IN TXT "v=DKIM1; \
k=rsa; p=MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAv\
fXISP7P4//EUKKcS6ynoWIpg3X2nSuU712nP7ubUsvHRGSI2Ebv83U\
cbsWlkelX70dm8VYeelaxouZ2arnSBcKiDdr1Oj2Db/iupHbTdd9yR\
kQen9/SD0Jt2Lwh7WRCPkVchHNF+UIh92siT4PNYtano54rhHrHX/2\
Oq8HNOHd11T7U6g5tX3c2Y3m4KOnirvWD1eSe3mzzU8pdgH92CU+EN\
h6B04VNUosvNNtJASDJSVq7TVATiXomOZ4PeOnkT83jhIbHt9l6mqi\
VQj+H0KsBuYAwC3e6m+4xmd1lbMu+qv7esllwsFUTD1rR9+D1+XN0D\
B7IyXV2+m9r4iOtCQIDAQAB
					

DMARC: glueing it together

_dmarc.aditsystems.de. IN TXT "v=DMARC1; \
p=reject; rua=mailto:dmarc@aditsystems.de; \
ruf=mailto:dmarc@aditsystems.de; fo=1;"

Securing the transport

DANE

sys4.de.               IN MX   10 mail.sys4.de.
_25._tcp.mail.sys4.de. IN TLSA 3 1 1 236831AEEAB41E7BD10DC14320600B245C791B338121383D5A2916F7 EF97B49B

MTA-STS

_mta-sts.gmail.com. 300 IN TXT "v=STSv1; id=20190429T010101;"

https://mta-sts.gmail.com/.well-known/mta-sts.txt

version: STSv1
mode: enforce
mx: gmail-smtp-in.l.google.com
mx: *.gmail-smtp-in.l.google.com
max_age: 86400

Does it work?

https://www.mail-tester.com/

Receiving Mail

• OpenDKIM
• OpenDMARC
• postfix-policyd-spf-python
• postfix-mta-sts-resolver

This is not Anti-Spam!

What about Anti-Spam?

• Postscreen
• Black/White-Listing
• Greylisting
• Content Analysis: SpamAssassin
• distributed hash networks
• rspamd

Storing E-Mail

Dovecot.

Retrieving e-Mail

• POP3
• IMAP

use IMAP!

Thanks for your attention! ⛾