Valid Mail server

Reported by: beli3ver
Created: 19 days ago
Views: 503

hi,

I find some points that should be updated, so the mailserver is more valid and RFC conform

1. FQDN: example.com is not a correct FQDN an most Domain Hoster doesn't allow a MX entry in this style. It should be like this mx.example.com. Here I think is the best way to take the hostname.

2. Check if the admin set the reverse DNS record for the mailserver. Most mailserver do this step and if not they deny the mail

3. In the user panel should stand the hostname from the server as mailserver and not every domain. With every domain you get cert errors.

4. for higher security TinyCP should set this postfix config:

smtpd_tls_exclude_ciphers = ECDHE-RSA-RC4-SHA, RC4, aNULL, DES-CBC3-SHA, ECDHE-RSA-DES-CBC3-SHA, EDH-RSA-DES-CBC3-SHA

These are old and unsafe ciphers.

5. remove any system information from the smtp_banner

6. support DNSSEC and DANE

smtp_dns_support_level = dnssec                       
smtp_tls_security_level = dane
Join our Discord server
Write a reply Edit a reply