# Server Setup - Manual (poste.io) ###### tags: `phishing` ### Mailserver setup We are going to use the docker mailserver poste.io. This spares us a lot of configuration and makes our setup easier. ```bash mkdir /root/mailserver ``` Run the docker instance: ```bash docker run \ -d -p 25:25 \ -p 999:80 \ -p 9999:443 \ -p 110:110 \ -p 143:143 \ -p 465:465 \ -p 587:587 \ -p 993:993 \ -p 995:995 \ -v /etc/localtime:/etc/localtime:ro \ -v /root/mailserver:/data \ -t analogic/poste.io ``` Surf to https://<yourdomain.be>:9999 (double check the port you are connecting to!) and make a login. See https://poste.io/doc/ for more information. ### Setting the correct DNS records We use Cloudlfare because it's a free and fast DNS resolver. ‌ Now the only thing the owner (or purchaser) of the domain has to do is point the nameserver to cloudflare, so Cloudflare DNS will be used. *Please note, it can take a few hours before the nameserver is changed.* As shown in the screenshot below, we disable Clouflare’s services by just sending the traffic directly to our server. **This is essential! Make sure that your traffic doesn't flow trough cloudflare.**  For the mail we also need to add some records because we need them to get them pass the spam filter. DNS records like SPF, DKIM an DMARC should be properly configured. Also, MX should exist for pointing to the mail server itself. For now it’s enough to add the A records to our server for each domain. The other records will be added later on. #### Initial mail records Configurate the following DNS records in the cloudflare panel: | TYPE | NAME | VALUE | | ---- | ------ | ------------------------------------------------------------ | | A | @ | <ip-of-your-server> | | A | www | <ip-of-your-server> | | TXT | _dmarc | v=DMARC1; p=none; sp=none; fo=; ri=3600; rua=mailto:info@<your-domain.com>; ruf=mailto:info@<your-domain.com> | | MX | @ | server:<yourdomain.com>; priority:20 | | TXT | @ | v=spf1 a mx ip4:<ip-of-your-server> ~all | Make sure to replace <ip-of-your-server> and <yourdomain.com> to the IP-of your address. The domainkey will be added in the next section. Explenation of these DNS records are at the "Explenation of the DNS records" section, at the end of this document. #### DKIM Surf to https://<yourdomain.com>:9999 (double check the port you are connecting to!). Add your domain:  Create DKIM key:  Add this DKIM key in your cloudflare DNS panel. Create a new TXT record as shown below:  ### Explenation of the DNS records To have a clear understanding of what you are configuring, the DNS headers are explained below | DNS record type | Explenation | | ------------------------------------------------------------ | ------------------------------------------------------------ | | A Records | These are the most basic type of DNS record and are used to point a domain or subdomain to an IP address. | | Mail Exchanger (MX) records | These are used to help route email according the domain owners preference. The MX record itself specifies which server(s) to attempt to use to deliver mail to when this type of request is made to the domain. | | TXT records | These are used to store any text-based information that can be grabbed when necessary. We most commonly see TXT records used to hold SPF data and verify domain ownership. | | TXT: DMARC (Domain-based Message Authentication, Reporting and Conformance) records | These provide a mechanism that allows to the e-mail senders and receivers to determine or not a given message is legitimately from the sender, and what to do if it isn’t. The DMARC record allows easier to identify spam and/or phishing messages, received in the Customers's mailbox, and to keep them out of there. | | TXT: Domain Keys Identified Mail (DKIM) records | These provide an email authentication method designed to detect email spoofing. It allows the receiver to check that an email claimed to have come from a specific domain was indeed authorized by the owner of that domain. It is intended to prevent forged sender addresses in emails, a technique often used in phishing and email spam. |