When you send email from your server, your email can be recognised by client name as un-secure/un-trustable if you use a third party provided domain name.
This is pretty normal, as any body can send email with the form they likes and it will be delivered.
For exemple I can send email in the form "sheda@ubuntu.com", but most email Client while detect this email as suspicious due to the fact my IP sending the email may not have the right on the domain "ubuntu.com".
To evaluate emails rights, Client will ask the domain name owner if IP sending the email is allowed to use this email name, this information is contained in TXT records of a DNS as SPF value.
What is an SPF value
The SPF value is a synthax to defines right around sending email with a particular domain name.
For exemple:
- you can allow anybody to send email with your domain name:
"v=spf1 +all"- you can deny anybody to send email with your domain name:
"v=spf1 -all"- You can allow only one IP to send email with your domain name:
"v=spf1 ip4:192.168.0.1/0 -all"You can check the spf value of a domain name by using the command dig:
sheda@ubuntu:~$ dig any gmail.com ; <<>> DiG 9.8.1-P1 <<>> any gmail.com ... ;; ANSWER SECTION: .. gmail.com. 1800 IN TXT "v=spf1 redirect=_spf.google.com" ..You can see a line with the SPF equation, redirecting to a spf server, and if you dig it several time you will end up on a simple spf equation allowing a range of IP to send @gmail.com emails:
sheda@ubuntu:~$ dig any _spf.google.com ... ;; ANSWER SECTION: _spf.google.com. 1800 IN TXT "v=spf1 include:_netblocks.google.com include:_netblocks2.google.com include:_netblocks3.google.com ~all" ...
sheda@ubuntu:~$ dig any _netblocks3.google.com ... ;; ANSWER SECTION: _netblocks3.google.com. 1800 IN TXT "v=spf1 ip4:172.217.0.0/19 ~all" ...
Practical: Use and User/Password account with SMTP on 1and1.fr Domain provider
The domain name I'm using for my personnal server (lets call it "toto.com") is served by 1and1.com that only trust mail from its own email server(MX's) by default.
So to sent trusted email I need to use the smtp forward of 1and1.fr.
To do so I need to: - Create a mail account on 1and1.fr:
sheda@toto.com- Add the SPF entry in my DNS settings:
"v=spf1 include:_spf.perfora.net include:_spf.kundenserver.de -all"- Changes settings of ssmpt service on my server:
cat /etc/ssmtp/ssmtp.conf # Config file for sSMTP sendmail # # The person who gets all mail for userids < 1000 # Make this empty to disable rewriting. root=postmaster # The place where the mail goes. The actual machine name is required no # MX records are consulted. Commonly mailhosts are named mail.domain.com mailhub=auth.smtp.1and1.fr:465 # Use SSL/TLS before starting negotiation UseTLS=Yes # UseSTARTTLS=Yes # Username/Password AuthUser=sheda@toto.com AuthPass=totoPassword # Where will the mail seem to come from? # rewriteDomain= # The full hostname hostname=jarvis.sheda.fr # Are users allowed to set their own From: address? # YES - Allow the user to specify their own From: address # NO - Use the system generated From: address # FromLineOverride=YES- changes aliases of my unix users to uses the right ssmtp config:
cat /etc/ssmtp/revaliases sSMTP aliases # # Format: local_account:outgoing_address:mailhub # # Example: root:your_login@your.domain:mailhub.your.domain[:port] # where [:port] is an optional port number that defaults to 25. root:sheda@toto.com:auth.smtp.1and1.fr:465
Test Your changes
The SPF can take some time to be taken into account from the DNS, due to the fact it must be duplicated between all DNS mirrors.
You can check your changes with:
sheda@ubuntu:~$ dig any toto.com ; <<>> DiG 9.8.1-P1 <<>> any toto.com ;; global options: +cmd ;; Got answer: ;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 41462 ;; flags: qr rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 0, ADDITIONAL: 0 ;; QUESTION SECTION: ;toto.com. IN ANY ;; ANSWER SECTION: toto.com. 1800 IN TXT "v=spf1 include:_spf.perfora.net include:_spf.kundenserver.de -all" ;; Query time: 43 msec ;; SERVER: 127.0.0.1#53(127.0.0.1) ;; WHEN: Sun Oct 9 21:53:56 2016 ;; MSG SIZE rcvd: 83
echo "test1" | mail -v -s "test_new_smtp_settings" random@gmail.comHope
No comments :
Post a Comment
Let your mind talk