edpibu/blog
1
Fork 0
Code Issues Activity

Mail server configuration

Browse source
This commit is contained in:
Edgar P. Burkhart 2023-02-12 10:02:59 +01:00
parent fbe3d2f240
commit fef5d01011
Signed by: edpibu
GPG key ID: 9833D3C5A25BD227
2 changed files with 221 additions and 0 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

8
config.toml
View file

@ -10,3 +10,11 @@ enableGitInfo = true
BookRepo = 'https://git.edgarpierre.fr/edpibu/blog' BookRepo = 'https://git.edgarpierre.fr/edpibu/blog'
BookDateFormat = '2006-01-02' BookDateFormat = '2006-01-02'
BookComments = false BookComments = false
[markup]
[markup.highlight]
anchorLineNos = false
codeFences = true
guessSyntax = true
style = 'xcode-dark'
tabWidth = 2

213
content/docs/server/services/dovecot.md Normal file
View file

@ -0,0 +1,213 @@
---
title: "Serveur mail"
weight: 1
# bookFlatSection: false
# bookToc: true
# bookHidden: false
# bookCollapseSection: false
# bookComments: false
# bookSearchExclude: false
---
# Serveur mail
## Installation
Installer les paquets `dovecot`, `postfix` et `pigeonhole` (sieve).
## Configuration
### Dovecot
Créer la configuration :
```fish
mkdir /etc/dovecot
cp /usr/share/doc/dovecot/example-config/dovecot.conf /etc/dovecot/dovecot.conf
cp -r /usr/share/doc/dovecot/example-config/conf.d /etc/dovecot
```
```xorg
# /etc/dovecot/dovecot.conf
protocols = imap lmtp sieve
!include conf.d/*.conf
```
#### Paramètres DH:
```fish
openssl dhparam -out /etc/dovecot/dh.pem 4096
```
```xorg
# /etc/dovecot/conf.d/10-ssl.conf
ssl_dh = </etc/dovecot/dh.pem
```
### Pigeonhole
```xorg
# /etc/dovecot/conf.d/20-lmtp.conf
protocol lmtp {
mail_plugins = $mail_plugins sieve
}
```
Exemple de configuration dans
`/usr/share/doc/dovecot/example-config/conf.d/90-sieve.conf`.
```fish
# /etc/dovecot/conf.d/90-sieve.conf
plugin {
sieve = file:~/.config/sieve/filters;active=~/.config/sieve/dovecot.sieve
}
```
### Managesieve
```xorg
# /etc/dovecot/conf.d/20-managesieve.conf
service managesieve-login {
}
service managesieve {
}
protocol sieve {
}
```
### Postfix
#### Aliases
```
# /etc/postfix/aliases
root: edpibu
```
```fish
postalias /etc/postfix/aliases
```
```xorg
# /etc/postfix/main.cf
# Alias
virtual_alias_maps = hash:/etc/postfix/virtual
```
```
# /etc/postfix/virtual
contact@edgarpierre.fr edpibu
```
#### Delivery
```xorg
# /etc/postfix/main.cf
myhostname = edgarpierre.fr
mydestination = $myhostname, localhost.$mydomain, localhost
mynetworks_style = host
```
### Auth
```xorg
# /etc/postfix/main.cf
# Auth
smtpd_sasl_auth_enable = yes
smtpd_sasl_type = dovecot
smtpd_sasl_path = /var/spool/postfix/private/auth
```
### SMTPS
```
# /etc/postfix/master.cf
# SMTPS
smtps inet n - n - - smtpd
-o syslog_name=postfix/smtps
-o smtpd_tls_wrappermode=yes
-o smtpd_sasl_auth_enable=yes
-o smtpd_reject_unlisted_recipient=no
# -o smtpd_client_restrictions=$mua_client_restrictions
# -o smtpd_helo_restrictions=$mua_helo_restrictions
# -o smtpd_sender_restrictions=$mua_sender_restrictions
-o smtpd_recipient_restrictions=
-o smtpd_relay_restrictions=permit_sasl_authenticated,reject
-o milter_macro_daemon_name=ORIGINATING
```
### DKIM, DMARC
Installer `opendkim`, `opendmarc`.
#### Opendkim
Exemple de configuration : `/usr/share/doc/opendkim/opendkim.conf.sample`.
```xorg
# /etc/opendkim/opendkim.conf
Domain edgarpierre.fr
KeyFile /etc/opendkim/live/edgarpierre.fr/mail.private
Selector mail
Socket unix:/run/opendkim/opendkim.socket
Syslog yes
UMask 002
```
```fish
opendkim-genkey -r -s mail -d edgarpierre.fr
```
#### Opendmarc
```xorg
# /etc/opendmarc/opendmarc.conf
Socket unix:/run/opendmarc/opendmarc.socket
UMask 002
```
```systemd
# opendmarc.service
[Service]
Group=postfix
RuntimeDirectory=opendmarc
```
#### Postfix
```xorg
# /etc/postfix/main.cf
# DKIM, DMARC
smtpd_milters = unix:/run/opendkim/opendkim.socket, unix:/run/opendmarc/opendmarc.socket
non_smtpd_milters = $smtpd_milters
milter_default_action = accept
```
#### DNS
Enregistrement DNS pour DKIM dans `/etc/opendkim/live/edgarpierre.fr/mail.txt`.
```dns
_dmarc IN TXT "v=DMARC1; p=none; rua=mailto:postmaster@edgarpierre.fr; ruf=mailto:forensic@edgarpierre.fr; fo=1;"
mail._domainkey IN TXT ( "v=DKIM1;k=rsa;s=email;p=...;" )
```
### Certificat SSL
#### Postfix
```xorg
# /etc/postfix/main.cf
# TLS
# - sending
smtp_tls_security_level = may
# - receiving
smtpd_tls_security_level = may
smtpd_use_tls = yes
smtpd_tls_cert_file = /etc/letsencrypt/live/edgarpierre.fr/fullchain.pem
smtpd_tls_key_file = /etc/letsencrypt/live/edgarpierre.fr/privkey.pem
# https://weakdh.org/sysadmin.html
smtpd_tls_exclude_ciphers = aNULL, eNULL, EXPORT, DES, RC4, MD5, PSK, aECDH, EDH-DSS-DES-CBC3-SHA, EDH-RSA-DES-CBC3-SHA, KRB5-DES, CBC3-SHA
smtpd_tls_dh1024_param_file = /etc/ssl/certs/dhparam.pem
```
## Connexion
### IMAP
|Paramètre|Valeur|
|---|---|
|Hôte|imap.edgarpierre.fr|
|Port|993|
|Sécurité|SSL/TLS|
|Authentification|Mot de passe|
### SMTP
|Paramètre|Valeur|
|---|---|
|Hôte|smtp.edgarpierre.fr|
|Port|465|
|Sécurité|SSL/TLS|
|Authentification|Mot de passe|