Hello I mean that the sending server should have those dns records before iRedmail can accept the sending server's emails.
It's not just a click in a box....
First of all you must be aware of the methods and measures referred to, what they are used for and the intention
of each item.
Greylisting in the real spam stopper. In our environment, I would say that 85% of the incoming mail items are
blocked due to the sending server never retries. (using the same triplet)
And then fight spam with messages inspection and RBL after greylisting check is done.
Checking/ validating PTR, MX and SPF records of a sender: The owner of the domain defines what
measures to take for a failing SPF record check. (i.e. an e-mail arrives, but the sending host
is not validated via the SPF record) Fail, Warn, Pass
The SPF record can refer to the MX and A records for the domain.
In iRedMail, you can for example do a whitelisting for GreyListing based on the outcome of SPF check
For DKIM, its the same story. The owner of the domain defines what to do if the dkim check fails,
using the DMARC entry.
https://securityintelligence.com/unders … echanisms/
"Not a Spam Filter
This might come as a shock, but neither SPF nor DKIM are spam filters.
They merely help you (and, in fact, the servers that route email) decide if a certain
message is likely to be an unwanted email message or not. Both mechanisms contribute in
the process of verifying that the source of an email is not falsified. As such, SPF and
DKIM can help in protecting against phishing, but it would be foolish to utilize them as your only line of defense"
https://luxsci.com/blog/7-common-miscon … -spam.html
But if You really want to do this...(I havn't yet)
https://www.skelleton.net/2015/03/21/ho … ith-dmarc/
It really describes the Big picture + details.
Note that DKIM signing is already in place in the iReadMail package, but havn't found any
settings for validating according with DMARC. (maybe I'm wrong here, though)
It involves using postfix-policyd-spf-python for the SPF check
and opendmarc for the DKIM check. (Dmarc is the DNS entry that defines how to treat a failing
DKIM from a sending mail domain)
It's a bit tricky to configure the postfix main.cf when it comes to the order of items
in "smtpd_recipient_restrictions". TEST TEST TEST, It may become an open relay if you fail.
Verify using an external mailing test host, like https://mxtoolbox.com/diagnostic.aspx
Or you maybe block all incoming mail, which might be the best spam filer ;-)