[166675] in North American Network Operators' Group
Re: Email Server and DNS
daemon@ATHENA.MIT.EDU (TR Shaw)
Sun Nov 3 13:10:43 2013
From: TR Shaw <tshaw@oitc.com>
Date: Sun, 3 Nov 2013 13:10:33 -0500
In-Reply-To: <52767E9C.8010805@snovc.com>
To: "<nanog@nanog.org> Operators' Group" <nanog@nanog.org>
Errors-To: nanog-bounces+nanog.discuss=bloom-picayune.mit.edu@nanog.org
--Apple-Mail=_DF3461B8-FD84-4FFE-BAC8-2E3C09855A75
Content-Transfer-Encoding: quoted-printable
Content-Type: text/plain;
charset=us-ascii
In addition to all the other reco's below,=20
1) only allow sending by your users from the submit port and only with =
authentication. There should be no client sending through the SMTP port.
2) Implement SSL on POP & IMAP if at all possible Otherwise enforce =
CRAM-MD5
3) Review logs esp pop and imap login failures.=20
4) Turn off VRFY.=20
On Nov 3, 2013, at 11:49 AM, Private Sender wrote:
> Signed PGP part
> On 11/3/2013 8:39 AM, rwebb@ropeguru.com wrote:
> > So I figured a little break from the NSA was in order.
> >=20
> > I am looking for some info on current practice for an email server=20=
> > and SMTP delivery. It has been a while since I have had to setup an
> > email server and I have been tasked with setting up a small one for
> > a friend. My question centers around the server sending outgoing
> > email and the current practices requirements for other servers to
> > accept email Things like rDNS, SPF records, etc...
> >=20
> > I am pretty much set on the issue of incoming spam and virus.=20
> > Probably overkill but it is checked at the Sophos UTM firewall and=20=
> > at the email server itself.
> >=20
> > Thanks,
> >=20
> > Robert
> >=20
>=20
> MX, PTR, and SPF are really all you need. I would recommend you go a
> step further and use DKIM, ADSP, and DMARC. It will help keep asshat
> spammers from flaming your domain all over the internet.
>=20
> I use http://www.unlocktheinbox.com/ to verify my configuration.
>=20
> - --=20
> - -Bret Taylor
>=20
>=20
--Apple-Mail=_DF3461B8-FD84-4FFE-BAC8-2E3C09855A75
Content-Transfer-Encoding: 7bit
Content-Disposition: attachment;
filename=signature.asc
Content-Type: application/pgp-signature;
name=signature.asc
Content-Description: Message signed with OpenPGP using GPGMail
-----BEGIN PGP SIGNATURE-----
Comment: GPGTools - http://gpgtools.org
iEYEARECAAYFAlJ2kZkACgkQloE8gnDJj8Mv5gCdEYNhUK3dmw7OiQWyX7hPGa0l
xPIAninw2FDFvDOGhMFn9pEYVVipxAlG
=u4uw
-----END PGP SIGNATURE-----
--Apple-Mail=_DF3461B8-FD84-4FFE-BAC8-2E3C09855A75--
