Differences
This shows you the differences between two versions of the page.
Both sides previous revision Previous revision Next revision | Previous revisionLast revisionBoth sides next revision | ||
setup_basic_mailserver_with_postfix_dovecot_sieve [02.01.2020 00:47] – [adjustments to postfix settings on our mailserver] Pascal Suter | setup_basic_mailserver_with_postfix_dovecot_sieve [20.03.2021 07:38] – [Create new users] Pascal Suter | ||
---|---|---|---|
Line 65: | Line 65: | ||
to make sure letsencrypt will restart all our servers once the ssh keys change, we need to add this: | to make sure letsencrypt will restart all our servers once the ssh keys change, we need to add this: | ||
< | < | ||
- | echo -e " | + | cat > / |
+ | # | ||
+ | service postfix restart | ||
+ | service dovecot | ||
+ | service apache2 | ||
+ | EOF | ||
+ | chmod +x / | ||
</ | </ | ||
Line 459: | Line 466: | ||
* i've disabled MX lookups, not sure why they should be needed here. | * i've disabled MX lookups, not sure why they should be needed here. | ||
* under "Relay Domains" | * under "Relay Domains" | ||
+ | * in the Options tab i've enabled " | ||
+ | * i have disabled Greylisting as this delays mail delivery significantly and that's a bit of a pain if you wait for account confirmation emails or booking confirmations etc. i'll re-enable it if the spam detection rate is too low. | ||
+ | * also in Options, i have enabled DNSBL and i've entered the following two blacklists to query: '' | ||
* there is no need to configure any transports. this is only needed if you want to route incoming mails for different domains or addresses to different servers. | * there is no need to configure any transports. this is only needed if you want to route incoming mails for different domains or addresses to different servers. | ||
* in the networks tab, you can add the network or ip of your mailserver, in case it is not in the same subnet as your filter.. if it's in the same subnet there is no need to add anything here, as the same subnet is allowed to relay through PMG by default. | * in the networks tab, you can add the network or ip of your mailserver, in case it is not in the same subnet as your filter.. if it's in the same subnet there is no need to add anything here, as the same subnet is allowed to relay through PMG by default. | ||
Line 464: | Line 474: | ||
* for DKIM to work you need to add a TXT entry to your domian' | * for DKIM to work you need to add a TXT entry to your domian' | ||
* once all these settings where done, i had to login to the filter via ssh and **manually restart postfix**. otherwise postfix would bind port 25 to 127.0.0.1 only. i guess rebooting the entire filter would fix this issue as well. | * once all these settings where done, i had to login to the filter via ssh and **manually restart postfix**. otherwise postfix would bind port 25 to 127.0.0.1 only. i guess rebooting the entire filter would fix this issue as well. | ||
+ | |||
+ | ==== tag and deliver spam instead of quarantine ==== | ||
+ | I'm not sure I or my users would be happy with waiting for reports to find out why a recently sent mail did not reach them. after all it's always a good feeling if you can tell someone on the phone that you didn't find their email in your spam folder either, to convince them that they might have had a typo in your email address :) .. | ||
+ | |||
+ | First you need to make sure that spam is no longer quarantined but instead marked and forwarded. | ||
+ | |||
+ | you can either mark an email by modifying its subject or by adding a header element.. i don't like changing the visible part of the email message, so i opted to go for an additional header field that marks spam. | ||
+ | |||
+ | to create it, go to the '' | ||
+ | |||
+ | next we need to make sure that all spam mail is tagged with this header field instead of quarantined. | ||
+ | |||
+ | in the PMG web interface click on '' | ||
+ | |||
+ | now on to your postfix mail server.. we need to add a global sieve rule to dovecot that will move spam into a spam folder.. edit ''/ | ||
+ | sieve_after = / | ||
+ | now create the sieve-after directory: | ||
+ | mkdir / | ||
+ | all filters found in this directory will be executed AFTER each user's own filters. so a user can create his own filters to whitelist spam in our case. | ||
+ | < | ||
+ | cat > / | ||
+ | require [" | ||
+ | |||
+ | if header :contains " | ||
+ | | ||
+ | stop; | ||
+ | } | ||
+ | EOF | ||
+ | </ | ||
+ | now compile the sieve filter: | ||
+ | sievec / | ||
+ | lastly restart dovecot to re-read the config we altered bove | ||
+ | systemctl restart dovecot | ||
+ | to test, send an email from outside to your mail account with the following line in the body: | ||
+ | < | ||
+ | XJS*C4JDBQADN1.NSBN3*2IDNEN*GTUBE-STANDARD-ANTI-UBE-TEST-EMAIL*C.34X | ||
+ | </ | ||
+ | |||
+ | ==== future improvements ==== | ||
+ | === Bayesian learning by moving mail to junk folder === | ||
+ | in order for proxmox' | ||
+ | |||
+ | some information i will need to do this: | ||
+ | * the command on PMG to submit a ham or spam to the learning system is < | ||
+ | * a solution on how to use imap sieve filters to trigger a bash script when a mail is moved into a specific folder can be found in the [[https:// | ||
+ | |||
==== adjustments to postfix settings on our mailserver ==== | ==== adjustments to postfix settings on our mailserver ==== | ||
Line 481: | Line 537: | ||
you can see all attempts that where blocked by geylisting if you go to the tracking center and check the " | you can see all attempts that where blocked by geylisting if you go to the tracking center and check the " | ||
+ | |||
+ | ==== enterprise vs. free ==== | ||
+ | PMG is free open source software with an optional enterprise subscription. For a private person, the enterprise license is too expensive, but if you use this setup for a production server in a copmany, you might want to consider getting the enterprise subscription, | ||
+ | |||
+ | by default, PMG comes with the enterprise repo pre-configured which means you won't be able to update if you don't have a subscription. if you want to use the free repo, you need to change your apt configuration: | ||
+ | rm / | ||
+ | echo "deb http:// | ||
+ | |||
+ | as a non-enterprise user you will have to run updates from the command line, while enterprise users can do it from the web-ui IIRC (i am a poor private user ;)) | ||
+ | |||
+ | ===== Create new users ===== | ||
+ | to manage user accounts, login to adminer to edit your '' | ||
+ | |||
+ | first make sure the domain is added by checking the '' | ||
+ | |||
+ | make note of the domain id of the domain you want to add a new user for. | ||
+ | |||
+ | to add a new forwarding, make a new entry in the '' | ||
+ | |||
+ | to add a new user account, make a new entry in the users table. make sure you don't forget to fill in the '' | ||
+ | dovecot pw -s SHA256-CRYPT | ||
+ | and then enter the new password. It will return a SHA hash which you can then enter in the password field. | ||
+ | |||
+ | lastly, to activate the new mail user account, send an email to that address. | ||
+ | |||
+ | ===== add a new domain ===== | ||
+ | to add a new domain to the mail system, complete the following steps: | ||
+ | - add the domain on the Proxmox Mail Gateway to the "Relay Domains" | ||
+ | - add the domain to your mailserver database, as mentioned above | ||
+ | - update the DNS records of your domain to point to the mailfitler and also add these entries: < | ||
+ | autoconfig | ||
+ | autodiscover | ||
+ | _dmarc | ||
+ | @ | ||
+ | 20200101._domainkey | ||
+ | </ |