1. 11

  2. 8

    You can also view this from the OpenSMTPD domain.

    1. 4

      I suppose one major problem here is total lack of mention of DKIM/SPF - if you expect to interface to any modern mail server, these are basically required.

      1. 3

        The filters in the extras repo linked in the comment above has a dkim-signer filter (in the wip directory). I guess that’s the missing piece.

        1. 1

          DKIM signing is sufficient for outgoing mail, but you still want to manage DKIM and SPF policy on incoming mail.

        2. 2

          I’ve found that with a clean IP, sending modest amounts of email (i.e. not high-volume marketing or transactional email) they aren’t really required. I’ve run my own mailserver for a little over a year now, and have good deliverability without DKIM/SPF, to a pretty broad range of servers (a number of universities, companies, Office365, Gmail, Yahoo, etc.).

          I’ve never tried DKIM at all, so I can’t say much about what it does. But I did used to have SPF for a bit, and it was a net negative for my deliverability. The problem is that most sites don’t do anything about the known issue where SPF breaks mail forwarding. Some people I correspond with have email setups where their public/official address is just a forwarding alias (e.g. through Dreamhost) that forwards on to their real mailbox at some university, or Gmail, or wherever. In many cases, if you have SPF enabled, this means all your mail to that person gets the axe, because the final destination server sees the email source as the intermediate forwarding server, which isn’t in the SPF allowed senders list for your domain, so it gets SPF failed. Fortunately, the university server that SPF-failed me in this way sent a bounce rather than just quietly spam-binning my email, so I was alerted to the problem instead of just wondering why I never got a reply. I disabled SPF, and the problem went away. (The page linked above suggests a workaround: the final destination server can provide its users with an interface where they can specify forwarding intermediate servers they use, to be whitelisted from SPF checks. But I have never run into this actually being implemented in the wild.)

        3. 1

          I just mounted openbsd on a vultr instance, I will try this out! (As soon as I have time to properly set it up for ssh)

          1. 4

            If you’re using OpenBSD 5.8, remember to install smtpd/extras from git to get filter goodness.