It is quite easy to set up a mailing system on your own server, but more often than not the recipients of your mails find them in their spam or junk folder – if at all. The reason is that most mail providers establish procedures to block unsolicited mails we have to deal with nowadays.
There are a few measures one can take to improve the reputation of a mailserver so that outgoing mails are accepted from most providers. Almost surely it is not enough to implement some of them, instead all of them are required.
-
Reverse DNS
Ensure that reverse DNS lookups yields the right domain for the server IP.. Usually this can be set by the administrative interface of the webspace hoster (not the domain hoster): Connect the IP of the webspace your mailserver is running on to the domain from which the mails are sent from. -
Hostname
Ensure that the hostname command yields the right server name, e.g.,
hostname example.org -
SPF (Sender Policy Framework)
Add a TXT record to the domain containing
v=spf1 a mx ~all
This usually can be done by the administrative interface of the domain hoster. It ensures that mails that claim to be sent from your domain must origin from an IP equal to the A or MX records of your domain. -
DKIM (Domain Keys Identified Mail)
This is dependent on the mail program you are using. We give an example here for exim4 running on a Debian system.
Generate a private and public key in /etc/exim4/dkim/:
openssl genrsa -out example.org-private.pem 2048
openssl rsa -in example.org-private.pem -out example.org.pem -pubout -outform PEM
Add a TXT record named <selector>._domainkey to the domain containing
v=DKIM1;k=rsa;p=
following the actual public key generated above. Choose some arbitrary string for <selector>; it must conform to the corresponding entry in /etc/exim4/exim4.conf.localmacros (see below). If the domain service refuses the record because of its length, separate it into chunks included in quotation marks.
After that adapt /etc/exim4/exim4.conf.localmacros like so
DKIM_CANON = relaxed
DKIM_SELECTOR = 20190215
DKIM_DOMAIN = example.org
DKIM_PRIVATE_KEY = /etc/exim4/dkim/example.org-private.pem
and run
update-exim4.conf
service exim4 restart
Comments
DMARC
Another measure one can take is creating a TXT record named _dmarc according to the DMARC specification (Domain-based Message Authentication, Reporting and Conformance). This allows to define criteria for checking the SPF and DKIM values. In its simplest form, the content of this TXT record would be
v=DMARC1; p=none
which means something like "do nothing". You can start with this and add more specifications later according to your needs, see Wikipedia.