This is an update to the checklist to create a prefect mailout server: Original Checklist Setup DMARC DNS Record to receive mail delivery reports https://www.unlocktheinbox.com/dmarcwizard/ btw: I Just started adding all those settings to my own domain too. Google DKIM signing is still waiting for DNS propagation.

We are currently trying out the cloudflare service to protect one of our company service. In front of this service we are using haproxy as SSL endpoint and loadbalancer. Cloudflare adds a number of custom headers((http://www.linuxorz.com/2014/10/cloudflare-haproxy-get-real-ip/)): _SERVER["HTTP_CF_IPCOUNTRY"] CN _SERVER["HTTP_CF_RAY"] 17da8155355b0520-SEA _SERVER["HTTP_CF_VISITOR"] {"scheme":"http"} _SERVER["HTTP_CF_CONNECTING_IP"] XX.YY.ZZ.00 In order to extract the original client IP in the X_FORWARDD_FOR header, you need to use the following configuration((http://permalink.gmane.org/gmane.comp.web.haproxy/12019)) in haproxy: acl FROM_CLOUDFLARE src -f /etc/haproxy/cf-ips-v4 reqidel ^X-Forwarded-For:.

In the last week I was tweaking the logging setup of our Cisco ASA firewalls at work and find out why it didn’t work in the first place and how to disable “unneeded” messages. Again this post is nothing you won’t somewhere on the Internet or in the Cisco Documentation or by cafefully looking the ASDM interface. First you need to setup to which server you are want to log. The settings should be pretty straight forward.