I designed an improved version of /usr/sbin/config.postfix. The improvements are: 1. support for SPF checking on incoming email in port 25 of postfix 2. support for DKIM checking on incoming email 3. support for complying to DMARC settings of the sender of an email For legitimate email these all should succeed, but it should keep illegitimate email either preventing coming in or give a high score as spam. However it only generates a private and public key to sign outgoing email with the DKIM-key. It also generates self-signed certificates for the postfix server and if you select dovecot as the authentication service, to submit messages from everywhere to outgoing destinations, also for dovecot as the IMAP server. It is all meant for users who want to have these servers for simple environments, like your home or small business, but with all the protection these systems can offer withou much knowledge about how to configure this. Parameters needed for this generation will be asked for in the mail module of YaST2, which need yet to be finished. A bash script for this is available, but publishing it might not be done. All in all it does not explain and put the SPF, DKIM and DMARC TXT records in the DNS, nor does it enter AAAA and/or A records in the Domain Name Server of your domain. The ideas, which are asked for, are about the best way to support what is needed to put in a proper way in the DNS to support your outgoing email. -- fr.gr. member openSUSE Freek de Kruijf