Mail server

From ArchWiki
(Redirected from SPF)

A mail server consists of multiple components. A mail transfer agent (MTA) receives and sends emails via SMTP. Received and accepted emails are then passed to a mail delivery agent (MDA), which stores the mail in a mailbox (usually in mbox or Maildir format). If you want users to be able to remotely access their mail using email clients (MUA), you need to run a POP3 and/or IMAP server.


This article or section needs expansion.

  • Add mailutils somewhere.
  • Addition of mailing list software
  • Find article or guide on how to create a "simple" mailing list with Postfix
  • Differentiate between POP3 and IMAP servers (Dovecot etc.) and clients (fdm etc.)
(Discuss in Talk:Mail server#Should mailutils be added somewhere to mail server#software?)

Below is a table containing all mail servers with the features they support.

Note: In most cases not a single program in this table provides the complete suite of support you require; an MTA such as postfix needs to be paired with a MDA such as dovecot.
Name Mail transfer agent Mail delivery agent Sendmail Mailing list JMAP Notes
Sending Receiving POP3 IMAP
dma Yes Yes Yes Does not support email domains; limited MTA receiving (see Use Google SMTP)
Exim Yes Yes Yes
OpenSMTPD Yes Yes Yes
Postfix Yes Yes Yes Partially, through alias feature
Courier Yes Yes Yes Yes No Yes Includes a web client
Cyrus IMAP Yes Yes Yes Can be installed from cyrus-imapdAUR
Dovecot Yes Yes No, requested
UW IMAP Yes using c-clientAUR Yes Yes Yes c-clientAUR has same capabilities Project is abandoned
msmtp Yes No Yes msmtp has same capabilities
Sendmail Yes No Yes Sendmail implementation is deprecated
sSMTP Yes No Yes
fdm Yes Yes Can also fetch mail from standard input (stdin)
Procmail Partially, see module [1] No Only reads mail through standard input (stdin), upstream is unmaintained
Maildrop No No Only supports receiving emails over standard input (stdin)
Stalwart Yes Yes Yes Yes Yes
  • Sendmail executables are command line tools which allow the sending of emails over SMTP.
  • "Sending" and "Receiving" columns refer to the ability to send emails over SMTP and receive emails over SMTP.
  • "Mailing list" software, allow for the creation of mailing lists, see Mailing lists.


Purpose Port Protocol Encryption
Accept mail from other MTAs. 25 SMTP STARTTLS
Accept submissions from MUAs. 587 SMTP STARTTLS
465 SMTPS implicit TLS
Let MUAs access mail. 110 POP3 STARTTLS
995 POP3S Implicit TLS
993 IMAPS implicit TLS
  • Implicit TLS is more secure than STARTTLS because the latter is vulnerable to man-in-the-middle attacks. For more information, see [2] and RFC:8314.
  • The table above contains the generic ports to be used, however mail servers could use other ports, ensure to check with your mail provider to ensure the ports are correct. The only port which remains constant is port 25, the relay port is expected to be open otherwise emails will not be relayed through a specific server (However some software does support setting custom relay ports).

MX record

Hosting a mail server requires a domain name with an MX record pointing to the domain name of your mail transfer agent. The domain name used as the value of the MX record must map to at least one address record (A, AAAA) and must not have a CNAME record to conform with RFC 2181, otherwise you may not get mail from some mail servers. Configuring DNS records is usually done from the configuration interface of your domain name registrar.


This article or section is a candidate for merging with Mail server#Software.

Notes: This section can be merged with the list of mail server software above. (Discuss in Talk:Mail server)

There are various email authentication techniques.

Sender Policy Framework

From Wikipedia:

Sender Policy Framework (SPF) is an email validation protocol designed to detect and block email spoofing by providing a mechanism to allow receiving mail exchangers to verify that incoming mail from a domain comes from an IP Address authorized by that domain's administrators.

To allow other mail exchangers to validate mails apparently sent from your domain, you need to set a DNS TXT record as explained in the Wikipedia article (there is also an online wizard). To validate incoming mail using SPF you need to configure your mail transfer agent to use a SPF implementation. There are several SPF implementations available: libspf2, perl-mail-spf and perl-mail-spf-query.

SPF validation support
Courier Yes, built-in
Postfix Yes
Sendmail through Milter and spfmilter-acmeAUR
Exim Yes, requires libspf2

The following websites let you validate your SPF record:

Tip: SPF can even be helpful for domains not used to send email. Publishing a policy like v=spf1 -all makes any mail server enforcing SPF reject emails from your domain name, thus preventing misuse.

Sender Rewriting Scheme

The Sender Rewriting Scheme (SRS) is a secure scheme to allow forwardable bounces for server-side forwarded emails without breaking the Sender Policy Framework.

For Postfix, see Postfix#Sender Rewriting Scheme.


DomainKeys Identified Mail (DKIM) is a domain-level email authentication method designed to detect email spoofing.

Available DKIM implementations are OpenDKIM and perl-mail-dkim.


There are several options to help you test DNS records, deliver ability, and encryption support.

Dedicated tools

Dedicated websites

There are several handy web sites that can help you testing.

Tips and tricks

Removing IP addresses from emails

Most mail servers can be configured to strip users' IP addresses and user agents from outgoing mail.

Scanning emails for viruses

See ClamAV for email antivirus scanning.

Spam filtering

See SpamAssassin for filtering of spam emails.


See Roundcube and Squirrelmail for setting up of a webmail.

See also