RMM DokuWiki

User Tools

Site Tools

You are here: start » linux_server_manuals » dovecot_ldap_rspamd
linux_server_manuals:dovecot_ldap_rspamd

Differences

This shows you the differences between two versions of the page.

Link to this comparison view

Both sides previous revisionPrevious revision
Next revision		Previous revision
linux_server_manuals:dovecot_ldap_rspamd [2018/01/15 20:37] – [Headline] ronneylinux_server_manuals:dovecot_ldap_rspamd [2018/01/28 18:49] (current) – [Clamav integration] ronney
Line 211: Line 211:
 #map with aliases #map with aliases
 virtual_alias_maps = hash:/etc/postfix/virtual-alias-map virtual_alias_maps = hash:/etc/postfix/virtual-alias-map
 +# If you have some docker containers or similar stuff, we need to add the
 +# 172.17.0.0/16 subnet to mynetwork, so they are able to send mail.
 +# If you don't use that subnet, you can leave that directive on it's default setting.
 +mynetworks = 127.0.0.0/8 [::ffff:127.0.0.0]/104 [::1]/128 172.17.0.0/16
 </file> </file>
  
Line 270: Line 274:
 Then enter that hash in the file /etc/rspamd/local.d/worker-controller.inc Then enter that hash in the file /etc/rspamd/local.d/worker-controller.inc
 <file> <file>
 +#password for read access
 password = "$2$17qeh8cdsqxgufkz9or9ecm6uquj6duk$tbniammzqfxdigogkm1abdoa78pmfzag4u5xqkgswabpp8zxrkzb" password = "$2$17qeh8cdsqxgufkz9or9ecm6uquj6duk$tbniammzqfxdigogkm1abdoa78pmfzag4u5xqkgswabpp8zxrkzb"
 +#password for write access. you need to set both. I know, it's stupid ;-)
 +enable_password = "$2$17qeh8cdsqxgufkz9or9ecm6uquj6duk$tbniammzqfxdigogkm1abdoa78pmfzag4u5xqkgswabpp8zxrkzb"
 </file> </file>
  
Line 279: Line 286:
 milter = yes; milter = yes;
 timeout = 120s; timeout = 120s;
-strict_auth=yes; #So also outgoing mails are also scanned. needed for dkim signing 
 upstream "local" { upstream "local" {
     default = yes;     default = yes;
Line 431: Line 437:
 </file> </file>
  
-==== dkim mail signing ====+==== dkim and arc mail signing ====
  
-let rspamd dkim sign our mails:+To let Rspamd dkim sign outgoing mails, following is needed
  
 +<code>
 mkdir /etc/rspamd/dkim mkdir /etc/rspamd/dkim
 rspamadm dkim_keygen -b 2048 -s 2018 -k 2018.key > 2018.txt rspamadm dkim_keygen -b 2048 -s 2018 -k 2018.key > 2018.txt
-chown _rspamd:_rspamd -R dkim+chown _rspamd:_rspamd -R /etc/rspamd/dkim
 chmod 440 /etc/rspamd/dkim/* chmod 440 /etc/rspamd/dkim/*
 +</code>
  
-look at 2018.txt to see how dns entry should look like.+Look at 2018.txt to see how your dns entry should look like. and then make that DNS-entry.
  
 edit file dkim_signing.conf edit file dkim_signing.conf
 +<file>
 path = "/etc/rspamd/dkim/$selector.key"; path = "/etc/rspamd/dkim/$selector.key";
 selector = "2018"; selector = "2018";
  
 +# I need that, since in my case, usernames are without the domain.
 +# Otherwise he won't do any dkim signing.
 +allow_username_mismatch = true;
 +</file>
  
-cp -/etc/rspamd/local.d/dkim_signing.conf /etc/rspamd/local.d/arc.conf+If you provide mailinglists, mail forwarding or similar  stuff, you also want to use arc. It has the same config as dkim. So we'll just generate a symlink for it: 
 +<code> 
 +ln -/etc/rspamd/local.d/dkim_signing.conf /etc/rspamd/local.d/arc.conf 
 +</code>
  
----------------+==== Clamav integration ====
  
 setup clamav for use with rspamd setup clamav for use with rspamd
Line 494: Line 509:
  
 --------- ---------
 +apache reverse proxy for web interface
 +-----
 +
 more fail2ban more fail2ban
  
linux_server_manuals/dovecot_ldap_rspamd.1516048645.txt.gz · Last modified: 2018/01/15 20:37 by ronney