Hit my head against wall? - mail server

2020-08-08

Started hosting my mail server at start of this month, I have been putting off thinking I'll solve boogle spam filter problem, sadly I couldn't yet. Wish all my homies (don't have any) use proton, tuta, disroot..

Listing some valuable resources on web.

Basics

• SMTP - sending mails and push mails if host aren't same - OpenSMTP
• IMAP - receiving mails between clients - Dovecot (using just mutt)
• DKIM - domain keys identified signing
• DMARC - domain message authentication reporting & conformance
• SPF - Sender Policy Framework ref: dnsimple.com
• FCrDNS - ref: returnpath.com
• MTA-STS - ref: aykevl.nl

Guides

• Starting point - ref: poolp.org
• Holy Grail configs - ref: github/vedetta-com/caesonia

Web Sharks don't like, Unless you cloak yourself. Great Insight - ref: grumpy-troll.org

Testing Cloak - Real pain

Vaguely on this order.

• ref: internet.nl to know reputation levels, score >70.
• ref: hardenize.com better idea of published DNS configs
• mail check-auth@verifier.port25.com to check MTA-STS policy

Eejits listed me

Doesn't matter just found when STFW.

• .NL Domain - http://rfc-clueless.org/
• neighbour IP - http://www.apews.org/?

Apparently boogle suite suggest having

• SPF
• DKIM
• DMARC
• MTA-STS

should get a pass, but it's not in my case. There isn't any clear info on whys' & why nots' (if it's easy why would tons of company make business out of it - improve mail landing in spam)

I'm waiting for my Domain Registar to support DNSSEC for my TLD, shame it's not (even on custom authoritative name server)

Though there's huge gap to overcome these proprietary tactics, I'm constantly looking for ways. (Part 2 of this?)

Bonus

Listing mailservers

$ host <IP or DOMAIN>

Webserver that serves site & figure REQUEST

$ curl -sD- -o /dev/null https://www.displ.nl
$ curl -I https://displ.nl

update 2020-08-18

It's still a mystery what made me look good on proprietary big corps continued on..

Service I missed (didn't help me much but good)

• ref: mail-tester.com Decent check for SpamAssassin test even when I had 10/10 (must) mail landed on spam, also faced a bug UNPARSEABLE_RELAY (shouldn't matter)