Differences

This shows you the differences between two versions of the page.

--- linux_server_manuals:dovecot_ldap_rspamd [2018/01/15 17:48] – [rspamd] ronney
+++ linux_server_manuals:dovecot_ldap_rspamd [2018/01/28 18:49] (current) – [Clamav integration] ronney
@@ Line 153: / Line 153: @@
 </file>
-====== Fail2ban for dovecot ======
+==== Fail2ban for dovecot ====
 use fail2ban with dovecot to ban ips which try several times to authenticate unsuccessful, add to
@@ Line 163: / Line 163: @@
-====== Postfix ======
+===== Postfix =====
 Install postfix
@@ Line 211: / Line 211: @@
 #map with aliases
 virtual_alias_maps = hash:/etc/postfix/virtual-alias-map
+# If you have some docker containers or similar stuff, we need to add the
+# 172.17.0.0/16 subnet to mynetwork, so they are able to send mail.
+# If you don't use that subnet, you can leave that directive on it's default setting.
+mynetworks = 127.0.0.0/8 [::ffff:127.0.0.0]/104 [::1]/128 172.17.0.0/16
 </file>
@@ Line 233: / Line 237: @@
 </file>
-====== rspamd ======
+===== rspamd =====
+The documentation about the functionality and configuration of rspamd is a bit sparse.
+The one here is working, but no garantees, that it is perfect....
+==== Configuration ====
 Install rspamd and redis.
@@ Line 245: / Line 254: @@
 aptitude install rspamd redis-server
 </code>
 edit /etc/redis/redis.conf (according to rspamd.com)
@@ Line 252: / Line 260: @@
 maxmemory-policy volatile-lru
 </file>
 Config files in /etc/rspamd/local.d override defaults settings.
@@ Line 267: / Line 274: @@
 Then enter that hash in the file /etc/rspamd/local.d/worker-controller.inc
 <file>
+#password for read access
 password = "$2$17qeh8cdsqxgufkz9or9ecm6uquj6duk$tbniammzqfxdigogkm1abdoa78pmfzag4u5xqkgswabpp8zxrkzb"
+#password for write access. you need to set both. I know, it's stupid ;-)
+enable_password = "$2$17qeh8cdsqxgufkz9or9ecm6uquj6duk$tbniammzqfxdigogkm1abdoa78pmfzag4u5xqkgswabpp8zxrkzb"
 </file>
@@ Line 310: / Line 320: @@
 </file>
-===== Access to Rspamd Webinterface =====
+==== Access to Rspamd Webinterface ====
 To be able to access the rspamd webinterface we need to add a config file to apache.
@@ Line 330: / Line 340: @@
 </code>
-===== Postfix integration =====
+==== Postfix integration ====
 Make postfix use rspamd, therefore add following lines to
@@ Line 345: / Line 355: @@
 </file>
-===== Dovecot integration =====
+==== Dovecot integration ====
 We want Dovecot to automatically move new mails to spam folder when they were recognized as spam mail. Additionally, when the user moves mail to the spam folder or away from spam folder, rspamd should learn them as spam or ham.
@@ Line 426: / Line 436: @@
 }
 </file>
-----
-let rspamd dkim sign our mails:
+==== dkim and arc mail signing ====
+To let Rspamd dkim sign outgoing mails, following is needed:
+<code>
 mkdir /etc/rspamd/dkim
 rspamadm dkim_keygen -b 2048 -s 2018 -k 2018.key > 2018.txt
-chown _rspamd:_rspamd -R dkim
+chown _rspamd:_rspamd -R /etc/rspamd/dkim
 chmod 440 /etc/rspamd/dkim/*
+</code>
-look at 2018.txt to see how dns entry should look like.
+Look at 2018.txt to see how your dns entry should look like. and then make that DNS-entry.
 edit file dkim_signing.conf
+<file>
 path = "/etc/rspamd/dkim/$selector.key";
 selector = "2018";
+# I need that, since in my case, usernames are without the domain.
+# Otherwise he won't do any dkim signing.
+allow_username_mismatch = true;
+</file>
-cp -R /etc/rspamd/local.d/dkim_signing.conf /etc/rspamd/local.d/arc.conf
+If you provide mailinglists, mail forwarding or similar  stuff, you also want to use arc. It has the same config as dkim. So we'll just generate a symlink for it:
+<code>
+ln -s /etc/rspamd/local.d/dkim_signing.conf /etc/rspamd/local.d/arc.conf
+</code>
----------------
+==== Clamav integration ====
 setup clamav for use with rspamd
@@ Line 489: / Line 509: @@
 ---------
+apache reverse proxy for web interface
+-----
 more fail2ban