Harel NYC

Tech Independence: Addendum

We all know SPAM emails are a big problem. As a result, many email services keep a close eye on emails to see if they're legitimate. In Derek's Tech Independence guide, he outlines how to setup an SMTP server in a simple way, which is very helpful. But, if you're planning on using your server long term, you'll likely need to take some extra steps.

One major issue is that Gmail will automatically block emails from your personal mail server unless you take one of two actions: set up an SPF record or enable DKIM signing. If you only want to do the bare minimum, it's easier to just set up the SPF record. But, it's highly recommended that you enable both and also set up a DMARC record. By doing all of this, it's less likely that your email will be marked as spam by different email providers.

The instructions below assume you have followed Derek's guide exactly.

SPF Record

Instructions for porkbun.com

  1. Go to your porkbun.com account.
  2. Under your domain name, click the little word “DNS”.
  3. Change “Type:” to “TXT - Text record”.
  4. Leave “Host:” blank.
  5. In “Answer:” type v=spf1 mx -all
  6. Click the blue [Add] button, bottom-right.
  7. Click the little x in the top-right corner of this pop-up window.
  8. Test that the SPF record is configured properly at mxtoolbox.com

Instructions for namecheap.com

  1. Go to your namecheap.com account.
  2. Click 'Domain List' in left side navigation.
  3. Click the [Manage] button next to your domain.
  4. Click on 'Advanced DNS'.
  5. Click [Add New Record] button under 'Host Records' section and choose 'TXT Record' and a new row should appear.
  6. Type @ under 'Host' field, type v=spf1 mx -all under 'Value' field, and click the green check on the right side of the row.

DKIM

  1. Log in to your server, if you are not already.
  2. Type doas su
  3. Type pkg_add opensmtpd-filter-dkimsign
  4. Type cd /etc/mail
  5. Type mkdir dkim
  6. Type openssl genrsa -out /etc/mail/dkim/example.com.key 2048
    replacing example.com with your domain.
  7. Type openssl rsa -in /etc/mail/dkim/example.com.key -pubout -out /etc/mail/dkim/example.com.pub
    replacing example.com with your domain (notice two mentions of example.com).
  8. This should create two files, a .key file and a .pub file in the directory /etc/mail/dkim.
  9. Type chown -R _smtpd dkim
  10. Type chmod -R 700 dkim
  11. Open smtpd.conf at /etc/mail/smtpd.conf in vi or other remote editor on server.
  12. Above the first line that begins with listen, add the line filter "dkimsign" proc-exec "filter-dkimsign -d example.com -s mail -k /etc/mail/dkim/example.com.key -c relaxed/relaxed"
    replacing example.com with your domain (note there are two spots to replace).
  13. Add filter "dkimsign"
    at the end of every line that begins with listen. If you just followed Derek's guide, there should be three lines.
  14. Save the file you just updated: smtpd.conf and get back to the terminal.
  15. Type rcctl restart smtpd
  16. Type more /etc/mail/example.com.pub
    replacing example.com with your domain.
  17. Copy the contents of the output between the -----BEGIN PUBLIC KEY----- and -----END PUBLIC KEY----- markers and paste it into a new text file (NotePad or TextEdit).
  18. Remove the line breaks so it's one long line.
  19. Go to your porkbun.com account.
  20. Under your domain name, click the little word “DNS”.
  21. Change “Type:” to “TXT - Text record”.
  22. In “Host:” type mail._domainkey
  23. In “Answer:” type v=DKIM1;k=rsa;p=*PUBLIC_KEY*
    replacing *PUBLIC_KEY* with the content of the text file created in steps 17 and 18.
  24. Click the blue [Add] button, bottom-right.
  25. Click the little x in the top-right corner of this pop-up window.
  26. Test that DKIM is configured properly in DNS at mxtoolbox.com. Note that the selector is mail .
  27. Test that DKIM signing is configured properly on your server at dkimvalidator.com.

DMARC

Instructions for porkbun.com

  1. Go to your porkbun.com account.
  2. Under your domain name, click the little word “DNS”.
  3. Change “Type:” to “TXT - Text record”.
  4. In “Host:” type _dmarc
  5. In “Answer:” type v=DMARC1; p=quarantine; rua=mailto:email@example.com
    replacing email@example.com with an email address where you want to get delivery reports. I recommend creating a separate account for this.
  6. Click the blue [Add] button, bottom-right.
  7. Click the little x in the top-right corner of this pop-up window.
  8. Test that DMARC is configured properly at mxtoolbox.com. Note that the selector is mail as the tool asks you for it.