Email Server and DNS

TR Shaw tshaw at
Sun Nov 3 18:10:33 UTC 2013

In addition to all the other reco's below, 

1) only allow sending by your users from the submit port and only with authentication. There should be no client sending through the SMTP port.

2) Implement SSL on POP & IMAP if at all possible Otherwise enforce CRAM-MD5

3) Review logs esp pop and imap login failures. 

4) Turn off VRFY. 

On Nov 3, 2013, at 11:49 AM, Private Sender wrote:

> Signed PGP part
> On 11/3/2013 8:39 AM, rwebb at wrote:
> > So I figured a little break from the NSA was in order.
> > 
> > I am looking for some info on current practice for an email server 
> > and SMTP delivery. It has been a while since I have had to setup an
> > email server and I have been tasked with setting up a small one for
> > a friend. My question centers around the server sending outgoing
> > email and the current practices requirements for other servers to
> > accept email Things like rDNS, SPF records, etc...
> > 
> > I am pretty much set on the issue of incoming spam and virus. 
> > Probably overkill but it is checked at the Sophos UTM firewall and 
> > at the email server itself.
> > 
> > Thanks,
> > 
> > Robert
> > 
> MX, PTR, and SPF are really all you need. I would recommend you go a
> step further and use DKIM, ADSP, and DMARC. It will help keep asshat
> spammers from flaming your domain all over the internet.
> I use to verify my configuration.
> - -- 
> - -Bret Taylor

-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 203 bytes
Desc: Message signed with OpenPGP using GPGMail
URL: <>

More information about the NANOG mailing list