Security/Domain: Difference between revisions

Revision as of 08:00, 30 May 2025

Tools » Install » SPF

cat <<'EXE'| sudo bash
echo && git clone https://github.com/jsarenik/spf-tools.git /opt/cli/spf-tools
echo && cd /opt/cli/spf-tools/
./despf.sh -h
EXE

cat <<'CFG'| tee ${HOME}/.spf-toolsrc >/dev/null
DOMAIN=shahed.biz
ORIG_SPF=spf.shahed.biz
DESPF_SKIP_DOMAINS=_spf.google.com:_spf.sendgrid.net
DNS_TIMEOUT=5
DNS_SERVER=1.1.1.1
CFG

Tools » Install » DKIM

cat <<'EXE'| sudo bash
apt-get update;echo
apt list -a --upgradable;echo
apt-get install -y opendkim-tools;echo;apt-get clean
EXE

DNS » Record » TXT » SPF

SPF TXT Record Format
v=spf1 [mechanism] [qualifier] [modifiers] ...

Qualifier	Meaning	Action	Usage
`+all`	Pass	Accept mail from any IP	☠️ Not recommended
`-all`	Hard fail	Reject non-matching IPs	✅ Strict enforcement
`~all`	Soft fail	Accept but mark as spam	👍 Recommended during rollout
`?all`	Neutral	No policy guidance	🤷 Rare, for undefined policies

Run a Composite Check:
- DMARCian » Domain Checker
- EasyDMARC » Email Security Check
Use SPF Flattening
- EasyDMARC » SPF Flattening
Manually
- Check for
  
  Proper -all ending
  
  Lookup count ≤ 10
  
  No multiple TXT records
  
  Only needed services included

DNS » Record » TXT » DKIM

Playground

dig MX  chorke.org
dig TXT chorke.org
openssl s_client -connect mail.chorke.org:25

apt info   opendkim-tools
apt search opendkim-tools
sudo apt-get install -y opendkim-tools

sudo git clone https://github.com/jsarenik/spf-tools.git \
   /opt/cli/spf-tools
cd /opt/cli/spf-tools/

References

Security » Domain » MX » Mail Tester Security » Domain » SPF » Flattening Security » Domain » DMARC » Email Security » Domain » DKIM » Core Security » Domain » SPF » Tools Security » Domain » DMARC Security » Domain » DKIM Security » Domain » SPF Security » Domain » MX

Security » HTTP » Basic Authentication Security » OpenLDAP » BackSQL Security » Java » Key Store Security » Java » Mail API Security » Certificate Security » Password Security » ZA Proxy Security » Spring Security » HTTP Security » Java	Security » Certificate » TLS » Configuration Generator Security » SSH » Public Key Authentication Security » Certificate » TLS

Kubernetes Multipass Minikube Podman Vagrant Docker Qemu Helm K9s K8s	LXC » Alpine » Apache » PHP LXC » Alpine » Nginx » PHP LXC » Logrotate » Redhat Terraform Proxmox Kubectl Ansible CIDR UFW LXC	Docker/Compose/SFTP Git

@@ Line 30: / Line 30: @@
   '''SPF TXT Record Format'''
   v=spf1 ['''mechanism'''] ['''qualifier'''] ['''modifiers'''] ...
+{|class="wikitable"
+|-
+!scope="col" style='width:100px'| Qualifier
+!scope="col" style='width:100px'| Meaning
+!scope="col" style='width:200px'| Action
+!scope="col" style='width:280px'| Usage
+|-
+| <code>+all</code>    || Pass      || Accept mail from any IP || ☠️ Not recommended
+|-
+| <code>-all</code>    || Hard fail || Reject non-matching IPs || ✅ Strict enforcement
+|-
+| <code>~all</code>    || Soft fail || Accept but mark as spam || 👍 Recommended during rollout
+|-
+| <code>?all</code>    || Neutral   || No policy guidance      || 🤷 Rare, for undefined policies
+|}
 # Run a Composite Check:

Security/Domain: Difference between revisions

Revision as of 08:00, 30 May 2025

Contents

Tools » Install » SPF

Tools » Install » DKIM

DNS » Record » TXT » SPF

DNS » Record » TXT » DKIM

Playground

References

Navigation menu

Security/Domain: Difference between revisions

Revision as of 08:00, 30 May 2025

Tools » Install » SPF

Tools » Install » DKIM

DNS » Record » TXT » SPF

DNS » Record » TXT » DKIM

Playground

References

Navigation menu

Search