SMTP
- RFC5321: Simple Mail Transfer Protocol
- RFC5322: Internet Message Format
- RFC6409: Message Submission for Mail
- RFC5983: Mailing Lists and Internationalized Email Addresses
- RFC6530: Overview and Framework for Internationalized Email
- RFC8314: Cleartext Considered Obsolete: Use of Transport Layer Security (TLS) for Email Submission and Access
RSPAMD
Spamhaus
Configure Postfix::
smtpd_recipient_restrictions = permit_mynetworks,
permit_sasl_authenticated,
reject_unauth_pipelining,
reject_invalid_hostname,
reject_non_fqdn_hostname,
reject_non_fqdn_sender,
reject_non_fqdn_recipient,
reject_unknown_recipient_domain,
reject_unauth_destination,
check_client_access hash:/etc/postfix/rbl_override,
reject_rhsbl_sender <key>.dbl.dq.spamhaus.net=127.0.1.[2..99],
reject_rhsbl_helo <key>.dbl.dq.spamhaus.net=127.0.1.[2..99],
reject_rhsbl_reverse_client <key>.dbl.dq.spamhaus.net=127.0.1.[2..99],
reject_rhsbl_sender <key>.zrd.dq.spamhaus.net=127.0.2.[2..24],
reject_rhsbl_helo <key>.zrd.dq.spamhaus.net=127.0.2.[2..24],
reject_rhsbl_reverse_client <key>.zrd.dq.spamhaus.net=127.0.2.[2..24],
reject_rbl_client <key>.zen.dq.spamhaus.net=127.0.0.[2..255],
rbl_reply_maps = hash:/etc/postfix/dnsbl-reply-map
Problems & Solutions
SPF issues
- EHLO miss-match between announced name, IP and reverse
- missing TXT SPF record for the announced EHLO name
Example: if MX is smtp.vacs.fr
- reverse DNS of server IP must be smtp.vacs.fr
- there must be a TXT record 'smtp.vacs.fr' with v=spf1 a mx -all
verify with https://www.mail-tester.com