Flesh out readme and ensure services are started.
This commit is contained in:
parent
0a286ccc1c
commit
b9adfc923e
@ -63,6 +63,13 @@ See the provided [example](docs/examples/backup.sh) script. Keep in mind that wh
|
|||||||
ansible-playbook -e 'force_dovecot_passwd_file_maildir_ids=yes' playbooks/mail.yml
|
ansible-playbook -e 'force_dovecot_passwd_file_maildir_ids=yes' playbooks/mail.yml
|
||||||
```
|
```
|
||||||
|
|
||||||
|
## Troubleshooting
|
||||||
|
|
||||||
|
```shell
|
||||||
|
systemctl status opendkim dovecot postfix
|
||||||
|
journalctl -fu postfix@-
|
||||||
|
journalctl -fu dovecot
|
||||||
|
```
|
||||||
## Misc
|
## Misc
|
||||||
|
|
||||||
There are some interesting mta implementations that may replace or compliment parts of this stack in the future:
|
There are some interesting mta implementations that may replace or compliment parts of this stack in the future:
|
||||||
|
@ -11,10 +11,10 @@
|
|||||||
```
|
```
|
||||||
The `A` and `MX` records are required, while the `TXT` records are optional but recommended.
|
The `A` and `MX` records are required, while the `TXT` records are optional but recommended.
|
||||||
|
|
||||||
2. Set a password for the "main" virtual inbox:
|
2. Configure credentials for the "hello" virtual inbox on the server. Use your favorite password manager to generate a passphrase and then run this to configure it:
|
||||||
|
|
||||||
```shell
|
```shell
|
||||||
echo main:$(doveadm pw -s BLF-CRYPT) >> files/$TARGET/imap.passwd
|
sudo echo hello:$(doveadm pw -s BLF-CRYPT):$(id -u maildir):$(id -g maildir) >> /etc/dovecot/imap.passwd
|
||||||
```
|
```
|
||||||
|
|
||||||
Also, if you use `doas` rather than `sudo`, you need to permit your ansible_user to become opendkim in your `/etc/doas.conf`:
|
Also, if you use `doas` rather than `sudo`, you need to permit your ansible_user to become opendkim in your `/etc/doas.conf`:
|
||||||
@ -23,26 +23,20 @@
|
|||||||
permit nopass blee as opendkim
|
permit nopass blee as opendkim
|
||||||
```
|
```
|
||||||
|
|
||||||
3. Copy a vars/targets file, update the values, and run this playbook
|
3. configure some virtual aliases in /etc/postfix/virtual and run: `postmap virtual` (See `man 5 postconf` for details)
|
||||||
|
|
||||||
Troubleshooting: Sanity check opendkim (may need restart, although I think I fixed that):
|
4. Configure your playbook's variables and run this playbook.
|
||||||
|
|
||||||
|
* (should be fixed) Troubleshooting: Sanity check opendkim, the unix socket should exist and be writable
|
||||||
```shell
|
```shell
|
||||||
ls -AlF /var/spool/postfix/opendkim/opendkim.sock
|
ls -AlF /var/spool/postfix/opendkim/opendkim.sock
|
||||||
```
|
```
|
||||||
|
|
||||||
4. look at the maildir uid/gid in main.cf and use those in the imap.passwd file (switching to the dovecot role will fix that later)
|
Validate your dns records: [mxtoolbox.com](https://mxtoolbox.com/)
|
||||||
|
|
||||||
5. configure some virtual aliases in /etc/postfix/virtual and run:
|
## Optional: sending authenticated mail
|
||||||
|
|
||||||
```shell
|
* Create another TXT record for DKIM using the contents of /etc/dkimkeys/mail.txt
|
||||||
postmap virtual vmailbox
|
|
||||||
```
|
|
||||||
|
|
||||||
See `man 5 postconf` for details.
|
|
||||||
|
|
||||||
6. Sanity check: https://mxtoolbox.com/
|
|
||||||
|
|
||||||
7. (optional) Create another TXT record for DKIM using the contents of /etc/dkimkeys/mail.txt
|
|
||||||
|
|
||||||
Here's an example line in dnscontrol:
|
Here's an example line in dnscontrol:
|
||||||
|
|
||||||
@ -51,13 +45,13 @@
|
|||||||
```
|
```
|
||||||
|
|
||||||
* See [print-rdata.py](examples/print-rdata.py) for a (kind of bad) example of how to automatically parse mail.txt
|
* See [print-rdata.py](examples/print-rdata.py) for a (kind of bad) example of how to automatically parse mail.txt
|
||||||
* See [dnscontrol](https://dnscontrol.org/) as well as [octodns](https://github.com/octodns/octodns-easydns)
|
* You can codify your records in a git repo using a tool like [dnscontrol](https://dnscontrol.org/) as well as [octodns](https://github.com/octodns/octodns-easydns)
|
||||||
|
|
||||||
If you're really feeling adventurous, you could even set up a proper dmarc address to replace the original placeholder TXT record.
|
* If you're really feeling adventurous, you could even set up a proper dmarc address to replace the original placeholder TXT record.
|
||||||
|
|
||||||
```Javascript
|
```Javascript
|
||||||
TXT('_dmarc', 'v=DMARC1; p=reject; rua=mailto:dmarc@satstack.cloud; fo=1')
|
TXT('_dmarc', 'v=DMARC1; p=reject; rua=mailto:dmarc@satstack.cloud; fo=1')
|
||||||
```
|
```
|
||||||
|
|
||||||
After records propogate, verify outbound mail using [mail-tester](https://www.mail-tester.com/).
|
After records propogate, verify outbound mail using [mail-tester](https://www.mail-tester.com/). I can score 10/10 by sending an email with an html mime type (just copypasta something from chatgpt).
|
||||||
|
|
||||||
|
@ -40,3 +40,9 @@
|
|||||||
replace: '\1:{{ maildir_uid }}:{{ maildir_gid }}'
|
replace: '\1:{{ maildir_uid }}:{{ maildir_gid }}'
|
||||||
when: force_dovecot_passwd_file_maildir_ids
|
when: force_dovecot_passwd_file_maildir_ids
|
||||||
notify: restart dovecot
|
notify: restart dovecot
|
||||||
|
|
||||||
|
- name: Ensure dovecot service is started and enabled.
|
||||||
|
ansible.builtin.service:
|
||||||
|
name: dovecot
|
||||||
|
state: started
|
||||||
|
enabled: yes
|
||||||
|
@ -47,3 +47,10 @@
|
|||||||
state: restarted
|
state: restarted
|
||||||
when: not opendkim_socket.stat.exists
|
when: not opendkim_socket.stat.exists
|
||||||
|
|
||||||
|
- name: Ensure opendkim service is started and enabled.
|
||||||
|
ansible.builtin.service:
|
||||||
|
name: opendkim
|
||||||
|
state: started
|
||||||
|
enabled: yes
|
||||||
|
|
||||||
|
|
@ -79,11 +79,11 @@
|
|||||||
path: "{{ postfix_smtpd_tls_dh1024_param_file }}"
|
path: "{{ postfix_smtpd_tls_dh1024_param_file }}"
|
||||||
size: 2048
|
size: 2048
|
||||||
|
|
||||||
- name: Temporarily stop postfix
|
- name: Ensure postfix service is started
|
||||||
ansible.builtin.service:
|
ansible.builtin.service:
|
||||||
name: postfix
|
name: postfix
|
||||||
state: stopped
|
state: started
|
||||||
enabled: false
|
enabled: yes
|
||||||
|
|
||||||
- name: Set up helper script to create new email aliases
|
- name: Set up helper script to create new email aliases
|
||||||
ansible.builtin.template:
|
ansible.builtin.template:
|
||||||
|
Loading…
Reference in New Issue
Block a user