CentOS Linux Server Guide

CentOS Mail Server

Mail Security Checklist

 

Setup of Email Server in CentOS Linux is simple, but your job do not end here. I have bad experience where my mail gateway has been misconfigured and has caused open relay for spammer attack. Thus, always pay extra careful when you deal with internet services related such as web and email.

 

Check1: MX record

Mail exchanger (MX) is critical email related information in DNS. MX record tell the internet email servers how to handle the your email routing. If you host your own DNS server, please remember to add a mx record. You can perform simple mx record test. Please change your dns server to external dns server.
C:\Users\OptNote>nslookup
Default Server: dns.1a-centosserver.com
Address: 192.168.1.1

> server 208.67.222.222
Default Server: resolver1.opendns.com
Address: 208.67.222.222

> set type=mx
> 1a-centosserver.com
Server: resolver1.opendns.com
Address: 208.67.222.222

Non-authoritative answer:
1a-centosserver.com MX preference = 10, mail exchanger = mbox.freehostia.com

 

 

Check 2: IP address check

Your IP/IP range might be  blacked listed for numerous reasons. Some of the examples are:

-If using dedicated virtual server/server co-location, your datacenter provider's ip range has been blacklisted

-If your ISP assigned new IP for your newly setup mail server, these IP might be have blacklisted history.

 

My favorite mail security tools are as below

http://www.mxtoolbox.com/SuperTool.aspx

 

 

Check3: Open Relay Check

Open relay is a very serious email server configuration flaw! Open relay means you are trusting all people over the world to sent/relay email from your server using your ip address. Imaging, thousands or millions of spam email send from your email servers in an hour!

 

My favorite open relay check tools are as below

http://www.abuse.net/relay.html

 

Check4: Reverse DNS

Sometimes anti-spam application might check if your have a valid reverse DNS IP. If your mail sending from a non  reverse DNS IP mail server, your 'mail reputation' will be lower than those who has a valid reserve IP.  You might not see the impact instantly, however, it might has cause and effect in long run such as sending valid bulk emails might get your IP blacklisted or  droped.

 

Check5:SPF DNS Record (optional)

Some anti-spam application /gateway applied  Sender Policy Framework(SPF)  checking. This is an additonal layer of spam filtering, where it check if the mail is genuine from a domain. It is advised to include SPF record in your DNS. (please reminded that not all all mail gateway support/apply SPF checking yet.

 

Back to CentOS Mail Server


Copyright 2011 http://www.1a-centosserver.com All Rights Reserved

All trademarks are the property of their respective owners.

Contact Us | Terms of Use | Privacy Policy