Mail Server: Deployment

Create MX and TXT records. For example, here are example records defined in dnscontrol:

D('example.com', REG_NAMECHEAP, DnsProvider(DSP_NAMECHEAP),
    A('mail', '10.87.129.99'),
    MX('@', 10, 'mail.example.com.'),
    TXT('_dmarc', 'v=DMARC1; p=none'),
    TXT('@', 'v=spf1 mx ~all')
);

The A and MX records are required, while the TXT records are optional but recommended.

Set a password for the "main" virtual inbox:
```
echo main:$(doveadm pw -s BLF-CRYPT) >> files/$TARGET/imap.passwd
```
Also, if you use doas rather than sudo, you need to permit your ansible_user to become opendkim in your /etc/doas.conf:
```
permit nopass blee as opendkim
```
Copy a vars/targets file, update the values, and run this playbook

Troubleshooting: Sanity check opendkim (may need restart, although I think I fixed that):
```
ls -AlF /var/spool/postfix/opendkim/opendkim.sock
```
look at the maildir uid/gid in main.cf and use those in the imap.passwd file (switching to the dovecot role will fix that later)
configure some virtual aliases in /etc/postfix/virtual and run:
```
postmap virtual vmailbox
```
See man 5 postconf for details.
Sanity check: https://mxtoolbox.com/
(optional) Create another TXT record for DKIM using the contents of /etc/dkimkeys/mail.txt

Here's an example line in dnscontrol:
```
TXT('mail._domainkey', 'v=DKIM1; h=sha256; k=rsa; s=email; p=MIIBIjANB...QIDAQAB')
```
- See print-rdata.py for a (kind of bad) example of how to automatically parse mail.txt
- See dnscontrol as well as octodns
If you're really feeling adventurous, you could even set up a proper dmarc address to replace the original placeholder TXT record.
```
TXT('_dmarc', 'v=DMARC1; p=reject; rua=mailto:dmarc@satstack.cloud; fo=1')
```
After records propogate, verify outbound mail using mail-tester.

2.1 KiB Raw Blame History

Mail Server: Deployment

2.1 KiB

Raw Blame History