Very nice. Comes with Roundcube so you've got a webmail client available.
- DKIM signing on outgoing messages (opendkim).
- The machine acts as its own DNS server and is automatically configured for SPF and DKIM (nsd).
I remember many people running their own SMTP server used to have massive issues with their outgoing mail being silently or non-silently ignored or sent to the spam folder. Does this take care of this? "Mostly" really isn't good enough.
> I remember many people running their own SMTP server used to have massive issues with their outgoing mail being silently or non-silently ignored or sent to the spam folder. Does this take care of this? "Mostly" really isn't good enough.
Frankly I've had mixed results over several years of hosting my own personal email server, even with a valid PTR, SPF, and DKIM. Most SMB and personal email systems I interact with are fine, as aside from Bayesian filtering those tend to rely heavily on blacklists which I am responsible enough to keep myself off of—easy given that I'm the server's only user. And I've never had an issue sending to Gmail users.
Microsoft is the real f-up in this regard, originally with Hotmail and now with the updated Outlook.com. Even though I'm on no blacklists and pass both their SPF and DKIM checks:
Authentication-Results: hotmail.com; spf=pass (sender IP is XXX.XXX.XXX.XXX) smtp.mailfrom=redacted@example.com; dkim=pass header.d=example.com; x-hmca=pass header.id=redacted@example.com
X-SID-PRA: redacted@example.com
X-AUTH-Result: PASS
X-SID-Result: PASS
my messages still end up in the Junk folder.
If you visit their support page you're recommended to join their partner Return Path's Sender Score Certified Email program to stop junk filtering of your legitimate messages. That's great, if you're a medium-sized organization that doesn't mind paying their certification fee; but Return Path won't even allow an individual to register (I've tried). I'm familiar with Hanlon's razor, "never attribute to malice that which is adequately explained by stupidity", but this at least feels like a racket.
Unfortunately I don't know what else to do, other than continue to advise everyone I know not to use Outlook.com and friends.
And to finally answer your question, if this VM runs its own DNS then it probably takes care of SPF and DKIM adequately, but you'll likely have to contact your hosting provider for the PTR record, which is at least as important. But even following those best practices you can still have delivery issues such as I have described above, leading to the unfortunate reality that if you really need a message to be delivered you're probably better off sending it through Gmail.
I was suffering the same problem about 7 years ago on my own personal mail server. I discovered that if I padded out the message headers with a load of junk headers to push the message size up beyond about 50KB, then the otherwise exact same message would arrive in the Inbox at Hotmail rather than being blackholed.
I will. One thing I can add is Microsoft hates the word PayPal - mention paypay in your email and it gets killed, take out that one word and it goes straight through.
hotmail used to actively blackhole e-mail from smaller servers, no bounce, no warning, nothing. just accept it and throw it away.
i don't know if they still do that, but it was far easier to convince everyone i knew at the time that hotmail was garbage, rather than making any headway with their mail admins.
My only issue in the last 2 years was with Gmail, which I eventually discovered on accident was apparently because of my lack of appropriate ipv6 records in my SPF tag.
I didn't catch it for a while because so much of the email world simply assumes ipv4, but traffic happily exits my ipv6 interface when the destination supports it.
Even if it can't set the PTR it's self, it could at least detect if your PTR is missing or wrong, and display that information to you with some advice on how to resolve it and how important it is.
Additionally, you should test whether your PTR "smells" dynamic (i.e. contains part of your IP address in the PTR itself.) It may or may not be something within your control, but you should know as it may cause you problems later.
With dkim/SPF the lack of a reverse ptr is less important. I've had one email bounce as a result, even then the bounce included instructions to resolve the issue with their server.
From my experience, Gmail will send to spam everything from a small server that has no SPF (even when DKIM is on and OK -- which is strange because it basically has SPF built-in) and when the sender is not in the address book -- this is pretty enough for massive issues.
Well sure, but DKIM can sign the sender so it can do the SPF work connected with an envelope spoofing filter. Still, my idea was that a spammer who can put a valid DKIM signature won't likely have any problems with SPF.
I had heard of this too, and it was one of the reasons I was extremely cautious when starting to host my own email. To my surprise, I didn't run into a single problem like this.
I lack the expertise to elaborate much, but the gist is that people running their own server were caught by measures that were put in place to combat spam. I recall some providers (AOL?) used to be infamous for silently discarding your mails, which is very aggravating for the involved parties.
You had to jump through certain hoops to ensure that your mail arrived. DKIM/SPF are two such hoops (or related techs, anyway; both have detailed Wikipedia entries). Maybe it's not so much of an issue these days.
This happens as a matter of routine; the biggest problem with running your email server is you are not guaranteed that your messages will be delivered.
