Gmail provided by the paid Google Workspace service (formerly known as G Suite and Google Apps) has unofficial DNSSEC-signed MX records available for use. The officially supported ones that you’re told to configure do not offer DNSSEC signing.

These MX records have both IPv4 and IPv6 addresses, although the records are not officially supported or documented and may be unreliable or removed at any point. (I’ve been using them for a while now and they seem perfectly fine to me but use at your own risk.)

mx1.smtp.goog
mx2.smtp.goog
mx3.smtp.goog
mx4.smtp.goog

The table below has the MX record and the A and AAAA record values.

mx1.smtp.goog
    216.239.32.151
    2001:4860:4802:32::97

mx2.smtp.goog
    216.239.34.151
    2001:4860:4802:34::97

mx3.smtp.goog
    216.239.36.151
    2001:4860:4802:36 …

A brief history of a tiny part of the Internet.

Blackhole 1 — Blackhole as it was originally known — was written on Python 2.7, briefly supporting Python 2.6 for a time and also supporting early version of Python 3, PyPy 2 and PyPy 3. Built on top of Tornado, it was asynchronous in a fashion and — quite simply — worked.

The original prototype that became Blackhole was SimpleMTA — a prototype that was created quickly, to serve a very simple testing purpose that I had for it.

As I needed SimpleMTA to do more, I wrote Blackhole to accomplish that task. I’d been using Tornado a bit and wanted to experiment with it more. Building on top of Tornado created some oddities in how the program was designed and that always irked me.

Between the time of the last 1.8.X and the 2.0 release, I experimented with …

I have been a frequent audience member of DJUGL for a few years now and spend most of the time asking questions, playing devils advocate and generally being my annoying self.

I have repeatedly said I would do a talk but never got round to it until Jon basically forced me to get round to it.

My talk was on blackhole/blackhole.io and covered several topics including PyPy, SimpleMTA and moved on to talking about spamming and starting work on my honey pot suite called Nectar.

You can find the slides on Speaker Deck, sadly I ran out of time when creating them and although I was promised time to finish them at work, I got busy. So I replaced content with “Taylor Replacements(tm)”.

The event, attendees and other speakers are listen on the Lanyrd event page.

Several people took photos of the event, I don’t remember …

I have built and released an open-source email server in the past for testing send rates and speeds, this project was called SimpleMTA and is available here.

Recently I have rebuilt this project for an internal project at work using the Tornado framework. Sadly this project as a whole cannot be released but a version of this code will be released in the near future.

Until that is released I have launched a new service called blackhole.io

A simple yet effective method for protecting your mail server from spam is to use greylisting. In simple terms, when an email is received the server will temporarily reject it with a 450 response code claiming that the server is busy, the sending server should then attempt to try to deliver at a later point in time, if enough time has passed the recipient server will then accept the incoming mail and whitelist the send address for a period of time.

This is effective because most spam servers are configured not to retry the send whereas real mail servers generally will retry. This sadly does not protect against spam coming from comprised mail servers or accounts like on Hotmail.com.

sudo apt-get install postgrey

This really should be quite a quick and simple post.

I use several tools to protect my mail servers from spam, the most effective of these I’ve found is using external lists in conjunction with reject_rbl_client and reject_rhsbl_client.

+======================+======================================================================================================+ | Service | description | +======================+======================================================================================================+ | zen.spamhaus.org | A single lookup for querying the SBL, XBL and PBL databases. | | | - SBL - Verified sources of spam, including spammers and their support services | | | - XBL - Illegal third-party exploits (e.g. open proxies and Trojan Horses) | | | - PBL - Static, dial-up & DHCP IP address space that is not meant to be initiating SMTP connections | +———————————+———————————————————————————————————————————————————+ | dnsbl.sorbs.net | Unsolicited bulk/commercial email senders | +———————————+———————————————————————————————————————————————————+ | spam.dnsbl.sorbs.net | Hosts that have allegedly sent spam to the admins of SORBS at any time | +———————————+———————————————————————————————————————————————————+ | b1.spamcop.net | IP addresses which have been used to transmit reported email to SpamCop users | +———————————+———————————————————————————————————————————————————+ | rhsbl.ahbl.org | Domains sending spam, domains owned by spammers, comment spam domains, spammed URLs …

This is part 4 of my series on configuring a mail server, please see part one, part two and part three if you’re not familiar with them.

The content of this article was written to work with the previous three articles but should work on any SpamAssassin set-up.

sudo apt-get install razor

sudo razor-admin -home=/etc/spamassassin/.razor -register
sudo razor-admin -home=/etc/spamassassin/.razor -create
sudo razor-admin -home=/etc/spamassassin/.razor -discover

sudo apt-get install pyzor

pyzor --homedir /etc/mail/spamassassin discover

This is part 3 of my guide to getting a mail server configured with all the sexy bits to improve deliverability, spam and virus protection.

You can view part 1 here and part 2 here.

.. code-block:: bash

sudo apt-get install dkim-filter

DAEMON_OPTS="-l -o X-DomainKeys …

This is part 2 of my series on mail servers on Debian 6/Ubuntu 10.04, it should work on other versions of each though. Part 1 is available here.

sudo apt-get install spamassassin

sudo groupadd -g 5001 spamd

sudo useradd -u 5001 -g spamd -s /usr/sbin/nologin -d /var/lib/spamassassin spamd

This guide is part 1 of what I plan will be a couple of guides that take you through installing a base mail system, SpamAssassin, DKIM and much more. Stay tuned.

This guide was written for Debian 6 but should be the same or similar for Debian 5 and Ubuntu 10.04 and above.

sudo apt-get install dovecot-imapd postfix sasl2-bin libsasl2-2 libsasl2-modules

home_mailbox = Maildir/
smtpd_sasl_auth_enable = yes
smtpd_sasl_security_options = noanonymous
smtpd_sasl_local_domain = $myhostname
broken_sasl_auth_clients = yes

smtpd_sender_restrictions = permit_sasl_authenticated,
    permit_mynetworks,

smtpd_recipient_restrictions = permit_mynetworks,
    permit_sasl_authenticated,
    reject_unauth_destination,
    reject_unknown_sender_domain,