I'm faced with the task of setting up a public-internet-facing email server, that will be relaying mail for all of our other servers in the network.
While the software in itself is set up in few keystrokes, what little experience I have with managing an email server has thought me that there are tons of awkward filtering techniques employed by other email systems. Systems that my own server will inevitably interact with a some point.
Hence, my questions:
- What things should be kept in mind and double checked when setting up an email server?
- What resources are available for checking if my email server is set-up correctly?
I'm specifically NOT looking for instructions for any given mail server, such as Exchange or Postfix. But it's okay to say: “you should have X and Y in your set-up, because when talking to server software Z, it typically tries to weed out open relays by checking for these.”
Some things I've discovered myself:
Make sure forward and reverse DNS are set up.
Mail servers tend to do a reverse lookup for the peer IP-address when receiving. Matching a reverse look up with a follow-up forward lookup is probably employed to weed out open relays run through malware on home networks.
Make sure the user in the
From
-address exists.The
From
-address is easily spoofed. A receiving mail server may try to contact the mail server in theFrom
-domain, and see if theFrom
-user actually exists.
The most important thing of all: Make sure you are not an open relay. Everything else is secondary to that. But of course you know that.
Then, some issues:
One tip is to make sure that you are not an open relay, from your mailserver telnet to: