diff --git a/content/blog/mail_server_alpine_postfix_dovecot_tutorial/index.md b/content/blog/mail_server_alpine_postfix_dovecot_tutorial/index.md index fe9e42e..1059745 100644 --- a/content/blog/mail_server_alpine_postfix_dovecot_tutorial/index.md +++ b/content/blog/mail_server_alpine_postfix_dovecot_tutorial/index.md @@ -726,11 +726,10 @@ namespace inbox { You can set the `auto = create` option for any mailbox you want to be auto-created for users. -Now enable and start the Dovecot service. Keep an eye on terminal output, as if there's a configuration error, you'll -get an error message when restarting. +Now restart Dovecot. Keep an eye on terminal output, as if there's a configuration error, you'll get an error message +when restarting. - # rc-update add dovecot default - # rc-service dovecot start + # rc-service dovecot restart # Use a local email client @@ -873,11 +872,6 @@ OpenDKIM is an open-source implementation of DKIM signing and authentication. Yo You may also want `opendkim-doc` for documentation. -Enable the service: - - # rc-update add opendkim default - # rc-service opendkim start - Add the `postfix` user to the `opendkim` group: # adduser postfix opendkim @@ -1224,207 +1218,6 @@ suggestions.](https://wiki.list.org/DEV/DMARC) # Amavis -Amavis is a high-performance interface between MTAs and content checkers, such as virus scanners and spam filters. We -will use Amavis as a Postfix content filter for virus scanning and spam filtering, with ClamAV and SpamAssassin -respectively. - -Install Amavis and enable the service: - - # apk add amavis - # rc-update add amavisd default - # rc-service amavisd start - -## Amavis and Postfix - -Let's set up Amavis as an SMTP proxy. Edit your Postfix config at `/etc/postfix/main.cf`, and add the following to the -end of the file: - -```conf -# amavis filtering -# gets overridden by submission & smtps services in master.cf: -content_filter = smtp-amavis:[127.0.0.1]:10024 -# delays postfix connection to content filter until entire email message has arrived -smtpd_proxy_options = speed_adjust -``` - -Amavis listens on port 10024 by default, so this tells Postfix to use Amavis as a content filter. - -Now edit `/etc/postfix/master.cf` and add the following lines: - -```conf -smtp-amavis unix - - n - 2 smtp - -o syslog_name=postfix/amavis - -o smtp_data_done_timeout=1200 - -o smtp_send_xforward_command=yes - -o smtp_dns_support_level=disabled - -o max_use=20 - -o smtp_tls_security_level=none - -127.0.0.1:10025 inet n - n - - smtpd - -o syslog_name=postfix/10025 - -o content_filter= - -o mynetworks_style=host - -o mynetworks=127.0.0.0/8 - -o local_recipient_maps= - -o relay_recipient_maps= - -o strict_rfc821_envelopes=yes - -o smtp_tls_security_level=none - -o smtpd_tls_security_level=none - -o smtpd_restriction_classes= - -o smtpd_delay_reject=no - -o smtpd_client_restrictions=permit_mynetworks,reject - -o smtpd_helo_restrictions= - -o smtpd_sender_restrictions= - -o smtpd_recipient_restrictions=permit_mynetworks,reject - -o smtpd_end_of_data_restrictions= - -o smtpd_error_sleep_time=0 - -o smtpd_soft_error_limit=1001 - -o smtpd_hard_error_limit=1000 - -o smtpd_client_connection_count_limit=0 - -o smtpd_client_connection_rate_limit=0 - -o receive_override_options=no_header_body_checks,no_unknown_recipient_checks,no_address_mappings -``` - -The first block tells Postfix to send emails to Amavis, and the second block tells Postfix to run an extra smtpd daemon -on port 10025 to receive emails back from Amavis. Restart Postfix for the changes to take effect: - - # rc-service postfix restart - -It's good practice to use a different port for email submissions from authenticated users. Let's use port 10026 for -this. Edit `/etc/amavisd.conf` and set `$inet_socket_port` to: - -```conf -$inet_socket_port = [10024,10026]; -``` - -to listen on multiple TCP ports. - -We'll set the policy to `ORIGINATING` for port 10026 in the same Amavis config file: - -```conf -$interface_policy{'10026'} = 'ORIGINATING'; -``` - -Then define the `ORIGINATING` policy by adding the following lines: - -```conf -$policy_bank{'ORIGINATING'} = { # mail supposedly originating from our users - originating => 1, # declare that mail was submitted by our smtp client - allow_disclaimers => 1, # enables disclaimer insertion if available - # notify administrator of locally originating malware - virus_admin_maps => ["virusalert\@$mydomain"], - spam_admin_maps => ["virusalert\@$mydomain"], - warnbadhsender => 1, - # force MTA conversion to 7-bit (e.g. before DKIM signing) - smtpd_discard_ehlo_keywords => ['8BITMIME'], - bypass_banned_checks_maps => [1], # allow sending any file names and types - terminate_dsn_on_notify_success => 0, # don't remove NOTIFY=SUCCESS option -}; -``` - -Note that this is configured to send virus alerts to `virusalert@domain.com`. This should be a real email address, not -an alias, because ClamAV bypasses Postfix and sends emails straight to Dovecot, which doesn't have access to Postfix -aliases. - -Restart Amavis for the change to take effect: - - # rc-service amavisd restart - -Edit `/etc/postfix/master.cf` now and add the following to the `submission` and `smtps` services: - -```conf - # emails from authenticated SMTP clients will be passed to Amavis listening - # on port 10026: - -o content_filter=smtp-amavis:[127.0.0.1]:10026 -``` - -Restart Postfix again for the changes to take effect: - - # rc-service postfix restart - -## Amavis and ClamAV - -Install ClamAV and enable its daemon: - - # apk add clamav clamav-daemon - # rc-update add clamd default - # rc-service clamd start - -Enable virus-checking in Amavis by editing `/etc/amavisd.conf` and setting `@bypass_virus_checks_maps` to the -following: - -```conf -# enable virus checking -@bypass_virus_checks_maps = ( - \%bypass_virus_checks, \@bypass_virus_checks_acl, \$bypass_virus_checks_re); -``` - -Add `clamav` to the `amavis` group: - - # adduser clamav amavis - -Restart the amavisd and clamd daemons: - - # rc-service amavisd restart - # rc-service clamd restart - -## Amavis and SpamAssassin - -Install SpamAssassin: - - # apk add spamassassin - -You may also want to install `spamassassin-doc`. - -Let's configure SpamAssassin. SpamAssassin is configured at `/etc/mail/spamassassin/local.cf`. You may want to -configure the `required_score` option, which defaults to `5.0`. This is the spam score required for an email to be -marked spam. `5.0` is a sensible default, but you can adjust this if you find that your spam filter needs to be more or -less aggressive. - -You can also set options like `rewrite_header` to rewrite headers of a message marked spam, e.g. - -```conf -rewrite_header Subject [SPAM] -``` - -prepends `[SPAM]` to the subject line of a spam message. - -Enable the service: - - # rc-update add spamd default - # rc-service spamd start - -Enable spam filtering by setting `@bypass_spam_checks_maps` in your `/etc/amavisd.conf`: - -```conf -# enable spam filtering -@bypass_spam_checks_maps = ( - \%bypass_spam_checks, \@bypass_spam_checks_acl, $bypass_spam_checks_re); -``` - -Restart Amavis: - - # rc-service amavisd restart - -Now let's test your spam filter. Send yourself an email containing the following string somewhere in the body: - -``` -XJS*C4JDBQADN1.NSBN3*2IDNEN*GTUBE-STANDARD-ANTI-UBE-TEST-EMAIL*C.34X -``` - -You should see the email arrive with the following headers: - -``` -X-Spam-Flag: YES -X-Spam-Score: 999.802 -X-Spam-Level: **************************************************************** -X-Spam-Status: Yes, score=999.802 tagged_above=2 required=6.2 - tests=[DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, - DKIM_VALID_EF=-0.1, GTUBE=1000, NO_RECEIVED=-0.001, NO_RELAYS=-0.001, - TVD_SPACE_RATIO=0.001, URIBL_BLOCKED=0.001, URIBL_DBL_BLOCKED_OPENDNS=0.001, - URIBL_ZEN_BLOCKED_OPENDNS=0.001] autolearn=no autolearn_force=no -``` - # Miscellaneous suggestions You may want to get your domain whitelisted on [dnswl.org](https://www.dnswl.org/), an email whitelist service where diff --git a/themes/terminal b/themes/terminal index b09f47a..c779a70 160000 --- a/themes/terminal +++ b/themes/terminal @@ -1 +1 @@ -Subproject commit b09f47aae7bc7f2fdeab523d15d2a8d217c4dad1 +Subproject commit c779a7083471f5f6f7036dfd60e9ff9a321600f9