The Mailserver has been developed in order to allow each microservice, inside the FINSEC platform, to send an alert or notification through an email.
Each time that it is necessary to deploy a Mailserver it is very important that all the emails that are sent are validated and signed. In order for each MTA (Mail Transfer Agent) to recognize the Mailserver as a valid sender, so emails are not put in junk or spam folders we have used two important functionalities:
I. DKIM (Domain Keys Identified Mail) is a method to prevent spoofing and it allows trust in the sender
II. SPF (Sender Policy Framework) is an email-authentication technique, which is used to prevent spammers from sending messages on behalf of your domain.
For both functionalities to work properly, they require some configurations on DNS, in particular:
- A TXT record for KIM
- A TXT record for SPF
- A PTR record for Mailserver IP
The Mailserver architecture is shown in the figure below.
Two containers compose the Mailserver POD; the first is a Postfix container and the second one is API-server. All FINSEC POD can communicate with Mailserver POD by using the Mailserver service: the service forwards the requests coming from FINSEC PODs towards the API-server, and then it translates these requests in Postfix commands to send email.