Differences
This shows you the differences between two versions of the page.
Both sides previous revision Previous revision Next revision | Previous revisionLast revisionBoth sides next revision | ||
setup_basic_mailserver_with_postfix_dovecot_sieve [02.01.2020 11:56] – [future improvements] Pascal Suter | setup_basic_mailserver_with_postfix_dovecot_sieve [20.03.2021 07:38] – [Create new users] Pascal Suter | ||
---|---|---|---|
Line 65: | Line 65: | ||
to make sure letsencrypt will restart all our servers once the ssh keys change, we need to add this: | to make sure letsencrypt will restart all our servers once the ssh keys change, we need to add this: | ||
< | < | ||
- | echo -e " | + | cat > / |
+ | # | ||
+ | service postfix restart | ||
+ | service dovecot | ||
+ | service apache2 | ||
+ | EOF | ||
+ | chmod +x / | ||
</ | </ | ||
Line 467: | Line 474: | ||
* for DKIM to work you need to add a TXT entry to your domian' | * for DKIM to work you need to add a TXT entry to your domian' | ||
* once all these settings where done, i had to login to the filter via ssh and **manually restart postfix**. otherwise postfix would bind port 25 to 127.0.0.1 only. i guess rebooting the entire filter would fix this issue as well. | * once all these settings where done, i had to login to the filter via ssh and **manually restart postfix**. otherwise postfix would bind port 25 to 127.0.0.1 only. i guess rebooting the entire filter would fix this issue as well. | ||
+ | |||
+ | ==== tag and deliver spam instead of quarantine ==== | ||
+ | I'm not sure I or my users would be happy with waiting for reports to find out why a recently sent mail did not reach them. after all it's always a good feeling if you can tell someone on the phone that you didn't find their email in your spam folder either, to convince them that they might have had a typo in your email address :) .. | ||
+ | |||
+ | First you need to make sure that spam is no longer quarantined but instead marked and forwarded. | ||
+ | |||
+ | you can either mark an email by modifying its subject or by adding a header element.. i don't like changing the visible part of the email message, so i opted to go for an additional header field that marks spam. | ||
+ | |||
+ | to create it, go to the '' | ||
+ | |||
+ | next we need to make sure that all spam mail is tagged with this header field instead of quarantined. | ||
+ | |||
+ | in the PMG web interface click on '' | ||
+ | |||
+ | now on to your postfix mail server.. we need to add a global sieve rule to dovecot that will move spam into a spam folder.. edit ''/ | ||
+ | sieve_after = / | ||
+ | now create the sieve-after directory: | ||
+ | mkdir / | ||
+ | all filters found in this directory will be executed AFTER each user's own filters. so a user can create his own filters to whitelist spam in our case. | ||
+ | < | ||
+ | cat > / | ||
+ | require [" | ||
+ | |||
+ | if header :contains " | ||
+ | | ||
+ | stop; | ||
+ | } | ||
+ | EOF | ||
+ | </ | ||
+ | now compile the sieve filter: | ||
+ | sievec / | ||
+ | lastly restart dovecot to re-read the config we altered bove | ||
+ | systemctl restart dovecot | ||
+ | to test, send an email from outside to your mail account with the following line in the body: | ||
+ | < | ||
+ | XJS*C4JDBQADN1.NSBN3*2IDNEN*GTUBE-STANDARD-ANTI-UBE-TEST-EMAIL*C.34X | ||
+ | </ | ||
==== future improvements ==== | ==== future improvements ==== | ||
Line 493: | Line 537: | ||
you can see all attempts that where blocked by geylisting if you go to the tracking center and check the " | you can see all attempts that where blocked by geylisting if you go to the tracking center and check the " | ||
+ | |||
+ | ==== enterprise vs. free ==== | ||
+ | PMG is free open source software with an optional enterprise subscription. For a private person, the enterprise license is too expensive, but if you use this setup for a production server in a copmany, you might want to consider getting the enterprise subscription, | ||
+ | |||
+ | by default, PMG comes with the enterprise repo pre-configured which means you won't be able to update if you don't have a subscription. if you want to use the free repo, you need to change your apt configuration: | ||
+ | rm / | ||
+ | echo "deb http:// | ||
+ | |||
+ | as a non-enterprise user you will have to run updates from the command line, while enterprise users can do it from the web-ui IIRC (i am a poor private user ;)) | ||
+ | |||
+ | ===== Create new users ===== | ||
+ | to manage user accounts, login to adminer to edit your '' | ||
+ | |||
+ | first make sure the domain is added by checking the '' | ||
+ | |||
+ | make note of the domain id of the domain you want to add a new user for. | ||
+ | |||
+ | to add a new forwarding, make a new entry in the '' | ||
+ | |||
+ | to add a new user account, make a new entry in the users table. make sure you don't forget to fill in the '' | ||
+ | dovecot pw -s SHA256-CRYPT | ||
+ | and then enter the new password. It will return a SHA hash which you can then enter in the password field. | ||
+ | |||
+ | lastly, to activate the new mail user account, send an email to that address. | ||
+ | |||
+ | ===== add a new domain ===== | ||
+ | to add a new domain to the mail system, complete the following steps: | ||
+ | - add the domain on the Proxmox Mail Gateway to the "Relay Domains" | ||
+ | - add the domain to your mailserver database, as mentioned above | ||
+ | - update the DNS records of your domain to point to the mailfitler and also add these entries: < | ||
+ | autoconfig | ||
+ | autodiscover | ||
+ | _dmarc | ||
+ | @ | ||
+ | 20200101._domainkey | ||
+ | </ |