How to get rid smarthost (and use rdns,spf,dkim,dmarc)

(Stéphane de Labrusse) #1

I did a howto about all smtp policies you must have with your email server if you want that your emails have a chance to be delivered to the other email platforms (such as gmail, orange, Microsoft…) and not rejected or tagged as spam.

I talk about reverse dns (rdns), sender policy framework (spf), DomainKeys Identified Mail (DKIM) and Domain-based Message Authentication, Reporting & Conformance (DMARC).

Of course all of this is not needed if you have configured a smarthost to send your email, but I have had the case that my email was rejected by a SURBL blacklist because the smtp of my provider was considered as a spam sender…and you can do nothing except changing your smarthost. Hence the interest to send yourself your email.

The howto is pending you reading at, I hope that at the end it becomes official documentation.

You will understand quickly that there will be a new feature soon in the email server

I will call some people already interested by this feature, but you can add your grain of salt if you know something.

@JOduMonT @Ya_Ley @oenrico @xcod @tzar @pagaille @jfranco

Support wanted on DNS host name records
Restore Data Backup from 6.9F to 7F
Port 25 blocked
(Alessio Fattorini) #2

@enrico.s @Bart @p.mall @Enzo @bwdjames @jaapvdv @bruno @GG_jr @enzoturri @maio @rolf @mark_nl would be interested too!

(Matthieu Gaillet) #3

Great summary, really useful even outside nethserver. Thanks.

For completeness, but it is already written in the official doc, I’d add that postfix has to send the server’s FQDN along with the HELO command when connecting to another MTA.

# config setprop postfix HeloHost your.FQ.DN
# signal-event nethserver-mail-common-save

(Frank Timmers) #4

Congratulations that you are hired by Nethesis as developer. I saw many very good posts, so this will be also very good for Nethesis and the community!

I read your 'How to get rid smarthost. A few days ago I did almost the same as some of my mails got marked as spam, even though I have fixed IP-address and have no grey- or blacklisting on this address.

First I put a PTR record in DNS.
After that I put SPF-settings “v=spf1 a mx -all” in a TXT record in DNS.
At last I installed openDKIM according to this blog:
The lines appended to /etc/postfix/ have to be hardcoded every time the config changes. I don’t know how to change the Nethserver-templates to make this hardcoded changing unneccessary?

I tested my setup by sending a mail to and according to the report all settings are marked OK (green) except the BATV (Bounce Address Tag Validation) Check as I dare not install this on a working mail-server. I don’t know how replies to existing mails (that don’t have the tag) will be handled: will they be rejected as spam or do they get passed?

Now my mails aren’t marked as spam anymore, so for the time being this worked!

Best regards,

Frank Timmers

(Stéphane de Labrusse) #5

create a file /etc/e-smith/templates/etc/postfix/ and put the modification

milter_default_action = accept
smtpd_milters = inet:

but you have to create also the service db propety with status and TCPPort

At the end you can wait a bit also because it is what I did.

(Pasquale) #6

thank you so much for this exceptional contribution! great!

(Jeroen Visser) #7

You … you rock! Every time I think lets get to fixing X, it appears to be on your list and just checked off … you save tons of time every time.

(Stéphane de Labrusse) #8

New version, I tried to dive up a bit and also to cover generic mandatory dns records you must create after you installed your server mail, the easy part with nethserver :smiley:

Please go, amend, blame, and add your grain of salt.

FYI the sogo wiki documentation has been pushed to the official documentation…together we do a great job :stuck_out_tongue:

(Davide Principi) #9

Update: thanks to @stephdl DKIM is now available as a new #feature

(Dan) #10

So, for clarification on reverse DNS: The neth server has a hostname of neth.domain1.tld, and handles mail for domain1.tld, domain2.tld, and domain3.tld. Does it matter what the rDNS record says? i.e., whether it points the IP to neth.domain1.tld, or simply to domain1.tld?

(Stéphane de Labrusse) #11

better for me is to point the rdns to serverName.domainName.tld and be relevant to the helo of your email server => serverName.domainName.tld

(Dan) #12

Makes sense. Thanks.

(Nitram Oneito) #13

the wiki is nice,

reminds me for when I was configuring my zimbra, the process was abit hectic. but I finally got to deliver messages to all providers correctly