This tutorial will be using “example.com” as the domain with a public IP of 123.123.123.123.
An example email account of demouser@example.com will be used.
The target that we desire at the end of this tutorial is:
This uses “example.com” as the domain, and “exampleserver” as the hostname.
The DNS server will be 8.8.8.8 (which is the gmail DNS system, but adjust to any other DNS server as required).
echo exampleserver> /etc/hostname hostname -F /etc/hostname echo "8.8.8.8 exampleserver.example.com exampleserver" >> /etc/hosts
Verification is easy, just use these commands and you should get the answers.
hostname --short exampleserver hostname --domain example.com hostname --fqdn exampleserver.example.com hostname --ip-address 8.8.8.8
The following software is needed:
TODO: Update to use alternatives to Courier, such as Dovecot.
Issue these commands:
apt-get update apt-get install exim4-daemon-heavy swaks libnet-ssleay-perl ssl-cert
Decide on using Courier or Dovecot. Recommendation is to use Dovecot.
apt-get install courier-authdaemon courier-imap courier-imap-ssl courier-pop courier-pop-ssl
WARNING: Courier will by default use a self-signed certificates. These are OK if you are going to be the only user of the mail system, but if you plan to invite many people like for a public system (and you do not plan to distribute your own certification authority to them), then you need a signed-certificate. But for our use-case we will not go into replacing these for our small IMAP usage, but definitely not OK for a public or larger one! This is also the warning installation will give you about this fact:
SSL Certificate Required POP and IMAP over SSL requires a valid, signed, X.509 certificate. During the installation of courier-pop-ssl or courier-imap-ssl, a self-signed certificate will be generated if necessary. For production use, the X.509 certificate must be signed by a recognized certificate authority, in order for mail clients to accept the certificate. The default location for this certificate is /etc/courier/pop3d.pem or /etc/courier/imapd.pem.
apt-get install dovecot-imapd dovecot-pop3d
Edit the file /etc/dovecot/dovecot.conf and amend the following line in the file /etc/dovecot/dovecot.conf:
protocols = pop3 pop3s imap imaps
In addition, add the following line in the “protocol pop3” section in the /etc/dovecot/dovecot.conf:
pop3_uidl_format = %08Xu%08Xv
Configure Dovecot to use the maildir mailbox format. Edit /etc/dovecot/dovecot.conf:
mail_location = maildir:~/Maildir
NOTE: Maildir mails are almost always stored in ~/Maildir/ directory, which contains cur/, new/ and tmp/ subdirectories. In maildir each mail is stored in a separate file.
or alternatively change to:
mail_location = maildir:/home/%u/Maildir
If !include conf.d/*.conf is uncommented in /etc/dovecot/dovecot.conf, it is necessary to set mail_location in /etc/dovecot/conf.d/10-mail.conf or comment the line out. 10-mail.conf will override the mail_location in dovecot.conf. If you choose to set the mail_location in 10-mail.conf, you have to change it to:
mail_location = maildir:~/Maildir
For SSL add or amend the following to the /etc/dovecot/dovecot.conf file.
disable_plaintext_auth = no ssl = yes ssl_cert_file = </etc/ssl/certs/ssl-cert-snakeoil.pem ssl_key_file = </etc/ssl/private/ssl-cert-snakeoil.key
Uncomment following line in /etc/dovecot/dovecot.conf:
listen = *
However, this method may cause conflicts with other servers already listening on other ports. The alternative (and probably more desirable) method, then, is to enable the specific listening ports for the protocols that are intended to be used. For example, for IMAP/IMAPS and POP3/POP3S, add to the correct protocol imap and protocol pop3 sections:
protocol imap {
listen = *:143
ssl_listen = *:993
...
}
protocol pop3 {
listen = *:110
ssl_listen = *:995
...
}
If you want to see the config Dovecot is currently using (including the mail_location), use
dovecot -n
Start dovecot:
/etc/init.d/dovecot start
Verification of the installation can be done by checking the running ports with a netstat command. Ensure that all the pop3, imap, smtp, pop3s and imaps ports are present as required:
netstat –utal -- omitted -- tcp6 0 0 [::]:pop3 [::]:* LISTEN tcp6 0 0 [::]:imap2 [::]:* LISTEN tcp6 0 0 [::]:ssh [::]:* LISTEN tcp6 0 0 localhost:smtp [::]:* LISTEN tcp6 0 0 [::]:imaps [::]:* LISTEN tcp6 0 0 [::]:pop3s [::]:* LISTEN
In this example, each user will have their email inside their own home directory under ~/Maildir. To have this as a standard setting for new users, simply add this directory to the skeleton so that it is automatically created for new users like this:
It's a good idea to pre-create the Maildir for future users:
sudo maildirmake.dovecot /etc/skel/Maildir sudo maildirmake.dovecot /etc/skel/Maildir/.Drafts sudo maildirmake.dovecot /etc/skel/Maildir/.Sent sudo maildirmake.dovecot /etc/skel/Maildir/.Trash sudo maildirmake.dovecot /etc/skel/Maildir/.Templates
Then, for an existing user:
sudo cp -r /etc/skel/Maildir /home/myuser/ sudo chown -R myuser:usergroup /home/myuser/Maildir sudo chmod -R 700 /home/myuser/Maildir
or for the example test user “demouser”:
maildirmake ~demouser/Maildir chown –R demouser.demouser ~demouser/Maildir
adduser demouser
Give this user a password when prompted. Always choose a good password here because this UNIX passwords will also be used by the user for IMAP/POP3 access to their emails!
Now, first step here is to use the Debian and Ubuntu built-in configuration package to configure the “main” exim4 points with:
dpkg-reconfigure exim4-config
It will give you several options in a wizard. Here are suggested answers for a small and independent server:
Generate a certificate based on example from exim.
/usr/share/doc/exim4-base/examples/exim-gencert [*] Creating a self signed SSL certificate for Exim! This may be sufficient to establish encrypted connections but for secure identification you need to buy a real certificate! Please enter the hostname of your MTA at the Common Name (CN) prompt! Generating a 1024 bit RSA private key ...........................................++++++ ....................................................................++++++ writing new private key to '/etc/exim4/exim.key' ----- You are about to be asked to enter information that will be incorporated into your certificate request. What you are about to enter is what is called a Distinguished Name or a DN. There are quite a few fields but you can leave some blank For some fields there will be a default value, If you enter '.', the field will be left blank. ----- Country Code (2 letters) [US]:JE State or Province Name (full name) []:Jersey Locality Name (eg, city) []:St. Helier Organization Name (eg, company; recommended) []:example.com Organizational Unit Name (eg, section) []:example.com Server name (eg. ssl.domain.tld; required!!!) []:exampleserver.example.com Email Address []:demouser [*] Done generating self signed certificates for exim! Refer to the documentation and example configuration files over at /usr/share/doc/exim4-base/ for an idea on how to enable TLS support in your mail transfer agent.
Next, based on the documentation you find in /usr/share/doc/exim4-base/ , you should create a file /etc/exim4/exim4.conf.localmacros to and insert these lines to enable TLS support on port 465.
echo "MAIN_TLS_ENABLE = true" > /etc/exim4/exim4.conf.localmacros echo "tls_on_connect_ports = 465" >> /etc/exim4/exim4.conf.localmacros
Inside /etc/default/exim4 change this line:
SMTPLISTENEROPTIONS=''
To this:
SMTPLISTENEROPTIONS='-oX 465:25:587 -oP /var/run/exim4/exim.pid'
Ok, now restart exim4 again with the service command
service exim4 restart
And check if the exim4 is listening on port 465:
netstat -atupln | grep 465 tcp 0 0 0.0.0.0:465 0.0.0.0:* LISTEN 16020/exim4 tcp6 0 0 :::465 :::* LISTEN 16020/exim4
The basic email system should now be running. Test this with a basic test of sending an email locally (either between two users of the local system or to yourself).
This test will send email to testuser from testuser.
echo "test message content" | mail –s "test subject" demouser@example.com
You can either check the inbox of demouser, or more simply check logs inside /var/log/exim4/mainlog
cat /var/log/exim4/mainlog 2014-12-23 16:56:42 1Y3XRa-0004B4-Sj <= root@example.com U=root P=local S=391 2014-12-23 16:56:42 1Y3XRa-0004B4-Sj => demouser <demouser@example.com> R=local_user T=maildir_home 2014-12-23 16:56:42 1Y3XRa-0004B4-Sj Completed
All looks good. Now try sending an external email.
echo "test message content" | mail –s "test subject" xxxxx@gmail.com
Now the good and the bad part, the email arrived, but it ended most probably in the spam folder because technically this is a “rogue” system with unknown domain and no basic signatures in the email headers.
An immediate step after my emails got working was that Thunderbird was unable to connect to the courier with IMAPS (with TLS enabled) despite the basic certificates existed from the installation (during apt-get install a default set was generated).
To verify what is going on, run a simple test using SWAKS to troubleshoot:
swaks -a -tls -q AUTH -s localhost -au demouser Password: playingwithexim4 === Trying localhost:25... === Connected to localhost. <- 220 exampleserver.example.com ESMTP Exim 4.80 Tue, 23 Dec 2014 20:10:29 -0500 -> EHLO exampleserver.example.com <- 250-exampleserver.example.com Hello localhost [127.0.0.1] <- 250-SIZE 52428800 <- 250-8BITMIME <- 250-PIPELINING <- 250-STARTTLS <- 250 HELP -> STARTTLS <- 220 TLS go ahead === TLS started w/ cipher DHE-RSA-AES256-SHA256 === TLS peer subject DN="/C=JE/ST=Jersey/L=St. Helier/O=example.com/OU=example.com/CN=exampleserver.example.com/emailAddress=demouser" ~> EHLO exampleserver.example.com <~ 250-exampleserver.example.com Hello localhost [127.0.0.1] <~ 250-SIZE 52428800 <~ 250-8BITMIME <~ 250-PIPELINING <~ 250 HELP *** Host did not advertise authentication ~> QUIT <~ 221 exampleserver.example.com closing connection === Connection closed with remote host.
As you noticed, the TLS layer is there successfully, the problem is more with the authentication not working.
Add these lines to /etc/exim4/exim4.conf.template
MAIN_TLS_ENABLE = yes tls_on_connect_ports=465 rfc1413_query_timeout = 0s
Install the SASLAUTH daemon that will do the authentication against local UNIX usernames.
NOTE: If you want some other method of authentication, check the Exim4 wiki.
apt-get install sasl2-bin
Edit /etc/default/saslauthd to enable saslauth with this line change:
START=yes
Restart the SASLAUTH daemon:
/etc/init.d/saslauthd start
Add exim to sasl group
adduser Debian-exim sasl Adding user `Debian-exim' to group `sasl' ... Adding user Debian-exim to group sasl Done.
Inside /etc/exim4/exim4.conf.template uncomment these lines to enable PAM authentication (in the below all lines below and including the “plain_saslauthd_server”):
# Authenticate against local passwords using sasl2-bin # Requires exim_uid to be a member of sasl group, see README.Debian.gz # plain_saslauthd_server: # driver = plaintext # public_name = PLAIN # server_condition = ${if saslauthd{{$auth2}{$auth3}}{1}{0}} # server_set_id = $auth2 # server_prompts = : # .ifndef AUTH_SERVER_ALLOW_NOTLS_PASSWORDS # server_advertise_condition = ${if eq{$tls_cipher}{}{}{*}} # .endif
Do a restart of both exim4 and saslauth
update-exim4.conf service exim4 restart service saslauthd restart
VERIFICATION is again with swaks the same command, but now you should get this (note “235 Authentication succeeded” below):
swaks -a -tls -q AUTH -s localhost -au demouser Password: kreten === Trying localhost:25... === Connected to localhost. <- 220 exampleserver.example.com ESMTP Exim 4.80 Tue, 23 Dec 2014 20:58:57 -0500 -> EHLO exampleserver.example.com <- 250-exampleserver.example.com Hello localhost [127.0.0.1] <- 250-SIZE 52428800 <- 250-8BITMIME <- 250-PIPELINING <- 250-STARTTLS <- 250 HELP -> STARTTLS <- 220 TLS go ahead === TLS started w/ cipher DHE-RSA-AES256-SHA256 === TLS peer subject DN="/C=JS/ST=Jersey/L=St. Helier/O=example.com/OU=example.com/CN=exampleserver.example.com/emailAddress=demouser" ~> EHLO exampleserver.example.com <~ 250-exampleserver.example.com Hello localhost [127.0.0.1] <~ 250-SIZE 52428800 <~ 250-8BITMIME <~ 250-PIPELINING <~ 250-AUTH PLAIN <~ 250 HELP ~> AUTH PLAIN AGRlbW91c2VyAGtyZXRlbg== <~ 235 Authentication succeeded ~> QUIT <~ 221 exampleserver.example.com closing connection === Connection closed with remote host.
Ensure that the email client is definitely supporting IMAP. Just follow these basic commands:
rm -rf /etc/courier/*.pem make-ssl-cert /usr/share/ssl-cert/ssleay.cnf /etc/courier/imapd.pem make-ssl-cert /usr/share/ssl-cert/ssleay.cnf /etc/courier/pop3d.pem service courier-imap restart service courier-imap-ssl restart service courier-authdaemon restart service courier-pop restart service courier-pop-ssl restart
This setup shows how Thunderbird is configured, but if you have a different preferred client, please feel free to try using it (including smartphone mail clients that support IMAP protocol).
TODO: Add an image here of Thunderbird “Mail Account Setup”.
NOTE: Since we are using self-signed certificates here, you are definitely going to get warnings from Thunderbird (or other clients) that the certificates are not officially trusted. If you are doing this for a real company, please go and purchase a real certificates from certification authorities (e.g. verisign…).
TODO: Add an image here of Thunderbird “Add security exception”.
If your connection with any client was successful, please try writing a quick email to yourself, for example this is how it looked in my system in Thunderbird.
From: Me <demouser@example.com>
Subject: Test
To: Me <demouser@example.com>
Hello World
Or here is the raw message code:
Return-path: <demouser@example.com> Envelope-to: demouser@example.com Delivery-date: Tue, 23 Dec 2014 21:57:21 -0500 Received: from [123.123.123.123] (helo=[192.168.1.2]) by exampleserver.example.com with esmtpsa (TLS1.2:DHE_RSA_AES_128_CBC_SHA1:128) (Exim 4.80) (envelope-from <demouser@example.com>) id 1Y3c8X-00055r-CJ for demouser@example.com; Tue, 23 Dec 2014 21:57:21 -0500 Message-ID: <549A1DA1.1030708@example.com> Date: Wed, 24 Dec 2014 02:57:53 +0100 From: "Smith, John" <demouser@example.com> User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; rv:31.0) Gecko/20100101 Thunderbird/31.3.0 MIME-Version: 1.0 To: demouser@example.com Subject: Test Content-Type: text/plain; charset=utf-8; format=flowed Content-Transfer-Encoding: 7bit Hello World
Use Thunderbird, or another client and send an email to external systems. There is a random chance that your email will end in spam folder on the destination.
HINT: To check if your email left your system, check all the mail logs in the /var/log/mail*
There are three basic things every email system should do to get anti-spam protection permitting emails received from your new systems to remote systems inboxes without ending in spam folders.
This part is between you and your provider, but you must ask the owner of the public IP you are using to create a reverse DNS entry for you.
Most providers of servers have this option as part of their control panel so the work is a few clicks, but it is imperative to do.
DISCLAIMER: These examples have the public IP of 123.123.123.123. Obviously replace that with your own IP.
A quick view on one such system:
| IP | Netmark | Gateway | Custom reverse DNS |
|---|---|---|---|
| 123.123.123.123 | 255.255.254.0 | 123.123.123.254 | example.com |
To verify, either use the “nslookup -r” command to your own domain, or web tool such as this one http://mxtoolbox.com/SuperTool.aspx
nslookup -r 123.123.123.123 *** Invalid option: r Server: 8.8.8.8 Address: 8.8.8.8#53 Non-authoritative answer: 123.123.123.123.in-addr.arpa name = example.com.
To summarizze what we will be doing here with SPF is basically that you need to interact either with your own DNS system, or contact your DNS hosting company (or do this via their control panel if they have this) and ask them to enter some special TXT records to your domain.
Read this page to understand SFP to avoid generating something incorrectly and hurting you email system from the very beginning! http://www.openspf.org/SPF_Record_Syntax.
This example will allow my main server “exampleserver” from the “example.com” domain to send emails. So the records are like this for SPF1 and SPF2 records:
v=spf1 a include:exampleserver.example.com –all spf2.0/pra a include:exampleserver.example.com -all
You can then apply them to the DNS record and test it with an online tool such as http://tools.bevhost.com/spf/
At the very end of this guide, we will be sending a test email to a testing service that will verify SPF and other useful things for us, so if you have trouble with this tool, wait for that testing.
This is a little more tricky as we are again going to play with certificates, and also with exim4 routing of emails. So let’s take it slowly:
Generate an RSA public and private keys with openssl
sudo openssl genrsa -out /etc/exim4/private.key 1024 sudo openssl rsa -in /etc/exim4/private.key -out /etc/exim4/public.pem -pubout -outform PEM sudo chown Debian-exim:root /etc/exim4/private.key /etc/exim4/public.pem
Read your new public key
cat /etc/exim4/public.pem -----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDA+WiFmhUpuOav+3oB77E0j06p DAr5cw9NKkcf9tcDbn7nIpBqAIFP8PVTn4tzO3I6LL+o5A9dCGQFPZlzqW8cXPDc Zd/4+4NEw1OIbbaUJh/giTyI24qbxBFTaW1nvdxE9qlWbNOYlbOVp4BpXdwmawVw V72GKjSR2+ql8wM4cQIDAQAB -----END PUBLIC KEY-----
Construct a DNS TXT record with the public key using this formula :
key1._domainkey.example.com.example.com
TXT record itself:
v=DKIM1;\040k=rsa;\040p=MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDA+WiFmhUpuOav+3oB77E0j06pDAr5cw9NKkcf9tcDbn7nIpBqAIFP8PVTn4tzO3I6LL+o5A9dCGQFPZlzqW8cXPDcZd/4+4NEw1OIbbaUJh/giTyI24qbxBFTaW1nvdxE9qlWbNOYlbOVp4BpXdwmawVwV72GKjSR2+ql8wM4cQIDAQAB
The 'p' value is the data that was seen from the public key - but removing any spaces and new lines.
Create a file dkim_senders to tell exim what source domains the DKIM should be used for:
echo "*@example.com: example.com" > /etc/exim4/dkim_senders
Edit /etc/exim4.conf.template and in section “router/200_exim4-config_primary” just before “dnslookup_relay_to_domains:” add these new lines:
#NetworkGeekStuff dkim addon rules:
dnslookup_dkim:
debug_print = "R: dnslookup_dkim for $local_part@$domain"
driver = dnslookup
domains = ! +local_domains
senders = lsearch*@;/etc/exim4/dkim_senders
transport = remote_smtp_dkim
same_domain_copy_routing = yes
# ignore private rfc1918 and APIPA addresses
ignore_target_hosts = 0.0.0.0 : 127.0.0.0/8 : 192.168.0.0/16 :\
172.16.0.0/12 : 10.0.0.0/8 : 169.254.0.0/16 :\
255.255.255.255
no_more
Again inside the /etc/exim4/exim4.conf.template inside section “transport/30_exim4-config_remote_smtp” just before “remote_smtp:” add these new lines:
remote_smtp_dkim:
debug_print = "T: remote_smtp_dkim for $local_part@$domain"
driver = smtp
dkim_domain = ${lookup{$sender_address}lsearch*@{/etc/exim4/dkim_senders}}
dkim_selector = key1
dkim_private_key = /etc/exim4/rsa.private
dkim_canon = relaxed
dkim_strict = false
#dkim_sign_headers = DKIM_SIGN_HEADERS
Restart exim
update-exim4.conf service exim4 restart
Now you should have everything very nicely prepared, to get a report about how successfully you were, send a test email to (any content) :
check-auth@verifier.port25.com
You will get back an email with a very nice and complete summary of the SPF/DKIM and some other checks. Here is an example with details how the system from this tutorial passed SFP and DKIM test. This is a very nice result so far.
==========================================================
Summary of Results
==========================================================
SPF check: pass
DomainKeys check: neutral
DKIM check: pass
Sender-ID check: pass
SpamAssassin check: ham
==========================================================
Details:
==========================================================
HELO hostname: exampleserver.example.com
Source IP: 123.123.123.123
mail-from: demouser@example.com
----------------------------------------------------------
SPF check details:
----------------------------------------------------------
Result: pass
ID(s) verified: smtp.mailfrom=demouser@example.com
DNS record(s):
example.com. SPF (no records)
example.com. 600 IN TXT "v=spf1 a include:exampleserver.example.com -all"
example.com. 600 IN TXT "spf2.0/pra a include:exampleserver.example.com -all"
example.com. 600 IN A 123.123.123.123
----------------------------------------------------------
DKIM check details:
----------------------------------------------------------
Result: pass (matches From: demouser@example.com)
ID(s) verified: header.d=example.com
Canonicalized Headers:
content-transfer-encoding:7bit'0D''0A'
content-type:text/plain;'20'charset=utf-8;'20'format=flowed'0D''0A'
in-reply-to:<549B2103.5080605@example.com>'0D''0A'
references:<549B2103.5080605@example.com>'0D''0A'
subject:test'20'email'20'for'20'DKIM'20'and'20'SPF'0D''0A'
to:check-auth@verifier.port25.com'0D''0A'
mime-version:1.0'0D''0A'
from:"Smith,'20'John"'20'<demouser@example.com>'0D''0A'
date:Wed,'20'24'20'Dec'20'2014'20'23:37:38'20'+0100'0D''0A'
message-id:<549B4032.4040201@example.com>'0D''0A'
dkim-signature:v=1;'20'a=rsa-sha256;'20'q=dns/txt;'20'c=relaxed/relaxed;'20'd=example.com;'20's=key1;'20'h=Content-Transfer-Encoding:Content-Type:In-Reply-To:References:Subject:To:MIME-Version:From:Date:Message-ID;'20'bh=Q22dyZju6AlMzw21jDtbRX5w6L8oTce4upEb75AdLqs=;'20'b=;
Canonicalized Body:
Test'20'email'20'body'0D''0A'
DNS record(s):
key1._domainkey.example.com. 600 IN TXT "v=DKIM1; k=rsa; p=MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDA+WiFmhUpuOav+3oB77E0j06pDAr5cw9NKkcf9tcDbn7nIpBqAIFP8PVTn4tzO3I6LL+o5A9dCGQFPZlzqW8cXPDcZd/4+4NEw1OIbbaUJh/giTyI24qbxBFTaW1nvdxE9qlWbNOYlbOVp4BpXdwmawVwV72GKjSR2+ql8wM4cQIDAQAB"
Public key used for verification: key1._domainkey.example.com (1024 bits)
NOTE: DKIM checking has been performed based on the latest DKIM specs
(RFC 4871 or draft-ietf-dkim-base-10) and verification may fail for
older versions. If you are using Port25's PowerMTA, you need to use
version 3.2r11 or later to get a compatible version of DKIM.
SpamAssassin is mainly used for incoming emails. Right now we are going to use SpamAssassin to add its header to all emails that our system sends to try to declare we are not spam.
So this is a super quick how-to to enable very basic spam-assassin checks on your emails.
See https://wiki.debian.org/Exim.
apt-get install spamassassin
Set “ENABLED=1” inside /etc/default/spamassassin
Start the spamassassin daemon:
/etc/init.d/spamassassin start
Uncomment this line in /etc/exim4/exim4.conf.template
spamd_address = 127.0.0.1 783
Edit /etc/exim4/exim4.conf.template and inside section “40_exim4-config_check_data change” edit the content inside the “acl_check_data:” function:
# put headers in all messages (no matter if spam or not)
warn spam = nobody:true
add_header = X-Spam-Score: $spam_score ($spam_bar)
add_header = X-Spam-Report: $spam_report
# add second subject line with *SPAM* marker when message
# is over threshold
warn spam = nobody
add_header = Subject: ***SPAM (score:$spam_score)*** $h_Subject:
Rebuild exim config and restart exim
update-exim4.conf service exim4 restart
Test by either sending again to check-auth@verifier.port25.com or catch the outcomming emails from your system and it should have this header inside:
X-Spam-Score: -1.0 (-) X-Spam-Report: Spam detection software, running on the system "exampleserver.example.com", has identified this incoming email as possible spam. The original message has been attached to this so you can view it (if it isn't spam) or label similar future email. If you have any questions, see @@CONTACT_ADDRESS@@ for details. Content preview: Test email body 3 [...] Content analysis details: (-1.0 points, 5.0 required) pts rule name description ---- ---------------------- -------------------------------------------------- -1.0 ALL_TRUSTED Passed through trusted hosts only via SMTP
The email system should be running.
The next step is to check how well SPF/DKIM and other functions are filtering out incoming spam!