[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
[EP-tech] Secure Mails via SMTP/Mail Auth on EPrints
Hi Martin,
I tend to install and configure Postfix to and then just configure
EPrints (i.e leave the same in perl_lib/EPrints/SystemSettiings.pm) to
use 127.0.0.1.? This gives you much more flexibility when it comes to
configuration.
I have been dealing with the greater DMARC enforcement that comes from
using Outlook / Office 365 as? your mail server.? My best advice is that
you ask you organisation to register and SPF record for the specific
domain of your server (e.g. for repository.example.org rather than
example.org) and then use an email address like
admin at repository.example.org.? You will need to get your organisation to
create and email alias for this new address but most IT departments are
struggling to get all the entries they needed into their SPF records for
their main domain (no more than 10 lookups / 9 includes are allowed), so
if you can use a different domain, they are happy to set this up as it
saves them a headache.
An SPF record for your repositories domain would look something like:
repository.example.org.??????????? 28800?? IN????? TXT???? "v=spf1
ip4:1.2.3.4 ~all"
Regarding Postfix, there is plenty of guidance of for Postfix's
configuration on its website:
https://eur03.safelinks.protection.outlook.com/?url=https%3A%2F%2Fwww.postfix.org%2FBASIC_CONFIGURATION_README.html&data=05%7C01%7Ceprints-tech%40ecs.soton.ac.uk%7Cdf4771ea1b3049c0ce6b08db29f58535%7C4a5378f929f44d3ebe89669d03ada9d8%7C0%7C0%7C638149906690826496%7CUnknown%7CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0%3D%7C3000%7C%7C%7C&sdata=zUVqBUqXkRS4U6M5KrNxWTwB6LE3Lt9VA0NQc0R7fz0%3D&reserved=0
However, if you setup an SPF record for you repository's domain and use
an aliased email address to send email, then you can probably get away
with the standard configuration.? If not you may need to look into
setting up DKIM [1], if your institution enforces stricter DMARC
enforcement.
One thing I have been working on the next release of EPrints [2] is to
split up adminemail so there can be a separate email address for sending
email.? So you maybe end up with a config something like:
$c->{adminemail} = admin at example.org
$c->{senderemail} = NO-REPLY at nodmarc.example.org
Here if the senderemail address domain does not have DMARC enforcement,
then you can happily send emails from it without them being
dropped/quarantined but the footer of these emails will still include
the adminemail in email footer signature, if the recipient needs to
email someone.? In some cases I have also configured the reply-to
address so the recipient can even hit reply on the email and it will go
to the adminemail rather than the black hole, which is the senderemail.
Regards
David Newman
[1] https://eur03.safelinks.protection.outlook.com/?url=https%3A%2F%2Fen.wikipedia.org%2Fwiki%2FDomainKeys_Identified_Mail&data=05%7C01%7Ceprints-tech%40ecs.soton.ac.uk%7Cdf4771ea1b3049c0ce6b08db29f58535%7C4a5378f929f44d3ebe89669d03ada9d8%7C0%7C0%7C638149906690826496%7CUnknown%7CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0%3D%7C3000%7C%7C%7C&sdata=gxlg2dDZbLZBeMDQv5tXtWZ95Qwv2H54FRKx0mgT6i0%3D&reserved=0
[2] https://eur03.safelinks.protection.outlook.com/?url=https%3A%2F%2Fgithub.com%2Feprints%2Feprints3.4%2Fissues%2F256&data=05%7C01%7Ceprints-tech%40ecs.soton.ac.uk%7Cdf4771ea1b3049c0ce6b08db29f58535%7C4a5378f929f44d3ebe89669d03ada9d8%7C0%7C0%7C638149906690826496%7CUnknown%7CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0%3D%7C3000%7C%7C%7C&sdata=on9E5Os77k5YC7lNP9qp2pSsohni0wFvJ7Vmswk651E%3D&reserved=0
On 21/03/2023 9:41 am, Martin Br?ndle via Eprints-tech wrote:
> *CAUTION:* This e-mail originated outside the University of Southampton.
>
> Dear all,
>
> because of a enforced change to a Outlook / Office 365 mail server at
> our institution, SMTP-based mails out of our EPrints repo may soon see
> the end.
>
> Has anybody a recipe how to configure mail within EPrints to use a
> Outlook / Office 365 mail server with some sort of authentication ?
>
> E.g. for platform based on Open Journal Systems we do have the option
> to configure the following parameters:
>
> Server name
>
> Port
>
> Auth mechanism (e.g. SSL, TLS)
>
> Username (for central sender)
>
> Password
>
> Auth type (e.g RAM-MD5, LOGIN, PLAIN, XOAUTH2)
>
> If OAUTH, client secret, id, token
>
> default_envelope_sender
>
> force_ default_envelope_sender
>
> DMARC compliance
>
> Kind regards,
>
> Martin
>
> --
>
> Dr. Martin Br?ndle
> Zentrale Informatik
> Universit?t Z?rich
> Stampfenbachstr. 73
> CH-8006 Z?rich
>
>
> *** Options:http://mailman.ecs.soton.ac.uk/mailman/listinfo/eprints-tech
> *** Archive:https://eur03.safelinks.protection.outlook.com/?url=http%3A%2F%2Fwww.eprints.org%2Ftech.php%2F&data=05%7C01%7Ceprints-tech%40ecs.soton.ac.uk%7Cdf4771ea1b3049c0ce6b08db29f58535%7C4a5378f929f44d3ebe89669d03ada9d8%7C0%7C0%7C638149906690826496%7CUnknown%7CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0%3D%7C3000%7C%7C%7C&sdata=xxDGf2Cc7g4pTalVgf0ojz%2FkUeIrJfudpAqh65SqvT4%3D&reserved=0
> *** EPrints community wiki:https://eur03.safelinks.protection.outlook.com/?url=http%3A%2F%2Fwiki.eprints.org%2F&data=05%7C01%7Ceprints-tech%40ecs.soton.ac.uk%7Cdf4771ea1b3049c0ce6b08db29f58535%7C4a5378f929f44d3ebe89669d03ada9d8%7C0%7C0%7C638149906690826496%7CUnknown%7CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0%3D%7C3000%7C%7C%7C&sdata=dAJ5qL3IWWVrMbwFlfeAfBYB0Wn45Q0NfONe4y%2FdiII%3D&reserved=0
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://mailman.ecs.soton.ac.uk/pipermail/eprints-tech/attachments/20230321/829fd82e/attachment-0001.html