- make sure the MTA's forward and reverse DNS match
- set up an SPF record, probably "v=spf1 mx ~all"
- manage DNS MX, DKIM, DMARC and SPF records (SPF, DKIM, and DMARC are a recommended order of implementation)
- set up DKIM signing for each domain you host, make the DKIM domain match the From: domain
- start slow and look at any bounces
- maybe collect DMARC stats but for a small volume MTA, not very interesting
- instead of struggling with Postfix, OpenDKIM, Dovecot and friends (and losing out on quite a few features), try looking at maddy
- arrange for a backup MTA
- manage reverse lookup records, including managing the uncertain chain of authority between the instance and the nearest SOA
- manage certificates associated with TLS for SMTP and IMAP
- manage DKIM certificate
- manage one's upstream to address PBL issues
- keep the MTA secure and free from DOS attack
- Use a static IPv4 address for your email system [counter point: If DNS is fully functional and IP addresses don't change too quickly and TTL is configured properly on DNS records, ... then why is a static IP address strictly required? ]
- Do not share this IPv4 address with user machines
- Do not host your email system 'in the cloud'
- Make sure that your IP address is not listed in the PBL
- Provide an MX record
- Provide meaningful and consistent reverse DNS
- Your system should say HELO (or EHLO) with its hostname
- Keep your software completely up-to-date
- Ensure that only authorised users can send email through your system.
- Limit outgoing email volumes
- Accept reports of problems with your systems
- Review the mail system logs on a regular basis
- Be reliable (viz have at least 4 9s availability)
- Don't be an open relay
- Don't create backscatter
- Maintain a good reputation
- users can probably have acceptable success with all but the large email providers if they simply have their MTA hello as the name that the ISP assigns to the connection presuming that the ISP has forward and reverse DNS configured therefor.
Monday, July 10. 2023
General Guideline for Setting up a Mail Server
Debian Apt Btrfs Auto-Snapshot Retrofit
Debian with Automated Snapper Rollbacks is a short tutorial about setting up a Debian linux system with automated BTRFS snapshots of the system and easy rollback to previous auto-generated snapshots. Once it's setup, it'll automatically take pre/post snapshots when you run `apt` and you can boot them from grub.
(Page 1 of 1, totaling 2 entries)