diff --git a/README.md b/README.md index bcd29f69..ac0325c9 100644 --- a/README.md +++ b/README.md @@ -7,9 +7,10 @@ * [Change mail attachment size](https://bitbucket.org/zhb/docs.iredmail.org/src/default/howto/0-change.mail.attachment.size.md) * [Completely disable Amavisd + ClamAV + SpamAssassin](https://bitbucket.org/zhb/docs.iredmail.org/src/default/howto/0-completely.disable.amavisd.clamav.spamassassin.md) * [Enable SMTPS service (SMTP over SSL, port 465)](https://bitbucket.org/zhb/docs.iredmail.org/src/default/howto/0-enable.smtps.md) -* [Amavisd + SpamAssassin not working, no mail header (X-Spam-*) inserted.](https://bitbucket.org/zhb/docs.iredmail.org/src/default/howto/1-amavisd.no.x-spam.headers.md) * [Disable spam virus scanning for outgoing mails](https://bitbucket.org/zhb/docs.iredmail.org/src/default/howto/1-disable.spam.virus.scanning.for.outgoing.mails.md) +* [Amavisd + SpamAssassin not working, no mail header (X-Spam-*) inserted.](https://bitbucket.org/zhb/docs.iredmail.org/src/default/howto/1-no.x-spam.headers.md) * [Quarantining](https://bitbucket.org/zhb/docs.iredmail.org/src/default/howto/1-quarantining.md) +* [Sign DKIM signature on outgoing emails for new mail domain](https://bitbucket.org/zhb/docs.iredmail.org/src/default/howto/1-sign.dkim.signature.for.new.domain.md) * [Allow insecure POP3/IMAP/SMTP connections without STARTTLS](https://bitbucket.org/zhb/docs.iredmail.org/src/default/howto/2-allow.insecure.pop3.imap.smtp.connections.md) * [Allow user to send email without authentication](https://bitbucket.org/zhb/docs.iredmail.org/src/default/howto/allow.user.to.send.email.without.authentication.md) * [Configure Thunderbird as mail client (POP3/IMAP, SMTP and global ldap address book)](https://bitbucket.org/zhb/docs.iredmail.org/src/default/howto/configure.thunderbird.md) @@ -40,4 +41,5 @@ * [Turn on debug mode in Dovecot](https://bitbucket.org/zhb/docs.iredmail.org/src/default/troubleshooting/turn.on.debug.mode.in.dovecot.md) * [Turn on debug mode in OpenLDAP](https://bitbucket.org/zhb/docs.iredmail.org/src/default/troubleshooting/turn.on.debug.mode.in.openldap.md) # Frequently Asked Questions +* [Locations of configuration and log files of mojor components](https://bitbucket.org/zhb/docs.iredmail.org/src/default/faq/file.locations.md) * [Why append timestamp in maildir path](https://bitbucket.org/zhb/docs.iredmail.org/src/default/faq/why.append.timestamp.in.maildir.path.md) diff --git a/TODO.md b/TODO.md index 157628fb..e836e553 100644 --- a/TODO.md +++ b/TODO.md @@ -4,6 +4,8 @@ * How to enable per-recipient policy lookup in Amavisd (@lookup_sql_dsn). * How to enable DNSBL in Postfix. +* How to sign DKIM signature on sent emails for new mail domain. mention how + to use one DKIM key for all domains. # installation guides diff --git a/faq/file.locations.md b/faq/file.locations.md new file mode 100644 index 00000000..2bfda0c7 --- /dev/null +++ b/faq/file.locations.md @@ -0,0 +1,69 @@ +# Locations of configuration and log files of mojor components + +[TOC] + +## Postfix + +* on `Linux` and `OpenBSD`, Postfix config files are placed under `/etc/postfix/`. +* on `FreeBSD`, Postfix config files are placed under `/usr/local/etc/postfix/`. + +### Config files + +Main config files: + +* `main.cf`: contains most configurations. +* `master.cf`: contains transport related settings. +* `aliases`: aliases for system accounts. +* `helo_access.pcre`: PCRE regular expressions of HELO check rules. +* `ldap/*.cf`: used to query mail accounts. LDAP backends only. +* `mysql/*.cf`: used to query mail accounts. MySQL/MariaDB backends only. +* `pgsql/*.cf`: used to query mail accounts. PostgreSQL backend only. + +### Log files + +* on `RHEL/CentOS`, `FreeBSD`, `OpenBSD`, it's `/var/log/maillog`. +* on `Debian`, `Ubuntu`, it's `/var/log/mail.log`. + +## Dovecot + +* on `Linux` and `OpenBSD`, Dovecot config files are placed under `/etc/dovecot/`. +* on `FreeBSD`, Dovecot config files are placed under `/usr/local/etc/dovecot/`. + +### Config files + +Main config file is `dovecot.conf`. It contains most configurations. + +Addition config files: + +* `dovecot-ldap.conf`: used to query mail users and passwords. LDAP backends only. +* `dovecot-mysql.conf`: used to query mail users and passwords. MySQL/MariaDB backends only. +* `dovecot-pgsql.conf`: used to query mail users and passwords. PostgreSQL backend only. +* `dovecot-used-quota.conf`: used to store and query real-time per-user mailbox quota. +* `dovecot-share-folder.conf`: used to store settings of shared IMAP mailboxes. +* `dovecot-master-users-password`: used to store master users/passwords. + +### Log files + +* `/var/log/dovecot.log`: main log file. +* `/var/log/dovecot-sieve.log`: sieve related log. NOTE: on old iRedMail + releases, it's `/var/log/sieve.log`. +* `/var/log/dovecot-lmtp.log`: LMTP related log. + +## Amavisd + +### Main config files + +* on `RHEL/CentOS`: it's `/etc/amavisd/amavisd.conf`. +* on `Debian/Ubuntu`: it's `/etc/amavis/conf.d/50-user`. + + Debian/Ubuntu have some addition config files under `/etc/amavis/conf.d/`, + but you can always override them in file `/etc/amavis/conf.d/50-user`. + When we mention `amavisd.conf` in other tutorials, it means `50-user` on + Debian/Ubuntu. + +* on `FreeBSD`: it's `/usr/local/etc/amavisd.conf`. +* on `OpenBSD`: it's `/etc/amavisd.conf`. + +### Log files + +Amavisd is configured to log to [Postfix log file](#postfix) by iRedMail. diff --git a/howto/1-amavisd.no.x-spam.headers.md b/howto/1-no.x-spam.headers.md similarity index 100% rename from howto/1-amavisd.no.x-spam.headers.md rename to howto/1-no.x-spam.headers.md diff --git a/howto/1-sign.dkim.signature.for.new.domain.md b/howto/1-sign.dkim.signature.for.new.domain.md new file mode 100644 index 00000000..1fb838d7 --- /dev/null +++ b/howto/1-sign.dkim.signature.for.new.domain.md @@ -0,0 +1,87 @@ +# Sign DKIM signature on outgoing emails for new mail domain + +> Don't know where Amavisd config file is? check this tutorial: +> [Locations of configuration and log files of mojor components](file.locations.html#amavisd). + +iRedMail configures Amavisd to sign outgoing emails for the first mail domain +you added during iRedMail installation. If you added new mail domain, you +should update Amavisd config file to sign DKIM signature for it. + +Let's say your first mail domain added during iRedMail installation is +`mydomain.com`, and new mail domain is `newdomain.com`, please follow below +steps to enable DKIM signing for outgoing emails of this domain. + +* Generate new DKIM key for new domain. + +```shell +# amavisd-new genrsa /var/lib/dkim/newdomain.com.pem +``` + +* Find below setting in Amavisd config file `amavisd.conf`: + +``` +dkim_key('mydomain.com', "dkim", "/var/lib/dkim/mydomain.com.pem"); +``` + +Add one line after above line like below: + +``` +dkim_key('newdomain.com', "dkim", "/var/lib/dkim/newdomain.com.pem"); +``` + +* Find below setting in Amavisd config file `amavisd.conf`: + +``` +@dkim_signature_options_bysender_maps = ( { + ... + "mydomain.com" => { d => "mydomain.com", a => 'rsa-sha256', ttl => 10*24*3600 }, + ... +}); +``` + +Add one line after `"mydomain.com"` line like below: + +``` +@dkim_signature_options_bysender_maps = ( { + ... + "mydomain.com" => { d => "mydomain.com", a => 'rsa-sha256', ttl => 10*24*3600 }, + "newdomain.com" => { d => "newdomain.com", a => 'rsa-sha256', ttl => 10*24*3600 }, + ... +}); +``` + +* Restart Amavisd service. + +## Use one DKIM key for all mail domains + +For compatibility with dkim_milter the signing domain can include a '*' +as a wildcard - this is not recommended as this way amavisd could produce +signatures which have no corresponding public key published in DNS. +The proper way is to have one dkim_key entry for each mail domain. + +If you still want to try this, please follow below steps: + +* Find below setting in Amavisd config file `amavisd.conf`: + +``` +dkim_key('mydomain.com', "dkim", "/var/lib/dkim/mydomain.com.pem"); +``` + +* Replace it by below line: + +``` +dkim_key('*', "dkim", "/var/lib/dkim/mydomain.com.pem"); +``` + +* Restart Amavisd serivce. + +With above setting, all outbound emails with be signed with this dkim key. +And Amavisd will show a warning message when start amavisd service: + +> dkim: wildcard in signing domain (key#1, *), may produce unverifiable +> signatures with no published public key, avoid! + +## See also + +* Don't know what DKIM is? Check our tutorial here: + [What is a DKIM DNS record](setup_dns.html#dkim-record-for-your-mail-domain-name). diff --git a/html/css/markdown.css b/html/css/markdown.css index 9dde5cab..5adfa111 100644 --- a/html/css/markdown.css +++ b/html/css/markdown.css @@ -66,6 +66,7 @@ blockquote { border-left:.5em solid #eee; padding: 0 2em; margin-left:0; + font-style: italic; /*max-width: 476px;*/ } blockquote cite { diff --git a/html/file.locations.html b/html/file.locations.html new file mode 100644 index 00000000..55017e54 --- /dev/null +++ b/html/file.locations.html @@ -0,0 +1,99 @@ + +
+ +Linux
and OpenBSD
, Postfix config files are placed under /etc/postfix/
.FreeBSD
, Postfix config files are placed under /usr/local/etc/postfix/
.Main config files:
+main.cf
: contains most configurations.master.cf
: contains transport related settings.aliases
: aliases for system accounts.helo_access.pcre
: PCRE regular expressions of HELO check rules.ldap/*.cf
: used to query mail accounts. LDAP backends only.mysql/*.cf
: used to query mail accounts. MySQL/MariaDB backends only.pgsql/*.cf
: used to query mail accounts. PostgreSQL backend only.RHEL/CentOS
, FreeBSD
, OpenBSD
, it's /var/log/maillog
.Debian
, Ubuntu
, it's /var/log/mail.log
.Linux
and OpenBSD
, Dovecot config files are placed under /etc/dovecot/
.FreeBSD
, Dovecot config files are placed under /usr/local/etc/dovecot/
.Main config file is dovecot.conf
. It contains most configurations.
Addition config files:
+dovecot-ldap.conf
: used to query mail users and passwords. LDAP backends only.dovecot-mysql.conf
: used to query mail users and passwords. MySQL/MariaDB backends only.dovecot-pgsql.conf
: used to query mail users and passwords. PostgreSQL backend only.dovecot-used-quota.conf
: used to store and query real-time per-user mailbox quota.dovecot-share-folder.conf
: used to store settings of shared IMAP mailboxes.dovecot-master-users-password
: used to store master users/passwords./var/log/dovecot.log
: main log file./var/log/dovecot-sieve.log
: sieve related log. NOTE: on old iRedMail
+ releases, it's /var/log/sieve.log
./var/log/dovecot-lmtp.log
: LMTP related log.RHEL/CentOS
: it's /etc/amavisd/amavisd.conf
.on Debian/Ubuntu
: it's /etc/amavis/conf.d/50-user
.
Debian/Ubuntu have some addition config files under /etc/amavis/conf.d/
,
+but you can always override them in file /etc/amavis/conf.d/50-user
.
+When we mention amavisd.conf
in other tutorials, it means 50-user
on
+Debian/Ubuntu.
on FreeBSD
: it's /usr/local/etc/amavisd.conf
.
OpenBSD
: it's /etc/amavisd.conf
.Amavisd is configured to log to Postfix log file by iRedMail.
If you found something wrong +in this document, please do +contact us to fix it.
©© Creative Commons