mirror of
https://github.com/docker-mailserver/docker-mailserver.git
synced 2024-01-19 02:48:50 +00:00
docs(sync): Add Github Wiki contributions
During the long-lived PR, multiple contributions to the existing Github Wiki were made, this commit applies those here and mentions the files and authors attributed to the changes: JaapD: dkim.md + forward-only-mailserver-with-ldap-authentication.md Added corrections to `setup.sh config dkim` command. Added compatibility warning about 4096-bit key sizes or greater. Added ldap tip. --- fred727-temp: optional-config.md Added a mention for `user-patches.sh`. --- Semir Patel: setup.sh.md + debugging.md Minor corrections. Additionally corrected `tvial` references that had already been updated in this PR series. --- Stefan Neben: kubernetes.md > Port 25 proxy protocol configuration in master.cf was missing docs(sync): Add Github Wiki contributions > IMAP with STARTTLS is also active, so we need that option here as well docs(sync): Add Github Wiki contribution
This commit is contained in:
parent
bbaca9a468
commit
1b971a89cb
|
@ -409,12 +409,16 @@ Then, configure both [Postfix][docs-postfix] and [Dovecot][docs-dovecot] to expe
|
||||||
postfix-main.cf: |
|
postfix-main.cf: |
|
||||||
postscreen_upstream_proxy_protocol = haproxy
|
postscreen_upstream_proxy_protocol = haproxy
|
||||||
postfix-master.cf: |
|
postfix-master.cf: |
|
||||||
|
smtp/inet/postscreen_upstream_proxy_protocol=haproxy
|
||||||
submission/inet/smtpd_upstream_proxy_protocol=haproxy
|
submission/inet/smtpd_upstream_proxy_protocol=haproxy
|
||||||
smtps/inet/smtpd_upstream_proxy_protocol=haproxy
|
smtps/inet/smtpd_upstream_proxy_protocol=haproxy
|
||||||
dovecot.cf: |
|
dovecot.cf: |
|
||||||
# Assuming your ingress controller is bound to 10.0.0.0/8
|
# Assuming your ingress controller is bound to 10.0.0.0/8
|
||||||
haproxy_trusted_networks = 10.0.0.0/8, 127.0.0.0/8
|
haproxy_trusted_networks = 10.0.0.0/8, 127.0.0.0/8
|
||||||
service imap-login {
|
service imap-login {
|
||||||
|
inet_listener imap {
|
||||||
|
haproxy = yes
|
||||||
|
}
|
||||||
inet_listener imaps {
|
inet_listener imaps {
|
||||||
haproxy = yes
|
haproxy = yes
|
||||||
}
|
}
|
||||||
|
|
|
@ -38,12 +38,14 @@ This is a list of all configuration files and directories which are optional or
|
||||||
- **amavis.cf:** replaces the `/etc/amavis/conf.d/50-user` file
|
- **amavis.cf:** replaces the `/etc/amavis/conf.d/50-user` file
|
||||||
- **dovecot.cf:** replaces `/etc/dovecot/local.conf`. (Docs: [Override Dovecot Defaults][docs-override-dovecot])
|
- **dovecot.cf:** replaces `/etc/dovecot/local.conf`. (Docs: [Override Dovecot Defaults][docs-override-dovecot])
|
||||||
- **dovecot-quotas.cf:** list of custom quotas per mailbox. (Docs: [Accounts][docs-accounts-quota])
|
- **dovecot-quotas.cf:** list of custom quotas per mailbox. (Docs: [Accounts][docs-accounts-quota])
|
||||||
|
- **user-patches.sh:** this file will be run after all configuration files are set up, but before the postfix, amavis and other daemons are started. (Docs: [FAQ - How to adjust settings with the `user-patches.sh` script][docs-faq-userpatches])
|
||||||
|
|
||||||
[docs-accounts-quota]: ../../config/user-management/accounts.md#notes
|
[docs-accounts-quota]: ../../config/user-management/accounts.md#notes
|
||||||
[docs-aliases-regex]: ../../config/user-management/aliases.md#configuring-regexp-aliases
|
[docs-aliases-regex]: ../../config/user-management/aliases.md#configuring-regexp-aliases
|
||||||
[docs-dkim]: ../../config/best-practices/dkim.md
|
[docs-dkim]: ../../config/best-practices/dkim.md
|
||||||
[docs-fail2ban]: ../../config/security/fail2ban.md
|
[docs-fail2ban]: ../../config/security/fail2ban.md
|
||||||
[docs-faq-spamrules]: ../../faq.md#how-can-i-manage-my-custom-spamassassin-rules
|
[docs-faq-spamrules]: ../../faq.md#how-can-i-manage-my-custom-spamassassin-rules
|
||||||
|
[docs-faq-userpatches]: ../../faq.md#how-to-adjust-settings-with-the-user-patchessh-script
|
||||||
[docs-override-postfix]: ./override-defaults/postfix.md
|
[docs-override-postfix]: ./override-defaults/postfix.md
|
||||||
[docs-override-dovecot]: ./override-defaults/dovecot.md
|
[docs-override-dovecot]: ./override-defaults/dovecot.md
|
||||||
[docs-relayhosts-senderauth]: ./mail-forwarding/relay-hosts.md#sender-dependent-authentication
|
[docs-relayhosts-senderauth]: ./mail-forwarding/relay-hosts.md#sender-dependent-authentication
|
||||||
|
|
|
@ -18,13 +18,13 @@ To enable DKIM signature, **you must have created at least one email account**.
|
||||||
After generating DKIM keys, you should restart the mail server. DNS edits may take a few minutes to hours to propagate. The script assumes you're being in the directory where the `config/` directory is located. The default keysize when generating the signature is 4096 bits for now. If you need to change it (e.g. your DNS provider limits the size), then provide the size as the first parameter of the command:
|
After generating DKIM keys, you should restart the mail server. DNS edits may take a few minutes to hours to propagate. The script assumes you're being in the directory where the `config/` directory is located. The default keysize when generating the signature is 4096 bits for now. If you need to change it (e.g. your DNS provider limits the size), then provide the size as the first parameter of the command:
|
||||||
|
|
||||||
```sh
|
```sh
|
||||||
./setup.sh config dkim <keysize>
|
./setup.sh config dkim keysize <keysize>
|
||||||
```
|
```
|
||||||
|
|
||||||
For LDAP systems that do not have any directly created user account you can run the following command (since `8.0.0`) to generate the signature by additionally providing the desired domain name (if you have multiple domains use the command multiple times or provide a comma-separated list of domains):
|
For LDAP systems that do not have any directly created user account you can run the following command (since `8.0.0`) to generate the signature by additionally providing the desired domain name (if you have multiple domains use the command multiple times or provide a comma-separated list of domains):
|
||||||
|
|
||||||
```sh
|
```sh
|
||||||
./setup.sh config dkim <key-size> <domain.tld>[,<domain2.tld>]
|
./setup.sh config dkim keysize <key-size> domain <domain.tld>[,<domain2.tld>]
|
||||||
```
|
```
|
||||||
|
|
||||||
Now the keys are generated, you can configure your DNS server with DKIM signature, simply by adding a TXT record. If you have direct access to your DNS zone file, then it's only a matter of pasting the content of `config/opendkim/keys/domain.tld/mail.txt` in your `domain.tld.hosts` zone.
|
Now the keys are generated, you can configure your DNS server with DKIM signature, simply by adding a TXT record. If you have direct access to your DNS zone file, then it's only a matter of pasting the content of `config/opendkim/keys/domain.tld/mail.txt` in your `domain.tld.hosts` zone.
|
||||||
|
@ -78,6 +78,10 @@ SendReports yes
|
||||||
Mode v
|
Mode v
|
||||||
```
|
```
|
||||||
|
|
||||||
|
## Switch Off DKIM
|
||||||
|
|
||||||
|
Simply remove the DKIM key by recreating (not just relaunching) the mailserver container.
|
||||||
|
|
||||||
## Debugging
|
## Debugging
|
||||||
|
|
||||||
- [DKIM-verifer](https://addons.mozilla.org/en-US/thunderbird/addon/dkim-verifier): A add-on for the mail client Thunderbird.
|
- [DKIM-verifer](https://addons.mozilla.org/en-US/thunderbird/addon/dkim-verifier): A add-on for the mail client Thunderbird.
|
||||||
|
@ -106,6 +110,10 @@ mail._domainkey.domain.tld. 3600 IN TXT "v=DKIM1; k=rsa; p=MIGfMA0GCSqGSIb3DQEBA
|
||||||
;; MSG SIZE rcvd: 310
|
;; MSG SIZE rcvd: 310
|
||||||
```
|
```
|
||||||
|
|
||||||
## Switch Off DKIM
|
---
|
||||||
|
|
||||||
Simply remove the DKIM key by recreating (not just relaunching) the mailserver container.
|
!!! warning "Key sizes >=4096-bit"
|
||||||
|
|
||||||
|
Keys of 4096 bits could de denied by some mailservers. According to https://tools.ietf.org/html/rfc6376 keys are preferably between 512 and 2048 bits. See issue [#1854][github-issue-1854].
|
||||||
|
|
||||||
|
[github-issue-1854]: https://github.com/docker-mailserver/docker-mailserver/issues/1854
|
||||||
|
|
|
@ -19,7 +19,7 @@ chmod a+x ./setup.sh
|
||||||
|
|
||||||
## Usage
|
## Usage
|
||||||
|
|
||||||
Run `./setup.sh -h` and you'll get some usage information:
|
Run `./setup.sh help` and you'll get some usage information:
|
||||||
|
|
||||||
```bash
|
```bash
|
||||||
setup.sh Bootstrapping Script
|
setup.sh Bootstrapping Script
|
||||||
|
@ -30,7 +30,7 @@ OPTIONS:
|
||||||
|
|
||||||
-i IMAGE_NAME The name of the docker-mailserver image
|
-i IMAGE_NAME The name of the docker-mailserver image
|
||||||
The default value is
|
The default value is
|
||||||
'docker.io/mailserver/docker-maiserver:latest'
|
'docker.io/mailserver/docker-mailserver:latest'
|
||||||
|
|
||||||
-c CONTAINER_NAME The name of the running container.
|
-c CONTAINER_NAME The name of the running container.
|
||||||
|
|
||||||
|
|
|
@ -53,7 +53,7 @@ fail2ban-client stop dovecot
|
||||||
fail2ban-client stop postfix
|
fail2ban-client stop postfix
|
||||||
```
|
```
|
||||||
|
|
||||||
## Send email is never received
|
## Sent email is never received
|
||||||
|
|
||||||
Some hosting provides have a stealth block on port 25. Make sure to check with your hosting provider that traffic on port 25 is allowed
|
Some hosting provides have a stealth block on port 25. Make sure to check with your hosting provider that traffic on port 25 is allowed
|
||||||
|
|
||||||
|
|
|
@ -105,5 +105,9 @@ You see that besides `query_filter`, I had to customize as well `result_attribut
|
||||||
|
|
||||||
Another solution that serves as a forward-only mailserver is this: https://gitlab.com/docker-scripts/postfix
|
Another solution that serves as a forward-only mailserver is this: https://gitlab.com/docker-scripts/postfix
|
||||||
|
|
||||||
|
!!! tip
|
||||||
|
|
||||||
|
One user reports only having success if `ENABLE_LDAP=0` was set.
|
||||||
|
|
||||||
[github-file-readme-patches]: https://github.com/docker-mailserver/docker-mailserver/blob/master/README.md#custom-user-changes--patches
|
[github-file-readme-patches]: https://github.com/docker-mailserver/docker-mailserver/blob/master/README.md#custom-user-changes--patches
|
||||||
[github-issue-1247]: https://github.com/docker-mailserver/docker-mailserver/issues/1247
|
[github-issue-1247]: https://github.com/docker-mailserver/docker-mailserver/issues/1247
|
||||||
|
|
Loading…
Reference in a new issue