Email: Difference between revisions

From MTU LUG Wiki
Jump to navigation Jump to search
imported>Sjwhitak
(Created page with "This is honestly an academic exercise because almost everyone uses Google's IMAP servers or other big ones, and anyone who doesn't are probably spammers. So, you have to try really, really hard and put a lot of settings up to not act like a spammer. A spammer can do these exact same things, too, which means you'll need to try really hard gain reputation and manually remove yourself from blacklists until you've put in so much effort that people have to assume you <em>aren...")
(No difference)

Revision as of 16:12, 28 March 2022

This is honestly an academic exercise because almost everyone uses Google's IMAP servers or other big ones, and anyone who doesn't are probably spammers. So, you have to try really, really hard and put a lot of settings up to not act like a spammer. A spammer can do these exact same things, too, which means you'll need to try really hard gain reputation and manually remove yourself from blacklists until you've put in so much effort that people have to assume you aren't a spammer. Then, if you get compromised and a spammer gains access to your mail server, you have to go through all of this all over again!

Own server

Follow this: https://gist.github.com/howyay/57982e6ba9eedd3a5662c518f1b985c7 to install dovecot and postfix. It's straightforward, but the DNS records may be a little confusing.

You need:

  1. A domain name (purchased by namecheap, whois, godaddy, etc)
  2. A server with Linux (Your own server, or purchase a VPS from linode, hostwinds, AWS, etc)

If your domain's example.com and your server's IP is 141.219.188.20, then point that domain to your server using your DNS records. This tutorial is a bit confusing with the DNS records, so I'm just going to step through this in more fidelity.

  • A records
    • Name: example.com, IP: 141.219.188.20
    • Name: mail.example.com, IP: 141.219.188.20
  • MX records
    • Name: mail.example.com, IP: 141.219.188.20, Priority 0
  • TXT records
    • Name: example.com, Value: v=spf1 ip4:141.219.188.20 -all
    • Name: default._domainkey.example.com, Value: v=DKIM1; h=sha256; k=rsa; p=<your generated public key>
    • Name: _dmarc.horatio.us, Value: v=DMARC1;p=quarantine;

These DNS records are required to prevent spammers from spoofing your email. It's quite simple to spoof your email, simply set the "From" header to whatever you want, and so you could just use From: steven@example.com to a bunch of people. The spf1 DNS record says that if an email sent outside of the IP 141.219.188.20. If someone actually does try to use your email, it'll be quarantined following your DMARC1 value. Finally, if someone spoofs your IP somehow, they will also require your private key to compare with your DKIM1 public key shown in the third TXT record.

Finally, you'll need to set your rDNS record on your server yourself. I don't know how to do this on a server you own, but if you're using a VPS, you set this rDNS value on your server, not the domain. rDNS is a lookup parameter so someone requesting your IP (dig -x 141.219.188.20), it'll respond with the mail server domain name.

Differences

The only trouble I had was working with PAM, and I think the configuration is wrong in 0x06 Setup Dovecot IMAP server, I could only get it to work with:

passdb {
    args = failure_show_msg=yes
    driver = pam
}

I don't really know why it worked. There might have been some issues where creating your user with PAM needed some reboots. In fact, I very much distrust this set up because I only modified this parameter so I could debug the issue, but it instead fixed it all. Who knows.

Logging

If you follow all these settings, you'll miss out on logging for everything, which will suck if something's not working. In /etc/dovecot/dovecot.conf add this line:

!include conf.d/10-logging.conf

Then add some verbosities into this /etc/dovecot/conf.d/10-logging.conf file,

log_path = /var/log/dovecot.log
auth_verbose = yes
auth_debug = yes
auth_debug_passwords = yes
mail_debug = yes
verbose_ssl = yes

These 5 parameters are all the ones I found to get the most logging possible. Once you got it working, you can drop the logging lines to keep everything clean.

For postfix, you need to run these commands in your shell:

postfix stop
postconf maillog_file=/var/log/postfix.log
postfix start


Spam

Spam is a big issue with email and it's "fixed" by blocking literally everything (Google's policy) if the IP isn't positively trustworthy. If it's slightly trustworthy, the email is simply sent directly to spam rather than being completely blocked.

To get around this (and you know an easy way, let me know, sjwhitak is my email, please and thank you), go to https://mxtoolbox.com/blacklists.aspx and search your IP. For every list that has you blacklisted, you'll need to go to each of their websites and manually request that you be removed. Some times it takes weeks, some times only a few days. This still does not guarantee you'll get past Google's email death wall, but you'll eventually be able to get past it. Internet searches for Gmail 550-5.7.1 will show a lot of angry people at Google and their "improved" AI-system is blocking a lot of people.

If someone is more knowledgeable in this field, add to this. I'm not. I'm barely getting my email afloat and I can at least email disroot with this setup, but gmail outright fails completely, having a spammer use my IP 3 years ago.