Explanations: some rewrite.

This commit is contained in:
Philippe PITTOLI 2024-04-16 15:04:22 +02:00
parent 6dd342d952
commit 915e779511

View File

@ -60,20 +60,22 @@ basics :: forall w i. HH.HTML w i
basics = HH.div_
[ Bulma.h3 "Basics of DNS"
, Bulma.p """
The domain name system lets people share a name instead of an address to find a website or service.
The domain name system (DNS) enables people share a name instead of an address to find a website or service.
"""
, Bulma.p """
To configure a zone, the first steps are trivial.
"""
, Bulma.hr
, Bulma.h3 "I have something to host."
, expl' "Let's assume you have a web server, you host your website somewhere (A and AAAA records)."
, expl' "Let's assume you have a web server and you host your website somewhere (A and AAAA records)."
, Bulma.p """
You want an A (IPv4) or AAAA (IPv6) record pointing to your server, named "enigma" for example.
"""
, expl' "You need other names pointing to your server (CNAME records)."
, Bulma.p """
You may not want to use the name of your server "enigma" directly.
Instead, you want the usual names for your services, such as "www" or "blog".
Instead, you may want the usual names for your services, such as "www" or "blog".
CNAME records are basically aliases, exactly to that end.
"""
, expl' "If you have other servers, just add more A or AAAA records."
@ -96,10 +98,10 @@ basics = HH.div_
This won't be covered here.
"""
, Bulma.p """
You need a MX record pointing to your "www" A (or AAAA) record.
You need an MX record pointing to your "www" A (or AAAA) record.
"""
, Bulma.p """
Having a MX record isn't enough to handle a mail server.
Having an MX record isn't enough to handle a mail server.
You need to use a few spam mitigation mechanisms.
"""
, Bulma.columns_
@ -113,10 +115,10 @@ basics = HH.div_
]
, col
[ expl' """
Spam mitigation 2: prove the mails come from your mail server with DomainKeys Identified Mail (DKIM).
Spam mitigation 2: prove that the mails come from your mail server with DomainKeys Identified Mail (DKIM).
"""
, expl_txt """
You'll have to configure your mail server to sign the emails you send.
You will have to configure your mail server to sign the emails you send.
This involves creating a pair of keys (public and private).
Your mail server will sign the mails with the private key,
and other mail servers will verify the signature with the public key.
@ -130,6 +132,10 @@ basics = HH.div_
, expl_txt """
Last but not least, DMARC.
"""
, Bulma.hr
, Bulma.p """
DMARC enables to check the "From:" field of a mail, based on the SPF and DKIM mechanisms.
"""
]
]
@ -261,16 +267,16 @@ dkim_default_algorithms =
spf_introduction :: forall w i. Array (HH.HTML w i)
spf_introduction =
[ HH.p []
[ HH.text "Sender Policy Framework (SPF) is a way to tell "
[ HH.text "Sender Policy Framework (SPF) is a way to tell the "
, HH.u_ [HH.text "other mail servers"]
, HH.text " what are mail servers susceptible to send mails with email addresses from "
, HH.u_ [HH.text "our domain"]
, HH.text " which are the mail servers supposed to send mails from "
, HH.u_ [HH.text "your domain"]
, HH.text ". "
]
, HH.p []
[ HH.text """
This way, we can mitigate spam.
A server receiving a mail with our email address but coming from an IP address we didn't list as authorized will be discarded.
A server receiving a mail from your email address but coming from an IP address we didn't list as authorized will be discarded.
This is not a bullet-proof technique, but it's simple enough and works great with the most basic forms of spam.
"""
]
@ -278,10 +284,10 @@ spf_introduction =
[ HH.text "A correctly configured domain with a mail server should only advertise the right IP addresses that can possibly send mails from the domain."
]
, HH.p []
[ HH.u_ [HH.text "Advice for novice users"]
[ HH.u_ [HH.text "Advice for beginners"]
, HH.text """
: default values should work great with simple domains.
Make sure to have a MX record, which should be pointing to an A or AAAA record, and that will do it. 🥳
Make sure to have an MX record, which should be pointing to an A or AAAA record, and that will do it. 🥳
"""
]
]