MailServer

From Traxel Wiki
Jump to navigation Jump to search


Scales Lifted?

Given how much I enjoy administering, and particularly deploying, mail servers - which is to say, not at all - I should consider using hosted email service.

But I would rather drink a broken glass milkshake than give control of my email to one of The Great Old Ones.

But perhaps there is another way:

Postfix Tutorials

SPF DNS Entry

Traxel Settings

  • IPV4: 69.10.40.10
  • IPV6: fe80::d227:88ff:fe34:7999/64
  • Format: v=spf1 ip4:40.113.200.201 ip6:2001:db8:85a3:8d3:1319:8a2e:370:7348 include:thirdpartydomain.com ~all
  • Start with the SPF version, v=spf1.
    • Indicates that this is an SPF record.
    • Will always be spf1 as other SPF versions have been discontinued.
      • We'll only ever need 640K of RAM.
  • Next, all IP addresses that are eligible to send email on behalf of your domain.
    • Space delimited
    • prefix ip[n]:
    • ip4:69.10.40.10 ip6:fe80::d227:88ff:fe34:7999
  • Next comes the include statement, which lists every third party organization that sends email on your behalf.
    • Does this mean interserver? Is this the part where reverse lookups come in?
    • include:thirdpartydomain.com
  • The end of the SPF record is the strictness level.
    • "-all" - strictest, fail email that doesn't come from this ip list
    • "~all" - accept but flag email from other servers
    • "+all" - anything goes
    • I'll be using "-all".

Looks like the only remaining question is the "include" tag. How do I handle the include tag and/or flag my server from the reverse lookup standpoint?

  • If no include:
    • v=spf1 ip4:69.10.40.10 ip6:fe80::d227:88ff:fe34:7999 -all
    • This works. Problem solved. Grumble.
  • If yes include:
    • v=spf1 ip4:69.10.40.10 ip6:fe80::d227:88ff:fe34:7999 include:systemicbias.com -all

DeadmanDAO

See DeadmanDAO_Mail_Server

IMAP Daemon

IMAP Server

apt-get install dovecot-imapd

Next should be Let's Encrypt, I think. I didn't make it to the part where I secure the service.

Cataloging Interserver v. Diffie

conf.d/10-auth.conf

$ diff interserver/dovecot/conf.d/10-auth.conf diffie/dovecot/conf.d/10-auth.conf 
8a9
> # See also ssl=required setting.
99c100
< auth_mechanisms = plain login
---
> auth_mechanisms = plain

adding "login" to Diffie.

conf.d/10-logging.conf

$ diff interserver/dovecot/conf.d/10-logging.conf diffie/dovecot/conf.d/10-logging.conf 
24c44
< auth_verbose = yes
---
> #auth_verbose = no
41c62
< mail_debug = yes
---
> #mail_debug = no

Not changing this yet, but you can tell I was having just as much fun setting up Dovecot on Interserver. :D

conf.d/10-mail.conf

$ diff interserver/dovecot/conf.d/10-mail.conf diffie/dovecot/conf.d/10-mail.conf 
30,31c30
< # mail_location = mbox:~/mail:INBOX=/var/mail/%u
< mail_location = mbox:~/mail
---
> mail_location = mbox:~/mail:INBOX=/var/mail/%u
113c114
< # mail_privileged_group = 
---
> mail_privileged_group = mail

Interesting, but not changing yet...

conf.d/10-master.conf

$ diff interserver/dovecot/conf.d/10-master.conf diffie/dovecot/conf.d/10-master.conf 
96,98c107,109
<   unix_listener /var/spool/postfix/private/auth {
<    mode = 0666
<   }
---
>   #unix_listener /var/spool/postfix/private/auth {
>   #  mode = 0666
>   #}

seems like it could be important, leaving it for now, but may come back.

diffie does not have anything at /var/spool/postfix/private/auth, but does have other things in that directory.