Selfhosted
A place to share alternatives to popular online services that can be self-hosted without giving up privacy or locking you into a service you don't control.
Rules:
-
Be civil: we're here to support and learn from one another. Insults won't be tolerated. Flame wars are frowned upon.
-
No spam posting.
-
Posts have to be centered around self-hosting. There are other communities for discussing hardware or home computing. If it's not obvious why your post topic revolves around selfhosting, please include details to make it clear.
-
Don't duplicate the full text of your blog or github here. Just post the link for folks to click.
-
Submission headline should match the article title (don’t cherry-pick information from the title to fit your agenda).
-
No trolling.
Resources:
- selfh.st Newsletter and index of selfhosted software and apps
- awesome-selfhosted software
- awesome-sysadmin resources
- Self-Hosted Podcast from Jupiter Broadcasting
Any issues on the community? Report it using the report flag.
Questions? DM the mods!
view the rest of the comments
You should definitely set up a DMARC record to prevent other people from using your email domain to send spam. If you don't have DMARC configured, other email servers will give any senders the benefit of the doubt and accept mail that claims to be from your domain.
You can just set the DMARC record to reject 100% of unverified mail and call it a day. Since you aren't sending anything it won't affect you.
I would also set up SPF to disallow all IPs to send mail for that domain in case some system supports SPF but not DMARC.
Thanks to both of you.
I had the hope that DMARC, SPF and DKIM was stuff I could just ignore if not sending email. It seems I was wrong about that.
Those three are really not all that complicated, basically (apart from DKIM which you can ignore when not sending) they are just a couple of TXT DNS records you need to set once for your domain. Even if you were using DKIM it is just a keypair you generate and then put the public key into a DNS TXT record and configure your mail server to use the private key.
Just to flesh that out a bit... All you need is to add a TXT record to your DNS records:
Name:
_dmarc.yourdomain.comValue:
v=DMARC1; p=reject; pct=100You misspelled "black-hole your domain forever".
Some strict mail servers even blacklist you if the DMARC record is missing.
Some servers blacklist you even if you have DMARC, SPF, DKIM, DNS setup perfectly, but your IP is in a block of addresses that may or may not have been hosted by the same ISP of some unrelated server that was possibly compromised 10 years before you even set up the mail server. Ask me how I know.
Some servers blacklist you no matter what you do because you’re not a big player in the e-mail space… Outlook. Fuck Outlook. M365 doesn’t do that though.
Also the idea that reverse IPs are needed (in practice) when SPF, DKIM and DMARC are in use is insane. I have literally told you my public key and signed the e-mail. It’s me. You don’t need to check the damn PTR!