MailServer: Difference between revisions

From Traxel Wiki
Jump to navigation Jump to search
Line 44: Line 44:


See [[MailingList]]
See [[MailingList]]
=== Create Instance ===
# go to interserver
# create a single slice instance ($6/mo at this time)
## Debian
## KVM
# Log in root@ip.address using password you provided
<pre>
apt-get update
apt-get upgrade
apt-get install sudo
</pre>
=== Set SPF ===
<pre>
apt-get install net-tools
ifconfig
</pre>
That'll give you the ip4 and ip6 addresses, which go into the DNS text record:
* v=spf1 ip4:66.23.226.216 ip6:fe80::216:3eff:fe24:10e1 -all
=== Set Other DNS ===
* A Record, diffie, 66.23.226.216
* A Record, @, 66.23.226.216
* CNAME Record, www, diffie.deadmandao.com
* CNAME Record, mail, diffie.deadmandao.com
* TXT Record, diffe, v=spf1 ip4:66.23.226.216 ip6:fe80::216:3eff:fe24:10e1 -all
* MX Record, deadmandao.com, mail.deadmandao.com, 10
=== Set Hostname ===
<pre>
apt-get install emacs-nox
emacs -nw /etc/hostname
diffie
emacs -nw /etc/hosts
66.23.226.216 diffie.deadmandao.com diffie
reboot
hostname
hostname --all-fqdn
dnsdomainname
</pre>
=== Webserver ===
<pre>
apt-get install apache2
</pre>
Put something up in /var/www/html
=== SMTP Server ===
<pre>
apt-get install postfix
</pre>
deadmandao.com is the host domain
=== IMAP Server ===
Skip this step.
<pre>
apt-get install d o v e c o t - i m a p d
</pre>
Up next should be Let's Encrypt, but I am going to skip that for now.
I'm actually thinking I don't need an IMAP server for DeadmanDAO or for BSBC, so I'm going to just leave this dangling. I'll probably do a fresh server build anyway and skip this step.
=== Mailman ===
* https://docs.mailman3.org/en/latest/pre-installation-guide.html
==== Add Certbot (EFF) ====
https://certbot.eff.org/instructions?ws=apache&os=debianbuster
===== Add Snapd =====
<pre>
sudo apt update
sudo apt install snapd
sudo snap install core
sudo snap refresh core
</pre>
===== Snap Install Certbot =====
<pre>
sudo snap install --classic certbot
sudo ln -s /snap/bin/certbot /usr/bin/certbot
</pre>
===== Get a Cert for Apache =====
<pre>
sudo certbot --apache -d deadmandao.com -d www.deadmandao.com -d mail.deadmandao.com -d diffie.deadmandao.com
</pre>

Revision as of 17:17, 9 January 2022


Postfix Tutorials

SPF DNS Entry

Traxel Settings

  • IPV4: 69.10.40.10
  • IPV6: fe80::d227:88ff:fe34:7999/64
  • Format: v=spf1 ip4:40.113.200.201 ip6:2001:db8:85a3:8d3:1319:8a2e:370:7348 include:thirdpartydomain.com ~all
  • Start with the SPF version, v=spf1.
    • Indicates that this is an SPF record.
    • Will always be spf1 as other SPF versions have been discontinued.
      • We'll only ever need 640K of RAM.
  • Next, all IP addresses that are eligible to send email on behalf of your domain.
    • Space delimited
    • prefix ip[n]:
    • ip4:69.10.40.10 ip6:fe80::d227:88ff:fe34:7999
  • Next comes the include statement, which lists every third party organization that sends email on your behalf.
    • Does this mean interserver? Is this the part where reverse lookups come in?
    • include:thirdpartydomain.com
  • The end of the SPF record is the strictness level.
    • "-all" - strictest, fail email that doesn't come from this ip list
    • "~all" - accept but flag email from other servers
    • "+all" - anything goes
    • I'll be using "-all".

Looks like the only remaining question is the "include" tag. How do I handle the include tag and/or flag my server from the reverse lookup standpoint?

  • If no include:
    • v=spf1 ip4:69.10.40.10 ip6:fe80::d227:88ff:fe34:7999 -all
    • This works. Problem solved. Grumble.
  • If yes include:
    • v=spf1 ip4:69.10.40.10 ip6:fe80::d227:88ff:fe34:7999 include:systemicbias.com -all

DeadmanDAO

See MailingList

Retrieved from "https://wiki.traxel.com/index.php?title=MailServer&oldid=1157"