Security/Domain: Difference between revisions

From Chorke Wiki
Jump to navigation Jump to search
← Older editNewer edit →
VisualWikitext
Line 23: Line 23:
DNS_SERVER=1.1.1.1
DNS_SERVER=1.1.1.1
CFG
CFG
</syntaxhighlight>
|-
| valign="top" colspan="3" |
----
|-
| valign="top" |
<syntaxhighlight lang="bash">
dig TXT chorke.com
/opt/cli/spf-tools/despf.sh chorke.com
</syntaxhighlight>
| valign="top" |
<syntaxhighlight lang="bash">
dig TXT chorke.org
/opt/cli/spf-tools/despf.sh chorke.org
</syntaxhighlight>
| valign="top" |
<syntaxhighlight lang="bash">
dig TXT shahed.biz
/opt/cli/spf-tools/despf.sh shahed.biz
</syntaxhighlight>
</syntaxhighlight>


Revision as of 12:39, 2 June 2025

Tools » Install » SPF

cat <<'EXE'| sudo bash
echo && git clone https://github.com/jsarenik/spf-tools.git /opt/cli/spf-tools
echo && cd /opt/cli/spf-tools/
./despf.sh -h
EXE

cat <<'CFG'| tee ${HOME}/.spf-toolsrc >/dev/null
DOMAIN=shahed.biz
ORIG_SPF=spf.shahed.biz
DESPF_SKIP_DOMAINS=_spf.google.com:_spf.sendgrid.net
DNS_TIMEOUT=5
DNS_SERVER=1.1.1.1
CFG

dig TXT chorke.com
/opt/cli/spf-tools/despf.sh chorke.com

dig TXT chorke.org
/opt/cli/spf-tools/despf.sh chorke.org

dig TXT shahed.biz
/opt/cli/spf-tools/despf.sh shahed.biz

dig TXT finology-group.com
/opt/cli/spf-tools/despf.sh finology-group.com

dig TXT finology.com.my
/opt/cli/spf-tools/despf.sh finology.com.my

dig TXT coverplus.io
/opt/cli/spf-tools/despf.sh coverplus.io

Tools » Install » DKIM

cat <<'EXE'| sudo bash
apt-get update;echo
apt list -a --upgradable;echo
apt-get install -y opendkim-tools;echo;apt-get clean
EXE

DNS » Record » TXT » SPF

SPF TXT Record Format
v=spf1 [mechanism] [qualifier] [modifiers] ...
Mechanism Example Meaning
ip4 ip4:192.0.2.1 Allow a specific IPv4 address
ip6 ip6:2001:db8::1 Allow a specific IPv6 address
a a:example.com Allow IP from the A or AAAA record of domain
mx mx:example.com Allow mail servers listed in domain's MX records
include include:_spf.google.com Include SPF rules from another domain
all -all, ~all, ?all, +all Apply default rule to any unmatched sender
Qualifier Meaning Action Usage
+all Pass Accept mail from any IP ☠️ Not recommended
-all Hard fail Reject non-matching IPs ✅ Strict enforcement
~all Soft fail Accept but mark as spam 👍 Recommended during rollout
?all Neutral No policy guidance 🤷 Rare, for undefined policies
Modifier Description Example
redirect Redirect SPF check to another domain redirect=_spf.example.com
exp Explanation domain for failed SPF exp=explain.example.com
  1. Run a Composite Check:
  2. Use SPF Flattening
  3. Manually
    • Check for
      Proper -all ending
      Lookup count ≤ 10
      No multiple TXT records
      Only needed services included

DNS » Record » TXT » DKIM

Gmail » Google Workspace
Admin Console » Apps » Google Workspace » Gmail » Authenticate email » Selected domain » chorke.org » Generate New Record » Start Authentication

Twilio SendGrid
Sender Authentication » Domain Authentication » <id>.chorke.org » DNS Records » Manual Install » Verify

Playground

dig MX  chorke.org
dig TXT chorke.org
openssl s_client -connect mail.chorke.org:25

apt info   opendkim-tools
apt search opendkim-tools
sudo apt-get install -y opendkim-tools

sudo git clone https://github.com/jsarenik/spf-tools.git \
   /opt/cli/spf-tools
cd /opt/cli/spf-tools/

dig TXT s1.domainkey.u5967707.wl208.sendgrid.net
dig TXT s2.domainkey.u5967707.wl208.sendgrid.net

References

Retrieved from "https://wiki.chorke.org/index.php?title=Security/Domain&oldid=14693"