julius/emailwiz-arch
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

readme rewrite

Browse Source
This commit is contained in:
Luke Smith 2023-01-26 20:59:14 -05:00
parent 548d547949
commit 50cdd5ddbc
1 changed files with 66 additions and 75 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

141
README.md
View File

@ -24,55 +24,66 @@ give your full domain without any subdomain, i.e. `lukesmith.xyz`.
- Config files that link the two above securely with native log-ins. - Config files that link the two above securely with native log-ins.
- **Spamassassin** to prevent spam and allow you to make custom filters. - **Spamassassin** to prevent spam and allow you to make custom filters.
- **OpenDKIM** to validate you so you can send to Gmail and other big sites. - **OpenDKIM** to validate you so you can send to Gmail and other big sites.
- The required SSL certificates if not already present.
## This script does _not_ ## This script does _not_
- use a SQL database or anything like that. - use a SQL database or anything like that. We keep it simple and use normal
- set up a graphical interface for mail like Roundcube or Squirrel Mail. If you Unix system users for accounts and passwords.
want that, you'll have to install it yourself. I just use - set up a graphical web interface for mail like Roundcube or Squirrel Mail.
[isync/msmtp/mutt-wizard](https://github.com/lukesmithxyz/mutt-wizard) to You are expected to use a normal mail client like Thunderbird or K-9 for
have an offline mirror of my email setup and I recommend the same. There are Android or good old mutt with
other ways of doing it though, like Thunderbird, etc. [mutt-wizard](https://github.com/lukesmithxyz/mutt-wizard). Note that there
is a guide for [Rainloop](https://landchad.net/rainloop/) on
[LandChad.net](https://landchad.net) for those that want such a web
interface.
## Before you run this script you need... ## Prerequisites for Installation
1. A **Debian or Ubuntu server**. I've tested this on a 1. Debian or Ubuntu server. I suited this script for
[Vultr](https://www.vultr.com/?ref=8940911-8H) Debian server and one running [Vultr](https://www.vultr.com/?ref=8940911-8H) servers originally, but it
Ubuntu and their setup works, but I suspect other VPS hosts will have works consistently on any normal setup.
similar/possibly identical default settings which will let you run this on 2. DNS records that point your domain to your server's IP (IPv4 and IPv6).
them. Note that the affiliate link there to Vultr gives you a $100 credit
for the first month to play around.
2. **A Let's Encrypt SSL certificate for your site's `mail.` subdomain**.
3. You need two little DNS records set on your domain registrar's site/DNS
server: (1) an **MX record** pointing to your own main domain/IP and (2) a
**CNAME record** for your `mail.` subdomain.
4. **A Reverse DNS entry for your site.** Go to your VPS settings and add an
entry for your IPv4 Reverse DNS that goes from your IP address to
`<mail.yourdomain.com>`. If you would like IPv6, you can do the same for
that. This has been tested on Vultr, and all decent VPS hosts will have a
section on their instance settings page to add a reverse DNS PTR entry. You
can use the 'Test Email Server' or ':smtp' tool on
[mxtoolbox](https://mxtoolbox.com/SuperTool.aspx) to test if you set up a
reverse DNS correctly. This step is not required for everyone, but some big
email services like Gmail will stop emails coming from mail servers with
no/invalid rDNS lookups. This means your email will fail to even make it to
the recipients spam folder; it will never make it to them.
5. `apt purge` all your previous (failed) attempts to install and configure a
mail server. Get rid of _all_ your system settings for Postfix, Dovecot,
OpenDKIM and everything else. This script builds off of a fresh install.
6. Some VPS providers block mail port numbers like 25, 993 or 587 by default.
You may need to request these ports be opened to send mail successfully.
Vultr and most other VPS providers will respond immediately and open the
ports for you if you open a support ticket.
7. If you have a firewall, you'll need to open ports on your side as well. For
example, with `ufw`, just run: `ufw allow 587` on ports 587, 993 and 25 (you
will need port 80 for Certbot too).
## Post-install requirement! ## Mandatory Finishing Touches
- After the script runs, you'll have to add additional DNS TXT records which ### Unblock your ports
are displayed at the end when the script is complete. They will help ensure
your mail is validated and secure. While the script enables your mail ports on your server, it is common practice
for all VPS providers to block mail ports on their end by default. Open a help
ticket with your VPS provider asking them to open your mail ports and they will
do it in short order.
### DNS records
At the end of the script, you will be given some DNS records to add to your DNS
server/registrar's website. These are mostly for authenticating your emails as
non-spam. The 4 records are:
1. An MX record directing to `mail.yourdomain.tld`.
2. A TXT record for SPF (to reduce mail spoofing).
3. A TXT record for DMARC policies.
4. A TXT record with your public DKIM key. This record is long and **uniquely
generated** while running `emailwiz.sh` and thus must be added after
installation.
They will look something like this:
```
@ MX 10 mail.example.org
mail._domainkey.example.org TXT v=DKIM1; k=rsa; p=anextremelylongsequenceoflettersandnumbersgeneratedbyopendkim
_dmarc.example.org TXT v=DMARC1; p=reject; rua=mailto:dmarc@example.org; fo=1
example.org TXT v=spf1 mx a: -all
```
The script will create a file, `~/dns_emailwiz` that will list our the records
for your convenience, and also prints them at the end of the script.
### Add a rDNS/PTR record as well!
Set a reverse DNS or PTR record to avoid getting spammed. You can do this at
your VPS provider, and should set it to `mail.yourdomain.tld`. Note that you
should set this for both IPv4 and IPv6.
## Making new users/mail accounts ## Making new users/mail accounts
@ -95,50 +106,30 @@ in the server, you could just install mutt, add `set spoolfile="+Inbox"` to
your `~/.muttrc` and use mutt to view and reply to mail. You'll probably want your `~/.muttrc` and use mutt to view and reply to mail. You'll probably want
to log in remotely though: to log in remotely though:
## Logging in from Thunderbird or mutt (and others) remotely ## Logging in from email clients (Thunderbird/mutt/etc)
Let's say you want to access your mail with Thunderbird or mutt or another Let's say you want to access your mail with Thunderbird or mutt or another
email program. For my domain, the server information will be as follows: email program. For my domain, the server information will be as follows:
- SMTP server: `mail.lukesmith.xyz` - SMTP server: `mail.lukesmith.xyz`
- SMTP port: 587 - SMTP port: 465
- IMAP server: `mail.lukesmith.xyz` - IMAP server: `mail.lukesmith.xyz`
- IMAP port: 993 - IMAP port: 993
In previous versions of emailwiz, you also had to log on with *only* your
username (i.e. `luke`) rather than your whole email address (i.e.
`luke@lukesmith.xyz`), which caused some confusion. This is no longer the
case.
## Benefited from this? ## Benefited from this?
I am always glad to hear this script is still making life easy for people! If I am always glad to hear this script is still making life easy for people. If
this script or documentation has saved you some frustration, you can donate to this script or documentation has saved you some frustration, donate here:
support me at [lukesmith.xyz/donate](https://lukesmith.xyz/donate.html).
## Troubleshooting -- Can't send mail? - btc: `bc1qzw6mk80t3vrp2cugmgfjqgtgzhldrqac5axfh4`
- xmr: `8A5v4Ci11Lz7BDoE2z2oPqMoNHzr5Zj8B3Q2N2qzqrUKhAKgNQYGSSaZDnBUWg6iXCiZyvC9mVCyGj5kGMJTi1zGKGM4Trm`
- Always check `journalctl -xe` to see the specific problem. ## Sites for Troubleshooting
- Check with your VPS host and ask them to enable mail ports. Some providers
disable them by default. It shouldn't take any time.
- Go to [this site](https://appmaildev.com/en/dkim) to test your TXT records.
If your DKIM, SPF or DMARC tests fail you probably copied in the TXT records
incorrectly.
- If everything looks good and you *can* send mail, but it still goes to Gmail
or another big provider's spam directory, your domain (especially if it's a
new one) might be on a public spam list. Check
[this site](https://mxtoolbox.com/blacklists.aspx) to see if it is. Don't
worry if you are: sometimes especially new domains are automatically assumed
to be spam temporarily. If you are blacklisted by one of these, look into it
and it will explain why and how to remove yourself.
- Check your DNS settings using [this site](https://intodns.com/), it'll report
any issues with your MX records
- Ensure that port 25 is open on your server.
[Vultr](https://www.vultr.com/docs/what-ports-are-blocked) for instance
blocks this by default, you need to open a support ticket with them to open
it. You can't send mail if 25 is blocked
## TODO Can send or receive mail? Getting marked as spam? There are tools to double-check your DNS records and more:
- Fail2ban for security. - Always check `journalctl -xe` first for specific errors.
- Scripts for easier spam prevention. - [Check your DNS](https://intodns.com/)
- [Test your TXT records via mail](https://appmaildev.com/en/dkim)
- [Is your IP blacklisted?](https://mxtoolbox.com/blacklists.aspx)
- [mxtoolbox](https://mxtoolbox.com/SuperTool.aspx)