how to do dkim & spf setup in dns #986
Comments
|
Unfortunately this isn't supported currently, but it's something we definitely want to fix. Ideally we'd automate the whole setup with mailgun. |
|
I used SparkPost, and although I was able to use a sender domain to validate Sandstorm, I am unable to send from Roundcube through the generated sandstorm.io addresses. Sparkpost requires either DKIM or validating through abuse@ or postmaster@. Is there any update on this? |
|
Someone just asked this on IRC again, so I thought it would make sense to describe my current workaround here for future reference: You don't have to have the mail domain be the same as the sandstorm domain, so you can have your sandstorm box at foo.sandcats.io and have it send email from foo.example.org. This requires you to register a separate domain, but you don't need to deal with wildcard certs, dynamic dns, etc. for that domain; just put those static records in place. |
ocdtrekkie
added
enhancement
|
Would this be easier to do now that Sandcats has support for configuring TXT records for ACME? Does ACME.js's DNS provider library provide us any avenues to automate more DNS configuration for Sandstorm going forward? |
|
Skimming the API, we could probably re-use the acme.js plugins to set the TXT records we need, but not MX. ...but I think there are two related things here:
I think the recent changes are completely orthogonal to (2); either way we need to add support to the sandcats service for configuring DNS, and I don't think ACME.js makes that any easier than it already was (since we already control that service). It might bring us closer to being able to do (1) for non-sandcats domains, though we somehow still need to figure out what all of the values should be, and I'm not sure how to do that in an automated fashion. |
|
FWIW the change I made to the sandcats server to support ACME challenges was very restricted to just ACME challenges. I don't want to support adding arbitrary DNS records since then we'd have to think about limits, and a cloudflare-based implementation would be harder (since it imposes its own limits). We could add specific support for MX records and mail-related TXT records, though. But right now I'm very hesitant to make changes to the Sandcats server as I suspect all the tools have bitrotted. I made the ACME changes by editing the live copy of the code on the server (so that I wouldn't have to try to rebuild it or run an ancient version of the meteor tool at all). Once we no longer need to support the old TLS issuance path I'd like to rewrite the whole server as a Cloudflare Worker and backed by Cloudflare DNS (which should hugely improve performance of sandcats DNS, especially outside the US!). Can think about implementing MX and mail-related TXT then... |
Trying out sandstorm. I setup buzz.sandcats.io. To setup email I added a mailgun domain for buzz.sandcats.io. Now I don't see a DNS control panel in sandstorm admin. How do I add DNS for these entries?
TXT buzz.sandcats.io
TXT k1._domainkey.buzz.sandcats.io
CNAME email.buzz.sandcats.io
and MX records for receiving mail.
Thanks,
Jason
The text was updated successfully, but these errors were encountered: