- Transport encryption (TLS on SMTP in&out and IMAP)
- Forwarding with SRS (Sender Rewriting Scheme)
- Fetch instead of forwarding
- Attack mitigation (SMTP vulnerability, authentication)
- Spam filtering
- Custom blackhole lists (RBL)
- Custom whitelisting of hosts (broken mail servers)
- Monitor IP reputation
- Apply to whitelists
- Register to feedback loops
- Monitor delivery and delivery errors
- https://www.mailjet.com/transactional Made with ❤️ in Paris
- https://www.mailgun.com/ by Rackspace
- https://aws.amazon.com/ses/ by Amazon
- https://sendgrid.com/
- https://www.sendinblue.com/
- https://www.mandrill.com/ by MailChimp
- https://postmarkapp.com/ by Wildbit
http://www.rainloop.net/changelog/
http://nincsmail.hu/ (inbox and sending)
- Root: "Inbox"
- To recognize standard folder names delete .pst/.ost file after account setup
- Fix folder subscription, see: ${D}/mail/courier-outlook-subscribe-bug.sh (Outlook 2007)
Advanced/IMAP Path Prefix: "INBOX"
https://github.com/Yeraze/ytnef
See: ${D}/repo/debian/pool/main/y/ytnef/
MIME type: application/ms-tnef
https://toolbox.googleapps.com/apps/checkmx/
- see: mail/imapsync
- OVH ImapCopy
- OfflineIMAP
- Encoded (base64 or QP) headers:
conv2047.pl -d - Body and attachments:
munpack -t - Syntax highlight:
headers.vimfor vim,/input/mc/email.syntaxfor mcedit - Enveloped-data (application/pkcs7-mime):
cat smime.p7m | base64 -d | openssl smime -verify -inform DER
- ClamAV (CCTTS, Safe Browsing)
- clamav-unofficial-sigs (paid: SecuriteInfo, MalwarePatrol, Sanesecurity)
- clamav pythonfilter through pyClamd for Courier MTA
clamav-unofficial-sigs needs 1 GB of memory.
"Best clamd.conf" in SecuriteInfo FAQ.
See: mbox_send2.py
Build Courier SRS
See: /package/couriersrs-jessie.sh
http://www.courier-mta.org/makehosteddomains.html
http://www.courier-mta.org/dot-courier.html
Add alias: @target.tld: foo
Delivery instructions:
echo "|/pipe/command" > /var/mail/localhost/user/.courier-foo-defaultspamtrap@domain.net: |/usr/local/bin/multi-stdout.sh "/usr/bin/spamc -4 --learntype=spam --max-size=1048576" "/usr/bin/spamc -4 --reporttype=report --max-size=1048576"
problematic@address.es: spamtrap@domain.net
NAIH nyilvántartási szám - "Hungarian National Authority for Data Protection and Freedom of Information" registry
NAIH kereső http://www.naih.hu/kereses-az-adatvedelmi-nyilvantartasban.html
See the description of /etc/courier/aliasdir in man dot-courier DELIVERY INSTRUCTIONS
echo "" > /etc/courier/aliasdir/.courier-kitchensink
Add alias: ANY.ADDRESS@ANY.DOMAIN.TLD: kitchensink@localhost
- SMTP communication
- NOADD*,
opt MIME=none - filters
- DEFAULTDELIVERY
esmtproutes "both MX and A records get looked up"
D0 CAPABILITY
D1 AUTHENTICATE PLAIN
$(echo -en "\0USERNAME\0PASSWORD" | base64)
D2 LOGOUT
sudo -u daemon -- spamassassin --test-mode --prefspath=/var/mail/.spamassassin/user_prefs -D < msg.eml
# For specific tests see: man spamassassin-run
sudo -u daemon -- spamassassin --test-mode --prefspath=/var/mail/.spamassassin/user_prefs -D dkim < msg-signed.eml
opendkim -vvv -t msg-signed.eml- https://www.unlocktheinbox.com/resources/identifieralignments/
- http://www.openspf.org/Related_Solutions
- setup http://www.spfwizard.net/
- check http://www.kitterman.com/spf/validate.html http://tools.wordtothewise.com/authentication
- monitor
host -t TXT <domain>; pyspf - For non-email domains:
v=spf1 -all
- http://en.wikipedia.org/wiki/Sender_ID
- http://tools.ietf.org/html/rfc4407#section-2
- PRA: Resent-Sender > Resent-From > Sender > From > ill-formed
- http://www.appmaildev.com/
- RFC 6376
- setup http://www.tana.it/sw/zdkimfilter/
- check
- monitor
- check-auth@verifier.port25.com
- autorespond+dkim@dk.elandsys.com
- test@dkimtest.jason.long.name
- dktest@exhalus.net
- dkim-test@altn.com
- dktest@blackops.org
- http://www.brandonchecketts.com/emailtest.php
- http://www.appmaildev.com/en/dkim/
- http://9vx.org/~dho/dkim_validate.php
- https://protodave.com/tools/dkim-key-checker/ (DNS only)
Deprecated.
An optional extension to the DKIM E-mail authentication scheme.
https://unlocktheinbox.com/resources/adsp/
Specs: https://datatracker.ietf.org/doc/draft-kucherawy-dmarc-base/?include_text=1
- setup https://unlocktheinbox.com/dmarcwizard/
- check
- monitor
host -t TXT _dmarc.$DOMAIN
http://www.returnpath.com/solution-content/dmarc-support/what-is-dmarc/
- ☀️ ☀️ ☀️ Descriptive From name "Firstname from Company"
- ☀️ ☀️ Descriptive subject line
- ☀️ Short preview line at top of the message
- Link to online version (newsletter archive)
- Short main header
- 💡 Sections: image + title + description + call2action, see: https://litmus.com/subscribe
- External resources should be able to load through HTTPS (opening in a HTTPS webmail)
- 📱 Mobile compatible
- Sender's contact details (postal address, phone number)
- Who (recipient name, email address, why) is subscribed
- Unsubscribe link
- Forward to a friend
List-Unsubscribe: URL(invisible)Precedence: bulk(invisible)Return-Path: bounce@addre.ss(invisible)Reply-to: reply@addre.ss(invisible) How to videoFrom: sender@domain.netTo: recipients@addre.ss- bounce
X-Autoreply: yes - bounce
Auto-Submitted: auto-replied
- SMTP
MAIL FORM: <user@domain.net> - HTML and plain text payload
- From address SPF
include:servers.mcsv.net - Bulk Senders Guidelines by Google
- Spamhaus Marketing FAQ
- ☁️ CDN for images
- https://litmus.com/community/templates
- https://litmus.com/blog/go-responsive-with-these-7-free-email-templates-from-stamplia
- https://www.klaviyo.com/
- https://litmus.com/subscribe
- https://stamplia.com/
- https://www.mail-tester.com/ by Mailpoet
- http://spamcheck.postmarkapp.com/
- mailtest@unlocktheinbox.com https://www.unlocktheinbox.com/resources/emailauthentication/
- checkmyauth@auth.returnpath.net
- https://winning.email/checkup/DOMAIN
BLACKLISTS="-block=bl.blocklist.de"- http://psky.me/
- http://www.intra2net.com/en/support/antispam/index.php (Blacklist Monitor)
- http://multirbl.valli.org/
- https://mxtoolbox.com/problem/blacklist/ chart
- http://bgp.he.net/ip/1.2.3.4#_rbl
- http://www.unifiedemail.net/Tools/RBLCheck/
rblcheckTrendmicro ERS check
wget -qO- --post-data="_method=POST&data[Reputation][ip]=${IP}" https://ers.trendmicro.com/reputations \
| sed -ne 's;.*<dd>\(.\+\)</dd>.*;\1;p' | tr '\n' ' 'OK response: "IP Unlisted in the spam sender list None"
- http://www.senderbase.org/lookup/
- https://www.senderscore.org/lookup.php
- http://www.barracudacentral.org/lookups
- http://www.cyren.com/ip-reputation-check.html
- http://www.mcafee.com/threat-intelligence/ip/spam-senders.aspx
- http://ipremoval.sms.symantec.com/lookup/
- https://postmaster.aol.com/ip-reputation
- https://ers.trendmicro.com/reputations
- http://www.projecthoneypot.org/search_ip.php
- https://mxtoolbox.com/services_servermonitoring2.aspx
- https://www.projecthoneypot.org/monitor_settings.php
- https://www.rblmon.com/accounts/register/
- https://rbltracker.com/
- https://www.dnswl.org/selfservice/
- http://www.emailreg.org/index.cgi?p=policy (Barracuda)
- https://ers.trendmicro.com/reputations/global_approved_list
- Whitelists in SpamAssassin
- https://wordtothewise.com/isp-information/
- Smart Network Data Service (SNDS) + JMRP
- Sender Information for Outlook.com Delivery
- https://www.dnswl.org/selfservice/
- https://support.google.com/mail/contact/msgdelivery
- https://postoffice.yandex.com/
- http://yandexfbl.senderscore.net/
- http://poczta.onet.pl/pomoc/en,odblokuj.html
- Report abuse from Gmail
- Report abuse from Outlook.com
- Abuse Contact DB
host -t TXT $(revip IP-ADDRESS).abuse-contacts.abusix.org
http://www.junkemailfilter.com/spam/free_mx_backup_service.html