Browse Source

rDNS readme fix. Should be mail subdomain.

pull/258/head
Luke Smith 1 year ago
parent
commit
eb5b6743f3
2 changed files with 14 additions and 21 deletions
  1. +9
    -10
      README.md
  2. +5
    -11
      emailwiz.sh

+ 9
- 10
README.md View File

@@ -48,16 +48,15 @@ give your full domain without any subdomain, i.e. `lukesmith.xyz`.
**CNAME record** for your `mail.` subdomain. **CNAME record** for your `mail.` subdomain.
4. **A Reverse DNS entry for your site.** Go to your VPS settings and add an 4. **A Reverse DNS entry for your site.** Go to your VPS settings and add an
entry for your IPv4 Reverse DNS that goes from your IP address to entry for your IPv4 Reverse DNS that goes from your IP address to
`<yourdomain.com>` (not mail subdomain). If you would like IPv6, you can do
the same for that. This has been tested on Vultr, and all decent VPS hosts
will have a section on their instance settings page to add a reverse DNS PTR
entry.
You can use the 'Test Email Server' or ':smtp' tool on
[mxtoolbox](https://mxtoolbox.com/SuperTool.aspx) to test if you set up
a reverse DNS correctly. This step is not required for everyone, but some
big email services like Gmail will stop emails coming from mail servers
with no/invalid rDNS lookups. This means your email will fail to even
make it to the recipients spam folder; it will never make it to them.
`<mail.yourdomain.com>`. If you would like IPv6, you can do the same for
that. This has been tested on Vultr, and all decent VPS hosts will have a
section on their instance settings page to add a reverse DNS PTR entry. You
can use the 'Test Email Server' or ':smtp' tool on
[mxtoolbox](https://mxtoolbox.com/SuperTool.aspx) to test if you set up a
reverse DNS correctly. This step is not required for everyone, but some big
email services like Gmail will stop emails coming from mail servers with
no/invalid rDNS lookups. This means your email will fail to even make it to
the recipients spam folder; it will never make it to them.
5. `apt purge` all your previous (failed) attempts to install and configure a 5. `apt purge` all your previous (failed) attempts to install and configure a
mail server. Get rid of _all_ your system settings for Postfix, Dovecot, mail server. Get rid of _all_ your system settings for Postfix, Dovecot,
OpenDKIM and everything else. This script builds off of a fresh install. OpenDKIM and everything else. This script builds off of a fresh install.


+ 5
- 11
emailwiz.sh View File

@@ -33,11 +33,9 @@
# On installation of Postfix, select "Internet Site" and put in TLD (without # On installation of Postfix, select "Internet Site" and put in TLD (without
# `mail.` before it). # `mail.` before it).


echo "Setting umask to 0022..."
umask 0022 umask 0022


echo "Installing programs..."
apt-get install postfix postfix-pcre dovecot-imapd dovecot-sieve opendkim spamassassin spamc
apt-get install -y postfix postfix-pcre dovecot-imapd dovecot-sieve opendkim spamassassin spamc net-tools
# Check if OpenDKIM is installed and install it if not. # Check if OpenDKIM is installed and install it if not.
which opendkim-genkey >/dev/null 2>&1 || apt-get install opendkim-tools which opendkim-genkey >/dev/null 2>&1 || apt-get install opendkim-tools
domain="$(cat /etc/mailname)" domain="$(cat /etc/mailname)"
@@ -86,7 +84,6 @@ postconf -e 'smtp_tls_protocols = !SSLv2, !SSLv3, !TLSv1, !TLSv1.1'
postconf -e 'tls_preempt_cipherlist = yes' postconf -e 'tls_preempt_cipherlist = yes'
postconf -e 'smtpd_tls_exclude_ciphers = aNULL, LOW, EXP, MEDIUM, ADH, AECDH, MD5, DSS, ECDSA, CAMELLIA128, 3DES, CAMELLIA256, RSA+AES, eNULL' postconf -e 'smtpd_tls_exclude_ciphers = aNULL, LOW, EXP, MEDIUM, ADH, AECDH, MD5, DSS, ECDSA, CAMELLIA128, 3DES, CAMELLIA256, RSA+AES, eNULL'



# Here we tell Postfix to look to Dovecot for authenticating users/passwords. # Here we tell Postfix to look to Dovecot for authenticating users/passwords.
# Dovecot will be putting an authentication socket in /var/spool/postfix/private/auth # Dovecot will be putting an authentication socket in /var/spool/postfix/private/auth
postconf -e 'smtpd_sasl_auth_enable = yes' postconf -e 'smtpd_sasl_auth_enable = yes'
@@ -104,18 +101,17 @@ postconf -e 'smtpd_relay_restrictions = permit_sasl_authenticated, reject_unauth
# boomers want and no one else). # boomers want and no one else).
postconf -e 'home_mailbox = Mail/Inbox/' postconf -e 'home_mailbox = Mail/Inbox/'


# A fix referenced in issue #178 - Postfix configuration leaks ip addresses (https://github.com/LukeSmithxyz/emailwiz/issues/178)
# Prevent "Received From:" header in sent emails in order to prevent leakage of public ip addresses # Prevent "Received From:" header in sent emails in order to prevent leakage of public ip addresses
postconf -e "header_checks = regexp:/etc/postfix/header_checks" postconf -e "header_checks = regexp:/etc/postfix/header_checks"


# Create a login map file that ensures that if a sender wants to send a mail from a user at our local
# domain, they must be authenticated as that user
echo "/^(.*)@$(sh -c "echo $domain | sed 's/\./\\\./'")$/ \${1}" > /etc/postfix/login_maps.pcre

# strips "Received From:" in sent emails # strips "Received From:" in sent emails
echo "/^Received:.*/ IGNORE echo "/^Received:.*/ IGNORE
/^X-Originating-IP:/ IGNORE" >> /etc/postfix/header_checks /^X-Originating-IP:/ IGNORE" >> /etc/postfix/header_checks


# Create a login map file that ensures that if a sender wants to send a mail from a user at our local
# domain, they must be authenticated as that user
echo "/^(.*)@$(sh -c "echo $domain | sed 's/\./\\\./'")$/ \${1}" > /etc/postfix/login_maps.pcre

# master.cf # master.cf
echo "Configuring Postfix's master.cf..." echo "Configuring Postfix's master.cf..."


@@ -136,13 +132,11 @@ smtps inet n - y - - smtpd
spamassassin unix - n n - - pipe spamassassin unix - n n - - pipe
user=debian-spamd argv=/usr/bin/spamc -f -e /usr/sbin/sendmail -oi -f \${sender} \${recipient}" >> /etc/postfix/master.cf user=debian-spamd argv=/usr/bin/spamc -f -e /usr/sbin/sendmail -oi -f \${sender} \${recipient}" >> /etc/postfix/master.cf



# By default, dovecot has a bunch of configs in /etc/dovecot/conf.d/ These # By default, dovecot has a bunch of configs in /etc/dovecot/conf.d/ These
# files have nice documentation if you want to read it, but it's a huge pain to # files have nice documentation if you want to read it, but it's a huge pain to
# go through them to organize. Instead, we simply overwrite # go through them to organize. Instead, we simply overwrite
# /etc/dovecot/dovecot.conf because it's easier to manage. You can get a backup # /etc/dovecot/dovecot.conf because it's easier to manage. You can get a backup
# of the original in /usr/share/dovecot if you want. # of the original in /usr/share/dovecot if you want.

mv /etc/dovecot/dovecot.conf /etc/dovecot/dovecot.backup.conf mv /etc/dovecot/dovecot.conf /etc/dovecot/dovecot.backup.conf


echo "Creating Dovecot config..." echo "Creating Dovecot config..."


Loading…
Cancel
Save