Configuration improvements

Hi I recently ran my domain through a few sites to check the configuration was done and was surprised by some of the warnings that were reported.

From intodns.com I noticed one warning and one error being reported and wasnt sure if this was something I could solve my self of an improvement needed to mailinabox.

Error:
The MX records that do not seem valid hostname:
subdomain.testsite.com
This can cause problems

Warning:
Your SOA RETRY value is: 86400 . That is NOT OK

I also ran it through hardenize.com which reported the following warning:
All hosts that receive email need encryption to ensure confidentiality of email messages. Email servers thus need to support STARTTLS, as well as provide decent TLS configuration and correct certificates.
There are issues with this site’s SMTP configuration.

I ran this these sites against mailinabox.email, assuming that these are configured with MiaB defaults, and the results appear much the same. This way we can talk about a real domain.

I can’t get a result that shows any issue with valid hostnames, so this may be an issue. The hostname should match your server (e.g., box.occams.info in the case of mailinabox.email). Run cat /etc/hostname to see your server’s hostname and run grep myhostname /etc/postfix/main.cf to see what postfix thinks your hostname is.

It seems there is some issue related to the retry time on the SOA record. The Wikipedia article on SOA records pointed to this RIPE article, that seems reasonably researched and recommends retry time of 7200. Why MiaB is at 86400, I don’t know.

For the STARTTLS support, this is already supported:

$ grep smtpd_tls_security_level /etc/postfix/main.cf
smtpd_tls_security_level=may

I’m not sure why their test is reporting this isn’t enabled.

So I checked the hostname and it appears to be the same for both so Im not really sure what the issue is.

root@box:~# cat /etc/hostname
box.domain.tld
root@box:~# grep myhostname /etc/postfix/main.cf
myhostname = box.domain.tld

I also checked the STARTTLS and got the same response as you so yeah not sure about the issue there.