Postfix and SPF configuration improvement suggestions

Dear Yunohost community,

I would like to discuss some configurations a friend suggested to improve the rating of the emails I send from my little server. I tried them, and it seems to improve the way the email I sent were treated my Hotmail and Gmail.

Add the IPv6 in the SPF entry

The admin panel of Yunohost provides a suggestion for the configuration of the DNS record. (It can also configure it itself, but I never tried that feature). In the suggestions, we find entries related to the email (SPF, DKIM and DMARC). The suggested SPF entry looks like this:

“v=spf1 a mx -all”

I tried to add the ip address of the server in the entry (especially the ipv6):

“v=spf1 a mx ip4:XXX.XXX.XXX.XXX ip6:YYYY:YYYY:YYYY:YYYY:YYYY:YYYY -all”

:arrow_right: Do you think it is a good idea to update the suggested entry in Yunohost admin panel?

Activate IPv6 in Postfix

By default, Postfix uses IPv4 to send the email. Some major email provider have drastic rules for emails received via IPv4, but are more permissive for email received via IPv6. So it is intresting to configure Postfix so it sends emails via IPv6 when possible. To do so, I edited the file /etc/postfix/main.cf and add two lines after inet_interfaces = all (the position is not important, but I put it where it seems coherent):

inet_protocols = all
smtp_address_preference = ipv6

:arrow_right: Do you think it is a good idea to update this configuration file?

For information, since I did this change, Yunohost’s diagnosis system warns me that the file was manually modified.

I am eager to read your opinon on this subject, since I am not an expert in postfix and email sending…

Regards :slight_smile:

4 Likes

I see two problems with emails sent through IPv4:

  1. Your IP address may have been used by a spammer in the past before it is attributed to you. When that happens, your address has a bad reputation and appears in a lot of block lists, before you even start to use it… This usually doesn’t happen with IPv6 (because there are so many of them)
  2. People self-hosting there SMTP server are really sparse. So when an address reserved to an ISP starts sending emails, it is usually a machine infected by a malware and transformed into a zombie machine. This is why a lot of platform block email coming from IPv4 address reserved to an ISP.

And this is why I think sending emails though IPv6 is a better option.

1 Like

Hi!

No comments about my proposition. After 3 weeks of testings, I am pretty happy. People using hotmail adresses finally receive my messages. Before they were not delivered (not even in the spam).

Should I open an issue here?

Yes that’s a better way of making sure it doesn’t fall into oblivion

Done: Configuration of IPv6 for email sending · Issue #2465 · YunoHost/issues · GitHub