Differences

This shows you the differences between two versions of the page.

--- computing:mailserver [2025/04/19 02:14] – oemb1905
+++ computing:mailserver [2025/04/23 20:55] (current) – oemb1905
@@ Line 22: / Line 22: @@
   sudo apt install ufw
   sudo ufw allow 22/tcp
-  sudo ufw allow 53/tcp
   sudo ufw allow 25/tcp
   sudo ufw allow 587/tcp
   sudo ufw allow 143/tcp
+  sudo ufw allow 465/tcp
   sudo ufw allow 993/tcp
   sudo ufw allow 80
@@ Line 125: / Line 125: @@
   <mail_location = maildir:~/Maildir>
-Let's make sure dovecot is part of the mail group with ''sudo adduser dovecot mail'' and now we can configure dovecot with ''sudo nano /etc/dovecot/conf.d/10-master.conf'' in order to be able to leverage lmtp:
+Let's make sure dovecot is part of the mail group, including any users you intend to use email:
+  sudo adduser dovecot mail
+  sudo adduser username mail
+Now we can configure dovecot over at ''sudo nano /etc/dovecot/conf.d/10-master.conf'' in order to be able to leverage lmtp:
   service lmtp {
@@ Line 200: / Line 205: @@
   sudo chmod 711 /etc/opendkim/keys
-Once all the directories and key locations are created, let's open the signing table with ''sudo nano /etc/opendkim/signing.table'' and enter the following:
+Once all the directories and key locations are created, let's open the signing table with ''sudo nano /etc/opendkim/signing.table'' and enter the following (without the single quotes required here due to markdown conflict):
   '*@example.com      default._domainkey.example.com'
@@ Line 211: / Line 216: @@
 The trusted hosts is next, over in ''sudo nano /etc/opendkim/trusted.hosts'' which we simply enter:
+.0.0.1
+  localhost
   .domain.com
@@ Line 251: / Line 258: @@
   RejectFailures true
   IgnoreAuthenticatedClients true
+  RequireHeaders true
   SPFSelfValidate true
   Socket local:/var/spool/postfix/opendmarc/opendmarc.sock
@@ Line 361: / Line 369: @@
   #rewrite_header Subject **Possible Spam**
   report_safe 0
-  always_add_headers = 1
+  add_header all Spam-Flag _YESNO_
-  #add_header all Flag _YESNO_
+  add_header all Score _SCORE_
-  #add_header all Status "_YESNO_, score=_SCORE_ required=_REQD_ tests=_TESTS_ autolearn=_AUTOLEARN_ version=_VERSION_"
+  add_header all Report _REPORT_
-  #add_header all Report _REPORT_
+  add_header all Level _STARS_
-  #add_header all Level _STARS_
+  add_header all Status "_YESNO_, score=_SCORE_ required=_REQD_ tests=_TESTS_ autolearn=_AUTOLEARN_ version=_VERSION_"
-  #add_header all Checker-Version "SpamAssassin _VERSION_ (_DATE_) on _HOSTNAME_"
+  add_header all Checker-Version "SpamAssassin _VERSION_ (_DATE_) on _HOSTNAME_"
+  #legacy/deprecated header config - do not use, retained for historical record
+  #always_add_headers = 1
 I included some header options, which can help with debugging. Also, I disable safe reporting and Subject rewriting because they alter the original email, which I think is overkill. In order to activate all that spam assassin can do, we need to have our own recursive DNS resolver, required by RBL services. Let's use the DNS server unbound and install it as follows ''sudo apt install unbound''. It works out of the box, but you can also tweak it by looking at my tutorial here: [[https://wiki.haacksnetworking.org/doku.php?id=computing:unbounddns|Unbound DNS]]. Okay, let's now insruct spamassassin to use our dns server by opening ''sudo nano /etc/spamassassin/local.cf'' and entering the DNS server. We will also add some common scores and white and black lists while at it.
@@ Line 496: / Line 506: @@
 These tools prove helpful if/when emails get stuck, etc.
- --- //[[alerts@haacksnetworking.org|oemb1905]] 2025/04/12 22:51//
+ --- //[[alerts@haacksnetworking.org|oemb1905]] 2025/04/23 20:54//

Haack's Wiki

User Tools

Site Tools

Differences

Page Tools