Security/Domain: Difference between revisions

From Chorke Wiki
Jump to navigation Jump to search
← Older editNewer edit →
VisualWikitext
No edit summary
Line 1: Line 1:
==Tools » Install » SPF==
==Tools » Install » SPF==
{|
{|class='wikitable mw-collapsible' style='width:100%;margin:3px 0'
| valign="top" colspan="3" |
!scope='col' style='text-align:left' colspan='3'|
<syntaxhighlight lang="bash">
Tools » Install » SPF
|-
|valign='top' colspan='3'|
<syntaxhighlight style='margin:3px 0' lang='bash'>
cat <<'EXE'| sudo bash
cat <<'EXE'| sudo bash
echo && git clone https://github.com/jsarenik/spf-tools.git /opt/cli/spf-tools
echo && git clone https://github.com/jsarenik/spf-tools.git /opt/cli/spf-tools
Line 9: Line 12:
EXE
EXE
</syntaxhighlight>
</syntaxhighlight>
|-
| valign="top" colspan="3" |
----
|-
|-
| valign="top" colspan="3" |
|valign='top' colspan='3'|
<syntaxhighlight lang="bash">
<syntaxhighlight style='margin:3px 0' lang='bash'>
cat <<'CFG'| tee ${HOME}/.spf-toolsrc >/dev/null
cat <<'CFG'| tee ${HOME}/.spf-toolsrc >/dev/null
DOMAIN=shahed.biz
DOMAIN=shahed.biz
Line 24: Line 23:
CFG
CFG
</syntaxhighlight>
</syntaxhighlight>
|-
|-
| valign="top" colspan="3" |
|valign='top' style='width:34%'|
----
<syntaxhighlight style='margin:3px 0' lang='bash'>
|-
| valign="top" |
<syntaxhighlight lang="bash">
dig MX  chorke.com
dig MX  chorke.com
dig TXT chorke.com
dig TXT chorke.com
Line 36: Line 31:
</syntaxhighlight>
</syntaxhighlight>


| valign="top" |
|valign='top' style='width:33%'|
<syntaxhighlight lang="bash">
<syntaxhighlight style='margin:3px 0' lang='bash'>
dig MX  chorke.org
dig MX  chorke.org
dig TXT chorke.org
dig TXT chorke.org
Line 43: Line 38:
</syntaxhighlight>
</syntaxhighlight>


| valign="top" |
|valign='top' style='width:33%'|
<syntaxhighlight lang="bash">
<syntaxhighlight style='margin:3px 0' lang='bash'>
dig MX  shahed.biz
dig MX  shahed.biz
dig TXT shahed.biz
dig TXT shahed.biz
/opt/cli/spf-tools/despf.sh shahed.biz
/opt/cli/spf-tools/despf.sh shahed.biz
</syntaxhighlight>
</syntaxhighlight>
|-
|-
| valign="top" colspan="3" |
|valign='top'|
----
<syntaxhighlight style='margin:3px 0' lang='bash'>
|-
| valign="top" |
<syntaxhighlight lang="bash">
dig MX  finology-group.com
dig MX  finology-group.com
dig TXT finology-group.com
dig TXT finology-group.com
Line 61: Line 52:
</syntaxhighlight>
</syntaxhighlight>


| valign="top" |
|valign='top'|
<syntaxhighlight lang="bash">
<syntaxhighlight style='margin:3px 0' lang='bash'>
dig MX  finology.com.my
dig MX  finology.com.my
dig TXT finology.com.my
dig TXT finology.com.my
Line 68: Line 59:
</syntaxhighlight>
</syntaxhighlight>


| valign="top" |
|valign='top'|
<syntaxhighlight lang="bash">
<syntaxhighlight style='margin:3px 0' lang='bash'>
dig MX  coverplus.io
dig MX  coverplus.io
dig TXT coverplus.io
dig TXT coverplus.io
/opt/cli/spf-tools/despf.sh coverplus.io
/opt/cli/spf-tools/despf.sh coverplus.io
</syntaxhighlight>
</syntaxhighlight>
|-
|-
| valign="top" colspan="3" |
|valign='top' colspan='3'|
----
<syntaxhighlight style='margin:3px 0' lang='bash'>
|-
| valign="top" colspan="3" |
<syntaxhighlight lang="bash">
cd /opt/cli/spf-tools;./despf.sh chorke.org |./normalize.sh |./simplify.sh |./iprange.sh |./mkblocks.sh |./xsel.sh
cd /opt/cli/spf-tools;./despf.sh chorke.org |./normalize.sh |./simplify.sh |./iprange.sh |./mkblocks.sh |./xsel.sh
cd /opt/cli/spf-tools;./despf.sh chorke.org |./normalize.sh |./simplify.sh |./iprange.sh |./mkblocks.sh
cd /opt/cli/spf-tools;./despf.sh chorke.org |./normalize.sh |./simplify.sh |./iprange.sh |./mkblocks.sh
cd /opt/cli/spf-tools;./despf.sh chorke.org |./normalize.sh |./simplify.sh |./iprange.sh
cd /opt/cli/spf-tools;./despf.sh chorke.org |./normalize.sh |./simplify.sh |./iprange.sh
</syntaxhighlight>
</syntaxhighlight>
|-
|-
| valign="top" colspan="3" |
|valign='top'|
----
<syntaxhighlight style='margin:3px 0' lang='bash'>
|-
| valign="top" |
<syntaxhighlight lang="bash">
cd /opt/cli/spf-tools;\
cd /opt/cli/spf-tools;\
cat <<'SPF'| ./normalize.sh
cat <<'SPF'| ./normalize.sh
Line 100: Line 83:
</syntaxhighlight>
</syntaxhighlight>


| valign="top" |
|valign='top'|
<syntaxhighlight lang="bash">
<syntaxhighlight style='margin:3px 0' lang='bash'>
cd /opt/cli/spf-tools;\
cd /opt/cli/spf-tools;\
cat <<'SPF'| ./simplify.sh
cat <<'SPF'| ./simplify.sh
Line 110: Line 93:
</syntaxhighlight>
</syntaxhighlight>


| valign="top" |
|valign='top'|
<syntaxhighlight lang="bash">
<syntaxhighlight style='margin:3px 0' lang='bash'>
cd /opt/cli/spf-tools;\
cd /opt/cli/spf-tools;\
./despf.sh chorke.org
./despf.sh chorke.org
Line 122: Line 105:


==Tools » Install » DKIM==
==Tools » Install » DKIM==
{|
{|class='wikitable mw-collapsible' style='width:100%;margin:3px 0'
| valign="top" colspan="3" |
!scope='col' style='text-align:left' colspan='3'|
<syntaxhighlight lang="bash">
Tools » Install » DKIM
|-
|valign='top' colspan='3'|
<syntaxhighlight style='margin:3px 0' lang='bash'>
cat <<'EXE'| sudo bash
cat <<'EXE'| sudo bash
apt-get update;echo
apt-get update;echo
Line 131: Line 117:
EXE
EXE
</syntaxhighlight>
</syntaxhighlight>
|-
|-
| valign="top" colspan="3" |
|valign='top' style='width:34%'|
----
<syntaxhighlight style='margin:3px 0' lang='bash'>
|-
| valign="top" |
<syntaxhighlight lang="bash">
opendkim-testkey -d coverplus.io -vvv -s s1
opendkim-testkey -d coverplus.io -vvv -s s1
opendkim-testkey -d coverplus.io -vvv -s s2
opendkim-testkey -d coverplus.io -vvv -s s2
</syntaxhighlight>
</syntaxhighlight>


| valign="top" |
|valign='top' style='width:33%'|
<syntaxhighlight lang="bash">
<syntaxhighlight style='margin:3px 0' lang='bash'>
opendkim-testkey -d loanplus.io -vvv -s s1
opendkim-testkey -d loanplus.io -vvv -s s1
opendkim-testkey -d loanplus.io -vvv -s s2
opendkim-testkey -d loanplus.io -vvv -s s2
</syntaxhighlight>
</syntaxhighlight>


| valign="top" |
|valign='top' style='width:33%'|
<syntaxhighlight lang="bash">
<syntaxhighlight style='margin:3px 0' lang='bash'>
opendkim-testkey -d loanstreet.com.my -vvv -s s1
opendkim-testkey -d loanstreet.com.my -vvv -s s1
opendkim-testkey -d loanstreet.com.my -vvv -s s2
opendkim-testkey -d loanstreet.com.my -vvv -s s2
</syntaxhighlight>
</syntaxhighlight>
|-
|-
| valign="top" colspan="3" |
|valign='top'|
----
<syntaxhighlight style='margin:3px 0' lang='bash'>
|-
| valign="top" |
<syntaxhighlight lang="bash">
opendkim-testkey -d finology.com.my -vvv -s fn
opendkim-testkey -d finology.com.my -vvv -s fn
opendkim-testkey -d finology.com.my -vvv -s google
opendkim-testkey -d finology.com.my -vvv -s google
Line 165: Line 143:
</syntaxhighlight>
</syntaxhighlight>


| valign="top" |
|valign='top'|
<syntaxhighlight lang="bash">
<syntaxhighlight style='margin:3px 0' lang='bash'>
opendkim-testkey -d chorke.org -vvv -s google
opendkim-testkey -d chorke.org -vvv -s google
opendkim-testkey -d finology.group -vvv -s mail
opendkim-testkey -d finology.group -vvv -s mail
Line 172: Line 150:
</syntaxhighlight>
</syntaxhighlight>


| valign="top" |
|valign='top'|
<syntaxhighlight lang="bash">
<syntaxhighlight style='margin:3px 0' lang='bash'>
opendkim-genkey -b 2048 -d chorke.org -s s1
opendkim-genkey -b 2048 -d chorke.org -s s1
opendkim-genkey -b 2048 -d chorke.org -s s2
opendkim-genkey -b 2048 -d chorke.org -s s2
Line 181: Line 159:


==DNS » Record » TXT » SPF==
==DNS » Record » TXT » SPF==
{|
{|class='wikitable mw-collapsible' style='width:100%;margin:3px 0'
| valign="top" |
!scope='col' style='text-align:left' colspan='2'|
DNS » Record » TXT » SPF
|-
|valign='top'style='width:50%'|
  '''SPF TXT Record Format'''
  '''SPF TXT Record Format'''
  v=spf1 ['''mechanism'''] ['''qualifier'''] ['''modifiers'''] ...
  v=spf1 ['''mechanism'''] ['''qualifier'''] ['''modifiers'''] ...
----
{|class="wikitable"
{|class="wikitable"
|-
|-
Line 204: Line 184:
| <code>all</code>    || <code>-all</code>, <code>~all</code>, <code>?all</code>, <code>+all</code> || Apply default rule to any unmatched sender
| <code>all</code>    || <code>-all</code>, <code>~all</code>, <code>?all</code>, <code>+all</code> || Apply default rule to any unmatched sender
|}
|}
----
{|class="wikitable"
{|class="wikitable"
|-
|-
Line 220: Line 199:
| <code>?all</code>    || Neutral  || No policy guidance      || 🤷 Rare, for undefined policies
| <code>?all</code>    || Neutral  || No policy guidance      || 🤷 Rare, for undefined policies
|}
|}
----
{|class="wikitable"
{|class="wikitable"
|-
|-
Line 232: Line 210:
|}
|}


| valign="top" |
|valign='top'style='width:50%'|
# Run a Composite Check:  
# Run a Composite Check:  
#* [https://dmarcian.com/domain-checker/ DMARCian » Domain Checker]
#* [https://dmarcian.com/domain-checker/ DMARCian » Domain Checker]
Line 247: Line 225:


==DNS » Record » TXT » DKIM==
==DNS » Record » TXT » DKIM==
{|class='wikitable mw-collapsible' style='width:100%;margin:3px 0'
!scope='col' style='text-align:left'|
DNS » Record » TXT » DKIM
|-
|valign='top'|
  '''Gmail » Google Workspace'''
  '''Gmail » Google Workspace'''
  Admin Console » Apps » Google Workspace » Gmail » Authenticate email » Selected domain » '''chorke.org''' » Generate New Record » Start Authentication
  Admin Console » Apps » Google Workspace » Gmail » Authenticate email » Selected domain » '''chorke.org''' » Generate New Record » Start Authentication
----
|-
|valign='top'|
  '''Twilio SendGrid'''
  '''Twilio SendGrid'''
  Sender Authentication » Domain Authentication » '''<id>.chorke.org''' » DNS Records » Manual Install » Verify
  Sender Authentication » Domain Authentication » '''<id>.chorke.org''' » DNS Records » Manual Install » Verify
|}


==Playground==
==Playground==
{|
{|class='wikitable mw-collapsible' style='width:100%;margin:3px 0'
| valign="top" |
!scope='col' style='text-align:left' colspan='3'|
<syntaxhighlight lang="bash">
Playground
|-
|valign='top' style='width:34%'|
<syntaxhighlight style='margin:3px 0' lang='bash'>
dig MX  chorke.org
dig MX  chorke.org
dig TXT chorke.org
dig TXT chorke.org
Line 262: Line 250:
</syntaxhighlight>
</syntaxhighlight>


| valign="top" |
|valign='top' style='width:33%'|
<syntaxhighlight lang="bash">
<syntaxhighlight style='margin:3px 0' lang='bash'>
apt info  opendkim-tools
apt info  opendkim-tools
apt search opendkim-tools
apt search opendkim-tools
Line 269: Line 257:
</syntaxhighlight>
</syntaxhighlight>


| valign="top" |
|valign='top' style='width:33%'|
<syntaxhighlight lang="bash">
<syntaxhighlight style='margin:3px 0' lang='bash'>
sudo git clone https://github.com/jsarenik/spf-tools.git \
sudo git clone https://github.com/jsarenik/spf-tools.git \
   /opt/cli/spf-tools
   /opt/cli/spf-tools
cd /opt/cli/spf-tools/
cd /opt/cli/spf-tools/
</syntaxhighlight>
</syntaxhighlight>
|-
|-
| colspan="3" |
|valign='top'|
----
<syntaxhighlight style='margin:3px 0' lang='bash'>
|-
| valign="top" |
<syntaxhighlight lang="bash">
dig TXT s1.domainkey.u5967707.wl208.sendgrid.net
dig TXT s1.domainkey.u5967707.wl208.sendgrid.net
dig TXT s2.domainkey.u5967707.wl208.sendgrid.net
dig TXT s2.domainkey.u5967707.wl208.sendgrid.net
</syntaxhighlight>
</syntaxhighlight>


| valign="top" |
|valign='top'|
<syntaxhighlight lang="bash">
<syntaxhighlight style='margin:3px 0' lang='bash'>
</syntaxhighlight>
</syntaxhighlight>


| valign="top" |
|valign='top'|
<syntaxhighlight lang="bash">
<syntaxhighlight style='margin:3px 0' lang='bash'>
</syntaxhighlight>
</syntaxhighlight>
|}
|}


==References==
==References==
{|
{|class='wikitable mw-collapsible' style='width:100%;margin:3px 0'
|valign='top'|
!scope='col' style='text-align:left' colspan='3'|
References
|-
|valign='top' style='width:34%'|
* [https://www.twilio.com/docs/sendgrid/ui/account-and-settings/dkim-records Security » Domain » DKIM » Explained]
* [https://www.twilio.com/docs/sendgrid/ui/account-and-settings/dkim-records Security » Domain » DKIM » Explained]
* [https://www.mail-tester.com/ Security » Domain » MX » Mail Tester]
* [https://www.mail-tester.com/ Security » Domain » MX » Mail Tester]
Line 309: Line 296:
* [https://toolbox.googleapps.com/apps/checkmx/ Security » Domain » MX]
* [https://toolbox.googleapps.com/apps/checkmx/ Security » Domain » MX]


|valign='top'|
|valign='top' style='width:33%'|
* [https://mxtoolbox.com/SuperTool.aspx?action=dkim%3Amail._domainkey.mail.finology.com.my&run=toolpage Security » Domain » DKIM » <code>mail.finology.com.my:mail</code>]
* [https://mxtoolbox.com/SuperTool.aspx?action=dkim%3Amail._domainkey.mail.finology.com.my&run=toolpage Security » Domain » DKIM » <code>mail.finology.com.my:mail</code>]
* [https://mxtoolbox.com/SuperTool.aspx?action=dkim%3Agoogle._domainkey.finology-group.com&run=toolpage Security » Domain » DKIM » <code>finology-group.com:google</code>]
* [https://mxtoolbox.com/SuperTool.aspx?action=dkim%3Agoogle._domainkey.finology-group.com&run=toolpage Security » Domain » DKIM » <code>finology-group.com:google</code>]
Line 319: Line 306:
* [https://mxtoolbox.com/SuperTool.aspx?action=dkim%3As2._domainkey.coverplus.io&run=toolpage Security » Domain » DKIM » <code>coverplus.io:s2</code>]
* [https://mxtoolbox.com/SuperTool.aspx?action=dkim%3As2._domainkey.coverplus.io&run=toolpage Security » Domain » DKIM » <code>coverplus.io:s2</code>]


|valign='top'|
|valign='top' style='width:33%'|
* [https://mxtoolbox.com/SuperTool.aspx?action=spf%3Amail.finology.com.my&run=toolpage Security » Domain » SPF » <code>mail.finology.com.my</code>]
* [https://mxtoolbox.com/SuperTool.aspx?action=spf%3Amail.finology.com.my&run=toolpage Security » Domain » SPF » <code>mail.finology.com.my</code>]
* [https://mxtoolbox.com/SuperTool.aspx?action=spf%3Afinology-group.com&run=toolpage Security » Domain » SPF » <code>finology-group.com</code>]
* [https://mxtoolbox.com/SuperTool.aspx?action=spf%3Afinology-group.com&run=toolpage Security » Domain » SPF » <code>finology-group.com</code>]
Line 328: Line 315:
* [https://mxtoolbox.com/SuperTool.aspx?action=spf%3Achorke.org&run=toolpage Security » Domain » SPF » <code>chorke.org</code>]
* [https://mxtoolbox.com/SuperTool.aspx?action=spf%3Achorke.org&run=toolpage Security » Domain » SPF » <code>chorke.org</code>]
* [https://mxtoolbox.com/SuperTool.aspx?action=spf%3Ashahed.biz&run=toolpage Security » Domain » SPF » <code>shahed.biz</code>]
* [https://mxtoolbox.com/SuperTool.aspx?action=spf%3Ashahed.biz&run=toolpage Security » Domain » SPF » <code>shahed.biz</code>]
|-
|colspan='3'|
----
|-
|-
|valign='top'|
|valign='top'|
Line 351: Line 334:


|valign='top'|
|valign='top'|
|-
|colspan='3'|
----
|-
|-
|valign='top'|
|valign='top'|

Revision as of 06:59, 5 January 2026

Tools » Install » SPF

Tools » Install » SPF 

cat <<'EXE'| sudo bash
echo && git clone https://github.com/jsarenik/spf-tools.git /opt/cli/spf-tools
echo && cd /opt/cli/spf-tools/
./despf.sh -h
EXE

cat <<'CFG'| tee ${HOME}/.spf-toolsrc >/dev/null
DOMAIN=shahed.biz
ORIG_SPF=spf.shahed.biz
DESPF_SKIP_DOMAINS=_spf.google.com:_spf.sendgrid.net
DNS_TIMEOUT=5
DNS_SERVER=1.1.1.1
CFG

dig MX  chorke.com
dig TXT chorke.com
/opt/cli/spf-tools/despf.sh chorke.com

dig MX  chorke.org
dig TXT chorke.org
/opt/cli/spf-tools/despf.sh chorke.org

dig MX  shahed.biz
dig TXT shahed.biz
/opt/cli/spf-tools/despf.sh shahed.biz

dig MX  finology-group.com
dig TXT finology-group.com
/opt/cli/spf-tools/despf.sh finology-group.com

dig MX  finology.com.my
dig TXT finology.com.my
/opt/cli/spf-tools/despf.sh finology.com.my

dig MX  coverplus.io
dig TXT coverplus.io
/opt/cli/spf-tools/despf.sh coverplus.io

cd /opt/cli/spf-tools;./despf.sh chorke.org |./normalize.sh |./simplify.sh |./iprange.sh |./mkblocks.sh |./xsel.sh
cd /opt/cli/spf-tools;./despf.sh chorke.org |./normalize.sh |./simplify.sh |./iprange.sh |./mkblocks.sh
cd /opt/cli/spf-tools;./despf.sh chorke.org |./normalize.sh |./simplify.sh |./iprange.sh

cd /opt/cli/spf-tools;\
cat <<'SPF'| ./normalize.sh
ip4:10.19.83.10/24
ip4:10.19.93.100/24
ip4:10.20.03.110/24
SPF

cd /opt/cli/spf-tools;\
cat <<'SPF'| ./simplify.sh
ip4:10.19.83.1
ip4:10.19.83.100
ip4:10.19.83.0/24
SPF

cd /opt/cli/spf-tools;\
./despf.sh chorke.org


./despf.sh chorke.org| \
./iprange.sh

Tools » Install » DKIM

Tools » Install » DKIM 

cat <<'EXE'| sudo bash
apt-get update;echo
apt list -a --upgradable;echo
apt-get install -y opendkim-tools;echo;apt-get clean
EXE

opendkim-testkey -d coverplus.io -vvv -s s1
opendkim-testkey -d coverplus.io -vvv -s s2

opendkim-testkey -d loanplus.io -vvv -s s1
opendkim-testkey -d loanplus.io -vvv -s s2

opendkim-testkey -d loanstreet.com.my -vvv -s s1
opendkim-testkey -d loanstreet.com.my -vvv -s s2

opendkim-testkey -d finology.com.my -vvv -s fn
opendkim-testkey -d finology.com.my -vvv -s google
opendkim-testkey -d finology.com.my -vvv -s ritesh

opendkim-testkey -d chorke.org -vvv -s google
opendkim-testkey -d finology.group -vvv -s mail
opendkim-testkey -d finology-group.com -vvv -s google

opendkim-genkey -b 2048 -d chorke.org -s s1
opendkim-genkey -b 2048 -d chorke.org -s s2
opendkim-genkey -b 2048 -d chorke.org -s mail

DNS » Record » TXT » SPF

DNS » Record » TXT » SPF 

SPF TXT Record Format
v=spf1 [mechanism] [qualifier] [modifiers] ...
Mechanism Example Meaning
ip4 ip4:192.0.2.1 Allow a specific IPv4 address
ip6 ip6:2001:db8::1 Allow a specific IPv6 address
a a:example.com Allow IP from the A or AAAA record of domain
mx mx:example.com Allow mail servers listed in domain's MX records
include include:_spf.google.com Include SPF rules from another domain
all -all, ~all, ?all, +all Apply default rule to any unmatched sender
Qualifier Meaning Action Usage
+all Pass Accept mail from any IP ☠️ Not recommended
-all Hard fail Reject non-matching IPs ✅ Strict enforcement
~all Soft fail Accept but mark as spam 👍 Recommended during rollout
?all Neutral No policy guidance 🤷 Rare, for undefined policies
Modifier Description Example
redirect Redirect SPF check to another domain redirect=_spf.example.com
exp Explanation domain for failed SPF exp=explain.example.com
  1. Run a Composite Check:
  2. Use SPF Flattening
  3. Manually
    • Check for
      Proper -all ending
      Lookup count ≤ 10
      No multiple TXT records
      Only needed services included

DNS » Record » TXT » DKIM

DNS » Record » TXT » DKIM 

Gmail » Google Workspace
Admin Console » Apps » Google Workspace » Gmail » Authenticate email » Selected domain » chorke.org » Generate New Record » Start Authentication

Twilio SendGrid
Sender Authentication » Domain Authentication » <id>.chorke.org » DNS Records » Manual Install » Verify

Playground

Playground 

dig MX  chorke.org
dig TXT chorke.org
openssl s_client -connect mail.chorke.org:25

apt info   opendkim-tools
apt search opendkim-tools
sudo apt-get install -y opendkim-tools

sudo git clone https://github.com/jsarenik/spf-tools.git \
   /opt/cli/spf-tools
cd /opt/cli/spf-tools/

dig TXT s1.domainkey.u5967707.wl208.sendgrid.net
dig TXT s2.domainkey.u5967707.wl208.sendgrid.net

References

References

Retrieved from "https://wiki.chorke.org/index.php?title=Security/Domain&oldid=16052"