# Mail Audit — lusar.hr (server.mellon-dev.eu) **Datum:** 15. April 2026 **Server:** server.mellon-dev.eu (157.90.18.28) **Mail adresa:** info@lusar.hr **Username:** marijan@lusar.hr --- ## SMTP Konfiguracija (.env) | Parametar | Vrijednost | |---|---| | `MAIL_MAILER` | `smtp` | | `MAIL_HOST` | `server.mellon-dev.eu` | | `MAIL_PORT` | `465` | | `MAIL_SCHEME` | `smtps` | | `MAIL_USERNAME` | `marijan@lusar.hr` | | `MAIL_FROM_ADDRESS` | `info@lusar.hr` | | `MAIL_FROM_NAME` | `LuSar d.o.o. - Pametna rješenja` | --- ## DNS Zapisi ### A Zapis ``` lusar.hr. A 157.90.18.28 ``` ✅ OK --- ### MX Zapis ``` lusar.hr. MX 0 lusar.hr. ``` ⚠️ **MX ukazuje direktno na lusar.hr** (self-pointing). Radi, ali nije best practice. Preporučuje se `mail.lusar.hr` kao dedicirani MX hostname. --- ### NS Zapisi ``` lusar.hr. NS ns1.mellon-dev.eu. lusar.hr. NS ns2.mellon-dev.eu. ``` ✅ OK — autoritativni nameserveri na mellon-dev.eu --- ### SPF Zapis ``` v=spf1 a mx ip4:157.90.18.28 include:_spf.google.com -all ``` ✅ IP servera (157.90.18.28) je eksplicitno autoriziran ✅ `-all` = hard fail za neautorizirane servere ⚠️ `include:_spf.google.com` — Google je uključen u SPF, ali se ne koristi za slanje via Google. Ako se Gmail/Google Workspace ne koristi, ovo treba ukloniti. --- ### DKIM **Selector:** `default` **Zapis:** `default._domainkey.lusar.hr` ``` v=DKIM1; k=rsa; p=MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQC5jL+YB+8/V/tTWOhYSe3kfK2S2lInv38htVuX+S5zuklgz4z7eWkX4qUbAagPa84q44UNhii5ykOEOPQ+xXP7iTXGOxmXglKauIFIKQ+j5Ue1Ngn9noQhj5TmIb5X2meGIqSxon3T7Mg7Zbu1/nlKlAGEYtmAx3KTMLGgyRH4GwIDAQAB ``` ✅ DKIM DNS zapis postoji i ispravan je ✅ Algoritam: RSA ⚠️ Selector `mail._domainkey.lusar.hr` — ne postoji (samo `default`) --- ### DMARC ``` v=DMARC1; p=none; rua=mailto:mkopcic@gmail.com; ruf=mailto:mkopcic@gmail.com; adkim=r; aspf=r; ``` ⚠️ `p=none` — DMARC je u monitoring modu, ne blokira ništa ✅ Izvještaji se šalju na `mkopcic@gmail.com` ℹ️ Nakon analize izvještaja, dignuti na `p=quarantine` ili `p=reject` --- ### PTR / rDNS ``` dig -x 157.90.18.28 → (prazno) ``` ❌ **KRITIČNO — Nema PTR zapisa za 157.90.18.28** Mnogi mail serveri (Gmail, Yahoo, Microsoft) odbacuju ili markiraju kao spam sve mailove s IP-a bez rDNS zapisa. **Treba postaviti PTR kod Hetzner (hosting provider):** `157.90.18.28` → `server.mellon-dev.eu` --- ## TLS Certifikat | Parametar | Vrijednost | |---|---| | **Subject** | `CN=server.mellon-dev.eu` | | **Issuer** | Let's Encrypt (R12) | | **Valjanost od** | 14.03.2026 | | **Valjanost do** | **12.06.2026** | | **Status** | ✅ Valjan | ⚠️ Certifikat istječe za ~58 dana. Certbot autorenew bi trebao riješiti automatski. --- ## Blacklist Status (15.04.2026) ``` IP: 157.90.18.28 Server: server.mellon-dev.eu ``` | Blacklist | Status | |---|---| | **Spamhaus ZEN** (SBL/XBL/PBL) | ✅ Clean | | **SpamCop** | ✅ Clean | | **Barracuda** | ✅ Clean | --- ## SMTP Konekcija Test ```bash openssl s_client -connect server.mellon-dev.eu:465 -quiet ``` ``` depth=2 C=US, O=Internet Security Research Group, CN=ISRG Root X1 depth=1 C=US, O=Let's Encrypt, CN=R12 depth=0 CN=server.mellon-dev.eu 220 server.mellon-dev.eu ESMTP Postfix ``` ✅ TLS handshake OK ✅ Postfix odgovara ✅ Let's Encrypt certifikat verificiran --- ## Send Test ```bash cd /home/lusarhr/public_html php artisan tinker --execute="Mail::raw('Test', function(\$m) { \$m->to('mkopcic@gmail.com')->subject('[TEST]'); });" ``` | Primatelj | Status | |---|---| | `mkopcic@gmail.com` | ✅ **Poslano** (15.04.2026) | | `info@lusar.hr` | ✅ **Poslano** (15.04.2026) | --- ## Ukupni Status | Stavka | Status | |---|---| | SMTP konekcija | ✅ OK | | TLS/SSL (port 465) | ✅ OK | | SPF | ✅ OK (uz napomenu o Google) | | DKIM | ✅ OK | | DMARC | ⚠️ p=none (monitoring only) | | PTR/rDNS | ❌ **KRITIČNO — ne postoji** | | MX zapis | ⚠️ Self-pointing (radi, nije best practice) | | Blackliste | ✅ Clean | | Certifikat | ✅ Valjan (do 12.06.2026) | | Send test | ✅ OK | --- ## Action Items | Prioritet | Task | Status | |---|---|---| | 1 | **PTR/rDNS za 157.90.18.28** — postaviti kod Hetzner | ❌ TODO | | 2 | **DMARC p=quarantine** — nakon provjere izvještaja | ⏳ TODO | | 3 | **Certbot autorenew provjera** — cert istječe 12.06.2026 | ⏳ Provjeri | | 4 | **Ukloniti `include:_spf.google.com`** iz SPF (ako se Gmail ne koristi) | ⏳ TODO | | 5 | **MX subdomain** — razmotriti `mail.lusar.hr` kao dedicirani MX | 💡 Opcija |