MailServer: Difference between revisions

From Traxel Wiki
Jump to navigation Jump to search
Line 69: Line 69:


* A Record, diffie, 66.23.226.216
* A Record, diffie, 66.23.226.216
* CNAME Record, @, diffie.deadmandao.com
* A Record, @, 66.23.226.216
* CNAME Record, www, diffie.deadmandao.com
* CNAME Record, www, diffie.deadmandao.com
* CNAME Record, mail, diffie.deadmandao.com
* CNAME Record, mail, diffie.deadmandao.com

Revision as of 05:16, 9 January 2022


Postfix Tutorials

SPF DNS Entry

Traxel Settings

  • IPV4: 69.10.40.10
  • IPV6: fe80::d227:88ff:fe34:7999/64
  • Format: v=spf1 ip4:40.113.200.201 ip6:2001:db8:85a3:8d3:1319:8a2e:370:7348 include:thirdpartydomain.com ~all
  • Start with the SPF version, v=spf1.
    • Indicates that this is an SPF record.
    • Will always be spf1 as other SPF versions have been discontinued.
      • We'll only ever need 640K of RAM.
  • Next, all IP addresses that are eligible to send email on behalf of your domain.
    • Space delimited
    • prefix ip[n]:
    • ip4:69.10.40.10 ip6:fe80::d227:88ff:fe34:7999
  • Next comes the include statement, which lists every third party organization that sends email on your behalf.
    • Does this mean interserver? Is this the part where reverse lookups come in?
    • include:thirdpartydomain.com
  • The end of the SPF record is the strictness level.
    • "-all" - strictest, fail email that doesn't come from this ip list
    • "~all" - accept but flag email from other servers
    • "+all" - anything goes
    • I'll be using "-all".

Looks like the only remaining question is the "include" tag. How do I handle the include tag and/or flag my server from the reverse lookup standpoint?

  • If no include:
    • v=spf1 ip4:69.10.40.10 ip6:fe80::d227:88ff:fe34:7999 -all
    • This works. Problem solved. Grumble.
  • If yes include:
    • v=spf1 ip4:69.10.40.10 ip6:fe80::d227:88ff:fe34:7999 include:systemicbias.com -all

DeadmanDAO

Create Instance

  1. go to interserver
  2. create a single slice instance ($6/mo at this time)
    1. Debian
    2. KVM
  3. Log in root@ip.address using password you provided
apt-get update
apt-get upgrade
apt-get install sudo

Set SPF

apt-get install net-tools
ifconfig

That'll give you the ip4 and ip6 addresses, which go into the DNS text record:

  • v=spf1 ip4:66.23.226.216 ip6:fe80::216:3eff:fe24:10e1 -all

Set Other DNS

  • A Record, diffie, 66.23.226.216
  • A Record, @, 66.23.226.216
  • CNAME Record, www, diffie.deadmandao.com
  • CNAME Record, mail, diffie.deadmandao.com
  • TXT Record, diffe, v=spf1 ip4:66.23.226.216 ip6:fe80::216:3eff:fe24:10e1 -all
  • MX Record, deadmandao.com, mail.deadmandao.com, 10

Set Hostname

apt-get install emacs-nox
emacs -nw /etc/hostname
diffie
emacs -nw /etc/hosts
66.23.226.216	diffie.deadmandao.com diffie
reboot
hostname
hostname --all-fqdn
dnsdomainname

Webserver

apt-get install apache2

Put something up in /var/www/html

SMTP Server

apt-get install postfix

deadmandao.com is the host domain

IMAP Server

Skip this step.

apt-get install d o v e c o t - i m a p d

Up next should be Let's Encrypt, but I am going to skip that for now.

I'm actually thinking I don't need an IMAP server for DeadmanDAO or for BSBC, so I'm going to just leave this dangling. I'll probably do a fresh server build anyway and skip this step.

Mailman

Add Certbot (EFF)

https://certbot.eff.org/instructions?ws=apache&os=debianbuster

Add Snapd
sudo apt update
sudo apt install snapd
sudo snap install core
sudo snap refresh core
Snap Install Certbot
sudo snap install --classic certbot
sudo ln -s /snap/bin/certbot /usr/bin/certbot
Get a Cert for Apache
sudo certbot --apache