Internet Email Server Setup

Tools

https://ssl-tools.net/mailservers/irig106.org

https://mxtoolbox.com/

TLS Certificate

TLS Quick and Dirty Setup

http://www.postfix.org/TLS_README.html

http://postfix.state-of-mind.de/patrick.koetter/smtpauth/postfix_tls_support.html

http://www.flatmtn.com/article/setting-openssl-create-certificates

Edit openssl.cnf for defaults
Generate the CA certificate - The first cert is the Authority cert

openssl ca -new -x509 -extensions v3_ca -keyout private/CA-key.pem -out CA-cert.pem -days 3650 -config ./openssl.cnf -nodes

Generate the server certificate - create server cert request to be signed by the CA Authority

openssl req -new -x509 -extensions v3_ca -keyout private/email-key.pem -out email-cert.pem -days 3650 -config ./openssl.cnf -nodes

Sign the server certificate - sign the server cert request with our own CA cert

Hmmm… just for openssl support run the script…

/usr/libexec/dovecot/mkcert.sh

In PostFix be sure to set these in main.cf:

# From http://www.postfix.org/TLS_README.html#quick-start
smtp_tls_loglevel = 1
smtp_tls_session_cache_database = btree:${data_directory}/smtp_scache
smtp_tls_security_level = may
smtp_tls_cert_file = 
smtp_tls_key_file = 
smtp_tls_CAfile = 
smtp_tls_mandatory_protocols=!SSLv2,!SSLv3

smtpd_tls_loglevel = 1
smtpd_tls_received_header = yes
smtpd_tls_security_level = may
smtpd_tls_cert_file = 
smtpd_tls_key_file = 
smtpd_tls_CAfile = 
smtpd_tls_mandatory_protocols=!SSLv2,!SSLv3
smtpd_tls_exclude_ciphers = MD5,DES,RC4

SMTP TLS checker tools

SPF

irig106.org TXT record

"v=spf1 ip4:198.89.126.181 ~all"

Others

"v=spf1 redirect=irig106.org ~all"

DMARC

http://dmarc.org/resources.html

_dmarc.irig106.org    TXT  "v=DMARC1; p=none; rua=mailto:bob.dmarc@irig106.org; ruf=mailto:bob.dmarc@irig106.org"
_dmarc.baggerman.org  TXT  "v=DMARC1; p=none; rua=mailto:bob.dmarc@baggerman.org; ruf=mailto:bob.dmarc@baggerman.org"