Set up DMARC (verification) for Postfix on Debian server This tutorial will be showing you how to set up OpenDMARC with Postfix SMTP server on Debian/Ubuntu server to block email spoofing and spam. Security Networking
DMARC - Domain-based Message Authentication, Reporting and Conformance What is DMARC DMARC (Domain-based Message Authentication, Reporting, and Conformance) is an email authentication method that verifies a message came from a legitimate sender. DMARC is an open standard for email authentication that helps to prevent fraudsters from forging (spoofing) your domain. DMARC checks that the From field matches the domain in DKIM and SPF authentication checks. DMARC also tells email servers how to handle messages that fail these checks and allows recipients to receive reports on emails that fail authentication. Networking Security
Explanation DKIM (DomainKeys Identified Mail) in all details DKIM (DomainKeys Identified Mail) is a system that lets your official mail servers add a signature to headers of outgoing email and identifies your domain’s public key so other mail servers can verify the signature. As with SPF (Sender Policy Framework helps keep your mail from being considered spam. It also lets mail servers detect when your mail has been tampered with in transit. Networking Security
SPF - Sender Policy Framework Email Message Structure To understand how SPF (Sender Policy Framework) and DKIM works is to know the difference between email envelope and email header . Short Definition: Sender Addresses in E-Mails Like paper mail letters, e-mail messages have at least two kinds of sender addresses: one on the envelope and one in the letterhead. The envelope sender address (sometimes also called the return-path) is used during the transport of the message from mail server to mail server, e. Networking Security
What is email envelope and email header The key for understand smtp protocol is learn, what is difference between email envelope and email header. Another words, what is email envelope vs email header. Networking Security
Certbot and Let’s Encrypt CA What is Certbot, cerbots commands and user guide, what is Let's Encrypt Rate Limits. How works cerbot authenticators and installers, certbot commands exmaples Linux Security Web Servers
OCSP Stapling on Nginx and Apache webserver To understand OCSP stapling, it is necessary to understand OCSP, the Online Certificate Status Protocol. OCSP is a protocol for determining whether a certificate is revoked (for instance, becau se its private key was compromised). Every time a browser connects to an HTTPS website, it contacts the OCSP responder specified in the SSL certificate, and asks if the certificate is revoked. If the respond er replies that the certificate is revoked, the browser blocks the page from loading. Web Servers Networking Security
nftables geoip - continents ip In the previous articles, we showed how to perform packet marking in nftables based on geoip source ip addresses and also how to log traffic to external files . Today we will show how to mark packets based on which continent they come from. The principle is that we first mark packets based on the source IP address so that we know which countries they are coming from. And then we'll find out which continent the state is on. Linux Security Networking
nftables and GeoIP How to Block IPs from Countries or Continets using NfTables Geoip script We'll learn how we can block traffic originated from specific country or continent IPs using GeoIP database and linux nftables . This article describes the configuration for debian linux distros. nftables is the new packet classification framework that intends to replaces the existing {ip,ip6,arp,eb}_tables infrastructure. In a nutshell: It is available in Linux kernels >= 3.13 It comes with a new command line utility nft whose syntax is different to iptables. Linux Security Networking
How nftables log to external file Logging traffic blocked by the nftables or iptables firewall rules is necessary for debugging the firewall rules and to be alerted to local software problems. Any packet matching a rule can be logged by using -j LOG target for iptables or log statement for nftables. Logging packet has no effect on the packet's disposition, however. The packet must match an accept or drop rule. Linux Security Networking
How to Enable Full Disk Encryption with encrypted boot, root partition and ramdisk in Debian - Ubuntu Linux This is a tutorial on how to get a step-by-step installation of Debian on a fully encrypted disk. We encrypt everything, including the kernel and the initialization ramdisk. Without a password, the thief will not even blow. Security Debian Linux