Eget domännamn ============== Alla kan koppla sitt eget domännamn till fripost.org. Man får då ett obegränsat antal alias som kan kopplas till inkorgen. Det betyder att om jag exempelvis äger domännamnet `skangas.se` så kan jag koppla det till mitt fripost-konto. På skangas.se kan jag sedan ha flera olika adresser som går till samma ställe: skangas@skangas.se -> stefan@fripost.org kontakt@skangas.se -> stefan@fripost.org info@skangas.se -> stefan@fripost.org Man kan då nå mig på flera olika adresser som sedan samlas upp i min inkorg för `stefan@fripost.org`. Proceduren för att fixa detta involverar just nu en del manuellt arbete men vi jobbar på att göra det enklare. Hur gör man? ============ 1. Skicka ett e-brev till [admin@fripost.org](mailto:admin@fripost.org) från ditt fripost-konto med det önskade domännamnet. Inkludera alla eventuella alias i ett rimligt format, t.ex. en lång lista med en e-postadress per rad, eller ännu hellre alla på en lång rad separerade med komma och mellanrum. Detta gör att det blir möjligt att skicka e-brev från Fripost med de önskade adresserna som avsändare. 2. Invänta en bekräftelse på att ditt domännamn har lagts till på Friposts system. 3. När bekräftelsen har inkommit ska [MX-posterna](https://en.wikipedia.org/wiki/MX_record) (MX records) i DNS-tabellen för domännamnet uppdateras så att de refererar till Friposts e-postservrar. I de flesta fall kan det göras hos det ombud där domännamnet köptes. Det gör att e-post som skickas till den önskade adressen hamnar hos Fripost. Friposts e-postservrar har de här adresserna: mx1.fripost.org mx2.fripost.org Ett förslag på prioritet för de olika servrarna är `5`, `10` och `15`. Det resulterar i att de fullständiga MX-posterna ser ut så här som standard (observera punkterna efter serveradresserna): Subdomän Typ TTL Data @ MX 7200 5 mx1.fripost.org. @ MX 7200 10 mx2.fripost.org. Ombudet där domänen köptes har troligen detaljerade instruktioner för hur just deras tjänst ska konfigureras på sin hemsida. Det kan dröja upp till 48 timmar efter att man har ändrat sina MX-poster innan de propagerats över hela Internet. 4. Till sist måste man i webbmejlen eller sitt e-postprogram ställa in att den nya adressen ska användas. I webbmejlen gör du det genom att logga in, gå till `Inställningar -> Identiteter`, klicka på `+`-tecknet nere till vänster, fylla i namn och ny adress samt klicka på Spara. Du kan sedan välja den nya adressen som avsändare när du skriver ny e-post. I e-post-programmet Icedove/Thunderbird gör du det under `Inställningar -> Kontoinställningar`. Under rubriken `Standardidentitet`, ändra fältet `E-postadress` till den nya adressen. Därefter kommer framtida e-post att skickas med den nya adressen som avsändare. Klart! Vanliga frågor ============== Får jag ha fler än ett domännamn? --------------------------------- Ja, om du vill koppla på fler än ett domännamn skicka ett e-brev till [admin@fripost.org](mailto:admin@fripost.org) så ska vi se vad vi kan göra. Men tänk på att administratörerna gör detta på sin fritid :-) Några medlemmar har valt att donera extra pengar till Fripost som tack för att administratörerna varit så vänliga och lagt till deras extra domännamn. Om man är flera som är medlemmar, kan man få olika adresser från samma domän till olika konton hos er? ------------------------------------------------------------------------------------------------------ Ja, det finns ingenting som hindrar det. Dock kan vi ha max en person som står som ägare per domännamn. Alla ändringar av eventuella alias måste göras av dess ägare. Tekniska frågor (på engelska) ============================= What about the reserved `postmaster@` and `abuse@` addresses? ------------------------------------------------------------- According to [RFC 822 Section 6.3](https://tools.ietf.org/html/rfc822#section-6.3) and [RFC 2142 Section 4](https://tools.ietf.org/html/rfc2142#section-4), the addresses `postmaster@yourdomain.se` and `abuse@yourdomain.se` are both reserved and required, and *must* be routed to the person(s) responsible for your domain's mail system, i.e., [admin@fripost.org](mailto:admin@fripost.org). For convenience they are also automatically forwarded to the domain owner(s), but *beware that we will also receive and read them*! On a related note, we encourage domain owners to create aliases for common roles and services such as `root@`, `hostmaster@`, `webmaster@`, etc. See [RFC 2142](https://tools.ietf.org/html/rfc2142) for details. For [technical reasons](http://www.postfix.org/postconf.5.html#double_bounce_sender), messages to `double-bounce@` are silently discarded. Furthermore a virtual domain `discard.fripost.org` is available on the MX:es, for which all messages are silently discarded. Hence you can define your own `noreply@` alias by routing it to `noreply@discard.fripost.org`. I want my domain `example.net` to mirror my other domain `example.org`, but only add addresses under the later. --------------------------------------------------------------------------------------------------------------- What you want is to make `example.net` a *domain alias* and point it to `example.org`. You won't be able to configure `example.org` directly (you won't be able to create `my-alias@example.net` for instance); instead any message to say, `whatever@example.net` will be routed to `whatever@example.org` (if it exists; the message will bounce otherwise). Just drop us a line at [admin@fripost.org](mailto:admin@fripost.org) if you want a domain alias, and tell us its destination (just like with regular aliases, the destination doesn't have to be hosted at Fripost). I want to receive messages sent to `anything@example.org`, but I can't create an infinite number of aliases! ------------------------------------------------------------------------------------------------------------ No problem, we can add a catch-all address on your domain; catch alls have the lowest priority, so you can still have regular aliases and point them to another address (`anything@example.org` will be delivered to the catch-all address *only* if `anything@example.org` is not an explicity existing address). Beware that you may receive a lot of Junk on your catch-all address, though! (Spammer like to shoot randomly, as it's a way to discover what are the valid recipients under a given domain.) Also, don't forget that the reserved addresses `postmaster@` and `abuse@` have a special treatment and will always bypass your catchall address (see above). Why are my outgoing emails signed with Fripost's DKIM key? ---------------------------------------------------------- When you're using our Mail Submission Agent (`smtp.fripost.org`, see our [wiki page](https://wiki.fripost.org/konfigurera/) on the subject) or our [webmail](https://mail.fripost.org) to send an email, you might have noticed a "DKIM-Signature" field in the mail header on the receiver side: DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=fripost.org; ...; s=20140703; ... This field was added just before your mail left Fripost's infrastructure. The selector and signing domain, respectively given by "s=" and "d=", provide a way for the receiver to fetch the public part of the key used to sign the message from the signing domain's DNS zone: $ dig +short 20140703._domainkey.fripost.org TXT "v=DKIM1\; k=rsa\; t=s\; s=email\; p=MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDUIUVYm2WCwrXYd+cEIpKPSaxm5MxqFP3Ie7nAo+ZCLgt+oEPTuGA2dwqXAo04BeJERDKV5AGNusdn0EObjFApQZGtD7ROPrdtSMsQsOC2jDrk/FVIBWjk8NeXXA8eFHBLgB4WhByerrHYvCKO4wR5N6bT+y/QDWl868WM7ejEHwIDAQAB" See RFCs [6376](https://tools.ietf.org/html/rfc6376) and [7001](https://tools.ietf.org/html/rfc7001) for references. The [Wikipedia page](https://en.wikipedia.org/wiki/Dkim) might be another good read. Your email is being signed with fripost.org's key whenever you use our machines to send it, regardless of the identity you used ("From:" header or enveloppe sender address), because Fripost is stamping your message the last time it sees it, just before throwing it in the wild, and can guaranty its integrity on your behalf. If you use your own domain for outgoing mail, note however that the receiver's mail client might emphasize that your messages are signed by Fripost's key and not your own (GMail [surely does](https://support.google.com/mail/answer/1311182), for instance). This doesn't really disclose anything as our domain can be found in the mail header anyway, but if you prefer to have your own key drop us a line, we will find something out. Should I publish a SPF (Sender Policy Framework) record for my domain? ---------------------------------------------------------------------- The [Wikipedia page](https://en.wikipedia.org/wiki/Sender_policy_framework) has a nice introduction to SPF; other references include the "official" [SPF page](http://www.openspf.org) and RFCs [4408](https://tools.ietf.org/html/rfc4408) and [6652](https://tools.ietf.org/html/rfc6652). `fripost.org` currently uses the following policy: $ dig +short fripost.org TXT "v=spf1 redirect=outgoing.fripost.org" $ dig +short outgoing.fripost.org TXT "v=spf1 a ?all" This essentially says that `outgoing.fripost.org` is authorized to send mails from `@fripost.org` addresses (more precisely, that the authorized sending hosts' IPs can be found in the A and AAAA records for `outgoing.fripost.org`). This host is used whenever you use our Mail Submission agent or webmail for instance; if a message from a `@fripost.org` address is being sent from another host, the `?all` (aka [NEUTRAL](http://www.openspf.org/SPF_Record_Syntax)) says that we don't know whether the host is authorized or not, and that the receiver should proceeed as if there wasn't any SPF policy. With that information at hand, the recipient may decide to classify the message as SPAM or HAM for instance. If you have your own domain and use Fripost's infrastructure to send mails, you can point your domain to our policy, too. Here are a few possible senarios: example.org IN TXT "v=spf1 redirect=outgoing.fripost.org" Here `example.org` is merely copying Fripost's policy. example.org IN TXT "v=spf1 include:outgoing.fripost.org -all" Here the policy says that mails `@example.org` should PASS if they're being accepted by Fripost's policy, that is if the sender host is `outgoing.fripost.org` and FAIL otherwise (where Fripost's policy would return NEUTRAL). Note however that DNS is spoofable, and as unfortunately Fripost doesn't use DNSSEC at the moment, an attacker could for instance poison the DNS cache and fake the reply for `outgoing.fripost.org`'s TXT record. example.org IN TXT "v=spf1 a include:outgoing.fripost.org -all" Here the policy is similar to the one before, but in addition the A and AAAA records for `example.org` are also allowed to send mails for that domain. (For instance you have your own mail server, and use that of Fripost as a backup; or vice-versa.) Whichever SPF policy you choose, be sure to test it! Please read OpenSPF's [FAQ](http://www.openspf.org/FAQ), [Common Mistakes](http://www.openspf.org/FAQ/Common_mistakes) and [Best Practices](http://www.openspf.org/Best_Practices) pages. There are e-mail based SPF testers; unfortunately the "official" one [spf-test@openspf.net](mailto:spf-test@openspf.net) doesn't work anymore, but you can use [Port25.com](https://www.port25.com/support/authentication-center/email-verification/)'s for instance.