- Transport encryption (TLS on SMTP in&out and IMAP)
- Forwarding with SRS (Sender Rewriting Scheme)
- Fetch instead of forwarding
- Attack mitigation (SMTP vulnerability, authentication)
- Spam filtering
- Custom blackhole lists (RBL)
- Custom whitelisting of hosts (broken mail servers)
- Monitor IP reputation
- Apply to whitelists
- Register to feedback loops
- Monitor delivery and delivery errors
- https://www.mailjet.com/transactional Made with ❤️ in Paris
- https://www.mailgun.com/ by Rackspace
- https://aws.amazon.com/ses/ by Amazon
- https://www.sparkpost.com/
- https://sendgrid.com/
- https://www.sendinblue.com/
- https://www.mandrill.com/ by MailChimp
- https://postmarkapp.com/ by Wildbit
Integrity Mailszolgáltatás (SMTP+IMAP)
http://www.rainloop.net/changelog/
http://nincsmail.hu/ (inbox and sending)
- Root: "Inbox"
- To recognize standard folder names delete .pst/.ost file after account setup
- Fix folder subscription, see /mail/courier-outlook-subscribe-bug.sh (Outlook 2007)
Advanced/IMAP Path Prefix: "INBOX"
https://github.com/Yeraze/ytnef
See /repo/debian/pool/main/y/ytnef/
MIME type: application/ms-tnef
https://toolbox.googleapps.com/apps/checkmx/
- Encoded (base64 or QP) headers:
conv2047.pl -d - Body and attachments:
munpack -t - Syntax highlight:
headers.vimfor vim,/input/mc/email.syntaxfor mcedit - Enveloped-data (application/pkcs7-mime):
cat smime.p7m | base64 -d | openssl smime -verify -inform DER
- ClamAV (CCTTS, Safe Browsing)
- clamav-unofficial-sigs (paid: SecuriteInfo, MalwarePatrol, free: Sanesecurity)
clamav.pypythonfilter through pyClamd for Courier MTA
clamav-unofficial-sigs needs 1 GB of memory.
See "Best clamd.conf" in SecuriteInfo FAQ.
courier-pythonfilter module: attachments.py
[attachments.py]
blockedPattern = r'^.*\.(ade|adp|bat|chm|cmd|com|cpl|dll|exe|hta|inf|ins|isp|jar|js|jse|lib|lnk|mde|msc|msp|mst|pif|reg|scf|scr|sct|shb|shs|sys|url|xxe|vb|vbe|vbs|vxd|wsc|wsf|wsh)$'https://support.google.com/mail/answer/6590
20_gmail-blocked-filetypes.cf
# GMail's blocked file types
ifplugin Mail::SpamAssassin::Plugin::MIMEHeader
mimeheader GMAIL_BLOCKED_ATTACH Content-Type =~ /\.(ADE|ADP|BAT|CHM|CMD|COM|CPL|EXE|HTA|INS|ISP|JAR|JSE|LIB|LNK|MDE|MSC|MSP|MST|PIF|SCR|SCT|SHB|SYS|VB|VBE|VBS|VXD|WSC|WSF|WSH)/i
mimeheader GMAIL_BLOCKED_ATTACH_CD Content-Disposition =~ /\.(ADE|ADP|BAT|CHM|CMD|COM|CPL|EXE|HTA|INS|ISP|JAR|JSE|LIB|LNK|MDE|MSC|MSP|MST|PIF|SCR|SCT|SHB|SYS|VB|VBE|VBS|VXD|WSC|WSF|WSH)/i
score GMAIL_BLOCKED_ATTACH 20
score GMAIL_BLOCKED_ATTACH_CD 20
endif
See mbox_send2.py
Build Courier SRS
See /package/couriersrs-jessie.sh
http://www.courier-mta.org/makehosteddomains.html
http://www.courier-mta.org/dot-courier.html
Add alias:
@target.tld: foo
Delivery instructions:
echo "|/pipe/command" > /var/mail/localhost/user/.courier-foo-defaultspamtrap@domain.net: |/usr/local/bin/multi-stdout.sh "/usr/bin/spamc -4 --learntype=spam --max-size=1048576" "/usr/bin/spamc -4 --reporttype=report --max-size=1048576"
problematic@address.es: spamtrap@domain.net
NAIH nyilvántartási szám - "Hungarian National Authority for Data Protection and Freedom of Information" registry
NAIH kereső http://www.naih.hu/kereses-az-adatvedelmi-nyilvantartasban.html
See the description of /etc/courier/aliasdir in man dot-courier DELIVERY INSTRUCTIONS
echo > /etc/courier/aliasdir/.courier-kitchensinkAdd alias:
ANY.ADDRESS@ANY.DOMAIN.TLD: kitchensink@localhost
- SMTP communication
- NOADD*,
opt MIME=none - filters
- DEFAULTDELIVERY
esmtproutes "both MX and A records get looked up"
D0 CAPABILITY
D1 AUTHENTICATE PLAIN
$(echo -en "\0USERNAME\0PASSWORD" | base64)
D2 LOGOUT
sudo -u daemon -- spamassassin --test-mode --prefspath=/var/mail/.spamassassin/user_prefs -D < msg.eml
# For specific tests issue
# man spamassassin-run
sudo -u daemon -- spamassassin --test-mode --prefspath=/var/mail/.spamassassin/user_prefs -D dkim < msg-signed.eml
opendkim -vvv -t msg-signed.eml- https://www.unlocktheinbox.com/resources/identifieralignments/
- http://www.openspf.org/Related_Solutions
- setup http://www.spfwizard.net/
- check http://www.kitterman.com/spf/validate.html http://tools.wordtothewise.com/authentication
- monitor
host -t TXT <domain>; pyspf - For non-email domains:
v=spf1 -all
- http://en.wikipedia.org/wiki/Sender_ID
- http://tools.ietf.org/html/rfc4407#section-2
- PRA: Resent-Sender > Resent-From > Sender > From > ill-formed
- http://www.appmaildev.com/
- RFC 6376
- setup http://www.tana.it/sw/zdkimfilter/
- check
- monitor
- check-auth@verifier.port25.com
- autorespond+dkim@dk.elandsys.com
- test@dkimtest.jason.long.name
- dktest@exhalus.net
- dkim-test@altn.com
- dktest@blackops.org
- http://dkimvalidator.com/
- http://www.appmaildev.com/en/dkim/
- http://9vx.org/~dho/dkim_validate.php
- https://protodave.com/tools/dkim-key-checker/ (DNS only)
Deprecated.
An optional extension to the DKIM E-mail authentication scheme.
https://unlocktheinbox.com/resources/adsp/
Specs: https://datatracker.ietf.org/doc/draft-kucherawy-dmarc-base/?include_text=1
- setup https://unlocktheinbox.com/dmarcwizard/
- check
- monitor
host -t TXT _dmarc.$DOMAIN
http://www.returnpath.com/solution-content/dmarc-support/what-is-dmarc/
- ☀️ ☀️ ☀️ Descriptive From name "Firstname from Company"
- ☀️ ☀️ Descriptive subject line
- ☀️ Short preview line at top of the message
- Link to online version (newsletter archive)
- Short main header
- 💡 Sections: image + title + description + call2action, see https://litmus.com/subscribe
- External resources should be able to load through HTTPS (opening in a HTTPS webmail)
- 📱 Mobile compatible
- Sender's contact details (postal address, phone number)
- Who (recipient name, email address, why) is subscribed
- Unsubscribe link
- Forward to a friend
List-Unsubscribe: URL(invisible)Precedence: bulk(invisible)Return-Path: bounce@example.com(invisible)Reply-to: reply@example.com(invisible) How to videoFrom: sender@example.comTo: recipients@addre.ss- bounce
X-Autoreply: yes - bounce
Auto-Submitted: auto-replied
- SMTP
MAIL FORM: <user@example.com> - HTML and plain text payload
- From address SPF
include:servers.mcsv.net - Bulk Senders Guidelines by Google
- Spamhaus Marketing FAQ
- ☁️ CDN for images
- https://litmus.com/community/templates
- https://litmus.com/blog/go-responsive-with-these-7-free-email-templates-from-stamplia
- https://litmus.com/subscribe
- https://www.mail-tester.com/ by Mailpoet
- http://spamcheck.postmarkapp.com/
- mailtest@unlocktheinbox.com https://www.unlocktheinbox.com/resources/emailauthentication/
- checkmyauth@auth.returnpath.net
- https://winning.email/checkup/DOMAIN
- https://tinyletter.com/
- https://www.klaviyo.com/
- https://mailchimp.com/
- https://www.mailjet.com/
- viktor@szepe.net (€6/1000 emails)
rblcheckCourier MTA
BLACKLISTS="-block=bl.blocklist.de"Trendmicro ERS check
wget -qO- --post-data="_method=POST&data[Reputation][ip]=${IP}" https://ers.trendmicro.com/reputations \
| sed -ne 's;.*<dd>\(.\+\)</dd>.*;\1;p' | tr '\n' ' 'OK response: IP Unlisted in the spam sender list None
-
B- Blacklist a.k.a. RBL (lookup, delist) -
L- Lookup(s) -
M- Monitoring -
R- Registered (whitelist etc.) -
F- Feedback loop -
S- Sender support -
A- Abuse report -
http://www.senderbase.org/lookup/ by Cisco
L -
https://www.senderscore.org/lookup.php by ReturnPath
L -
http://www.mcafee.com/threat-intelligence/ip/spam-senders.aspx
Llookup -
Report abuse from Outlook.com
ASee Sender Score -
Abuse Contact DB
host -t TXT $(revip $IP).abuse-contacts.abusix.orgA
Register here:
- http://www.unifiedemail.net/Tools/RBLCheck/
LMregistration - https://mxtoolbox.com/problem/blacklist/
LMchart - http://www.projecthoneypot.org/search_ip.php
LM - https://rbltracker.com/
M - https://www.rblmon.com/accounts/register/
M - https://www.dnswl.org/selfservice/
R - https://ers.trendmicro.com/reputations
LR - http://www.emailreg.org/index.cgi?p=policy (Barracuda)
R - AOL Postmaster
LR - http://yandexfbl.senderscore.net/
F - Outlook.com by Microsoft
- Sender Information for Outlook.com Delivery
S
http://www.junkemailfilter.com/spam/free_mx_backup_service.html