this post was submitted on 30 Jan 2024
42 points (97.7% liked)

Selfhosted

40394 readers
389 users here now

A place to share alternatives to popular online services that can be self-hosted without giving up privacy or locking you into a service you don't control.

Rules:

  1. Be civil: we're here to support and learn from one another. Insults won't be tolerated. Flame wars are frowned upon.

  2. No spam posting.

  3. Posts have to be centered around self-hosting. There are other communities for discussing hardware or home computing. If it's not obvious why your post topic revolves around selfhosting, please include details to make it clear.

  4. Don't duplicate the full text of your blog or github here. Just post the link for folks to click.

  5. Submission headline should match the article title (don’t cherry-pick information from the title to fit your agenda).

  6. No trolling.

Resources:

Any issues on the community? Report it using the report flag.

Questions? DM the mods!

founded 2 years ago
MODERATORS
42
submitted 10 months ago* (last edited 10 months ago) by vsis@feddit.cl to c/selfhosted@lemmy.world
 

Hello. Let's say I want to selfhost an email server (smtp + imap) that only will be used to receive email.

I only will send email internally (from my domain to my domain) and receive from 3rd parties.

Should I setup DKIM, DMARC, SPF and reverse IP lookup?

To be honest, I'm having a bit of hard time understanding the madness of email authentication. So I can't figure it out by myself if those mechanisms are needed in my case.

I haven't deployed anything, but probably will use Stalwart. It looks like it's easy to deploy. Is there any other beginner-friendly email service I should read about?

Thanks!

you are viewing a single comment's thread
view the rest of the comments
[–] Dirk@lemmy.ml 5 points 10 months ago* (last edited 10 months ago) (1 children)

Some strict mail servers even blacklist you if the DMARC record is missing.

[–] 69420@lemmy.world 2 points 10 months ago (1 children)

Some servers blacklist you even if you have DMARC, SPF, DKIM, DNS setup perfectly, but your IP is in a block of addresses that may or may not have been hosted by the same ISP of some unrelated server that was possibly compromised 10 years before you even set up the mail server. Ask me how I know.

[–] conorab@lemmy.conorab.com 2 points 10 months ago

Some servers blacklist you no matter what you do because you’re not a big player in the e-mail space… Outlook. Fuck Outlook. M365 doesn’t do that though.

Also the idea that reverse IPs are needed (in practice) when SPF, DKIM and DMARC are in use is insane. I have literally told you my public key and signed the e-mail. It’s me. You don’t need to check the damn PTR!