Differenze tra le versioni 9 e 14 (in 5 versioni)
|
Dimensione: 2237
Commento:
|
← Versione 14 del 2025-02-12 22:39:43 ⇥
Dimensione: 3001
Commento:
|
| Le cancellazioni sono segnalate in questo modo. | Le aggiunte sono segnalate in questo modo. |
| Linea 23: | Linea 23: |
| Configure apache, use HTTPS through letsencrypt. In bind, create A record for ml.ninux.org {{{ $ORIGIN ninux.org. ml A 176.111.173.140 }}} Use certbot to obtain a letsencrypt certificate: {{{ certbot --apache -d ml.ninux.org run }}} |
|
| Linea 25: | Linea 38: |
| pipe to opendkim letsencrypt |
|
| Linea 28: | Linea 39: |
| == Postfix to mailman py == | In main.cf {{{ #DKIM milter_default_action = accept milter_protocol = 2 smtpd_milters = inet:localhost:8892 non_smtpd_milters = inet:localhost:8892 }}} |
| Linea 30: | Linea 48: |
| == Postfix antispam == | Use apache letsencrypt certificates also for postfix {{{ smtpd_tls_cert_file=/etc/letsencrypt/live/ml.ninux.org/fullchain.pem smtpd_tls_key_file=/etc/letsencrypt/live/ml.ninux.org/privkey.pem smtpd_use_tls=yes }}} In master.cf {{{ mailman unix - n n - - pipe flags=FR user=list argv=/usr/local/mailman/bin/postfix-to-mailman.py ${nexthop} ${user} policyd-spf unix - n n - 0 spawn user=policyd-spf argv=/usr/sbin/postfix-policyd-spf-perl }}} |
| Linea 36: | Linea 67: |
| {{ | {{{ |
| Linea 51: | Linea 82: |
| The DNS entry to be added to bind is in /etc/mail/dkim-keys/ml.ninux.org/mail.txt | |
| Linea 53: | Linea 85: |
Please note that key sections are here shortened with "...", but you should use the integral version of your keys. These might need to be split due to length constraints. |
|
| Linea 80: | Linea 110: |
== Spamassassin == |
Mailman Configuration
Mailman
Download the mailman-2.1.39 tarball, uncompress it, then compile it and install it:
./configure --prefix=/usr/local/mailman --with-python=/usr/bin/python2.7 --with-mail-gid=nogroup make make install
Fix permissions with:
usr/local/mailman/bin/check_perms -f
/usr/local/mailman/bin/mailmanctl restart
Apache
Configure apache, use HTTPS through letsencrypt.
In bind, create A record for ml.ninux.org
$ORIGIN ninux.org. ml A 176.111.173.140
Use certbot to obtain a letsencrypt certificate:
certbot --apache -d ml.ninux.org run
Postfix
In main.cf
#DKIM milter_default_action = accept milter_protocol = 2 smtpd_milters = inet:localhost:8892 non_smtpd_milters = inet:localhost:8892
Use apache letsencrypt certificates also for postfix
smtpd_tls_cert_file=/etc/letsencrypt/live/ml.ninux.org/fullchain.pem smtpd_tls_key_file=/etc/letsencrypt/live/ml.ninux.org/privkey.pem smtpd_use_tls=yes
In master.cf
mailman unix - n n - - pipe
flags=FR user=list argv=/usr/local/mailman/bin/postfix-to-mailman.py ${nexthop} ${user}
policyd-spf unix - n n - 0 spawn
user=policyd-spf argv=/usr/sbin/postfix-policyd-spf-perl
DKIM
We use OpenDKIM
Generate a 2048 bits key
opendkim-genkey -b 2048 -d ml.ninux.org -D /etc/mail/dkim-keys/ml.ninux.org -s mail -v
/etc/opendkim.conf
Syslog yes UMask 002 Domain ml.ninux.org KeyFile /etc/mail/dkim-keys/ml.ninux.org/mail.private Selector mail Socket inet:8892@localhost OversignHeaders From
The DNS entry to be added to bind is in /etc/mail/dkim-keys/ml.ninux.org/mail.txt
DNS entries in bind for SPF, DMARC and DKIM
$ORIGIN ninux.org.
_dmarc TXT "v=DMARC1\; p=none\; sp=none\; adkim=r\; aspf=r\; rua=mailto:nino@ninux.org\; ruf=mailto:nino@ninux.org\; fo=1\;"
mail._domainkey TXT "v=DKIM1\; h=sha256\; k=rsa\; " "p=MIIBI...NeyP" "a...B"
ml A 176.111.173.140
MX 10 ml
TXT "v=spf1 ip4:176.111.173.140 -all"
SPF "v=spf1 ip4:176.111.173.140 -all"
$ORIGIN ml.ninux.org.
_dmarc TXT "v=DMARC1\; p=none\; sp=none\; adkim=r\; aspf=r\; rua=mailto:nino@ninux.org\; ruf=mailto:nino@ninux.org\; fo=1\;"
mail._domainkey TXT "v=DKIM1\; h=sha256\; k=rsa\; " "p=MIIBI...NeyP" "a...B"Verify with dig, e.g.
$ dig +short @1.1.1.1 mail._domainkey.ml.ninux.org TXT "v=DKIM1; h=sha256; k=rsa; " "p=MIIBI...NeyP" "a...B" $ dig +short @1.1.1.1 mail._domainkey.ninux.org TXT "v=DKIM1; h=sha256; k=rsa; " "p=MIIBI...NeyP" "a...B"