Tidymail for the Technically Minded

We thought it would be useful for the more technically minded to be able to easily see the specifics of the interface to Tidymail. So, cutting to the chase …

IP and DNS details

IPV4 and IPV6 on everything

$ORIGIN tidymail.co.uk.

        IN      MX      10      smtp
        IN      MX      100     relay2
        IN      MX      666     relay99

        IN      A       217.146.107.44
        IN      AAAA    2a00:1940:107::2:4:0

www     IN      A       217.146.107.44
        IN      AAAA    2a00:1940:107::2:4:0

imap    IN      A       217.146.107.45
        IN      AAAA    2a00:1940:107::2:4:1000
smtp    IN      A       217.146.107.46
        IN      AAAA    2a00:1940:107::2:4:4000
post    IN      A       217.146.107.54
        IN      AAAA    2a00:1940:107::2:4:2000
mx      IN      A       217.146.107.46
        IN      AAAA    2a00:1940:107::2:4:5000

relay2  IN      A       217.146.107.7
        IN      AAAA    2a00:1940:107::2:5:0

relay99 IN      A       217.146.107.100
        IN      AAAA    2a00:1940:107::2:5:666

And we try and help configuration

;
; SRV records for tidymail
;
_submission._tcp        IN      SRV 0   1       587     post.tidymail.co.uk.
_imaps._tcp             IN      SRV 0   1       993     imap.tidymail.co.uk.
_imap._tcp              IN      SRV 10  1       143     imap.tidymail.co.uk.
_imap._tcp              IN      SRV 10  1       143     imap.tidymail.co.uk.
_pop3._tcp              IN      SRV 30  1       110     imap.tidymail.co.uk.
_pop3s._tcp             IN      SRV 20  1       995     imap.tidymail.co.uk.

; Mozilla auto-configuration if your domain has a CNAME for autoconfig
; which points to tidymail.co.uk
autoconfig              IN      CNAME   tidymail.co.uk.
;
; causes retrieval of https://tidymail.co.uk/mail/config-v1.1.xml
;
; Microsoft clients (approx 2007 onwards) can auto configure if the
; domain has a CNAME for _autodiscover._tcp which points to tidymail.co.uk

_autodiscover._tcp      IN      CNAME   tidymail.co.uk

And for iOS/OSX clients there is  https://tidymail.co.uk/admin/iphone.cgi

Unfortunately there is no auto-configuration mechanism for Android, but we have setup instructions.

And there’s more, we ensure the domain is DNSSEC validated, http://dnssec-debugger.verisignlabs.com/tidymail.co.uk

.
Found 2 DNSKEY records for .
DS=19036/SHA1 verifies DNSKEY=19036/SEP
Found 1 RRSIGs over DNSKEY RRset
RRSIG=19036 and DNSKEY=19036/SEP verifies the DNSKEY RRset
uk
Found 2 DS records for uk in the . zone
Found 1 RRSIGs over DS RRset
RRSIG=8230 and DNSKEY=8230 verifies the DS RRset
Found 2 DNSKEY records for uk
DS=43876/SHA256 verifies DNSKEY=43876/SEP
Found 1 RRSIGs over DNSKEY RRset
RRSIG=43876 and DNSKEY=43876/SEP verifies the DNSKEY RRset
co.uk
Found 1 DS records for co.uk in the uk zone
Found 1 RRSIGs over DS RRset
RRSIG=43056 and DNSKEY=43056 verifies the DS RRset
Found 1 DNSKEY records for co.uk
DS=33621/SHA256 verifies DNSKEY=33621
Found 1 RRSIGs over DNSKEY RRset
RRSIG=33621 and DNSKEY=33621 verifies the DNSKEY RRset
tidymail.co.uk
Found 1 DS records for tidymail.co.uk in the co.uk zone
Found 1 RRSIGs over DS RRset
RRSIG=33621 and DNSKEY=33621 verifies the DS RRset
Found 3 DNSKEY records for tidymail.co.uk
DS=36505/SHA1 verifies DNSKEY=36505/SEP
Found 2 RRSIGs over DNSKEY RRset
RRSIG=23814 and DNSKEY=23814 verifies the DNSKEY RRset
tidymail.co.uk A RR has value 217.146.107.44
Found 1 RRSIGs over A RRset
RRSIG=23814 and DNSKEY=23814 verifies the A RRset

And the Firefox plugin DNSSEC/TLSA Validator seems happy.

Screen Shot 2014-08-17 at 20.59.09 And once we had DNSSEC in place it was but a small step to DANE TLSA records for everything.

_443._tcp       IN      TLSA 01 00 01 0d41a4164909dbde2b3f261941d1ae68e4aa82b7803b419e63d77052cb87f9b3

smtp._cert      IN      TLSA 03 00 01 1fbf8f060c5ecd33d7666e04284814d497f4e6c5b0ee9011f0e6180177273cdb
_25._tcp.smtp   IN      CNAME   smtp._cert
_465._tcp.smtp  IN      CNAME   smtp._cert
_587._tcp.smtp  IN      CNAME   smtp._cert

post._cert      IN      TLSA 03 00 01 fa5374eb9df33eaebde51303f5a78612f4c9ddbfbc9c54531eb4c5dcf2908a30
_25._tcp.post   IN      CNAME   post._cert
_465._tcp.post  IN      CNAME   post._cert
_587._tcp.post  IN      CNAME   post._cert
imap._cert      IN      TLSA 03 00 01 b495c8877d29a77e0087d410b540d16d2892b7e6c2131581b76fc96b75e69465
_110._tcp.imap  IN      CNAME   imap._cert
_143._tcp.imap  IN      CNAME   imap._cert
_993._tcp.imap  IN      CNAME   imap._cert
_995._tcp.imap  IN      CNAME   imap._cert

Which keeps the DNSSEC/TLSA Validator even happier
Screen Shot 2014-08-17 at 20.59.28


Coming Soon: Protocols and Capabilities

css.php