Luke Smith 1 год назад
Родитель
Сommit
50cdd5ddbc
1 измененных файлов: 74 добавлений и 83 удалений
  1. +74
    -83
      README.md

+ 74
- 83
README.md Просмотреть файл

@@ -24,55 +24,66 @@ give your full domain without any subdomain, i.e. `lukesmith.xyz`.
- Config files that link the two above securely with native log-ins.
- **Spamassassin** to prevent spam and allow you to make custom filters.
- **OpenDKIM** to validate you so you can send to Gmail and other big sites.
- The required SSL certificates if not already present.

## This script does _not_

- use a SQL database or anything like that.
- set up a graphical interface for mail like Roundcube or Squirrel Mail. If you
want that, you'll have to install it yourself. I just use
[isync/msmtp/mutt-wizard](https://github.com/lukesmithxyz/mutt-wizard) to
have an offline mirror of my email setup and I recommend the same. There are
other ways of doing it though, like Thunderbird, etc.

## Before you run this script you need...

1. A **Debian or Ubuntu server**. I've tested this on a
[Vultr](https://www.vultr.com/?ref=8940911-8H) Debian server and one running
Ubuntu and their setup works, but I suspect other VPS hosts will have
similar/possibly identical default settings which will let you run this on
them. Note that the affiliate link there to Vultr gives you a $100 credit
for the first month to play around.
2. **A Let's Encrypt SSL certificate for your site's `mail.` subdomain**.
3. You need two little DNS records set on your domain registrar's site/DNS
server: (1) an **MX record** pointing to your own main domain/IP and (2) a
**CNAME record** for your `mail.` subdomain.
4. **A Reverse DNS entry for your site.** Go to your VPS settings and add an
entry for your IPv4 Reverse DNS that goes from your IP address to
`<mail.yourdomain.com>`. If you would like IPv6, you can do the same for
that. This has been tested on Vultr, and all decent VPS hosts will have a
section on their instance settings page to add a reverse DNS PTR entry. You
can use the 'Test Email Server' or ':smtp' tool on
[mxtoolbox](https://mxtoolbox.com/SuperTool.aspx) to test if you set up a
reverse DNS correctly. This step is not required for everyone, but some big
email services like Gmail will stop emails coming from mail servers with
no/invalid rDNS lookups. This means your email will fail to even make it to
the recipients spam folder; it will never make it to them.
5. `apt purge` all your previous (failed) attempts to install and configure a
mail server. Get rid of _all_ your system settings for Postfix, Dovecot,
OpenDKIM and everything else. This script builds off of a fresh install.
6. Some VPS providers block mail port numbers like 25, 993 or 587 by default.
You may need to request these ports be opened to send mail successfully.
Vultr and most other VPS providers will respond immediately and open the
ports for you if you open a support ticket.
7. If you have a firewall, you'll need to open ports on your side as well. For
example, with `ufw`, just run: `ufw allow 587` on ports 587, 993 and 25 (you
will need port 80 for Certbot too).

## Post-install requirement!

- After the script runs, you'll have to add additional DNS TXT records which
are displayed at the end when the script is complete. They will help ensure
your mail is validated and secure.
- use a SQL database or anything like that. We keep it simple and use normal
Unix system users for accounts and passwords.
- set up a graphical web interface for mail like Roundcube or Squirrel Mail.
You are expected to use a normal mail client like Thunderbird or K-9 for
Android or good old mutt with
[mutt-wizard](https://github.com/lukesmithxyz/mutt-wizard). Note that there
is a guide for [Rainloop](https://landchad.net/rainloop/) on
[LandChad.net](https://landchad.net) for those that want such a web
interface.

## Prerequisites for Installation

1. Debian or Ubuntu server. I suited this script for
[Vultr](https://www.vultr.com/?ref=8940911-8H) servers originally, but it
works consistently on any normal setup.
2. DNS records that point your domain to your server's IP (IPv4 and IPv6).

## Mandatory Finishing Touches

### Unblock your ports

While the script enables your mail ports on your server, it is common practice
for all VPS providers to block mail ports on their end by default. Open a help
ticket with your VPS provider asking them to open your mail ports and they will
do it in short order.

### DNS records

At the end of the script, you will be given some DNS records to add to your DNS
server/registrar's website. These are mostly for authenticating your emails as
non-spam. The 4 records are:

1. An MX record directing to `mail.yourdomain.tld`.
2. A TXT record for SPF (to reduce mail spoofing).
3. A TXT record for DMARC policies.
4. A TXT record with your public DKIM key. This record is long and **uniquely
generated** while running `emailwiz.sh` and thus must be added after
installation.

They will look something like this:

```
@ MX 10 mail.example.org
mail._domainkey.example.org TXT v=DKIM1; k=rsa; p=anextremelylongsequenceoflettersandnumbersgeneratedbyopendkim
_dmarc.example.org TXT v=DMARC1; p=reject; rua=mailto:dmarc@example.org; fo=1
example.org TXT v=spf1 mx a: -all
```

The script will create a file, `~/dns_emailwiz` that will list our the records
for your convenience, and also prints them at the end of the script.

### Add a rDNS/PTR record as well!

Set a reverse DNS or PTR record to avoid getting spammed. You can do this at
your VPS provider, and should set it to `mail.yourdomain.tld`. Note that you
should set this for both IPv4 and IPv6.

## Making new users/mail accounts

@@ -95,50 +106,30 @@ in the server, you could just install mutt, add `set spoolfile="+Inbox"` to
your `~/.muttrc` and use mutt to view and reply to mail. You'll probably want
to log in remotely though:

## Logging in from Thunderbird or mutt (and others) remotely
## Logging in from email clients (Thunderbird/mutt/etc)

Let's say you want to access your mail with Thunderbird or mutt or another
email program. For my domain, the server information will be as follows:

- SMTP server: `mail.lukesmith.xyz`
- SMTP port: 587
- SMTP port: 465
- IMAP server: `mail.lukesmith.xyz`
- IMAP port: 993

In previous versions of emailwiz, you also had to log on with *only* your
username (i.e. `luke`) rather than your whole email address (i.e.
`luke@lukesmith.xyz`), which caused some confusion. This is no longer the
case.

## Benefited from this?

I am always glad to hear this script is still making life easy for people! If
this script or documentation has saved you some frustration, you can donate to
support me at [lukesmith.xyz/donate](https://lukesmith.xyz/donate.html).

## Troubleshooting -- Can't send mail?

- Always check `journalctl -xe` to see the specific problem.
- Check with your VPS host and ask them to enable mail ports. Some providers
disable them by default. It shouldn't take any time.
- Go to [this site](https://appmaildev.com/en/dkim) to test your TXT records.
If your DKIM, SPF or DMARC tests fail you probably copied in the TXT records
incorrectly.
- If everything looks good and you *can* send mail, but it still goes to Gmail
or another big provider's spam directory, your domain (especially if it's a
new one) might be on a public spam list. Check
[this site](https://mxtoolbox.com/blacklists.aspx) to see if it is. Don't
worry if you are: sometimes especially new domains are automatically assumed
to be spam temporarily. If you are blacklisted by one of these, look into it
and it will explain why and how to remove yourself.
- Check your DNS settings using [this site](https://intodns.com/), it'll report
any issues with your MX records
- Ensure that port 25 is open on your server.
[Vultr](https://www.vultr.com/docs/what-ports-are-blocked) for instance
blocks this by default, you need to open a support ticket with them to open
it. You can't send mail if 25 is blocked

## TODO

- Fail2ban for security.
- Scripts for easier spam prevention.
I am always glad to hear this script is still making life easy for people. If
this script or documentation has saved you some frustration, donate here:

- btc: `bc1qzw6mk80t3vrp2cugmgfjqgtgzhldrqac5axfh4`
- xmr: `8A5v4Ci11Lz7BDoE2z2oPqMoNHzr5Zj8B3Q2N2qzqrUKhAKgNQYGSSaZDnBUWg6iXCiZyvC9mVCyGj5kGMJTi1zGKGM4Trm`

## Sites for Troubleshooting

Can send or receive mail? Getting marked as spam? There are tools to double-check your DNS records and more:

- Always check `journalctl -xe` first for specific errors.
- [Check your DNS](https://intodns.com/)
- [Test your TXT records via mail](https://appmaildev.com/en/dkim)
- [Is your IP blacklisted?](https://mxtoolbox.com/blacklists.aspx)
- [mxtoolbox](https://mxtoolbox.com/SuperTool.aspx)

Загрузка…
Отмена
Сохранить