The aim that I started with was mail reliability. There wasn't much that was in my hands regarding it. So I switched my attention to mail security and reporting.
I have implemented these specifications for the mails sent to/from ekvastra.in:
- Added to STARTTLS Policy List
With these implemented properly, Email deliverability also gets a boost! I use email signature from Actalis which are issued to me for one year at a time. Current signature is valid from April 12, 2019, to April 12, 2020. SHA1 fingerprint is 05:80:36:E2:4E:91:E7:CE:C7:AD:3A:D7:35:3C:A2:EE:93:00:58:07
On my WebHost connecting to an external mail server is forbidden, hence I have to send emails from the same server only. Though I can choose to receive email externally. Some applications provide no configuration to supply the correct login information and they just use the defaults. There is no workaround or fix for this, I have to live with it. One example is Textpattern. Some other applications like DokuWiki and tcexam are smarter and provide configuration options that I can supply to log in with authentication locally. The configuration that I use with DokuWiki and tcexam is as per the following:
- SMTP Server: server10.hostingraja.org
- Username: firstname.lastname@example.org
- Password: **** (really long auto generated nonsense password)
- Port: 465
- Security: SSL
After having repeated trouble with my hosting email I have moved my MX to Zoho. The present configuration allows Zoho to send and receive emails for my domain. My hosting can only send out emails but not receive them, this is for applications that rely on native PHP mail, and anyway, the hosting does not allow external SMTP connection so I have to allow this.
Tools to validate MTA-STS: