Merge branch 'master' into terminal

2024-11-25 01:40:01 +00:00 · 2024-11-25 01:40:01 +00:00 · 0845eea580
commit 0845eea580
parent acc089f798 90732a7a89
1 changed files with 82 additions and 4 deletions
--- a/content/blog/mail_server_alpine_postfix_dovecot_tutorial/index.md
+++ b/content/blog/mail_server_alpine_postfix_dovecot_tutorial/index.md
@ -493,7 +493,41 @@ Now let's enable IMAP by editing `/etc/dovecot/dovecot.conf`. Find a `protocols
 protocols = imap
 ```
-## Configure how to store emails
+## Logging
 By default, Dovecot logs to the syslog (`/var/log/messages`). It would be easier to monitor Dovecot if it logged to its
 own log file, so we'll configure that at `/etc/dovecot/conf.d/10-logging.conf`:
 ```conf
 log_path = /var/log/dovecot.log
 ```
 The file also has various settings on logging verbosity you can configure. I set:
 ```conf
 auth_verbose = yes
 auth_debug = yes
 mail_debug = yes
 ```
 You should already have an `/etc/logrotate.d/dovecot` file. If not, create it with the following contents:
 ```logrotate
 /var/log/dovecot*.log {
    daily
    missingok
    copytruncate
    rotate 7
    compress
    notifempty
    sharedscripts
    postrotate
        /etc/init.d/dovecot --quiet --ifstarted reopen
    endscript
 }
 ```
 ## Configure IMAP and email storage
 You probably want to use the Maildir format for storing emails, where each user's mail is stored at `~/Maildir` (this
 can be set to another location if desired).
@ -1334,7 +1368,7 @@ The `fo` tag indicates when you would like to receive reports. The options are:
    </tr>
 </table>
-### OpenDMARC
+### OpenDMARC[^spf_processing_redundancy]
 We can use software called OpenDMARC to enforce DMARC policies for incoming mail. OpenDMARC is another milter. Let's
 install it and enable its service:
@ -1444,14 +1478,16 @@ Restart Postfix for the changes to take effect:
 And when you receive emails from a legitimate source that implements DMARC, you should see the following headers in
 your emails:
-```
+<pre id="double-spf-headers">
 <code>
 Received-SPF: pass (protonmail.com: Sender is authorized to use 'revsuine@protonmail.com' in 'mfrom' identity (mechanism 'include:_spf.protonmail.ch' matched)) receiver=master.revsuine.xyz; identity=mailfrom; envelope-from="revsuine@protonmail.com"; helo=mail-40130.protonmail.ch; client-ip=185.70.40.130
 DMARC-Filter: OpenDMARC Filter v1.4.2 master.revsuine.xyz 88CFF1288D1
 Authentication-Results: OpenDMARC; dmarc=pass (p=quarantine dis=none) header.from=protonmail.com
 Authentication-Results: OpenDMARC; spf=pass smtp.mailfrom=protonmail.com
 Authentication-Results: master.revsuine.xyz;
        dkim=pass (2048-bit key; secure) header.d=protonmail.com header.i=@protonmail.com header.a=rsa-sha256 header.s=protonmail3 header.b=nc4YWVM/
-```
+</code>
 </pre>
 <!--
    TODO: switch SPF filter to a milter e.g. https://www.acme.com/software/spfmilter/ so that SPF isn't checked twice
@ -1823,6 +1859,25 @@ you would write `"Inbox.Spam"` in that case.
 # Miscellaneous suggestions
 To use fail2ban for your mail server, create `/etc/fail2ban/jail.d/mail.local`:
 ```ini
 [postfix]
 enabled  = true
 logpath  = /var/log/postfix.log
 [dovecot]
 enabled  = true
 logpath  = /var/log/dovecot.log
 [sieve]
 enabled  = true
 logpath  = /var/log/dovecot.log
 ```
 These are the log file locations we configured above, but you can set them to the syslog if you didn't give Postfix and
 Dovecot their own log files.
 You may want to get your domain whitelisted on [dnswl.org](https://www.dnswl.org/), an email whitelist service where
 admins can submit their domain and IP address to indicate trustworthiness.
@ -1857,3 +1912,26 @@ admins can submit their domain and IP address to indicate trustworthiness.
    to find out where this file should be.
 [^spf_processing_redundancy]: The OpenDMARC milter will be run before the SPF policy daemon, meaning that OpenDMARC
    must do its own SPF checking. This makes postfix-policyd-spf-perl redundant, and results in multiple SPF checks in
    our email headers (e.g. see email headers [here](#double-spf-headers)).
    To get around this, you'd probably have to use a milter to validate SPF, and just list the milter before OpenDMARC.
    I had a bit of a look around for SPF milters and found [ACME's
    spfmilter](https://www.acme.com/software/spfmilter/), but had issues compiling it on Alpine; it complained about
    ```
    spfmilter.c:1623:2: error: #error "neither libspf nor libspf2 is present - please provide one"
     1623 | #error "neither libspf nor libspf2 is present - please provide one"
          |  ^~~~~
    ```
    despite having `libspf2` installed. Potentially this is a musl issue, but I'm doubtful that a project like this
    would be tied to glibc specifically.
    I tried compiling it on Artix Linux and it compiled just fine with the right dependencies installed, so the program
    does compile.
    If anyone can either [suggest](/contact) a way to get ACME's spfmilter to compile on Alpine, or an alternative
    solution to this problem, that would be helpful.