Koozali.org: home of the SME Server

Contribs.org Forums => General Discussion => Topic started by: Drifting on January 04, 2024, 01:18:05 PM

Title: Email setup, DKIM, Certs Etc.
Post by: Drifting on January 04, 2024, 01:18:05 PM

Happy New Year to you all.
Need some advice. I retired last year due to my failing eyesight. I have now been asked to setup and SME for a close friends small business. Now this is from memory, but there was an awful lot of faffing involved with DKIM, Certs, and keeping Google and Microsoft happy with DNS entries, so they would not bounce email.
Obviously I am now out of my depth. But wonder is there a document I can follow to set these up? As from what I have managed to glean, the info is mostly in Forums (Could be wrong, can't read for long)
Other than that is there someone that is willing to help on a generous beer token, or if preferred commercial basis?

Kindest Regards
Paul

Title: Re: Email setup, DKIM, Certs Etc.
Post by: ReetP on January 04, 2024, 03:51:26 PM

The basics are here:

https://wiki.koozali.org/Email#Server_Settings

But there is a bit of faff for sure. I actually use authsmtp (no relationship) for outgoing mail as it is plain easier!

Contact me in Rocket if you want a hand - happy to help.

Title: Re: Email setup, DKIM, Certs Etc.
Post by: Jean-Philippe Pialasse on January 04, 2024, 07:39:39 PM

will try to draft a dedicated DNS page in the week end as the dns setting part of sending email
is fringe to setting a SME but also an essential part. 

you might at least find some info there:
- https://wiki.koozali.org/Autodiscover#DNS_SRV_Record_alternate_method and following DNS related menus
- https://wiki.koozali.org/Email#DKIM_Setup_-_qpsmtpd_version_.3E.3D_0.96

basically you should at least have right A, MX, dkim, spf and dmarc.
you should also set your reverse dns if possible to your server name. if not possible you are probably on dynamic IP list and it WILL create issue in sending emails as you WILL be tagged as untrusted from major operator even if your ISP does not block your from sending. 

DNS and file for MTA-STS and TLS-RPT and BMI could be an extra.  but most will stop before paying the annual 1500$ to get a certificate (VMC) to allow to display your logo in mails. 

Title: Re: Email setup, DKIM, Certs Etc.
Post by: mmccarn on January 05, 2024, 01:23:10 PM

Google has a site to let you check your domain against their requirements:
https://postmaster.google.com

...and... if the domain will be sending more than 5000 messages per day there are some extra requirements:
https://support.google.com/mail/answer/81126?hl=en#requirements-5k&zippy=%2Crequirements-for-all-senders%2Crequirements-for-sending-or-more-messages-per-day


This page appears (after a very quick glance) to cover everything I am aware of (not SME-Specific):
https://blog.redsift.com/email/a-2024-guide-to-mastering-google-and-yahoos-bulk-email-sender-requirements/


My home emails are now handled by Apple using a vanity domain.

My work emails are handled by Microsoft - we were required by our cyber insurance provider to certify that all cloud and email systems require multi factor authentication...

Title: Re: Email setup, DKIM, Certs Etc.
Post by: Drifting on January 08, 2024, 12:30:43 PM

Fantastic response guys, thank you so much.

Will have a read through what I can, and see if I can understand any of it ;-)

Kindest regards

Paul.