docker
/
docker-mailserver
mirror of https://github.com/tomav/docker-mailserver.git
1
0
Fork 0
Code Issues Releases Wiki Activity

add FAQ entry about DNS servers 

I also opted for including a quote from @polarthene which illustrates
how DNS servers are a difficult topic and should not be DMS'
responsibility.
This commit is contained in:
georglauterbach 2024-03-30 11:32:55 +01:00
parent 4f10089c90
commit beb8ca7462
No known key found for this signature in database
GPG Key ID: F367F7C43C118578
1 changed files with 14 additions and 1 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

15
docs/content/faq.md
View File

@ -79,6 +79,18 @@ volumes:
Optionally, you can set the `TZ` ENV variable; e.g. `TZ=Europe/Berlin`. Check [this list](https://en.wikipedia.org/wiki/List_of_tz_database_time_zones) for which values are allowed.
### What About DNS Servers?
Properly working DNS servers are crucial for differentiating spam from legitimate e-mails. Records like `SPF`, `DKIM` and `DMARC` records, as well as working name (resolving `A` records) and reverse name (resolving `PTR` records) resolution ensure legitimate e-mails arrive while e-mails that are likely phishing and spam do not.
Moreover, anti-spam measures (like SpamAssassin or Rspamd) make use of DNS block lists. Check out our [Rspamd documentation on this topic][docs::rspamd-rbl-dnsbl] to learn more about this topic. In case you want to utilize RBL/DNSBLs, you need a recursive DNS resolver, and do not use big custom resolvers (like Cloudflare, Quad9, Google, etc.).
DMS does not support custom DNS servers via environment variables because, on the one hand, DNS is a difficult to maintain topic, and on the other hand, most environments already provide options for using custom DNS servers.
??? quote "DNS Servers Should Not be DMS' Responsibility"
It's not just Docker vs K8s, as the OS can play a role too adding complexity. Linux may be using `systemd-resolved`, a local custom DNS service (or external one like with PiHole), [a] VM hypervisor can influence that too IIRC, cloud vendors often use NetPlan which at least with Vultr I found annoying with it's reactive behaviour each time a container spun up introducing a new IP, VM guests resuming from suspend I was finding containers no longer could resolve DNS until restarting the Docker daemon, along with other side-effects like from kernel tunables, glibc/nss, /etc/hosts and related configs, chroot (we had a container issue related to this with Postfix back when it used chroot), Windows you've got WSL2 and it's network differences between the host, the WSL2 VM using the Docker container and the actual private WSL2 VM managed by docker, similarly macOS with it's own VM wrapper and drivers has had networking issues.
### What is the file format?
All files are using the Unix format with `LF` line endings. Please do not use `CRLF`.
@ -376,7 +388,7 @@ The default setup `@local_domains_acl = ( ".$mydomain" );` does not match subdom
Put received spams in `.Junk/` imap folder using `SPAMASSASSIN_SPAM_TO_INBOX=1` and `MOVE_SPAM_TO_JUNK=1` and add a _user_ cron like the following:
!!! example
!!! example
**NOTE:** This example assumes you have a [`/var/mail-state` volume][docs::dms-volumes-state] mounted.
@ -482,6 +494,7 @@ $spam_quarantine_to = "quarantine\@example.com";
[fail2ban-customize]: ./config/security/fail2ban.md
[docs::dms-volumes-state]: ./config/advanced/optional-config.md#volumes-state
[docs::rspamd-rbl-dnsbl]: ./config/security/rspamd.md#rbls-real-time-blacklists-dnsbls-dns-based-blacklists
[docs-maintenance]: ./config/advanced/maintenance/update-and-cleanup.md
[docs-override-postfix]: ./config/advanced/override-defaults/postfix.md
[docs-userpatches]: ./config/advanced/override-defaults/user-patches.md