Re: [qmailtoaster] dmarc implementation
eric thank you. i will check this out and revert. regds rajesh - Original Message - From: Eric Broch [mailto:ebr...@whitehorsetc.com] To: qmailtoaster-list@qmailtoaster.com Sent: Tue, 2 Jan 2018 15:09:34 -0700 Subject: Rajesh, 1) Yes 2) tcp.smtp 127.:allow,RELAYCLIENT="",RBLSMTPD="",NOP0FCHECK="1" :allow,SPFBEHAVIOR="1",BADMIMETYPE="",BADLOADERTYPE="M",CHKUSER_RCPTLIMIT="200",CHKUSER_WRONGRCPTLIMIT="10",QMAILQUEUE="/var/qmail/bin/qmail-queue.orig",NOP0FCHECK="1",SENDER_NOCHECK="1" Eric On 1/2/2018 11:20 AM, Rajesh M wrote: > Eric > > 2 questions please > > Question 1) > > the default qmail install points the symlink for qmailqueue to qmail-dk > > which i have changed to > > qmail-queue -> qmail-queue.orig > > Do keep the same setting which is > > qmail-queue -> qmail-queue.orig > > > Question 2) > > Could you please send me the corresponding settings required in the tcp.smtp > file ? > > thanks, > rajesh > > > > - Original Message - > From: Eric Broch [mailto:ebr...@whitehorsetc.com] > To: qmailtoaster-list@qmailtoaster.com > Sent: Tue, 2 Jan 2018 08:51:07 -0700 > Subject: > > Hi Rajesh, > > Thank you! I appreciate your sentiments and hope your New Year brings > blessings of health and happiness as well. > > This is a better link: > > http://qmailtoaster.org/dkim.html > > which will show you how to implement per domain. > > Remember this is only signing messages going out. As of yet there is no > dkim checking coming in, I'm looking into that. > > Eric > > > On 1/2/2018 7:50 AM, Rajesh M wrote: >> eric, >> >> Wish you a wonderful New Year, full of health and happiness. >> >> I wish to implement dmarc on my qmailtoaster servers >> >> i am using centos6 64 bit with the latest versions of qmailtoaster >> >> SPF is already being used on my server >> >> Concerning dkim, currently my qmail-queue is symlinked to qmail-queue.orig >> and not pointing to qmail-dk >> >> qmail-queue -> qmail-queue.orig >> >> could you please guide me on the implementation of DMARC >> >> i am planning to implement this for all the domains in my server. >> >> I saw this link while searching for a solution. >> >> https://github.com/qmtoaster/dkim >> >> Should i follow these steps as per the above link or would you like >> recommend some other document. >> >> thanks as always, >> rajesh >> >> >> >> >> >> - >> To unsubscribe, e-mail: qmailtoaster-list-unsubscr...@qmailtoaster.com >> For additional commands, e-mail: qmailtoaster-list-h...@qmailtoaster.com > > > - > To unsubscribe, e-mail: qmailtoaster-list-unsubscr...@qmailtoaster.com > For additional commands, e-mail: qmailtoaster-list-h...@qmailtoaster.com -- Eric Broch White Horse Technical Consulting (WHTC) - To unsubscribe, e-mail: qmailtoaster-list-unsubscr...@qmailtoaster.com For additional commands, e-mail: qmailtoaster-list-h...@qmailtoaster.com
RE: [qmailtoaster] dmarc implementation
Dan thanks for your detailed reply. i will be testing out the communications in between my multiple mailservers before i go into production. regds rajesh - Original Message - From: Dan McAllister - QMT DNS Admin [mailto:q...@it4soho.com] To: qmailtoaster-list@qmailtoaster.com Sent: Tue, 2 Jan 2018 16:54:39 -0500 Subject: A couple of things: 1) The QMail DKIM solution works well -- EXCEPT when connecting to other QMail DKIM enabled systems, at which point it tends to disallow messages. No one has found a fix for this, to the standard is to keep DKIM turned OFF. 2) DMARC is not a security implementation like SPF or DKIM, it is more of a reporting and admin tool, the former being the original intent. Your DMARC settings tell other servers that they should send reports about failed connects to an email address. That way, should you misconfigure your DKIM or SPF settings and someone starts blocking your messages, you don't have to wait for USERS to complain to know about it! Thus, DMARC is a purely DNS setting -- there is nothing to do in QMail to manage DMARC. If you follow the project lead and leave DKIM turned off, you simply indicate as such in your DMARC setting for your domain. Finally, to my knowledge, only the "Big Guns" have implemented the email-server side of DMARC (that is, the side that generates reports and sends them). Hotmail/MSN/Outlook.com, Gmail, and Yahoo being the ones I've received reports from. I hope this helps Dan -Original Message- From: Rajesh M [mailto:24x7ser...@24x7server.net] Sent: Tuesday, January 2, 2018 1:21 PM To: qmailtoaster-list@qmailtoaster.com Subject: Re: [qmailtoaster] dmarc implementation Eric 2 questions please Question 1) the default qmail install points the symlink for qmailqueue to qmail-dk which i have changed to qmail-queue -> qmail-queue.orig Do keep the same setting which is qmail-queue -> qmail-queue.orig Question 2) Could you please send me the corresponding settings required in the tcp.smtp file ? thanks, rajesh - Original Message - From: Eric Broch [mailto:ebr...@whitehorsetc.com] To: qmailtoaster-list@qmailtoaster.com Sent: Tue, 2 Jan 2018 08:51:07 -0700 Subject: Hi Rajesh, Thank you! I appreciate your sentiments and hope your New Year brings blessings of health and happiness as well. This is a better link: http://qmailtoaster.org/dkim.html which will show you how to implement per domain. Remember this is only signing messages going out. As of yet there is no dkim checking coming in, I'm looking into that. Eric On 1/2/2018 7:50 AM, Rajesh M wrote: > eric, > > Wish you a wonderful New Year, full of health and happiness. > > I wish to implement dmarc on my qmailtoaster servers > > i am using centos6 64 bit with the latest versions of qmailtoaster > > SPF is already being used on my server > > Concerning dkim, currently my qmail-queue is symlinked to > qmail-queue.orig and not pointing to qmail-dk > > qmail-queue -> qmail-queue.orig > > could you please guide me on the implementation of DMARC > > i am planning to implement this for all the domains in my server. > > I saw this link while searching for a solution. > > https://github.com/qmtoaster/dkim > > Should i follow these steps as per the above link or would you like recommend > some other document. > > thanks as always, > rajesh > > > > > > - > To unsubscribe, e-mail: qmailtoaster-list-unsubscr...@qmailtoaster.com > For additional commands, e-mail: > qmailtoaster-list-h...@qmailtoaster.com -- Eric Broch White Horse Technical Consulting (WHTC) - To unsubscribe, e-mail: qmailtoaster-list-unsubscr...@qmailtoaster.com For additional commands, e-mail: qmailtoaster-list-h...@qmailtoaster.com - To unsubscribe, e-mail: qmailtoaster-list-unsubscr...@qmailtoaster.com For additional commands, e-mail: qmailtoaster-list-h...@qmailtoaster.com
Re: [qmailtoaster] dmarc implementation
Rajesh, 1) Yes 2) tcp.smtp 127.:allow,RELAYCLIENT="",RBLSMTPD="",NOP0FCHECK="1" :allow,SPFBEHAVIOR="1",BADMIMETYPE="",BADLOADERTYPE="M",CHKUSER_RCPTLIMIT="200",CHKUSER_WRONGRCPTLIMIT="10",QMAILQUEUE="/var/qmail/bin/qmail-queue.orig",NOP0FCHECK="1",SENDER_NOCHECK="1" Eric On 1/2/2018 11:20 AM, Rajesh M wrote: Eric 2 questions please Question 1) the default qmail install points the symlink for qmailqueue to qmail-dk which i have changed to qmail-queue -> qmail-queue.orig Do keep the same setting which is qmail-queue -> qmail-queue.orig Question 2) Could you please send me the corresponding settings required in the tcp.smtp file ? thanks, rajesh - Original Message - From: Eric Broch [mailto:ebr...@whitehorsetc.com] To: qmailtoaster-list@qmailtoaster.com Sent: Tue, 2 Jan 2018 08:51:07 -0700 Subject: Hi Rajesh, Thank you! I appreciate your sentiments and hope your New Year brings blessings of health and happiness as well. This is a better link: http://qmailtoaster.org/dkim.html which will show you how to implement per domain. Remember this is only signing messages going out. As of yet there is no dkim checking coming in, I'm looking into that. Eric On 1/2/2018 7:50 AM, Rajesh M wrote: eric, Wish you a wonderful New Year, full of health and happiness. I wish to implement dmarc on my qmailtoaster servers i am using centos6 64 bit with the latest versions of qmailtoaster SPF is already being used on my server Concerning dkim, currently my qmail-queue is symlinked to qmail-queue.orig and not pointing to qmail-dk qmail-queue -> qmail-queue.orig could you please guide me on the implementation of DMARC i am planning to implement this for all the domains in my server. I saw this link while searching for a solution. https://github.com/qmtoaster/dkim Should i follow these steps as per the above link or would you like recommend some other document. thanks as always, rajesh - To unsubscribe, e-mail: qmailtoaster-list-unsubscr...@qmailtoaster.com For additional commands, e-mail: qmailtoaster-list-h...@qmailtoaster.com - To unsubscribe, e-mail: qmailtoaster-list-unsubscr...@qmailtoaster.com For additional commands, e-mail: qmailtoaster-list-h...@qmailtoaster.com -- Eric Broch White Horse Technical Consulting (WHTC)
RE: [qmailtoaster] dmarc implementation
A couple of things: 1) The QMail DKIM solution works well -- EXCEPT when connecting to other QMail DKIM enabled systems, at which point it tends to disallow messages. No one has found a fix for this, to the standard is to keep DKIM turned OFF. 2) DMARC is not a security implementation like SPF or DKIM, it is more of a reporting and admin tool, the former being the original intent. Your DMARC settings tell other servers that they should send reports about failed connects to an email address. That way, should you misconfigure your DKIM or SPF settings and someone starts blocking your messages, you don't have to wait for USERS to complain to know about it! Thus, DMARC is a purely DNS setting -- there is nothing to do in QMail to manage DMARC. If you follow the project lead and leave DKIM turned off, you simply indicate as such in your DMARC setting for your domain. Finally, to my knowledge, only the "Big Guns" have implemented the email-server side of DMARC (that is, the side that generates reports and sends them). Hotmail/MSN/Outlook.com, Gmail, and Yahoo being the ones I've received reports from. I hope this helps Dan -Original Message- From: Rajesh M [mailto:24x7ser...@24x7server.net] Sent: Tuesday, January 2, 2018 1:21 PM To: qmailtoaster-list@qmailtoaster.com Subject: Re: [qmailtoaster] dmarc implementation Eric 2 questions please Question 1) the default qmail install points the symlink for qmailqueue to qmail-dk which i have changed to qmail-queue -> qmail-queue.orig Do keep the same setting which is qmail-queue -> qmail-queue.orig Question 2) Could you please send me the corresponding settings required in the tcp.smtp file ? thanks, rajesh - Original Message - From: Eric Broch [mailto:ebr...@whitehorsetc.com] To: qmailtoaster-list@qmailtoaster.com Sent: Tue, 2 Jan 2018 08:51:07 -0700 Subject: Hi Rajesh, Thank you! I appreciate your sentiments and hope your New Year brings blessings of health and happiness as well. This is a better link: http://qmailtoaster.org/dkim.html which will show you how to implement per domain. Remember this is only signing messages going out. As of yet there is no dkim checking coming in, I'm looking into that. Eric On 1/2/2018 7:50 AM, Rajesh M wrote: > eric, > > Wish you a wonderful New Year, full of health and happiness. > > I wish to implement dmarc on my qmailtoaster servers > > i am using centos6 64 bit with the latest versions of qmailtoaster > > SPF is already being used on my server > > Concerning dkim, currently my qmail-queue is symlinked to > qmail-queue.orig and not pointing to qmail-dk > > qmail-queue -> qmail-queue.orig > > could you please guide me on the implementation of DMARC > > i am planning to implement this for all the domains in my server. > > I saw this link while searching for a solution. > > https://github.com/qmtoaster/dkim > > Should i follow these steps as per the above link or would you like recommend > some other document. > > thanks as always, > rajesh > > > > > > - > To unsubscribe, e-mail: qmailtoaster-list-unsubscr...@qmailtoaster.com > For additional commands, e-mail: > qmailtoaster-list-h...@qmailtoaster.com -- Eric Broch White Horse Technical Consulting (WHTC) - To unsubscribe, e-mail: qmailtoaster-list-unsubscr...@qmailtoaster.com For additional commands, e-mail: qmailtoaster-list-h...@qmailtoaster.com
Re: [qmailtoaster] dmarc implementation
Eric 2 questions please Question 1) the default qmail install points the symlink for qmailqueue to qmail-dk which i have changed to qmail-queue -> qmail-queue.orig Do keep the same setting which is qmail-queue -> qmail-queue.orig Question 2) Could you please send me the corresponding settings required in the tcp.smtp file ? thanks, rajesh - Original Message - From: Eric Broch [mailto:ebr...@whitehorsetc.com] To: qmailtoaster-list@qmailtoaster.com Sent: Tue, 2 Jan 2018 08:51:07 -0700 Subject: Hi Rajesh, Thank you! I appreciate your sentiments and hope your New Year brings blessings of health and happiness as well. This is a better link: http://qmailtoaster.org/dkim.html which will show you how to implement per domain. Remember this is only signing messages going out. As of yet there is no dkim checking coming in, I'm looking into that. Eric On 1/2/2018 7:50 AM, Rajesh M wrote: > eric, > > Wish you a wonderful New Year, full of health and happiness. > > I wish to implement dmarc on my qmailtoaster servers > > i am using centos6 64 bit with the latest versions of qmailtoaster > > SPF is already being used on my server > > Concerning dkim, currently my qmail-queue is symlinked to qmail-queue.orig > and not pointing to qmail-dk > > qmail-queue -> qmail-queue.orig > > could you please guide me on the implementation of DMARC > > i am planning to implement this for all the domains in my server. > > I saw this link while searching for a solution. > > https://github.com/qmtoaster/dkim > > Should i follow these steps as per the above link or would you like recommend > some other document. > > thanks as always, > rajesh > > > > > > - > To unsubscribe, e-mail: qmailtoaster-list-unsubscr...@qmailtoaster.com > For additional commands, e-mail: qmailtoaster-list-h...@qmailtoaster.com -- Eric Broch White Horse Technical Consulting (WHTC) - To unsubscribe, e-mail: qmailtoaster-list-unsubscr...@qmailtoaster.com For additional commands, e-mail: qmailtoaster-list-h...@qmailtoaster.com
Re: [qmailtoaster] dmarc implementation
Hi Rajesh, Thank you! I appreciate your sentiments and hope your New Year brings blessings of health and happiness as well. This is a better link: http://qmailtoaster.org/dkim.html which will show you how to implement per domain. Remember this is only signing messages going out. As of yet there is no dkim checking coming in, I'm looking into that. Eric On 1/2/2018 7:50 AM, Rajesh M wrote: eric, Wish you a wonderful New Year, full of health and happiness. I wish to implement dmarc on my qmailtoaster servers i am using centos6 64 bit with the latest versions of qmailtoaster SPF is already being used on my server Concerning dkim, currently my qmail-queue is symlinked to qmail-queue.orig and not pointing to qmail-dk qmail-queue -> qmail-queue.orig could you please guide me on the implementation of DMARC i am planning to implement this for all the domains in my server. I saw this link while searching for a solution. https://github.com/qmtoaster/dkim Should i follow these steps as per the above link or would you like recommend some other document. thanks as always, rajesh - To unsubscribe, e-mail: qmailtoaster-list-unsubscr...@qmailtoaster.com For additional commands, e-mail: qmailtoaster-list-h...@qmailtoaster.com -- Eric Broch White Horse Technical Consulting (WHTC)
[qmailtoaster] dmarc implementation
eric, Wish you a wonderful New Year, full of health and happiness. I wish to implement dmarc on my qmailtoaster servers i am using centos6 64 bit with the latest versions of qmailtoaster SPF is already being used on my server Concerning dkim, currently my qmail-queue is symlinked to qmail-queue.orig and not pointing to qmail-dk qmail-queue -> qmail-queue.orig could you please guide me on the implementation of DMARC i am planning to implement this for all the domains in my server. I saw this link while searching for a solution. https://github.com/qmtoaster/dkim Should i follow these steps as per the above link or would you like recommend some other document. thanks as always, rajesh - To unsubscribe, e-mail: qmailtoaster-list-unsubscr...@qmailtoaster.com For additional commands, e-mail: qmailtoaster-list-h...@qmailtoaster.com