Difference between revisions of "Service/smtp"

From Sugar Labs
Jump to navigation Jump to search
(Make a and m bold.)
Line 71: Line 71:
  
 
Ensure your private key is on hostname and specify the path to it when using a tool like opendkim - /etc/opendkim.conf -, with
 
Ensure your private key is on hostname and specify the path to it when using a tool like opendkim - /etc/opendkim.conf -, with
the user and group of the key being opendkim.
+
the user and group of the key set to opendkim.
  
 
== See also ==
 
== See also ==

Revision as of 08:05, 29 July 2023

Hostnames

hostname service port function
smtp.sugarlabs.org smtp 25 Local delivery (plain SMTP)
smtp.sugarlabs.org submission 587 SMTP with STARTTLS, legacy
smtp.sugarlabs.org submissions 465 Email relay (SMTP with SSL, password authentication required)

Hosted on

Machine/sunjammer

Administrative contact

  • postmaster AT sugarlabs DOT org

Sysadmins

Notes

  • Users with a Sugar Labs shell account on sunjammer can use our SMTP relay for personal email submission. Any abuse will be prosecuted.
  • The submissions port (465) is preferred for email relay. Unauthenticated and unencrypted connections are not allowed to relay.
  • All email originating from the sugarlabs.org domain must be submitted through our SMTP server. Failure to do so may result in your email being blocked by spam filters.

SPF

Our domains use a non-strict (~all) SPF records.

You can add an spf record in the zone file in the form

 hostname         TXT     "v=spf1 redirect=_spf.hostname.sugarlabs.org"
 _spf.hostname    TXT     "v=spf1 ip4:IPv4_of_hostname/mask ip6:IPv6_of_hostname/mask a:hostname.sugarlabs.org mx:hostname.sugarlabs.org ~all"

The a and mx values are authorized mail server by domain name and authorized server by domain MX record, the MX record should also be defined for hostname.

Also maintain spacing and formatting for each section you add in the zone file.

DKIM

Our domain publishes a DKIM key.

To test DKIM, send an email to autorespond+dkim@dk.elandsys.com


To generate an ed25519 key to use for DKIM, you can use openssl

 # Generate ed25519 key
 $ openssl genpkey -algorithm ed25519 -out dkim_private.pem
 # Generate public key from private key
 $ openssl pkey -in dkim_private.pem -pubout -out dkim_public.pem

For ed25519 keys, the p value in the DKIM record must only contain the BASE64 encoded public key, without an ASN.1 structure

 $ openssl asn1parse -in dkim_public.pem -offset 12 -noout -out /dev/stdout | openssl base64
 VGhpcyBpcyBqc3V0ZSBhc29ka2ZvYXNrZWpkZmtsc2pkZgo=

Your entry would look like this

 default._domainkey.hostname      TXT     "v=DKIM1; g=*; k=ed25519; p=VGhpcyBpcyBqc3V0ZSBhc29ka2ZvYXNrZWpkZmtsc2pkZgo="
 _adsp._domainkey.hostname        TXT     "dkim=unknown"

Ensure your private key is on hostname and specify the path to it when using a tool like opendkim - /etc/opendkim.conf -, with the user and group of the key set to opendkim.

See also