Geekzone: technology news, blogs, forums
Guest
Welcome Guest.
You haven't logged in yet. If you don't have an account you can register now.


Naylz

42 posts

Geek


#240036 16-Aug-2018 12:31
Send private message

Looking for help implementing email standards on our server.

 

 

 

We have been using SPF but need help with 

 

Here's a guide to the key email authentication standards:

 

DKIM

 

DMARC

 

Reverse DNS

 

 

 

cheers

 

Naylin


Create new topic
stinger
628 posts

Ultimate Geek
Inactive user


  #2074464 16-Aug-2018 12:58
Send private message

Reverse DNS is something you need to organise with your service provider, and not the configuration of the server.

 

If you have a Linux server, there are guides on the Internet on how to set them up. You will need to be able to make changes to your DNS records for DKIM to work correctly.




freitasm
BDFL - Memuneh
79250 posts

Uber Geek

Administrator
ID Verified
Trusted
Geekzone
Lifetime subscriber

  #2074565 16-Aug-2018 17:08
Send private message

What email software is the server running?





Please support Geekzone by subscribing, or using one of our referral links: Samsung | AliExpress | Wise | Sharesies | Hatch | GoodSyncBackblaze backup


nunz
1421 posts

Uber Geek
Inactive user


  #2074592 16-Aug-2018 18:53
Send private message

Naylz:

 

Looking for help implementing email standards on our server.

 

 

 

We have been using SPF but need help with 

 

Here's a guide to the key email authentication standards:

 

DKIM

 

DMARC

 

Reverse DNS

 

 

 

cheers

 

Naylin

 

 

Who does your DNS?  If you could let us know the domain we can view the public records and offer some suggestions.

 

 

 

This is a good blow by blow for dkim https://www.mailjet.com/blog/news/setting-up-dkim-step-by-step-a7d0a0ec-c4aa-4b5b-aeb5-a06361aa2e51/

 

i used this for dmarc: https://blog.returnpath.com/build-your-dmarc-record-in-15-minutes-v2/

 

SPF - Thi sis a good wizard for those: https://www.spfwizard.net/

 

 

 

All the above require you to set up txt DNS records in your provider.

 

 




freitasm
BDFL - Memuneh
79250 posts

Uber Geek

Administrator
ID Verified
Trusted
Geekzone
Lifetime subscriber

  #2074638 16-Aug-2018 21:12
Send private message

That first article links to a DKIM software that doesn't exist anymore and you'd have to generate your keys to use it anyway.

 

If you running your own serever there are other software available. I use ThinkDKIM on my Windows SMTP server - it creates the keys, allows you to have multiple key pairs and guides you on configuring DNS changes. I also use Office 365 and have DKIM configured on that, with a different key pair and selector group.

 

If you are using Google or Office 365 both support DKIM by just checking a box and give you instruction to create the DNS entries.

 

You then create DMARC records to values that match your configuration settings. DMARC Analyzer does a good job of helping here.





Please support Geekzone by subscribing, or using one of our referral links: Samsung | AliExpress | Wise | Sharesies | Hatch | GoodSyncBackblaze backup


timmmay
20574 posts

Uber Geek

Trusted
Lifetime subscriber

  #2074642 16-Aug-2018 21:21
Send private message

I've done all that on Google for Business, but not on a standalone email server. Have you consider hosted email? Email is a commodity service these days, pay someone else to do it unless you have a good reason to host your own.


nunz
1421 posts

Uber Geek
Inactive user


  #2074646 16-Aug-2018 21:36
Send private message

freitasm:

 

That first article links to a DKIM software that doesn't exist anymore and you'd have to generate your keys to use it anyway.

 

If you running your own serever there are other software available. I use ThinkDKIM on my Windows SMTP server - it creates the keys, allows you to have multiple key pairs and guides you on configuring DNS changes. I also use Office 365 and have DKIM configured on that, with a different key pair and selector group.

 

If you are using Google or Office 365 both support DKIM by just checking a box and give you instruction to create the DNS entries.

 

You then create DMARC records to values that match your configuration settings. DMARC Analyzer does a good job of helping here.

 

 

I made mine via puttygen or open ssh on linux. not sure what software you mean as Puttygen and openSSH are both still around.

 

 


freitasm
BDFL - Memuneh
79250 posts

Uber Geek

Administrator
ID Verified
Trusted
Geekzone
Lifetime subscriber

  #2074662 17-Aug-2018 00:05
Send private message

I mean the actual DKIM plugin described in step 3 (OpenDKIM) - the one that uses the key pair to sign the outgoing messages. That doesn't seem to exist anymore. 





Please support Geekzone by subscribing, or using one of our referral links: Samsung | AliExpress | Wise | Sharesies | Hatch | GoodSyncBackblaze backup


 
 
 

Cloud spending continues to surge globally, but most organisations haven’t made the changes necessary to maximise the value and cost-efficiency benefits of their cloud investments. Download the whitepaper From Overspend to Advantage now.
nunz
1421 posts

Uber Geek
Inactive user


  #2078956 25-Aug-2018 12:08
Send private message

freitasm:

 

I mean the actual DKIM plugin described in step 3 (OpenDKIM) - the one that uses the key pair to sign the outgoing messages. That doesn't seem to exist anymore. 

 

 

Ironically their site uses a bad cert. Still running (seeit as http) but it is only a plugin to allow sendmail to recognise dkim - not to create dkim records or keys.

 

 

 

 

 


MichaelNZ
1385 posts

Uber Geek

Trusted
Integrity Tech Solutions

  #2079052 25-Aug-2018 15:12
Send private message

nunz:

 

freitasm:

 

I mean the actual DKIM plugin described in step 3 (OpenDKIM) - the one that uses the key pair to sign the outgoing messages. That doesn't seem to exist anymore. 

 

 

Ironically their site uses a bad cert. Still running (seeit as http) but it is only a plugin to allow sendmail to recognise dkim - not to create dkim records or keys.

 

 

OpenDKIM is a fully fledged solution for signing and authenticating DKIM.

 

However, the way this thread is going suggests you should pony up and get some professional advice. The question you are asking requires the culmination of years of experience with email and servers.

 

So, I doubt anyone is going to offer to guide you through the whole A-Z setup of DKIM and bring you up to speed with all the other areas you will likely need to understand to get the whole thing functional, for free and in the space of this thread.

 

If you had a specific question which indicated you were well on the way and I had the time/inclination, I might provide you with a brief response. But your original post may as well say "help me setup a whole mail server", which is how I read it.

 

By way of example - looking at your original post - reverse DNS is not an email authentication standard and the fact you don't even know how to implement that, suggests there is a massive gap in your understanding. DMARC is not by itself an authetication standard either - it's standard for mail servers to report how they view a sender. And yes, I know the "MA" part is short for "message authentication" but that's a bit misleading if you view it in isolation. The point is how it all fits together. Why do you even want DMARC?





WFH Linux Systems and Networks Engineer in the Internet industry | Specialising in Mikrotik | APNIC member | Open to job offers


Create new topic





News and reviews »

Air New Zealand Starts AI adoption with OpenAI
Posted 24-Jul-2025 16:00


eero Pro 7 Review
Posted 23-Jul-2025 12:07


BeeStation Plus Review
Posted 21-Jul-2025 14:21


eero Unveils New Wi-Fi 7 Products in New Zealand
Posted 21-Jul-2025 00:01


WiZ Introduces HDMI Sync Box and other Light Devices
Posted 20-Jul-2025 17:32


RedShield Enhances DDoS and Bot Attack Protection
Posted 20-Jul-2025 17:26


Seagate Ships 30TB Drives
Posted 17-Jul-2025 11:24


Oclean AirPump A10 Water Flosser Review
Posted 13-Jul-2025 11:05


Samsung Galaxy Z Fold7: Raising the Bar for Smartphones
Posted 10-Jul-2025 02:01


Samsung Galaxy Z Flip7 Brings New Edge-To-Edge FlexWindow
Posted 10-Jul-2025 02:01


Epson Launches New AM-C550Z WorkForce Enterprise printer
Posted 9-Jul-2025 18:22


Samsung Releases Smart Monitor M9
Posted 9-Jul-2025 17:46


Nearly Half of Older Kiwis Still Write their Passwords on Paper
Posted 9-Jul-2025 08:42


D-Link 4G+ Cat6 Wi-Fi 6 DWR-933M Mobile Hotspot Review
Posted 1-Jul-2025 11:34


Oppo A5 Series Launches With New Levels of Durability
Posted 30-Jun-2025 10:15









Geekzone Live »

Try automatic live updates from Geekzone directly in your browser, without refreshing the page, with Geekzone Live now.



Are you subscribed to our RSS feed? You can download the latest headlines and summaries from our stories directly to your computer or smartphone by using a feed reader.