Description: To protect mail server against spoofing and mails not delivered in Junk folder in other platforms like Google Apps, Yahoo, and Outlook etc. We need to setup SPF, DKIM and DMARC in Mail server. Please find the below detail information about SPF, DKIM and DMAC as follow:
1. SPF: Sender Policy Framework (SPF) is an email validation system, designed to prevent unwanted emails using a spoofing system. To check this common security problem, SPF going to verify the source IP of the email and compare it with a DNS txt record with a SPF content.
1. SPF: Sender Policy Framework (SPF) is an email validation system, designed to prevent unwanted emails using a spoofing system. To check this common security problem, SPF going to verify the source IP of the email and compare it with a DNS txt record with a SPF content.
- Mechanisms can be prefixed with one of four qualifiers:
"+" Pass
"-" Fail
"~" SoftFail
"?" Neutral
- If a mechanism results in a hit, its qualifier value is used. The default qualifier is "+", i.e. "Pass". For example:
"v=spf1 -all"
"v=spf1 a -all"
"v=spf1 a mx -all"
"v=spf1 +a +mx -all"
“v=spf1 include: yourdomain.net ~all”
2. DKIM [Domain Key Identified Mail]: DKIM is method to associate the domain and the email, allowing to person or company assume the responsibility of the email.
Please generate DKIM key in Zimbra Mail Server using SSH:
# /opt/zimbra/libexec/zmdkimkeyutil -a -d yourdomain.com
You will receive output as follow:
DKIM Data added to LDAP for domain zimbra.io with selector 25D766CE-CEAC-11E7-B087-020B6DB9DD9A
Public signature to enter into DNS:
25D766CE-CEAC-11E7-B087-020B6DB9DD9A._domainkey IN TXT ( "v=DKIM1; k=rsa; "
"p=MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAwA4vVMiV3/14hRMzbKNnBKNThqxTWLi2E5NqqHLccIJg/P33yqwgGVKKUM9HFfXZ8urz6/dl8oNG3oxs73W1sgWHrFRo3ZayHsuUMe+DLyt8wtyR/RUae0nvd6Z6t0lPwujXWBrRS/FeMg/IGA8ExBKjD+aAYdQfH/lhlDGzumTXgbSB0KMzlpOjcum2Aes69rEiR744GGaPb2"
"X3MxK8vjpeMIx16n2tADb0wKKP19WTF0at5HCP8F4SFflLUPJMOC1Be9FCWjTjNr1qrRZTwCwC7OC9tnV7SsKKXG+8D6hu39Tm5U1GLzpKvLMIv14b6MWsU9cV/iVKH+hQq4YRowIDAQAB" ) ; ----- DKIM key 25D766CE-CEAC-11E7-B087-020B6DB9DD9A for zimbra.io
After generate DKIM test key using below site:
http://dkimcore.org/tools/keycheck.html
Selector: 25D766CE-CEAC-11E7-B087-020B6DB9DD9A
Domain: yourdomain.com
Key: “p=MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQD4sp8nBr2CqtNJJVYJte+TaX5E4rrRPB2P
ICp/AnkaTsA6J7NADJz21JA+supRZ1VzaGVuHL2vKzTFM7YjR/9pdSNuCLTzpAr3uuqzwna89G
eb5kcz4ICzLt5XoxfEmEtnAz43DidZ/JXDOD/iRprPl+B9k15XHbPVjatmuLReSQIDAQAB”
Add DKIM and SPF in DNS as following screen shot:
3. DMARC: Domain-based Message Authentication, Reporting & Conformance (DMARC) is a technical specification created by a group of organizations that want to help reduce the potential for email-based abuse by solving a couple of long-standing operational, deployment, and reporting issues related to email authentication protocols.
DMARC standardizes how email receivers perform email authentication using the well-known SPF and DKIM mechanisms. This means that senders will experience consistent authentication results for their messages at AOL, Gmail, Hotmail, Yahoo! and any other email receiver implementing DMARC. We hope this will encourage senders to more broadly authenticate their outbound email which can make email a more reliable way to communicate.
Add DMARC record as follow:
Type: TXT
Host/Name: _DMARC.yourdomain.com
Value: v=DMARC1; p=none; rua=mailto:spam-reports@yourdomain.com; ruf=mailto:spam-reports@yourdomain.com
No comments:
Post a Comment