blob: b908d814b00daf76a278271c873ae1edad8cc943 (
plain) (
tree)
|
|
apt install postfix dovecot-imapd opendkim postfix-policyd-spf-python maildrop roundcube prayer nginx postfix-mta-sts-resolver hash-slinger
vim /etc/dovecot/conf.d/10-mail.conf
mail_location = maildir:~/Maildir
vim /etc/dovecot/conf.d/10-ssl.conf
ssl_cert = </etc/ssl/certifikati/fullchain.pem
ssl_key = </etc/ssl/certifikati/privkey.pem
vim /etc/postfix/header\_checks
/^X-Originating-IP:/ IGNORE
/^Received:.*ESMTPSA/ IGNORE
vim /etc/postfix/command\_filter
/^(.*)šijanec(.*)$/ $1 xn--ijanec-9jb $2
vim /etc/postfix/destinations
if !/seznami/
/ijanec/ ALLOW
/241/ ALLOW
/146/ ALLOW
/235/ ALLOW
/gimb.tk/ ALLOW
/xn--jha/ ALLOW
endif
usermod -aG opendkim postfix
mkdir /var/spool/postfix/opendkim
chown opendkim:opendkim /var/spool/postfix/opendkim
opendkim-genkey -D /etc/dkimkeys -s mail
dodaj vsebino /etc/dkimkeys/mail.txt v DNS zone za domeno
vim /etc/opendkim.conf
LogWhy yes
UserID opendkim:opendkim
Domain sijanec.eu,sijanec.org,sijanec.net,xn--ijanec-9jb.eu in tako dalje
Selector mail
KeyFile /etc/dkimkeys/mail.private
Socket local:/var/spool/postfix/opendkim/opendkim.sock
vim /etc/postfix-policyd-spf-python/policyd-spf.conf
HELO_reject = False
Mail_From_reject = False
vim /etc/postfix/main.cf
smtp_header_checks = regexp:/etc/postfix/header_checks
smtpd_tls_cert_file = /etc/ssl/certifikati/fullchain.pem
smtpd_tls_key_file = /etc/ssl/certifikati/privkey.pem
smtpd_tls_received_header = yes
smtpd_command_filter = pcre:/etc/postfix/command_filter
mydomain = sijanec.eu
mydestination = pcre:/etc/postfix/destinations
smtp_address_preference = ipv4
mailbox_command = /usr/bin/maildrop -d $(USER)
smtp_bind_address = 89.212.146.168
smtpd_recipient_restrictions = permit_sasl_authenticated, permit_mynetworks, reject_unauth_destination, check_policy_service unix:private/policyd-spf
policyd-spf_time_limit = 3600
message_size_limit = 1222333444
milter_protocol = 2
milter_default_action = accept
smtpd_milters = unix:/opendkim/opendkim.sock
non_smtpd_milters = unix:/opendkim/opendkim.sock
smtp_tls_policy_maps = socketmap:inet:127.0.0.1:8451:postfix
smtpd_sasl_type = dovecot
smtpd_sasl_path = private/auth
smtpd_sasl_auth_enable = yes
vim /etc/postfix/master.cf
odkomentiraj: smtp, submission, smtps (ostali potrebni so že odkomentirani)
dodaj na konec:
policyd-spf unix - n n - 0 spawn
user=policyd-spf argv=/usr/bin/policy-spf
vim /etc/dovecot/conf.d/10-master.conf
# ta block že obstaja v privzeti konfiguraciji
# https://www.postfix.org/SASL_README.html
service auth {
unix_listener /var/spool/postfix/private/auth {
user = postfix
group = postfix
mode = 0660
}
}
vim /etc/dovecot/conf.d/15-mailboxes.conf
# ti blocki že obstajajo v privzeti konfiguraciji, treba jih je samo dopolniti
namespace inbox {
mailbox Drafts {
special_use = \Drafts
auto = subscribe
}
mailbox Junk {
special_use = \Junk
auto = subscribe
}
mailbox Trash {
special_use = \Trash
auto = subscribe
}
mailbox Sent {
special_use = \Sent
auto = subscribe
}
}
vim ~/.mailfilter
if (/.*librehosting@radiostudent\.si.*/ || /.*kiberpipa\.org.*/ || /.*lugos\.si.*/)
{
to $HOME/Maildir/.liste.lugos
}
if (/.*oss-security.*/ || /.*debian-security-announce.*/)
{
to $HOME/Maildir/.liste.oss-security
}
in tako dalje
iz IMAP klienta je treba **PRED DODAJANJEM MAPE** v ~/.mailfilter izdelati mapo, v nasprotnem primeru bo maildrop naredil mbox datoteko, česar nočemo.
chown $USER:$USER ~/.mailfilter
chmod 0600 ~/.mailfilter
vim /etc/maildroprc
DEFAULT="$HOME/Maildir"
tlsa --create sijanec.eu
dodaj output v DNS domensko zono (nginx mora teči s pravilnim certifikatom!) - spremeni zapis v DNS zoni, ko spremeniš cert
rndc freeze
vim /var/lib/bind/db.sijanec.eu
_mta-sts IN TXT "v=STSv1; id=2"
mta-sts IN CNAME mail
@ IN MX 10 mail
mail IN A 89.212.146.168
_dmarc IN TXT "v=DMARC1; p=none; rua=mailto:dmarc-aggregate@sijanec.eu; ruf=mailto:dmarc-forensic@sijanec.eu; fo=1"
@ IN TXT "v=spf1 mx a ip4:89.212.146.168/32 a:mail.sijanec.eu ~all"
*.sijanec.eu._report._dmarc IN TXT "v=DMARC1"
sijanec.eu._report._dmarc IN TXT "v=DMARC1"
*.sijanec.org._report._dmarc IN TXT "v=DMARC1"
sijanec.org._report._dmarc IN TXT "v=DMARC1" ; in isto za ostale domene
_smtp._tls IN TXT "v=TLSRPTv1; rua=mailto:tls@sijanec.eu"
@ IN CAA 128 issue "letsencrypt.org"
@ IN CAA 128 issuewild "letsencrypt.org"
@ IN CAA 128 iodef "mailto:caa-violation@sijanec.eu"
* IN CAA 128 issue "letsencrypt.org"
* IN CAA 128 issuewild "letsencrypt.org"
* IN CAA 128 iodef "mailto:caa-violation@sijanec.eu"
rndc thaw
vim /etc/aliases
mailer-daemon: postmaster
postmaster: root
nobody: root
hostmaster: root
webmaster: root
listmaster: root
www: root
ftp: root
abuse: root
noc: root
security: root
root: a
anton: a
whois: hostmaster
dns: whois
devnull: null
null: |/dev/null
luka: anton
dmarc-aggregate: postmaster
dmrac-forensic: postmaster
caa-violation: hostmaster
tls: postmaster
newaliases
vim /var/www/html/.well-known/mta-sts.txt
version: STSv1
mode: testing
mx: mail.sijanec.eu
mx: mail.sijanec.org
mx: mail.sijanec.net
mx: mail.xn--ijanec-9jb.eu
mx: mail.xn--ijanec-9jb.org
mx: mail.xn--ijanec-9jb.net
mx: mail.xn--ijanec-9jb.si
mx: mail.xn--ijanec-9jb.com
max_age: 31557600
comment: karkoli
systemctl restart postfix dovecot opendkim prayer nginx postfix-mta-sts-resolver bind9
|
