From 1b971a89cb6d945897b71e593ffc398c4e70fff5 Mon Sep 17 00:00:00 2001 From: polarathene <5098581+polarathene@users.noreply.github.com> Date: Wed, 24 Mar 2021 12:44:28 +1300 Subject: [PATCH] docs(sync): Add Github Wiki contributions During the long-lived PR, multiple contributions to the existing Github Wiki were made, this commit applies those here and mentions the files and authors attributed to the changes: JaapD: dkim.md + forward-only-mailserver-with-ldap-authentication.md Added corrections to `setup.sh config dkim` command. Added compatibility warning about 4096-bit key sizes or greater. Added ldap tip. --- fred727-temp: optional-config.md Added a mention for `user-patches.sh`. --- Semir Patel: setup.sh.md + debugging.md Minor corrections. Additionally corrected `tvial` references that had already been updated in this PR series. --- Stefan Neben: kubernetes.md > Port 25 proxy protocol configuration in master.cf was missing docs(sync): Add Github Wiki contributions > IMAP with STARTTLS is also active, so we need that option here as well docs(sync): Add Github Wiki contribution --- docs/content/config/advanced/kubernetes.md | 4 ++++ docs/content/config/advanced/optional-config.md | 2 ++ docs/content/config/best-practices/dkim.md | 16 ++++++++++++---- docs/content/config/setup.sh.md | 4 ++-- docs/content/config/troubleshooting/debugging.md | 2 +- ...d-only-mailserver-with-ldap-authentication.md | 4 ++++ 6 files changed, 25 insertions(+), 7 deletions(-) diff --git a/docs/content/config/advanced/kubernetes.md b/docs/content/config/advanced/kubernetes.md index 357e3621..0223368f 100644 --- a/docs/content/config/advanced/kubernetes.md +++ b/docs/content/config/advanced/kubernetes.md @@ -409,12 +409,16 @@ Then, configure both [Postfix][docs-postfix] and [Dovecot][docs-dovecot] to expe postfix-main.cf: | postscreen_upstream_proxy_protocol = haproxy postfix-master.cf: | + smtp/inet/postscreen_upstream_proxy_protocol=haproxy submission/inet/smtpd_upstream_proxy_protocol=haproxy smtps/inet/smtpd_upstream_proxy_protocol=haproxy dovecot.cf: | # Assuming your ingress controller is bound to 10.0.0.0/8 haproxy_trusted_networks = 10.0.0.0/8, 127.0.0.0/8 service imap-login { + inet_listener imap { + haproxy = yes + } inet_listener imaps { haproxy = yes } diff --git a/docs/content/config/advanced/optional-config.md b/docs/content/config/advanced/optional-config.md index 3d8dc57b..7ad053a2 100644 --- a/docs/content/config/advanced/optional-config.md +++ b/docs/content/config/advanced/optional-config.md @@ -38,12 +38,14 @@ This is a list of all configuration files and directories which are optional or - **amavis.cf:** replaces the `/etc/amavis/conf.d/50-user` file - **dovecot.cf:** replaces `/etc/dovecot/local.conf`. (Docs: [Override Dovecot Defaults][docs-override-dovecot]) - **dovecot-quotas.cf:** list of custom quotas per mailbox. (Docs: [Accounts][docs-accounts-quota]) +- **user-patches.sh:** this file will be run after all configuration files are set up, but before the postfix, amavis and other daemons are started. (Docs: [FAQ - How to adjust settings with the `user-patches.sh` script][docs-faq-userpatches]) [docs-accounts-quota]: ../../config/user-management/accounts.md#notes [docs-aliases-regex]: ../../config/user-management/aliases.md#configuring-regexp-aliases [docs-dkim]: ../../config/best-practices/dkim.md [docs-fail2ban]: ../../config/security/fail2ban.md [docs-faq-spamrules]: ../../faq.md#how-can-i-manage-my-custom-spamassassin-rules +[docs-faq-userpatches]: ../../faq.md#how-to-adjust-settings-with-the-user-patchessh-script [docs-override-postfix]: ./override-defaults/postfix.md [docs-override-dovecot]: ./override-defaults/dovecot.md [docs-relayhosts-senderauth]: ./mail-forwarding/relay-hosts.md#sender-dependent-authentication diff --git a/docs/content/config/best-practices/dkim.md b/docs/content/config/best-practices/dkim.md index 569de5b3..0e71058c 100644 --- a/docs/content/config/best-practices/dkim.md +++ b/docs/content/config/best-practices/dkim.md @@ -18,13 +18,13 @@ To enable DKIM signature, **you must have created at least one email account**. After generating DKIM keys, you should restart the mail server. DNS edits may take a few minutes to hours to propagate. The script assumes you're being in the directory where the `config/` directory is located. The default keysize when generating the signature is 4096 bits for now. If you need to change it (e.g. your DNS provider limits the size), then provide the size as the first parameter of the command: ```sh -./setup.sh config dkim +./setup.sh config dkim keysize ``` For LDAP systems that do not have any directly created user account you can run the following command (since `8.0.0`) to generate the signature by additionally providing the desired domain name (if you have multiple domains use the command multiple times or provide a comma-separated list of domains): ```sh -./setup.sh config dkim [,] +./setup.sh config dkim keysize domain [,] ``` Now the keys are generated, you can configure your DNS server with DKIM signature, simply by adding a TXT record. If you have direct access to your DNS zone file, then it's only a matter of pasting the content of `config/opendkim/keys/domain.tld/mail.txt` in your `domain.tld.hosts` zone. @@ -78,6 +78,10 @@ SendReports yes Mode v ``` +## Switch Off DKIM + +Simply remove the DKIM key by recreating (not just relaunching) the mailserver container. + ## Debugging - [DKIM-verifer](https://addons.mozilla.org/en-US/thunderbird/addon/dkim-verifier): A add-on for the mail client Thunderbird. @@ -106,6 +110,10 @@ mail._domainkey.domain.tld. 3600 IN TXT "v=DKIM1; k=rsa; p=MIGfMA0GCSqGSIb3DQEBA ;; MSG SIZE rcvd: 310 ``` -## Switch Off DKIM +--- -Simply remove the DKIM key by recreating (not just relaunching) the mailserver container. +!!! warning "Key sizes >=4096-bit" + + Keys of 4096 bits could de denied by some mailservers. According to https://tools.ietf.org/html/rfc6376 keys are preferably between 512 and 2048 bits. See issue [#1854][github-issue-1854]. + +[github-issue-1854]: https://github.com/docker-mailserver/docker-mailserver/issues/1854 diff --git a/docs/content/config/setup.sh.md b/docs/content/config/setup.sh.md index 70bff7a5..48b99498 100644 --- a/docs/content/config/setup.sh.md +++ b/docs/content/config/setup.sh.md @@ -19,7 +19,7 @@ chmod a+x ./setup.sh ## Usage -Run `./setup.sh -h` and you'll get some usage information: +Run `./setup.sh help` and you'll get some usage information: ```bash setup.sh Bootstrapping Script @@ -30,7 +30,7 @@ OPTIONS: -i IMAGE_NAME The name of the docker-mailserver image The default value is - 'docker.io/mailserver/docker-maiserver:latest' + 'docker.io/mailserver/docker-mailserver:latest' -c CONTAINER_NAME The name of the running container. diff --git a/docs/content/config/troubleshooting/debugging.md b/docs/content/config/troubleshooting/debugging.md index 4d608847..0c7deb87 100644 --- a/docs/content/config/troubleshooting/debugging.md +++ b/docs/content/config/troubleshooting/debugging.md @@ -53,7 +53,7 @@ fail2ban-client stop dovecot fail2ban-client stop postfix ``` -## Send email is never received +## Sent email is never received Some hosting provides have a stealth block on port 25. Make sure to check with your hosting provider that traffic on port 25 is allowed diff --git a/docs/content/examples/uses-cases/forward-only-mailserver-with-ldap-authentication.md b/docs/content/examples/uses-cases/forward-only-mailserver-with-ldap-authentication.md index b3033299..b62964e6 100644 --- a/docs/content/examples/uses-cases/forward-only-mailserver-with-ldap-authentication.md +++ b/docs/content/examples/uses-cases/forward-only-mailserver-with-ldap-authentication.md @@ -105,5 +105,9 @@ You see that besides `query_filter`, I had to customize as well `result_attribut Another solution that serves as a forward-only mailserver is this: https://gitlab.com/docker-scripts/postfix +!!! tip + + One user reports only having success if `ENABLE_LDAP=0` was set. + [github-file-readme-patches]: https://github.com/docker-mailserver/docker-mailserver/blob/master/README.md#custom-user-changes--patches [github-issue-1247]: https://github.com/docker-mailserver/docker-mailserver/issues/1247