rDNS readme fix. Should be mail subdomain.
This commit is contained in:
Luke Smith
parent
b2ab4f4d68
commit
eb5b6743f3
19
README.md
19
README.md
@ -48,16 +48,15 @@ give your full domain without any subdomain, i.e. `lukesmith.xyz`.
|
|||||||
**CNAME record** for your `mail.` subdomain.
|
**CNAME record** for your `mail.` subdomain.
|
||||||
4. **A Reverse DNS entry for your site.** Go to your VPS settings and add an
|
4. **A Reverse DNS entry for your site.** Go to your VPS settings and add an
|
||||||
entry for your IPv4 Reverse DNS that goes from your IP address to
|
entry for your IPv4 Reverse DNS that goes from your IP address to
|
||||||
`<yourdomain.com>` (not mail subdomain). If you would like IPv6, you can do
|
`<mail.yourdomain.com>`. If you would like IPv6, you can do the same for
|
||||||
the same for that. This has been tested on Vultr, and all decent VPS hosts
|
that. This has been tested on Vultr, and all decent VPS hosts will have a
|
||||||
will have a section on their instance settings page to add a reverse DNS PTR
|
section on their instance settings page to add a reverse DNS PTR entry. You
|
||||||
entry.
|
can use the 'Test Email Server' or ':smtp' tool on
|
||||||
You can use the 'Test Email Server' or ':smtp' tool on
|
[mxtoolbox](https://mxtoolbox.com/SuperTool.aspx) to test if you set up a
|
||||||
[mxtoolbox](https://mxtoolbox.com/SuperTool.aspx) to test if you set up
|
reverse DNS correctly. This step is not required for everyone, but some big
|
||||||
a reverse DNS correctly. This step is not required for everyone, but some
|
email services like Gmail will stop emails coming from mail servers with
|
||||||
big email services like Gmail will stop emails coming from mail servers
|
no/invalid rDNS lookups. This means your email will fail to even make it to
|
||||||
with no/invalid rDNS lookups. This means your email will fail to even
|
the recipients spam folder; it will never make it to them.
|
||||||
make it to the recipients spam folder; it will never make it to them.
|
|
||||||
5. `apt purge` all your previous (failed) attempts to install and configure a
|
5. `apt purge` all your previous (failed) attempts to install and configure a
|
||||||
mail server. Get rid of _all_ your system settings for Postfix, Dovecot,
|
mail server. Get rid of _all_ your system settings for Postfix, Dovecot,
|
||||||
OpenDKIM and everything else. This script builds off of a fresh install.
|
OpenDKIM and everything else. This script builds off of a fresh install.
|
||||||
|
|||||||
16
emailwiz.sh
16
emailwiz.sh
@ -33,11 +33,9 @@
|
|||||||
# On installation of Postfix, select "Internet Site" and put in TLD (without
|
# On installation of Postfix, select "Internet Site" and put in TLD (without
|
||||||
# `mail.` before it).
|
# `mail.` before it).
|
||||||
|
|
||||||
echo "Setting umask to 0022..."
|
|
||||||
umask 0022
|
umask 0022
|
||||||
|
|
||||||
echo "Installing programs..."
|
apt-get install -y postfix postfix-pcre dovecot-imapd dovecot-sieve opendkim spamassassin spamc net-tools
|
||||||
apt-get install postfix postfix-pcre dovecot-imapd dovecot-sieve opendkim spamassassin spamc
|
|
||||||
# Check if OpenDKIM is installed and install it if not.
|
# Check if OpenDKIM is installed and install it if not.
|
||||||
which opendkim-genkey >/dev/null 2>&1 || apt-get install opendkim-tools
|
which opendkim-genkey >/dev/null 2>&1 || apt-get install opendkim-tools
|
||||||
domain="$(cat /etc/mailname)"
|
domain="$(cat /etc/mailname)"
|
||||||
@ -86,7 +84,6 @@ postconf -e 'smtp_tls_protocols = !SSLv2, !SSLv3, !TLSv1, !TLSv1.1'
|
|||||||
postconf -e 'tls_preempt_cipherlist = yes'
|
postconf -e 'tls_preempt_cipherlist = yes'
|
||||||
postconf -e 'smtpd_tls_exclude_ciphers = aNULL, LOW, EXP, MEDIUM, ADH, AECDH, MD5, DSS, ECDSA, CAMELLIA128, 3DES, CAMELLIA256, RSA+AES, eNULL'
|
postconf -e 'smtpd_tls_exclude_ciphers = aNULL, LOW, EXP, MEDIUM, ADH, AECDH, MD5, DSS, ECDSA, CAMELLIA128, 3DES, CAMELLIA256, RSA+AES, eNULL'
|
||||||
|
|
||||||
|
|
||||||
# Here we tell Postfix to look to Dovecot for authenticating users/passwords.
|
# Here we tell Postfix to look to Dovecot for authenticating users/passwords.
|
||||||
# Dovecot will be putting an authentication socket in /var/spool/postfix/private/auth
|
# Dovecot will be putting an authentication socket in /var/spool/postfix/private/auth
|
||||||
postconf -e 'smtpd_sasl_auth_enable = yes'
|
postconf -e 'smtpd_sasl_auth_enable = yes'
|
||||||
@ -104,18 +101,17 @@ postconf -e 'smtpd_relay_restrictions = permit_sasl_authenticated, reject_unauth
|
|||||||
# boomers want and no one else).
|
# boomers want and no one else).
|
||||||
postconf -e 'home_mailbox = Mail/Inbox/'
|
postconf -e 'home_mailbox = Mail/Inbox/'
|
||||||
|
|
||||||
# A fix referenced in issue #178 - Postfix configuration leaks ip addresses (https://github.com/LukeSmithxyz/emailwiz/issues/178)
|
|
||||||
# Prevent "Received From:" header in sent emails in order to prevent leakage of public ip addresses
|
# Prevent "Received From:" header in sent emails in order to prevent leakage of public ip addresses
|
||||||
postconf -e "header_checks = regexp:/etc/postfix/header_checks"
|
postconf -e "header_checks = regexp:/etc/postfix/header_checks"
|
||||||
|
|
||||||
# Create a login map file that ensures that if a sender wants to send a mail from a user at our local
|
|
||||||
# domain, they must be authenticated as that user
|
|
||||||
echo "/^(.*)@$(sh -c "echo $domain | sed 's/\./\\\./'")$/ \${1}" > /etc/postfix/login_maps.pcre
|
|
||||||
|
|
||||||
# strips "Received From:" in sent emails
|
# strips "Received From:" in sent emails
|
||||||
echo "/^Received:.*/ IGNORE
|
echo "/^Received:.*/ IGNORE
|
||||||
/^X-Originating-IP:/ IGNORE" >> /etc/postfix/header_checks
|
/^X-Originating-IP:/ IGNORE" >> /etc/postfix/header_checks
|
||||||
|
|
||||||
|
# Create a login map file that ensures that if a sender wants to send a mail from a user at our local
|
||||||
|
# domain, they must be authenticated as that user
|
||||||
|
echo "/^(.*)@$(sh -c "echo $domain | sed 's/\./\\\./'")$/ \${1}" > /etc/postfix/login_maps.pcre
|
||||||
|
|
||||||
# master.cf
|
# master.cf
|
||||||
echo "Configuring Postfix's master.cf..."
|
echo "Configuring Postfix's master.cf..."
|
||||||
|
|
||||||
@ -136,13 +132,11 @@ smtps inet n - y - - smtpd
|
|||||||
spamassassin unix - n n - - pipe
|
spamassassin unix - n n - - pipe
|
||||||
user=debian-spamd argv=/usr/bin/spamc -f -e /usr/sbin/sendmail -oi -f \${sender} \${recipient}" >> /etc/postfix/master.cf
|
user=debian-spamd argv=/usr/bin/spamc -f -e /usr/sbin/sendmail -oi -f \${sender} \${recipient}" >> /etc/postfix/master.cf
|
||||||
|
|
||||||
|
|
||||||
# By default, dovecot has a bunch of configs in /etc/dovecot/conf.d/ These
|
# By default, dovecot has a bunch of configs in /etc/dovecot/conf.d/ These
|
||||||
# files have nice documentation if you want to read it, but it's a huge pain to
|
# files have nice documentation if you want to read it, but it's a huge pain to
|
||||||
# go through them to organize. Instead, we simply overwrite
|
# go through them to organize. Instead, we simply overwrite
|
||||||
# /etc/dovecot/dovecot.conf because it's easier to manage. You can get a backup
|
# /etc/dovecot/dovecot.conf because it's easier to manage. You can get a backup
|
||||||
# of the original in /usr/share/dovecot if you want.
|
# of the original in /usr/share/dovecot if you want.
|
||||||
|
|
||||||
mv /etc/dovecot/dovecot.conf /etc/dovecot/dovecot.backup.conf
|
mv /etc/dovecot/dovecot.conf /etc/dovecot/dovecot.backup.conf
|
||||||
|
|
||||||
echo "Creating Dovecot config..."
|
echo "Creating Dovecot config..."
|
||||||
|
|||||||
Loading…
Reference in New Issue
Block a user