|
|
|
|
# Mail subdirs are owned by root:
|
|
|
|
|
chown -R jebba:jebba /home/jebba/Maildir
|
|
|
|
|
chown -R mailarchive:mailarchive /home/mailarchive/Maildir
|
|
|
|
|
|
|
|
|
|
# opendkim needed to be restarted to listen.
|
|
|
|
|
# It was running, but not listening on port 12301
|
|
|
|
|
|
|
|
|
|
# DMARC
|
|
|
|
|
Instead of "p=reject", set to "p=none" until confirmed working.
|
|
|
|
|
|
|
|
|
|
Need to restart opendmarc after install, or it doesn't listen:
|
|
|
|
|
netstat -pant | grep opendmarc | grep LISTEN
|
|
|
|
|
|
|
|
|
|
# DKIM
|
|
|
|
|
Jul 4 12:38:50 mx1 opendkim[23469]: can't load key from /etc/opendkim/forksand.com.dkim.private: Permission denied
|
|
|
|
|
|
|
|
|
|
XXX
|
|
|
|
|
|
|
|
|
|
chown opendkim /etc/opendkim/forksand.com.dkim.private
|
|
|
|
|
service opendkim restart
|
|
|
|
|
|
|
|
|
|
XXX
|
|
|
|
|
Install haveged for entropy/random number generation, or process can hang.
|
|
|
|
|
|
|
|
|
|
# Set up DNS records:
|
|
|
|
|
|
|
|
|
|
TXT @ "v=spf1 include:_spf.protonmail.ch mx ip4:174.128.244.233 ip4:174.128.244.234 -all"
|
|
|
|
|
|
|
|
|
|
TXT _dmarc "v=DMARC1; p=none; rua=mailto:postmaster@forksand.com""
|
|
|
|
|
|
|
|
|
|
TXT forksand.com.dkim._domainkey ( "v=DKIM1; h=sha256; k=rsa; "
|
|
|
|
|
"p=MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAz7CTEIuPHdWaCZbNBPxlw2LEU3trXqrYEpX/LjJhlRujvDpaz3C5/ItFcbMUWkrg6oXq4s2yS2moRRqAbloHGD1nrnucb2pKX2A3o8IlGKMG1cPdtGvb6vXpE7Yyq2wFkwIk2mMw5SmGOZ2KSju9R2VQ+i5X5HunGrfATYX/StABM1fAigNiltOKXntm/F7OVyPBu2c/mGk86e"
|
|
|
|
|
"s99FNUdLNR6oPt5OFWXjUP3j/3HcDLDSd9yoKLhLRjOJpBugqAFx0B3g+X6ev4xHEe6B76o57RqK2eEe2vZJay/Me1Z/UHTvgohHuO/aYcJCXxDOxx/D07mztH2maKlE678OgKFwIDAQAB" )
|
|
|
|
|
|
|
|
|
|
TXT protonmail._domainkey "v=DKIM1; k=rsa; p=MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCpLi9apcLrxwSXGFFD0n/pgc5iOwfCsTELz+JICz+j2iAwuExU3uvz6P83FTHaJSemT3YGPxbW3li6AJHYUjttagJom3CffpDcT0fGfhZ/zwIt+aTIfUYWJxt1wf6kAUdHVYtopKObx0fdy16IVUIToc/4D5QaT8vARrEr+P/ARwIDAQAB"
|
|
|
|
|
|
|
|
|
|
MX @ 900 10 mx1.forksand.com.
|
|
|
|
|
|
|
|
|
|
MX @ 900 50 mail.protonmail.ch.
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
# Firewall
|
|
|
|
|
|
|
|
|
|
XXX
|
|
|
|
|
iptables:
|
|
|
|
|
The main 25, 587, 993, etc ports were all locked out...
|
|
|
|
|
|
|
|
|
|
# Postfix
|
|
|
|
|
main.cf changes:
|
|
|
|
|
smtpd_helo_restrictions = permit_mynetworks
|
|
|
|
|
smtpd_helo_required = no
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
Remove:
|
|
|
|
|
smtpd_client_restrictions = reject_rbl_client dnsbl.sorbs.net
|
|
|
|
|
virtual_alias_domains = forksand.com, oca.forksand.com
|
|
|
|
|
virtual_alias_maps = hash:/etc/postfix/virtual
|
|
|
|
|
|
|
|
|
|
Add:
|
|
|
|
|
local_recipient_maps =
|
|
|
|
|
luser_relay = jebba
|
|
|
|
|
mynetworks = 127.0.0.0/8, 10.22.22.0/24, 174.128.244.192/26
|
|
|
|
|
|
|
|
|
|
virtual domains...
|
|
|
|
|
postmap /etc/postfix/domains
|
|
|
|
|
|
|
|
|
|
in master.cf, change first line to JUST:
|
|
|
|
|
smtp inet n - y - - smtpd
|
|
|
|
|
Remove:
|
|
|
|
|
-o receive_override_options=no_address_mappings
|
|
|
|
|
|
|
|
|
|
####
|
|
|
|
|
apt install mailutils
|
