Secure Mail Server Checklist

JustinJustin Moderator
edited April 2016 in Performance and Security
Setup of email server in Linux is simple, but your job does not end there. Customer had experiences where mail gateway has been misconfigured and has caused open relay for a spammer attack. Always pay extra careful attention when you deal with related internet services such as web and email.

1. MX record

The Mail Exchanger (MX) is critical to email related information in your DNS. The MX record tells the internet email servers how to handle the your email routing. If you host your own DNS server, please remember to add a MX record. You can perform a simple MX record test. Please change your internal dns server to an external dns server.

2. IP address

Use the mail security tool below to check your IP status:

http://www.mxtoolbox.com/SuperTool.aspx

3. Secure Mail Test tool

http://www.checktls.com/index.html

4. Reverse DNS

Usually anti-spam applications check if you have a valid reverse DNS IP. If you are sending mail from a non reverse DNS IP mail server, your 'mail reputation' will be lower than those who have a valid reserve IP. You might not see the impact instantly, however, since it might have a consequence in the long run such as sending valid bulk emails that might get your IP blacklisted or dropped.

5. SPF DNS Record

Most anti-spam application / gateway applies a Sender Policy Framework (SPF) checking. This is an additonal layer of spam filtering, where it checks if the mail is genuinely from a domain. It is advised to include SPF record in your DNS.

Comments

  • I would add DKIM, SPF and SpamAssassin Score validation to be sure your emails are being signed correctly with DKIM & SPF and that aren't being blocked by Spam filters.

    A good tool to verify the DKIM, SPF and SpamAssassin score is:

    http://www.dkimvalidator.com
  • The site noted on point 3 is deprecated and is not working at present.

    The site says: "The relay tester is no longer available. Mail software is rarely an open relay any more unless it is badly misconfigured."

    Please delete the step 3 or change it by this site:

    http://www.checktls.com/index.html
Sign In or Register to comment.