Used Zammad installation source: (source, package, …)
Operating system: Debian 9.12
Browser + version: 85.0
Hello,
We’ve been using Zammad for quite a few months now and have noticed that we are starting to receive messages from users of the same domain from which we send out spam or alerts that they are unsafe.
This is because we have not verified the SPF and DKIM records of Zammad for sending the messages.
Can you tell me what these records are since I can’t find them in your documentation?
You need to secure your email server. You can google those terms, lots of info
on how to properly administrator a email server. Without these basic configurations the
email servers I run would not even accept your emails they would bounce as spam
DKIM uses “public key cryptography” to verify that an email message was sent from an authorized mail server , in order to detect forgery and to prevent delivery of harmful email like spam.
A Sender Policy Framework ( SPF ) record is a DNS record that identifies specific mail servers that are allowed to send email on behalf of your domain
I would also add DMARC for your email server too
Domain-based Message Authentication, Reporting and Conformance (DMARC) is an increasingly important approach for helping ensure the integrity of email coming from a given domain .
and make sure your reverse IP searches matches your domain.
Google it for info on how to set these up on your email server.
I currently have the SPF and DKIM records for my domain correctly configured as they are in G Suite the mail server and working correctly.
Within the SPF register I have added the IP of the server where I have installed Zammad and it passes the validation correctly.
The only value that I am missing is the DKIM, which I am not sure if it is from the server where Zammad is installed or from Zammad itself, which has a common one for all.
There I have my doubt, I don’t know if you could indicate me a little more.
This is part of properly hardening and securing your email server and proving
authority to other email servers.
The keys are installed on/within the email server itself. So what ever email server you
are using is where it is installed and also referenced within your DNS.