RMM DokuWiki

User Tools

Site Tools

You are here: start » linux_server_manuals » dovecot_ldap_rspamd
linux_server_manuals:dovecot_ldap_rspamd

Differences

This shows you the differences between two versions of the page.

Link to this comparison view

Both sides previous revisionPrevious revision
Next revision		Previous revision
linux_server_manuals:dovecot_ldap_rspamd [2018/01/15 17:50] ronneylinux_server_manuals:dovecot_ldap_rspamd [2018/01/28 18:49] (current) – [Clamav integration] ronney
Line 211: Line 211:
 #map with aliases #map with aliases
 virtual_alias_maps = hash:/etc/postfix/virtual-alias-map virtual_alias_maps = hash:/etc/postfix/virtual-alias-map
 +# If you have some docker containers or similar stuff, we need to add the
 +# 172.17.0.0/16 subnet to mynetwork, so they are able to send mail.
 +# If you don't use that subnet, you can leave that directive on it's default setting.
 +mynetworks = 127.0.0.0/8 [::ffff:127.0.0.0]/104 [::1]/128 172.17.0.0/16
 </file> </file>
  
Line 234: Line 238:
  
 ===== rspamd ===== ===== rspamd =====
 +
 +The documentation about the functionality and configuration of rspamd is a bit sparse.
 +The one here is working, but no garantees, that it is perfect....
 +
 +==== Configuration ====
  
 Install rspamd and redis. Install rspamd and redis.
Line 245: Line 254:
 aptitude install rspamd redis-server aptitude install rspamd redis-server
 </code> </code>
- 
  
 edit /etc/redis/redis.conf (according to rspamd.com) edit /etc/redis/redis.conf (according to rspamd.com)
Line 252: Line 260:
 maxmemory-policy volatile-lru maxmemory-policy volatile-lru
 </file> </file>
- 
  
 Config files in /etc/rspamd/local.d override defaults settings. Config files in /etc/rspamd/local.d override defaults settings.
Line 267: Line 274:
 Then enter that hash in the file /etc/rspamd/local.d/worker-controller.inc Then enter that hash in the file /etc/rspamd/local.d/worker-controller.inc
 <file> <file>
 +#password for read access
 password = "$2$17qeh8cdsqxgufkz9or9ecm6uquj6duk$tbniammzqfxdigogkm1abdoa78pmfzag4u5xqkgswabpp8zxrkzb" password = "$2$17qeh8cdsqxgufkz9or9ecm6uquj6duk$tbniammzqfxdigogkm1abdoa78pmfzag4u5xqkgswabpp8zxrkzb"
 +#password for write access. you need to set both. I know, it's stupid ;-)
 +enable_password = "$2$17qeh8cdsqxgufkz9or9ecm6uquj6duk$tbniammzqfxdigogkm1abdoa78pmfzag4u5xqkgswabpp8zxrkzb"
 </file> </file>
  
Line 426: Line 436:
 } }
 </file> </file>
----- 
  
-let rspamd dkim sign our mails:+==== dkim and arc mail signing ====
  
 +To let Rspamd dkim sign outgoing mails, following is needed: 
 +
 +<code>
 mkdir /etc/rspamd/dkim mkdir /etc/rspamd/dkim
 rspamadm dkim_keygen -b 2048 -s 2018 -k 2018.key > 2018.txt rspamadm dkim_keygen -b 2048 -s 2018 -k 2018.key > 2018.txt
-chown _rspamd:_rspamd -R dkim+chown _rspamd:_rspamd -R /etc/rspamd/dkim
 chmod 440 /etc/rspamd/dkim/* chmod 440 /etc/rspamd/dkim/*
 +</code>
  
-look at 2018.txt to see how dns entry should look like.+Look at 2018.txt to see how your dns entry should look like. and then make that DNS-entry.
  
 edit file dkim_signing.conf edit file dkim_signing.conf
 +<file>
 path = "/etc/rspamd/dkim/$selector.key"; path = "/etc/rspamd/dkim/$selector.key";
 selector = "2018"; selector = "2018";
  
 +# I need that, since in my case, usernames are without the domain.
 +# Otherwise he won't do any dkim signing.
 +allow_username_mismatch = true;
 +</file>
  
-cp -/etc/rspamd/local.d/dkim_signing.conf /etc/rspamd/local.d/arc.conf+If you provide mailinglists, mail forwarding or similar  stuff, you also want to use arc. It has the same config as dkim. So we'll just generate a symlink for it: 
 +<code> 
 +ln -/etc/rspamd/local.d/dkim_signing.conf /etc/rspamd/local.d/arc.conf 
 +</code>
  
----------------+==== Clamav integration ====
  
 setup clamav for use with rspamd setup clamav for use with rspamd
Line 489: Line 509:
  
 --------- ---------
 +apache reverse proxy for web interface
 +-----
 +
 more fail2ban more fail2ban
  
linux_server_manuals/dovecot_ldap_rspamd.1516038636.txt.gz · Last modified: 2018/01/15 17:50 by ronney