Differences

This shows you the differences between two versions of the page.

--- internet:mail:sender_auth [2019/05/07 10:18]
gcooper
+++ internet:mail:sender_auth [2019/05/08 08:48] (current)
gcooper
@@ Line 1: / Line 1: @@
-====== DKIM and DMARC ======
+====== SPF, DKIM and DMARC ======
+FIXME Incomplete
 SPF (sender policy framework), DKIM (domain keys identified mail) and DMARC (domain message authentication reporting and conformance) are **sender authentication mechanisms** that use DNS.
+===== Testing =====
+**Various Tools**: https://dmarcian.com/dmarc-tools/
+**DKIM Test Tool**: https://mxtoolbox.com/dkim.aspx
+**DMARC Test Tool**: https://mxtoolbox.com/DMARC.aspx
+A very useful test is to **send a message from the domain under test to a Gmail address**.  Once the message is received in Gmail, perform a ''Show Original'' to view the message headers.
+===== SPF =====
+SPF is the most widely used sender authentication mechanism.  You should definitely implement it for your domains.
+A DNS SPF (TXT) record just tells the recipient server which sender servers are authorized to send e-mail for a particular domain.
+==== Virtualmin ====
+**Virtualmin -> <domain> -> Server Configuration -> DNS Options**
+{{ :internet:mail:virtualmin_spf_enable.png?750 |Create and Implement SPF and DMARC for Virtualmin Domain}}
 ===== DKIM =====
@@ Line 9: / Line 34: @@
 Signing is done with a **private key on the sender's server**, which matches a **public key added to in the sender's DNS domain**. The recipient can lookup this key at the domain in the ''From'' address, and use it to ensure that the email signature was created using the corresponding private key, which proves that the message was really sent from that domain.
-===== Testing =====
+==== Virtualmin ====
-**DKIM Test Tool**: https://mxtoolbox.com/dkim.aspx
+<note warning>Only virtual servers that have both the DNS and email features enabled will have DKIM activated, as the mail server needs to be setup to use a private signing key whose corresponding public key is added to DNS.</note>
-**DMARC Test Tool**: https://mxtoolbox.com/DMARC.aspx
+https://www.virtualmin.com/documentation/email/dkim
-A very useful test is to send a message from the domain under test to a Gmail address.  Once the message is received in Gmail, perform a ''Show Original'' to view the message headers.
+Virtualmin uses a **milter** (daemon) to implement DKIM signing and verification.
+**Virtualmin -> E-Mail Settings -> DomainKeys Identified Mail**
+{{ :internet:mail:virtualmin_dkim_enable.png?750 |Enable DKIM in Virtualmin}}
-===== Virtualmin =====
+==== Zimbra ====
-https://www.virtualmin.com/documentation/email/dkim
+<note tip>**Create** the DKIM signing key and implement signing on the Zimbra MTA server, then **publish** the DKIM selector in DNS.</note>
-===== Zimbra =====
+**Important**: https://wiki.zimbra.com/wiki/Configuring_for_DKIM_Signing
-https://wiki.zimbra.com/wiki/Configuring_for_DKIM_Signing
 https://wiki.zimbra.com/wiki/Best_Practices_on_Email_Protection:_SPF,_DKIM_and_DMARC
+===== DMARC =====
+<note>DMARC can be implemented in DNS without regard to where e-mail is hosted.</note>
+DMARC is a mechanism to tell receiving mail servers exactly how to treat failures of SPF and DKIM checks.
+DMARC also includes a mechanism to report failures back to administrators of sender domains.

Virtual Architects Support Wiki

User Tools

Site Tools

Differences

Page Tools