Sunday, October 9, 2016

[JustANote] Makes your emails trusted again (From your local custom server)

When you send email from your server, your email can be recognised by client name as un-secure/un-trustable if you use a third party provided domain name.
This is pretty normal, as any body can send email with the form they likes and it will be delivered.
For exemple I can send email in the form "", but most email Client while detect this email as suspicious due to the fact my IP sending the email may not have the right on the domain "".
To evaluate emails rights, Client will ask the domain name owner if IP sending the email is allowed to use this email name, this information is contained in TXT records of a DNS as SPF value.

What is an SPF value

The SPF value is a synthax to defines right around sending email with a particular domain name.
For exemple:
- you can allow anybody to send email with your domain name:
"v=spf1 +all"
- you can deny anybody to send email with your domain name:
"v=spf1 -all"
- You can allow only one IP to send email with your domain name:
"v=spf1 ip4: -all"
You can check the spf value of a domain name by using the command dig:
 sheda@ubuntu:~$ dig any
; <<>> DiG 9.8.1-P1 <<>> any
..  1800 IN TXT "v=spf1"
You can see a line with the SPF equation, redirecting to a spf server, and if you dig it several time you will end up on a simple spf equation allowing a range of IP to send emails:
 sheda@ubuntu:~$ dig any
;; ANSWER SECTION: 1800 IN TXT "v=spf1 ~all"
 sheda@ubuntu:~$ dig any
;; ANSWER SECTION: 1800 IN TXT "v=spf1 ip4: ~all"

Practical: Use and User/Password account with SMTP on Domain provider

The domain name I'm using for my personnal server (lets call it "") is served by that only trust mail from its own email server(MX's) by default.
So to sent trusted email I need to use the smtp forward of
To do so I need to: - Create a mail account on 
- Add the SPF entry in my DNS settings:
"v=spf1 -all"
- Changes settings of ssmpt service on my server:
 cat /etc/ssmtp/ssmtp.conf
# Config file for sSMTP sendmail
# The person who gets all mail for userids < 1000
# Make this empty to disable rewriting.

# The place where the mail goes. The actual machine name is required no 
# MX records are consulted. Commonly mailhosts are named

# Use SSL/TLS before starting negotiation

# Username/Password

# Where will the mail seem to come from?
# rewriteDomain=

# The full hostname

# Are users allowed to set their own From: address?
# YES - Allow the user to specify their own From: address
# NO - Use the system generated From: address
# FromLineOverride=YES
- changes aliases of my unix users to uses the right ssmtp config:
cat /etc/ssmtp/revaliases

 sSMTP aliases
# Format: local_account:outgoing_address:mailhub
# Example: root:your_login@your.domain:mailhub.your.domain[:port]
# where [:port] is an optional port number that defaults to 25.

Test Your changes

The SPF can take some time to be taken into account from the DNS, due to the fact it must be duplicated between all DNS mirrors.
You can check your changes with:
 sheda@ubuntu:~$ dig any

; <<>> DiG 9.8.1-P1 <<>> any
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 41462
;; flags: qr rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 0, ADDITIONAL: 0


;; ANSWER SECTION: 1800 IN TXT "v=spf1 -all"

;; Query time: 43 msec
;; WHEN: Sun Oct  9 21:53:56 2016
;; MSG SIZE  rcvd: 83
 echo "test1" | mail -v -s "test_new_smtp_settings"

No comments :

Post a Comment

Let your mind talk