Differences

This shows you the differences between two versions of the page.

--- linux_server_manuals:dovecot_ldap_rspamd [2018/01/15 17:50] – ronney
+++ linux_server_manuals:dovecot_ldap_rspamd [2018/01/28 18:49] (current) – [Clamav integration] ronney
@@ Line 153: / Line 153: @@
 </file>
-===== Fail2ban for dovecot =====
+==== Fail2ban for dovecot ====
 use fail2ban with dovecot to ban ips which try several times to authenticate unsuccessful, add to
@@ Line 211: / Line 211: @@
 #map with aliases
 virtual_alias_maps = hash:/etc/postfix/virtual-alias-map
+# If you have some docker containers or similar stuff, we need to add the
+# 172.17.0.0/16 subnet to mynetwork, so they are able to send mail.
+# If you don't use that subnet, you can leave that directive on it's default setting.
+mynetworks = 127.0.0.0/8 [::ffff:127.0.0.0]/104 [::1]/128 172.17.0.0/16
 </file>
@@ Line 234: / Line 238: @@
 ===== rspamd =====
+The documentation about the functionality and configuration of rspamd is a bit sparse.
+The one here is working, but no garantees, that it is perfect....
+==== Configuration ====
 Install rspamd and redis.
@@ Line 245: / Line 254: @@
 aptitude install rspamd redis-server
 </code>
 edit /etc/redis/redis.conf (according to rspamd.com)
@@ Line 252: / Line 260: @@
 maxmemory-policy volatile-lru
 </file>
 Config files in /etc/rspamd/local.d override defaults settings.
@@ Line 267: / Line 274: @@
 Then enter that hash in the file /etc/rspamd/local.d/worker-controller.inc
 <file>
+#password for read access
 password = "$2$17qeh8cdsqxgufkz9or9ecm6uquj6duk$tbniammzqfxdigogkm1abdoa78pmfzag4u5xqkgswabpp8zxrkzb"
+#password for write access. you need to set both. I know, it's stupid ;-)
+enable_password = "$2$17qeh8cdsqxgufkz9or9ecm6uquj6duk$tbniammzqfxdigogkm1abdoa78pmfzag4u5xqkgswabpp8zxrkzb"
 </file>
@@ Line 426: / Line 436: @@
 }
 </file>
-----
-let rspamd dkim sign our mails:
+==== dkim and arc mail signing ====
+To let Rspamd dkim sign outgoing mails, following is needed:
+<code>
 mkdir /etc/rspamd/dkim
 rspamadm dkim_keygen -b 2048 -s 2018 -k 2018.key > 2018.txt
-chown _rspamd:_rspamd -R dkim
+chown _rspamd:_rspamd -R /etc/rspamd/dkim
 chmod 440 /etc/rspamd/dkim/*
+</code>
-look at 2018.txt to see how dns entry should look like.
+Look at 2018.txt to see how your dns entry should look like. and then make that DNS-entry.
 edit file dkim_signing.conf
+<file>
 path = "/etc/rspamd/dkim/$selector.key";
 selector = "2018";
+# I need that, since in my case, usernames are without the domain.
+# Otherwise he won't do any dkim signing.
+allow_username_mismatch = true;
+</file>
-cp -R /etc/rspamd/local.d/dkim_signing.conf /etc/rspamd/local.d/arc.conf
+If you provide mailinglists, mail forwarding or similar  stuff, you also want to use arc. It has the same config as dkim. So we'll just generate a symlink for it:
+<code>
+ln -s /etc/rspamd/local.d/dkim_signing.conf /etc/rspamd/local.d/arc.conf
+</code>
----------------
+==== Clamav integration ====
 setup clamav for use with rspamd
@@ Line 489: / Line 509: @@
 ---------
+apache reverse proxy for web interface
+-----
 more fail2ban