What's new

Synology Mail Server Big Problem, Be aware!!!

  • SNBForums Code of Conduct

    SNBForums is a community for everyone, no matter what their level of experience.

    Please be tolerant and patient of others, especially newcomers. We are all here to share and learn!

    The rules are simple: Be patient, be nice, be helpful or be gone!

Do u have the same problem with your Synology Mail Server

  • Yes, similar

    Votes: 0 0.0%
  • Not realy

    Votes: 2 100.0%

  • Total voters
    2
I'm not wrong... SMTP validates DOMAIN's at the MTA level, which is server to server...

Some SMTP host may reject based on USER@DOMAIN, but most don't... note that I say "may" not "must"... postfix accepts anything sent to it via MTA connection, and then deals with it accordingly.

Once it gets thru the MTA, then it's up to local SMTP host to either drop the message in the user's mail spool, or route it back to the sending MTA as a bounce (no such user), or route to trash (/dev/null)

So cool your jets man...




So what is the purpose of the DNS TXT SPF record type? The synology mail server should bounce off the the forged email from fake server. I put in my DNS server in SPF record that only mail.skynetisp.ca is permitted to send mail on behave skynetisp.com domain. So why the heck the mail is accepted from fake server when is precisely specified to drop that kind of email.


P.S:

An SPF record is a type of Domain Name Service (DNS) record that identifies which mail servers are permitted to send email on behalf of your domain. The purpose of an SPF record is to prevent spammers from sending messages with forged From addresses at your domain.



Why synolgy is doing this ?
 
I still think a SMTP preprocessor like Untangle or Baracuda will stop rogue email bounces. If the internet can bounce email off your server they will chew all your bandwidth up on your ISP connection.

I assume you have an MX record in your DNS.
 
Last edited:
So what is the purpose of the DNS TXT SPF record type? The synology mail server should bounce off the the forged email from fake server. I put in my DNS server in SPF record that only mail.skynetisp.ca is permitted to send mail on behave skynetisp.com domain. So why the heck the mail is accepted from fake server when is precisely specified to drop that kind of email.

An SPF record is a type of Domain Name Service (DNS) record that identifies which mail servers are permitted to send email on behalf of your domain. The purpose of an SPF record is to prevent spammers from sending messages with forged From addresses at your domain.

Ok... starting to understand the gap you're having with what SPF is for (along with another similar tools like DKIM/DMARC/etc...)

SPF uses DNS to confirm that your SMTP host is who it says it is... as SMTP basically runs on "trust", it used to be very easy for someone to set up a SMTP relay host and call it smtp.someisp.ca or whatever, even if it wasn't actually part of that domain - let's say it was actually spamhost.badactor.ru claiming to be smtp.someisp.ca - this is what spammers used to do in the past, to a fair degree of success... Tools like SPF and DKIM put that little bit more into things..

What SPF does - the upstream relays will now double check that your mail host is who it claims to be by doing a DNS lookup and actually confirming that your host really is who it says it is...

What SPF doesn't do (nor does DKIM for that matter) is check to see if a recipient (or sender) is valid, that's out of scope for SMTP when being a smarthost or relay - that is up to the local mail host and the local desktop clients and/or gateways.
 
I still think a SMTP preprocessor like Untangle or Baracuda will stop rogue email bounces. If the internet can bounce email off your server they will chew all your bandwidth up on your ISP connection.

I assume you have an MX record in your DNS.


Yes man i do have SPF DNS record but still getting email from unathorize servers for sending on behalf of my domain. So what is going on with this Synology? Mail server?
 
It is called simple mail transfer protocol for a reason. You need a mail filter. Untangle is free.
 
Ok... starting to understand the gap you're having with what SPF is for (along with another similar tools like DKIM/DMARC/etc...)

SPF uses DNS to confirm that your SMTP host is who it says it is... as SMTP basically runs on "trust", it used to be very easy for someone to set up a SMTP relay host and call it smtp.someisp.ca or whatever, even if it wasn't actually part of that domain - let's say it was actually spamhost.badactor.ru claiming to be smtp.someisp.ca - this is what spammers used to do in the past, to a fair degree of success... Tools like SPF and DKIM put that little bit more into things..

What SPF does - the upstream relays will now double check that your mail host is who it claims to be by doing a DNS lookup and actually confirming that your host really is who it says it is...

What SPF doesn't do (nor does DKIM for that matter) is check to see if a recipient (or sender) is valid, that's out of scope for SMTP when being a smarthost or relay - that is up to the local mail host and the local desktop clients and/or gateways.



"SPF uses DNS to confirm that your SMTP host is who it says it" so u r saying that spamMailServer.myserver.com is OK for my domain to send email? IT uses to confirm, CHECK, double check , check validateion, validate etc ball shirt.................. I AM GETTING STILL SPAM. have nice day
 

"SPF uses DNS to confirm that your SMTP host is who it says it" so u r saying that spamMailServer.myserver.com is OK for my domain to send email? IT uses to confirm, CHECK, double check , check validateion, validate etc ball shirt.................. I AM GETTING STILL SPAM. have nice day

SPF isn't going to stop spam from coming into your domain, that requires application level filtering like Untangle, Spamsieve, or something similar.

I don't think I can help you much further, as you're just not getting the message - good luck!
 
The thing which you may not have realized is email is setup to allow others to bounce mail off your server. You need to filter for that also. Otherwise you are going to be blacklisted and once blacklisted no one will accept email from you.
 
SPF is used to determine if a sending SMTP server is allowed to send emails with a specific From: domain. It only helps protect a bit against spoofed sender's, most modern spammers also have valid SPF records for their domain, so it provides no real help in limiting spam - only against spoofing.

Note that a lot of SPF records are only configured to generate soft fails, not hard fails.

Sent from my Nexus 9 using Tapatalk
 
Another thing which comes to mind is you need a reverse name lookup or some of the big emails ,I can't remember now, gmail ,yahoo or whom but they will not accept email from your server unless you go through a special request and setup process. So think about this if you have a dynamic IP address. You may want a static IP address. Just food for thought. Email is not a light under taking. Be prepared for some work.

And any link which breaks down can get you blacklisted and you are dead in the water as nobody will accept email from you until you straighten it out which is another big under taking that could take weeks. You have to stay on top of your email all the time 24/7.
 
Last edited:
I'm pondering what that male server would look like:p.

I can tell you I'm mostly happy with my female server, she always responds to HELO. It's when the DATA part comes that she proves a bit unreliable. And our conversations always end with me having to tell her QUIT!
 
I can tell you I'm mostly happy with my female server, she always responds to HELO. It's when the DATA part comes that she proves a bit unreliable. And our conversations always end with me having to tell her QUIT!

my mail handler is gmail and they do all the work
 
You might have SPF added but can you please show your record?
To fix your problem, your SPF should look like this:

mydomain.com. IN TXT "v=spf1 ip4:<MTA-IP> -all"

Notice the -all at the end?
Most default SPF records will be ~all (softfail)
 
Use mxtoolbox to check your spf record, you may have a problem with it.
https://mxtoolbox.com/NetworkTools.aspx

use the spf record check and you will see yours spf record has been deprecated the message is below.
The DNS record type 99 (SPF) has been deprecated

Deepcuts is correct, you need to modify your spf record and change the ~all to -all

also make sure you tick the checkbox on the synology mail server setup enable smtp authentication.
 
Last edited:

Similar threads

Latest threads

Sign Up For SNBForums Daily Digest

Get an update of what's new every day delivered to your mailbox. Sign up here!
Top