.tech Domain: get.tech Coupon Code: techteklinux $4.99 for a Year
Here is (hopefully) all you need to know about DNS to know what you need to learn about. Ideally, this is what you need for setting up DNS to get your linode/standstorm/etc server up and running, or even just to point DNS from your domain name to your home server or home router.
And if anyone sets up the upside-down-ternet, post a screenshot for the rest of the class so we can all get a laugh.
What you were talking about in regards to mail spoofing. I actually did that as a project a little while ago. I read the SMTP protocol reference and built a program that automates the process so I don't have to deal with a raw TCP socket and the protocol directly. It totally works. The worst part is gmail doesn't actually have DMARC records setup. At least not ones that cause a rejection of mail so spoofing from a gmail address to any server is totally a thing that can be done.
It's also up to the receiver's mail server to check for those records and reject if not valid. A lot of the time they won't reject it but it will be used as part of a spam check.
I know. I've spoofed as a gmail address going to a gmail address. They can't even catch their own spoofs was my point. They do have DMARC records but they don't reject and while they do put a phishing warning on the message it goes through and does NOT end up in spam. I do understand how the security works.
yea. I wish I could get away from gmail myself. I'm using GCE for hosting my servers and they block port 25, 465, and 587. I even have 25 open on my residential connection but google feels like they need to block it. I could alternatively use a mail reflector with non-standard ports but I'm not really sure it's worth it. The reality is a mail reflector sees the contents of the message anyway. I guess it just comes down to if they're better or worse than Google.
My ISP blocks those ports by default but there is an option to enable them. But I have a VPN connection to a VPS which I use as my public IP and forward the traffic back to my local server. That's an option for running a mail server on a residential connection but of course if you have a VPS you could just run the server on there.
Yea my ISP blocks them by default too. I just went through the hassle 2 or 3 years ago to get them opened so now I have them open. It is ridiculous how long it took me to get them to open it though.
ISPs block port 25 a lot, but id argue do you want your mail run from home? There's basically no reliability in main delivery in the first place, ad to that possible down time from power cuts, IP change, ISP downtime, etc. Something with guaranteed uptime seems better for something as unreliable as email.
yea you're right. There's not a really great reason to need port 25 open but I still nagged them for it haha. Honestly now I have 25 blocked on my router just because it probably isn't a good idea to have it open but if I ever want it now I just go to my router to open it.
Shouldn't be an issue unless you have malware using your computers as SMTP servers, which they probably wouldn't use 25 anyway.
I was thinking though a cheap way for reliable (server end) SMTP might be dual RPis (or similar) and backup battery for the router and Pis, they're low power enough that they'd last a while on a cheap battery.
So I've done some tests on my mail server and it seems to be that most mail servers which have implemented spf use it in soft fail mode which will allow spoofed addresses from those domains. When an e-mail is recieved from a domain that uses spf in soft fail it just logs a warning and continues, it does add to the spam score though but not enough to mark the message as spam.
Spoofing from a domain that uses spf in fail mode does cause the message to be dropped. I had a quick look on google but didn't see a way to have a mail server drop or greylist messages sent from invalid addresses from domains using soft fail spf.
I agree that a residential connection is unreliable, but if you're hosting a personal mail server that shouldn't be an issue. Unless your connection is down for a few days any mail sent to you will be resent. I've been running my mail server at home for a couple of years without issue, I'm fairly sure I haven't lost any mail.
Interesting. I did know that gmail had DMARC records but I didn't know what they did. I know that trying to spoof from yahoo just doesn't work. The yahoo DMARC records are set to reject.
Dont want to get to off topic, whats the pricing like for GCE? Have you thought of one of the dedicated mail services? I use mailgun for the wiki.
I've not done my own mail in a while, whats the resend like? This seems like it would be server dependant and theres a chance it would just send once and forget after a delivery failed reply.
I can't remember off the top of my head, but I think the standard is to resend after 3 minutes for I think 3 days.
I use postgrey on my server which drops all e-mail from new sender receiver pairs then waits for 3 minutes for the resend, if the server sends it after that time it goes through and if not it's dropped again. This stops most spam as spam servers don't behave the same way as normal servers. I haven't had any trouble with e-mails not being resent while using postgrey.
But yeah, it is up to the sending server to decide how frequently it will try to resend and for what period it will continue for, but I'm fairly sure the standard or default is pretty forgiving.