- Transport encryption (TLS on SMTP in&out and IMAP)
- Forwarding with SRS (Sender Rewriting Scheme)
- Fetch instead of forwarding
- Attack mitigation (SMTP vulnerability, authentication)
- Spam filtering
- Custom blackhole lists (RBL)
- Custom whitelisting of hosts (broken mail servers)
- Monitor IP reputation
- Apply to whitelists
- Register to feedback loops
- Monitor delivery and delivery errors
- https://aws.amazon.com/ses/ by Amazon
- https://www.sparkpost.com/ on AWS The world’s largest email sender. retries
- https://www.mandrill.com/ by MailChimp
- list: M3AAWG members
- https://sendgrid.com/ by Twilio has own AS, aligned DMARC through CNAME records
- https://www.sendinblue.com/ 🇪🇺 (now Brevo) has own AS, forced link tracking
- https://www.mailgun.com/ by Rackspace
- https://www.mailjet.com/transactional by Mailgun
- https://www.smtp2go.com/pricing/ on Linode
- https://postmarkapp.com/ by Wildbit
- https://elasticemail.com/ on OVH
- Shared IP / IP pool / Dedicated IP
- On whitelists (mailspike, dnswl.org, Return Path)
- Open tracking (custom domain, HTTPS)
- Click tracking (custom domain, HTTPS)
- Bounce handling (SMTP bounce classification)
- dotdigital Email+SMS+Social+Ads+Mobile+Web+Offline €200
- MailerLite $30
- Klaviyo $0
- https://convertkit.com/ $29
- ONTRAPORT $79
- https://www.drip.com/features $0
- HubSpot $46
- Act-On Software $900
- Campaign Monitor $29
- Delivra by Campaign Monitor $100
- Marketo $895
- Salesforce / Pardot $1250
- Adobe Campaign $$$
- Cheetah Digital $$$
- Constant Contact $20
- Oracle Eloqua $2000
- Emma by Campaign Monitor $89
- IBM Watson Campaign Automation $$$
- MailChimp $0 🦍
- Oracle Responsys $1200
- Salesforce / ExactTarget $400
- SendGrid by Twilio $10
- https://tinyletter.com/ by Mailchimp 🐌
- Root:
Inbox - To recognize standard folder names delete .pst/.ost file after account setup
- Fix folder subscription, see /mail/courier-outlook-subscribe-bug.sh (Outlook 2007)
TLS1.0 ECDHE_RSA_AES_256_CBC_SHA1
Advanced/IMAP Path Prefix: INBOX
https://github.com/Yeraze/ytnef
See /repo/debian/pool/main/y/ytnef/
MIME type: application/ms-tnef
See G-Suite.md
Test tool: https://toolbox.googleapps.com/apps/checkmx/
- Encoded (base64 or QP) headers:
conv2047.pl -d - Body and attachments:
munpack -t - Syntax highlight:
headers.vimfor vim,/input/mc/email.syntaxfor mcedit - Enveloped-data (application/pkcs7-mime):
cat smime.p7m | base64 -d | openssl smime -verify -inform DER
- Original SMTP from August 1982 https://tools.ietf.org/html/rfc821
- Current SMTP https://tools.ietf.org/html/rfc5321
- ESMTP https://tools.ietf.org/html/rfc3848
- ClamAV (CCTTS, Safe Browsing)
- clamav-unofficial-sigs (paid: SecuriteInfo, MalwarePatrol, free: Sanesecurity)
clamav.pypythonfilter through pyClamd for Courier MTA
clamav-unofficial-sigs needs 1 GB of memory.
See "Best clamd.conf" in SecuriteInfo FAQ.
courier-pythonfilter attachments module
[attachments.py]
blockedPattern = r'^.*\.(ade|adp|bat|chm|cmd|com|cpl|dll|exe|hta|inf|ins|isp|jar|js|jse|lib|lnk|mde|msc|msp|mst|pif|reg|scf|scr|sct|shb|shs|sys|url|xxe|vb|vbe|vbs|vxd|wsc|wsf|wsh)$'https://support.google.com/mail/answer/6590
20_gmail-blocked-filetypes.cf
# Gmail's blocked file types
ifplugin Mail::SpamAssassin::Plugin::MIMEHeader
mimeheader GMAIL_BLOCKED_ATTACH Content-Type =~ /\.(ADE|ADP|BAT|CHM|CMD|COM|CPL|EXE|HTA|INS|ISP|JAR|JSE|LIB|LNK|MDE|MSC|MSP|MST|PIF|SCR|SCT|SHB|SYS|VB|VBE|VBS|VXD|WSC|WSF|WSH)/i
mimeheader GMAIL_BLOCKED_ATTACH_CD Content-Disposition =~ /\.(ADE|ADP|BAT|CHM|CMD|COM|CPL|EXE|HTA|INS|ISP|JAR|JSE|LIB|LNK|MDE|MSC|MSP|MST|PIF|SCR|SCT|SHB|SYS|VB|VBE|VBS|VXD|WSC|WSF|WSH)/i
score GMAIL_BLOCKED_ATTACH 20
score GMAIL_BLOCKED_ATTACH_CD 20
endif
See mbox_send2.py
Build Courier SRS
See /package/couriersrs-jessie.sh
http://www.courier-mta.org/makehosteddomains.html
http://www.courier-mta.org/dot-courier.html
Add alias:
@target.tld: foo
Delivery instructions:
echo "|/pathto/pipe/command" >/var/mail/domain/user/.courier-foo-default# Reporting includes learning
[email protected]: |/usr/bin/spamc --reporttype=report --max-size=1048576
[email protected]: [email protected]
Create an alias:
|/usr/bin/ssh -p 22 -i /home/user/.ssh/id_ecdsa [email protected] -- /usr/sbin/sendmail -f [email protected]- SMTP communication
- NOADD*,
opt MIME=none - filters
- DEFAULTDELIVERY
See the description of /etc/courier/aliasdir in man dot-courier DELIVERY INSTRUCTIONS section.
echo >/etc/courier/aliasdir/.courier-kitchensink
echo "kitchensink" >/etc/courier/aliasdir/.courier-kitchensink-defaultAdd alias:
[email protected]: kitchensink@localhost
@example.com: kitchensink@localhost
esmtproutes "both MX and A records get looked up"
D0 CAPABILITY
D1 AUTHENTICATE PLAIN
$(printf '\0%s\0%s' USERNAME PASSWORD | base64)
D2 LOGOUT
sudo -u courier -- spamassassin --test-mode --prefspath=/var/lib/courier/.spamassassin/user_prefs -D <msg.eml
# For specific tests issue
# man spamassassin-run
sudo -u courier -- spamassassin --test-mode --prefspath=/var/lib/courier/.spamassassin/user_prefs -D dkim <msg-signed.eml
# Needs opendkim package
opendkim -vvv -t msg-signed.eml
# With opendkim-tools
opendkim-testmsg <msg-signed.eml && echo "OK."
# Display the contents of the Bayes database
sa-learn --dbpath /var/lib/courier/.spamassassin/ --dump magicForwarding a temporary server's tcp/443 to Courier's tcp/465.
read -p "Courier IP? " COURIER_IP
read -p "This host's IP? " TEMPORARY_VPS_IP
sysctl --write net.ipv4.conf.all.route_localnet=1
#iptables -I FORWARD -i eth0 -p tcp -j ACCEPT
iptables -t nat -A PREROUTING -p tcp --dport 443 -j DNAT --to-destination ${COURIER_IP}:465
iptables -t nat -A POSTROUTING -p tcp --dst ${COURIER_IP} --dport 465 -j SNAT --to-source ${TEMPORARY_VPS_IP}Then browse to https://www.ssllabs.com/ssltest/
Local alternative:
addcr | TLS_PRIORITY="$TLS_PRIORITY_STRING" TLS_VERIFYPEER=PEER TLS_TRUSTCERTS=/etc/ssl/certs \
couriertls -host=example.com -port=25 -protocol=smtp -verify=example.comSee also
- https://ssl-tools.net/
- https://discovery.cryptosense.com/
- https://www.tbs-internet.com/php/HTML/testssl.php
- http://web.archive.org/web/20190205120542/https://www.unlocktheinbox.com/emailidentifieralignments/
- http://www.open-spf.org/Related_Solutions
- http://www.open-spf.org/FAQ/Common_mistakes#helo
- setup https://tools.sparkpost.com/spf/builder http://www.spfwizard.net/
- check https://dmarcian.com/spf-survey/ http://tools.wordtothewise.com/authentication
- monitor
host -t TXT <domain>; pyspf - for sending servers:
v=spf1 a -all - for non-email or empty domains:
v=spf1 -all
- RFC 6376
- setup http://www.tana.it/sw/zdkimfilter/
- check
- monitor
- DKIM in mailing lists
- http://www.appmaildev.com/en/dkim/
- [email protected]
- [email protected]
- [email protected]
- [email protected]
- [email protected]
- [email protected]
- http://dkimvalidator.com/
- http://9vx.org/~dho/dkim_validate.php
- https://protodave.com/tools/dkim-key-checker/ (DNS only)
Specs: https://datatracker.ietf.org/doc/rfc7489/
- setup http://www.kitterman.com/dmarc/assistant.html
- check https://dmarcian.com/dmarc-inspector/
- monitor
host -t TXT _dmarc.example.comhttps://www.dmarcanalyzer.com/ - empty record:
v=DMARC1; p=none - permissive record:
v=DMARC1; p=none; rua=mailto:[email protected]; ruf=mailto:[email protected]; fo=1
https://blog.returnpath.com/how-to-explain-dmarc-in-plain-english/
External destination verification: https://space.dmarcian.com/what-is-external-destination-verification/
Declared "Historic".
An optional extension to the DKIM E-mail authentication scheme.
http://web.archive.org/web/20161202063549/https://www.unlocktheinbox.com/resources/adsp/
- http://en.wikipedia.org/wiki/Sender_ID
- http://tools.ietf.org/html/rfc4407#section-2
- PRA: Resent-Sender > Resent-From > Sender > From > ill-formed
- http://www.appmaildev.com/
Deprecated.
- Tonality: personal or impersonal
- What is the most important message?
- ❗ Dedicated landing page
- ☀️ ☀️ ☀️ Descriptive From name "Firstname from Company"
- ☀️ ☀️ Descriptive subject line
- ☀️ Short preview text at top of the message
- Gmail actions
- Link to online version (newsletter archive)
- Company logo
- Short main header
- Personalization (e.g. statistics)
- 💡 Sections: image + title + description + call2action + background color, see https://litmus.com/subscribe
- "Updates from #RandomChannel"
- Bind words together with
- External resources should be able to load through HTTPS (opening in a HTTPS webmail)
- 📱 Mobile compatible
- Sender's contact details (postal address, phone number)
- Who (recipient name, email address, why) is subscribed
- Unsubscribe link
- Forward to a friend
- GDPR
From: [email protected]Reply-to: [email protected](invisible) How to videoTo: [email protected]Precedence: bulk(invisible)List-Unsubscribe: URL(invisible)Return-Path: [email protected](invisible)List-Unsubscribe-Post: List-Unsubscribe=One-ClickRFC8058 (invisible)X-Auto-Response-Suppress: OOF, AutoReply(invisible)
- When to send a newsletter?, Mailchimp Send Time Optimization, recipient's time zone: Mailchimp Timewarp
- HTML and plain text payload
- Send bulk emails by Google
- Spamhaus Marketing FAQ
- Rackspace Postmaster
- Yahoo Sender Best Practices
- ☁️ CDN for images
- SMTP
MAIL FORM: <[email protected]> - SMTP Envelope sender SPF
include:servers.mcsv.net
- https://litmus.com/community/templates
- https://litmus.com/blog/go-responsive-with-these-7-free-email-templates-from-stamplia
- https://litmus.com/subscribe
- https://www.mail-tester.com/ by Mailpoet
- https://www.gmass.co/inbox
- Microsoft Remote Connectivity Analyzer
- https://glockapps.com/
- https://spamcheck.postmarkapp.com/
- [email protected]
- https://testi.at/
- RFC3464: delivery status notifications (bounce message)
- RFC3834: out of office reply (vacation responder) and delivery confirmation (automatic response)
- RFC3798: disposition notification (read receipt)
- All in Detect automatic responses section
Auto-Submitted: auto-generatedX-Auto-Response-Suppress: OOF, AutoReplyhttps://msdn.microsoft.com/en-us/library/ee219609(v=exchg.80).aspx
- Delivery Status Notification https://tools.ietf.org/html/rfc3464
Auto-Submitted: auto-repliedhttps://tools.ietf.org/html/rfc3834#section-3.1.7X-Autoreply: yesPrecedence: bulkX-Cron-Env:Return-Path: <>From: .*(noreply|no-reply|donotreply|mailer[-_]daemon@|)- https://github.com/jpmckinney/multi_mail/wiki/Detecting-autoresponders
- https://serverfault.com/a/462914
85% of emails are spam https://www.talosintelligence.com/reputation_center/email_rep
- List of blacklists
- Whitelists in SpamAssassin
- Sender Support and Delivery and Filtering Details
- Impressionwise RBL Advisories
- Impressionwise URI Advisories
rblcheckBuilt-in blacklist check in Courier MTA
BLACKLISTS="-block=bl.blocklist.de"Trendmicro ERS check
wget -qO- --post-data="_method=POST&data[Reputation][ip]=${IP}" https://ers.trendmicro.com/reputations \
| sed -ne 's;.*<dd>\(.\+\)</dd>.*;\1;p' | tr '\n' ' 'OK response: IP Unlisted in the spam sender list None
MIPSpace Reputation lists - "No More Email Marketing"
wget -qO- --post-data="search=1.2.3.4" "http://www.mipspace.com/lookup.php" \
| sed -n -e 's#<[^>]\+>##g;s#^.*\(The IP address .\+\)$#\1#p'Sample response: The IP address 1.2.3.4 is on the the following MIPSpace Reputation lists: MIPSpace-Poor
R - Register your mail server here
- Google Postmaster Tools
RGmail Spam FBL - Yahoo! Postmaster
R - Outlook.com by Microsoft
RSmart Network Data Service (SNDS) Junk Email Reporting Program (JMRP) Office 365 Delisting Service - AOL Postmaster
RIP reputation - Mail.Ru Postmaster
R - Yandex Postmaster
RFeedback Loop - https://poczta.onet.pl/pomoc/en,odblokuj.html
- http://wiki.wordtothewise.com/ISP_Summary_Information (list)
- https://support.google.com/mail/contact/msgdelivery
- https://support.google.com/mail/contact/bulk_send_new
- Sender Information for Outlook.com Delivery
- Report abuse from Gmail
- Report abuse from Outlook.com See SenderScore
- Report abuse or spam on Yahoo
- Report Amazon AWS abuse
- Report abuse from SendGrid
- Abuse Contact DB
host -t TXT $(revip $IP).abuse-contacts.abusix.org(list)
- https://www.dnswl.org/selfservice/
R - https://www.abuse.net/addnew.phtml
Rlookup:whois -h whois.abuse.net. example.com - ??? EmailReg.org by Barracuda
- ??? Whitelisted.org by UCEPROTECT
- https://www.projecthoneypot.org/search_ip.php
R - http://blacklist.lashback.com/
- https://rbl.foobar.hu/
- http://filterdb.iss.net/dnsblinfo/
- https://www.senderscore.org/lookup.php by ReturnPath
- https://ipcheck.proofpoint.com/
- https://www.ers.trendmicro.com/reputations/legitimate
R - http://www.barracudacentral.org/lookups
- http://www.cyren.com/ip-reputation-check.html
- http://www.mcafee.com/threat-intelligence/ip/spam-senders.aspx lookup
- https://ipremoval.sms.symantec.com/
- https://postmaster.aol.com/ip-reputation
- https://www.talosintelligence.com/reputation_center by Cisco
- AlienVault
- https://www.mcafee.com/uk/threat-center.aspx
- Facebook ThreatExchange
- Open Threat Intelligence
- List of Data Sources: https://github.com/HurricaneLabs/machinae
- https://exchange.xforce.ibmcloud.com/
- MailChannels
- Return Path Certification
- Sophos Email
- SolarWinds MSP (formerly SpamExperts)
- IKARUS mail.security
- Barracuda Essentials
- Proofpoint Essentials
- https://www.mailscanner.info/install/
- https://wiki.efa-project.org/
- https://whois.smartweb.cz/en/blacklist/check/
- https://www.litmus.com/gmail-category-tab-test
- https://glockapps.com/spam-testing
R - https://bgp.he.net/ip/1.2.3.4#_rbl
- https://hetrixtools.com/dashboard/blacklist-monitors/
- https://multirbl.valli.org/
- https://mxtoolbox.com/problem/blacklist/ chart
- https://rbltracker.com/
R - https://www.rblmon.com/accounts/register/
R
http://www.junkemailfilter.com/spam/free_mx_backup_service.html