35
submitted 1 year ago* (last edited 1 year ago) by vsis@feddit.cl to c/selfhosted@lemmy.world

Hello. Let's say I want to selfhost an email server (smtp + imap) that only will be used to receive email.

I only will send email internally (from my domain to my domain) and receive from 3rd parties.

Should I setup DKIM, DMARC, SPF and reverse IP lookup?

To be honest, I'm having a bit of hard time understanding the madness of email authentication. So I can't figure it out by myself if those mechanisms are needed in my case.

I haven't deployed anything, but probably will use Stalwart. It looks like it's easy to deploy. Is there any other beginner-friendly email service I should read about?

Thanks!

top 12 comments
sorted by: hot top controversial new old
[-] lemmy_in@lemm.ee 17 points 1 year ago

You should definitely set up a DMARC record to prevent other people from using your email domain to send spam. If you don't have DMARC configured, other email servers will give any senders the benefit of the doubt and accept mail that claims to be from your domain.

You can just set the DMARC record to reject 100% of unverified mail and call it a day. Since you aren't sending anything it won't affect you.

[-] taladar@sh.itjust.works 8 points 1 year ago

I would also set up SPF to disallow all IPs to send mail for that domain in case some system supports SPF but not DMARC.

[-] vsis@feddit.cl 6 points 1 year ago

Thanks to both of you.

I had the hope that DMARC, SPF and DKIM was stuff I could just ignore if not sending email. It seems I was wrong about that.

[-] taladar@sh.itjust.works 6 points 1 year ago

Those three are really not all that complicated, basically (apart from DKIM which you can ignore when not sending) they are just a couple of TXT DNS records you need to set once for your domain. Even if you were using DKIM it is just a keypair you generate and then put the public key into a DNS TXT record and configure your mail server to use the private key.

[-] funkajunk@lemm.ee 7 points 1 year ago

Just to flesh that out a bit... All you need is to add a TXT record to your DNS records:

Name: _dmarc.yourdomain.com

Value: v=DMARC1; p=reject; pct=100

[-] Dirk@lemmy.ml 3 points 1 year ago* (last edited 1 year ago)

Some strict mail servers even blacklist you if the DMARC record is missing.

[-] lemmyvore@feddit.nl 3 points 1 year ago

will give any senders the benefit of the doubt and accept mail that claims to be from your domain.

You misspelled "black-hole your domain forever".

[-] TCB13@lemmy.world 3 points 1 year ago

Is there any other beginner-friendly email service I should read about?

https://workaround.org/

If you don't want to setup everything as you should there's also https://mailinabox.email/ and https://docs.mailcow.email/

[-] vsis@feddit.cl 3 points 1 year ago* (last edited 1 year ago)

https://workaround.org/

Wow! this is exactly what I needed. Although, I didn't exactly ask for it.

Thank you very much

[-] TCB13@lemmy.world 1 points 1 year ago

You’re welcome.

[-] conorab@lemmy.conorab.com 2 points 1 year ago

If your domain will NEVER send e-mail out, you only really need and SPF record to tell other servers to drop e-mail FROM your domain. Even that’s somewhat optional. If you ever plan on sending ANY outbound (you should at very least for the occasional ticket) then do DKIM, DMARC and SPF. The more of these you do, the less likely e-mails FROM your domain are to be flagged as spam.

[-] redcalcium@lemmy.institute 2 points 1 year ago

Should I setup DKIM, DMARC, SPF and reverse IP lookup?

This is no brainer to setup using mailcow. Just need to copy paste the provided TXT values from mailcow ui into your dns entries.

Mailcow is fantastic and very easy to deploy. I highly recommend it.

this post was submitted on 30 Jan 2024
35 points (100.0% liked)

Selfhosted

48610 readers
282 users here now

A place to share alternatives to popular online services that can be self-hosted without giving up privacy or locking you into a service you don't control.

Rules:

  1. Be civil: we're here to support and learn from one another. Insults won't be tolerated. Flame wars are frowned upon.

  2. No spam posting.

  3. Posts have to be centered around self-hosting. There are other communities for discussing hardware or home computing. If it's not obvious why your post topic revolves around selfhosting, please include details to make it clear.

  4. Don't duplicate the full text of your blog or github here. Just post the link for folks to click.

  5. Submission headline should match the article title (don’t cherry-pick information from the title to fit your agenda).

  6. No trolling.

Resources:

Any issues on the community? Report it using the report flag.

Questions? DM the mods!

founded 2 years ago
MODERATORS