|
|
|
|
@ -8,6 +8,9 @@ chown -R mailarchive:mailarchive /home/mailarchive/Maildir
|
|
|
|
|
# DMARC
|
|
|
|
|
Instead of "p=reject", set to "p=none" until confirmed working.
|
|
|
|
|
|
|
|
|
|
Need to restart opendmarc after install, or it doesn't listen:
|
|
|
|
|
netstat -pant | grep opendmarc | grep LISTEN
|
|
|
|
|
|
|
|
|
|
# DKIM
|
|
|
|
|
Jul 4 12:38:50 mx1 opendkim[23469]: can't load key from /etc/opendkim/forksand.com.dkim.private: Permission denied
|
|
|
|
|
|
|
|
|
|
@ -16,6 +19,9 @@ XXX
|
|
|
|
|
chown opendkim /etc/opendkim/forksand.com.dkim.private
|
|
|
|
|
service opendkim restart
|
|
|
|
|
|
|
|
|
|
XXX
|
|
|
|
|
Install haveged for entropy/random number generation, or process can hang.
|
|
|
|
|
|
|
|
|
|
# Set up DNS records:
|
|
|
|
|
|
|
|
|
|
TXT @ "v=spf1 include:_spf.protonmail.ch mx ip4:174.128.244.233 ip4:174.128.244.234 -all"
|
|
|
|
|
@ -32,3 +38,25 @@ MX @ 900 10 mx1.forksand.com.
|
|
|
|
|
|
|
|
|
|
MX @ 900 50 mail.protonmail.ch.
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
# Firewall
|
|
|
|
|
|
|
|
|
|
XXX
|
|
|
|
|
iptables:
|
|
|
|
|
The main 25, 587, 993, etc ports were all locked out...
|
|
|
|
|
|
|
|
|
|
# Postfix
|
|
|
|
|
main.cf changes:
|
|
|
|
|
smtpd_helo_restrictions = permit_mynetworks
|
|
|
|
|
smtpd_helo_required = no
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
Remove:
|
|
|
|
|
smtpd_client_restrictions = reject_rbl_client dnsbl.sorbs.net
|
|
|
|
|
virtual_alias_domains =
|
|
|
|
|
virtual_alias_maps = hash:/etc/postfix/virtual
|
|
|
|
|
|
|
|
|
|
Add:
|
|
|
|
|
local_recipient_maps =
|
|
|
|
|
luser_relay = jebba
|
|
|
|
|
|
|
|
|
|
|
Jeff Moe
7 years ago