diff --git a/content/blog/mail_server_alpine_postfix_dovecot_tutorial/index.md b/content/blog/mail_server_alpine_postfix_dovecot_tutorial/index.md
index 6a05ccb..cce1033 100644
--- a/content/blog/mail_server_alpine_postfix_dovecot_tutorial/index.md
+++ b/content/blog/mail_server_alpine_postfix_dovecot_tutorial/index.md
@@ -94,18 +94,10 @@ The mail server will be composed of the following software:
| Mail delivery agent |
Dovecot |
-
- | SPF authentication |
- postfix-policyd-spf-perl |
-
| DKIM authentication and signing |
OpenDKIM |
-
- | DMARC authentication |
- OpenDMARC |
-
| Spam filter |
Amavis |
@@ -809,8 +801,6 @@ checks.
## Sender Policy Framework
-### Set up your DNS record
-
Add a TXT record for your root domain with the contents `v=spf1 mx ~all`, like:
```dns
@@ -873,68 +863,6 @@ Breaking down the TXT data:
-### Get Postfix to validate SPF
-
-We're going to use a Postfix SMTPd policy server called postfix-policyd-spf-perl to check SPF of incoming emails.
-postfix-policyd-spf-perl is very simple and requires almost no configuration.
-
-Install `postfix-policyd-spf-perl` and create a user, `policyd-spf` for it:
-
- # apk add postfix-policyd-spf-perl
- # adduser -S -s /sbin/nologin -h /dev/null -H policyd-spf
-
-Explanation of `adduser` flags:
-
-
-
- | Option |
- Explanation |
-
-
- -S |
- Create a system user |
-
-
- -s /sbin/nologin |
- Set shell to /sbin/nologin so the user doesn't have a shell |
-
-
- -h /dev/null |
- Set home directory to /dev/null |
-
-
- -H |
-
- Don't create a home directory (if you try to create /dev/null and assign it to
- policyd-spf there will be all sorts of permissions issues)
- |
-
-
-
-Now edit `/etc/postfix/master.cf` to tell Postfix to start up the postfix-policyd-spf-perl daemon:
-
-```conf
-policyd-spf unix - n n - 0 spawn
- user=policyd-spf argv=/usr/bin/postfix-policyd-spf-perl
-```
-
-Now get Postfix to use postfix-policyd-spf-perl in `/etc/postfix/main.cf` by adding the following lines:
-
-```conf
-smtpd_recipient_restrictions =
- permit_mynetworks,
- reject_unauth_destination,
- check_policy_service unix:private/policyd-spf
-policyd-spf_time_limit = 3600
-```
-
-postfix-policyd-spf-perl is now set up, and you can test it by sending yourself an email from a mainstream email
-provider (which ought to have an SPF record) and checking for the presence of this header:
-
-```
-Received-SPF: pass (protonmail.com: Sender is authorized to use 'revsuine@protonmail.com' in 'mfrom' identity (mechanism 'include:_spf.protonmail.ch' matched))
-```
-
## DomainKeys Identified Mail
### Configure OpenDKIM
@@ -1137,11 +1065,6 @@ non_smtpd_milters = $smtpd_milters
This uses the Milter extension, which is something that can be used to process mail; in this case, to add headers to
emails relating to DKIM.
-You can, again, test this on both incoming and outgoing mail. On outgoing mail, there should be a `DKIM-Signature:`
-header present. On incoming mail from domains implementing DKIM, there should be a
-`Authentication-Results: master.revsuine.xyz;` header (obviously replacing `master.revsuine.xyz` with your hostname)
-indicating whether or not the email has passed DKIM authentication.
-
## Domain-based Message Authentication, Reporting, and Conformance
### Ensure your domains are aligned in email headers
@@ -1274,120 +1197,6 @@ The `fo` tag indicates when you would like to receive reports. The options are:
-### OpenDMARC
-
-We can use software called OpenDMARC to enforce DMARC policies for incoming mail. OpenDMARC is another milter. Let's
-install it and enable its service:
-
- # apk add opendmarc
- # rc-update add opendmarc
- # rc-service opendmarc start
-
-Edit the OpenDMARC config at `/etc/opendmarc/opendmarc.conf`.
-
-Change
-
-```conf
-AuthservID HOSTNAME
-```
-
-to
-
-```conf
-AuthservID OpenDMARC
-```
-
-This is so that the `Authentication-Results` header from OpenDKIM authentication. This will also make it clear which
-program adds which `Authentication-Results` header.
-
-Add the following line, replacing `mail.domain.com` with your *hostname* (so in [my
-instance](#a-note-on-my-dns-records), this is `master.revsuine.xyz`).
-
-```conf
-TrustedAuthservIDs mail.domain.com
-```
-
-Enable `RejectFailures`, which means your server will comply with `p=reject` in DMARC DNS records.
-
-```conf
-RejectFailures true
-```
-
-You also probably want to enable `RequiredHeaders`, which rejects emails that don't conform to RFC5322 standards, e.g.
-are missing a `From:` header.
-
-```conf
-RequiredHeaders true
-```
-
-In case external SPF validation fails (as in, no SPF results are placed in the message header), you probably want to
-add
-
-```conf
-SPFSelfValidate true
-```
-
-which tells OpenDMARC to perform the SPF check itself if it can't find SPF results in the message header.
-
-Now provide OpenDMARC with a socket to use for communication with sendmail. We will use a TCP socket on port 8893:
-
-```conf
-Socket inet:8893@localhost
-```
-
-For a Unix socket, you'd use the following format:
-
-```conf
-Socket local:/var/run/opendmarc/opendmarc.sock
-```
-
-By default, you will have the line
-
-```conf
-IgnoreHosts /etc/opendmarc/ignore.hosts
-```
-
-in `/etc/opendmarc/opendmarc.conf`. This tells OpenDMARC to not authenticate the list of hosts in
-`/etc/opendmarc/ignore.hosts`. An example `ignore.hosts` is
-
- 127.0.0.1
- 93.113.25.226
-
-Keep in mind that if you have specified `IgnoreHosts`, this file needs to exist in order for OpenDMARC to run. If you
-have the option set, make sure to `touch /etc/opendmarc/ignore.hosts` (or whatever filepath you've specified).
-Alternatively, comment out this option in order to use the default, which is to not authenticate mail coming from
-127.0.0.1.
-
-Restart OpenDMARC for these changes to take effect:
-
- # rc-service opendmarc restart
-
-To have Postfix use the OpenDMARC milter, it's simple as adding the socket to the `smptd_milters` and
-`non_smtpd_milters` variable in `/etc/postfix/main.cf`:
-
-```conf
-milter_default_action = accept
-milter_protocol = 6
-smtpd_milters = inet:127.0.0.1:8891,inet:127.0.0.1:8893
-non_smtpd_milters = $smtpd_milters
-```
-
-Restart Postfix for the changes to take effect:
-
- # rc-service postfix restart
-
-And when you receive emails from a legitimate source that implements DMARC, you should see the following headers in
-your emails:
-
-```
-Received-SPF: pass (protonmail.com: Sender is authorized to use 'revsuine@protonmail.com' in 'mfrom' identity (mechanism 'include:_spf.protonmail.ch' matched)) receiver=master.revsuine.xyz; identity=mailfrom; envelope-from="revsuine@protonmail.com"; helo=mail-40130.protonmail.ch; client-ip=185.70.40.130
-DMARC-Filter: OpenDMARC Filter v1.4.2 master.revsuine.xyz 88CFF1288D1
-Authentication-Results: OpenDMARC; dmarc=pass (p=quarantine dis=none) header.from=protonmail.com
-Authentication-Results: OpenDMARC; spf=pass smtp.mailfrom=protonmail.com
-Authentication-Results: master.revsuine.xyz;
- dkim=pass (2048-bit key; secure) header.d=protonmail.com header.i=@protonmail.com header.a=rsa-sha256 header.s=protonmail3 header.b=nc4YWVM/
-```
-
### Test SPF, DKIM, and DMARC
You can use [mail-tester.com](https://www.mail-tester.com/) and send an email from your domain to check that SPF, DKIM,