diff --git a/README.md b/README.md index bcd29f69..ac0325c9 100644 --- a/README.md +++ b/README.md @@ -7,9 +7,10 @@ * [Change mail attachment size](https://bitbucket.org/zhb/docs.iredmail.org/src/default/howto/0-change.mail.attachment.size.md) * [Completely disable Amavisd + ClamAV + SpamAssassin](https://bitbucket.org/zhb/docs.iredmail.org/src/default/howto/0-completely.disable.amavisd.clamav.spamassassin.md) * [Enable SMTPS service (SMTP over SSL, port 465)](https://bitbucket.org/zhb/docs.iredmail.org/src/default/howto/0-enable.smtps.md) -* [Amavisd + SpamAssassin not working, no mail header (X-Spam-*) inserted.](https://bitbucket.org/zhb/docs.iredmail.org/src/default/howto/1-amavisd.no.x-spam.headers.md) * [Disable spam virus scanning for outgoing mails](https://bitbucket.org/zhb/docs.iredmail.org/src/default/howto/1-disable.spam.virus.scanning.for.outgoing.mails.md) +* [Amavisd + SpamAssassin not working, no mail header (X-Spam-*) inserted.](https://bitbucket.org/zhb/docs.iredmail.org/src/default/howto/1-no.x-spam.headers.md) * [Quarantining](https://bitbucket.org/zhb/docs.iredmail.org/src/default/howto/1-quarantining.md) +* [Sign DKIM signature on outgoing emails for new mail domain](https://bitbucket.org/zhb/docs.iredmail.org/src/default/howto/1-sign.dkim.signature.for.new.domain.md) * [Allow insecure POP3/IMAP/SMTP connections without STARTTLS](https://bitbucket.org/zhb/docs.iredmail.org/src/default/howto/2-allow.insecure.pop3.imap.smtp.connections.md) * [Allow user to send email without authentication](https://bitbucket.org/zhb/docs.iredmail.org/src/default/howto/allow.user.to.send.email.without.authentication.md) * [Configure Thunderbird as mail client (POP3/IMAP, SMTP and global ldap address book)](https://bitbucket.org/zhb/docs.iredmail.org/src/default/howto/configure.thunderbird.md) @@ -40,4 +41,5 @@ * [Turn on debug mode in Dovecot](https://bitbucket.org/zhb/docs.iredmail.org/src/default/troubleshooting/turn.on.debug.mode.in.dovecot.md) * [Turn on debug mode in OpenLDAP](https://bitbucket.org/zhb/docs.iredmail.org/src/default/troubleshooting/turn.on.debug.mode.in.openldap.md) # Frequently Asked Questions +* [Locations of configuration and log files of mojor components](https://bitbucket.org/zhb/docs.iredmail.org/src/default/faq/file.locations.md) * [Why append timestamp in maildir path](https://bitbucket.org/zhb/docs.iredmail.org/src/default/faq/why.append.timestamp.in.maildir.path.md) diff --git a/TODO.md b/TODO.md index 157628fb..e836e553 100644 --- a/TODO.md +++ b/TODO.md @@ -4,6 +4,8 @@ * How to enable per-recipient policy lookup in Amavisd (@lookup_sql_dsn). * How to enable DNSBL in Postfix. +* How to sign DKIM signature on sent emails for new mail domain. mention how + to use one DKIM key for all domains. # installation guides diff --git a/faq/file.locations.md b/faq/file.locations.md new file mode 100644 index 00000000..2bfda0c7 --- /dev/null +++ b/faq/file.locations.md @@ -0,0 +1,69 @@ +# Locations of configuration and log files of mojor components + +[TOC] + +## Postfix + +* on `Linux` and `OpenBSD`, Postfix config files are placed under `/etc/postfix/`. +* on `FreeBSD`, Postfix config files are placed under `/usr/local/etc/postfix/`. + +### Config files + +Main config files: + +* `main.cf`: contains most configurations. +* `master.cf`: contains transport related settings. +* `aliases`: aliases for system accounts. +* `helo_access.pcre`: PCRE regular expressions of HELO check rules. +* `ldap/*.cf`: used to query mail accounts. LDAP backends only. +* `mysql/*.cf`: used to query mail accounts. MySQL/MariaDB backends only. +* `pgsql/*.cf`: used to query mail accounts. PostgreSQL backend only. + +### Log files + +* on `RHEL/CentOS`, `FreeBSD`, `OpenBSD`, it's `/var/log/maillog`. +* on `Debian`, `Ubuntu`, it's `/var/log/mail.log`. + +## Dovecot + +* on `Linux` and `OpenBSD`, Dovecot config files are placed under `/etc/dovecot/`. +* on `FreeBSD`, Dovecot config files are placed under `/usr/local/etc/dovecot/`. + +### Config files + +Main config file is `dovecot.conf`. It contains most configurations. + +Addition config files: + +* `dovecot-ldap.conf`: used to query mail users and passwords. LDAP backends only. +* `dovecot-mysql.conf`: used to query mail users and passwords. MySQL/MariaDB backends only. +* `dovecot-pgsql.conf`: used to query mail users and passwords. PostgreSQL backend only. +* `dovecot-used-quota.conf`: used to store and query real-time per-user mailbox quota. +* `dovecot-share-folder.conf`: used to store settings of shared IMAP mailboxes. +* `dovecot-master-users-password`: used to store master users/passwords. + +### Log files + +* `/var/log/dovecot.log`: main log file. +* `/var/log/dovecot-sieve.log`: sieve related log. NOTE: on old iRedMail + releases, it's `/var/log/sieve.log`. +* `/var/log/dovecot-lmtp.log`: LMTP related log. + +## Amavisd + +### Main config files + +* on `RHEL/CentOS`: it's `/etc/amavisd/amavisd.conf`. +* on `Debian/Ubuntu`: it's `/etc/amavis/conf.d/50-user`. + + Debian/Ubuntu have some addition config files under `/etc/amavis/conf.d/`, + but you can always override them in file `/etc/amavis/conf.d/50-user`. + When we mention `amavisd.conf` in other tutorials, it means `50-user` on + Debian/Ubuntu. + +* on `FreeBSD`: it's `/usr/local/etc/amavisd.conf`. +* on `OpenBSD`: it's `/etc/amavisd.conf`. + +### Log files + +Amavisd is configured to log to [Postfix log file](#postfix) by iRedMail. diff --git a/howto/1-amavisd.no.x-spam.headers.md b/howto/1-no.x-spam.headers.md similarity index 100% rename from howto/1-amavisd.no.x-spam.headers.md rename to howto/1-no.x-spam.headers.md diff --git a/howto/1-sign.dkim.signature.for.new.domain.md b/howto/1-sign.dkim.signature.for.new.domain.md new file mode 100644 index 00000000..1fb838d7 --- /dev/null +++ b/howto/1-sign.dkim.signature.for.new.domain.md @@ -0,0 +1,87 @@ +# Sign DKIM signature on outgoing emails for new mail domain + +> Don't know where Amavisd config file is? check this tutorial: +> [Locations of configuration and log files of mojor components](file.locations.html#amavisd). + +iRedMail configures Amavisd to sign outgoing emails for the first mail domain +you added during iRedMail installation. If you added new mail domain, you +should update Amavisd config file to sign DKIM signature for it. + +Let's say your first mail domain added during iRedMail installation is +`mydomain.com`, and new mail domain is `newdomain.com`, please follow below +steps to enable DKIM signing for outgoing emails of this domain. + +* Generate new DKIM key for new domain. + +```shell +# amavisd-new genrsa /var/lib/dkim/newdomain.com.pem +``` + +* Find below setting in Amavisd config file `amavisd.conf`: + +``` +dkim_key('mydomain.com', "dkim", "/var/lib/dkim/mydomain.com.pem"); +``` + +Add one line after above line like below: + +``` +dkim_key('newdomain.com', "dkim", "/var/lib/dkim/newdomain.com.pem"); +``` + +* Find below setting in Amavisd config file `amavisd.conf`: + +``` +@dkim_signature_options_bysender_maps = ( { + ... + "mydomain.com" => { d => "mydomain.com", a => 'rsa-sha256', ttl => 10*24*3600 }, + ... +}); +``` + +Add one line after `"mydomain.com"` line like below: + +``` +@dkim_signature_options_bysender_maps = ( { + ... + "mydomain.com" => { d => "mydomain.com", a => 'rsa-sha256', ttl => 10*24*3600 }, + "newdomain.com" => { d => "newdomain.com", a => 'rsa-sha256', ttl => 10*24*3600 }, + ... +}); +``` + +* Restart Amavisd service. + +## Use one DKIM key for all mail domains + +For compatibility with dkim_milter the signing domain can include a '*' +as a wildcard - this is not recommended as this way amavisd could produce +signatures which have no corresponding public key published in DNS. +The proper way is to have one dkim_key entry for each mail domain. + +If you still want to try this, please follow below steps: + +* Find below setting in Amavisd config file `amavisd.conf`: + +``` +dkim_key('mydomain.com', "dkim", "/var/lib/dkim/mydomain.com.pem"); +``` + +* Replace it by below line: + +``` +dkim_key('*', "dkim", "/var/lib/dkim/mydomain.com.pem"); +``` + +* Restart Amavisd serivce. + +With above setting, all outbound emails with be signed with this dkim key. +And Amavisd will show a warning message when start amavisd service: + +> dkim: wildcard in signing domain (key#1, *), may produce unverifiable +> signatures with no published public key, avoid! + +## See also + +* Don't know what DKIM is? Check our tutorial here: + [What is a DKIM DNS record](setup_dns.html#dkim-record-for-your-mail-domain-name). diff --git a/html/css/markdown.css b/html/css/markdown.css index 9dde5cab..5adfa111 100644 --- a/html/css/markdown.css +++ b/html/css/markdown.css @@ -66,6 +66,7 @@ blockquote { border-left:.5em solid #eee; padding: 0 2em; margin-left:0; + font-style: italic; /*max-width: 476px;*/ } blockquote cite { diff --git a/html/file.locations.html b/html/file.locations.html new file mode 100644 index 00000000..55017e54 --- /dev/null +++ b/html/file.locations.html @@ -0,0 +1,99 @@ + + + + Locations of configuration and log files of mojor components + + + + +

Locations of configuration and log files of mojor components

+
+ +
+

Postfix

+ +

Config files

+

Main config files:

+ +

Log files

+ +

Dovecot

+ +

Config files

+

Main config file is dovecot.conf. It contains most configurations.

+

Addition config files:

+ +

Log files

+ +

Amavisd

+

Main config files

+ +

Log files

+

Amavisd is configured to log to Postfix log file by iRedMail.


If you found something wrong +in this document, please do +contact us to fix it.

©© Creative Commons

\ No newline at end of file diff --git a/html/index.html b/html/index.html index 48459cc5..ee91b330 100644 --- a/html/index.html +++ b/html/index.html @@ -23,9 +23,10 @@
  • Change mail attachment size
  • Completely disable Amavisd + ClamAV + SpamAssassin
  • Enable SMTPS service (SMTP over SSL, port 465)
    • -
  • Amavisd + SpamAssassin not working, no mail header (X-Spam-*) inserted.
  • Disable spam virus scanning for outgoing mails
    • +
  • Amavisd + SpamAssassin not working, no mail header (X-Spam-*) inserted.
  • Quarantining
    • +
  • Sign DKIM signature on outgoing emails for new mail domain
  • Allow insecure POP3/IMAP/SMTP connections without STARTTLS
  • Allow user to send email without authentication
  • Configure Thunderbird as mail client (POP3/IMAP, SMTP and global ldap address book)
    • @@ -66,5 +67,6 @@

    Frequently Asked Questions

    ©© Creative Commons

    \ No newline at end of file diff --git a/html/install.iredmail.on.rhel.html b/html/install.iredmail.on.rhel.html index 638fd096..3fdd3a2f 100644 --- a/html/install.iredmail.on.rhel.html +++ b/html/install.iredmail.on.rhel.html @@ -128,7 +128,7 @@ value in its config file /etc/selinux/config.

    It's now ready to start iRedMail installer, it will ask you several simple questions, that's all steps to setup a full-featured mail server.

    -

    For Chinese users: Our domain name "iredmail.org" is blocked in China mainland since Jun 04, 2011, please replace all 'iredmail.org' by its IP address "106.187.51.47" (without quotes) in /root/iRedMail-x.y.z/pkgs/get_all.sh BEFORE executing "iRedMail.sh". This is a Linode VPS hosted on Tokyo, Japan.

    +

    For Chinese users: Our domain name "iredmail.org" is blocked in China mainland since Jun 04, 2011, please replace all 'iredmail.org' by its IP address "106.187.51.47" (without quotes) in /root/iRedMail-x.y.z/pkgs/get_all.sh BEFORE executing "iRedMail.sh". This is a Linode VPS hosted in Tokyo, Japan.

    # cd /root/iRedMail-x.y.z/
 # bash iRedMail.sh
diff --git a/html/amavisd.no.x-spam.headers.html b/html/no.x-spam.headers.html
similarity index 100%
rename from html/amavisd.no.x-spam.headers.html
rename to html/no.x-spam.headers.html
diff --git a/html/sign.dkim.signature.for.new.domain.html b/html/sign.dkim.signature.for.new.domain.html
new file mode 100644
index 00000000..03059e55
--- /dev/null
+++ b/html/sign.dkim.signature.for.new.domain.html
@@ -0,0 +1,95 @@
+
+    
+        
+        Sign DKIM signature on outgoing emails for new mail domain
+        
+    
+    
+    
+    
    Sign DKIM signature on outgoing emails for new mail domain
    
+
    
+
    Don't know where Amavisd config file is? check this tutorial:
+Locations of configuration and log files of mojor components.
    
+
    
+
    iRedMail configures Amavisd to sign outgoing emails for the first mail domain
+you added during iRedMail installation. If you added new mail domain, you
+should update Amavisd config file to sign DKIM signature for it.
    
+
    Let's say your first mail domain added during iRedMail installation is
+mydomain.com, and new mail domain is newdomain.com, please follow below
+steps to enable DKIM signing for outgoing emails of this domain.
    
+
+
    # amavisd-new genrsa /var/lib/dkim/newdomain.com.pem
+
    
+
+
+
    dkim_key('mydomain.com', "dkim", "/var/lib/dkim/mydomain.com.pem");
+
    
+
+
    Add one line after above line like below:
    
+
    dkim_key('newdomain.com', "dkim", "/var/lib/dkim/newdomain.com.pem");
+
    
+
+
+
    @dkim_signature_options_bysender_maps = ( {
+    ...
+    "mydomain.com"  => { d => "mydomain.com", a => 'rsa-sha256', ttl => 10*24*3600 },
+    ...
+});
+
    
+
+
    Add one line after "mydomain.com" line like below:
    
+
    @dkim_signature_options_bysender_maps = ( {
+    ...
+    "mydomain.com"  => { d => "mydomain.com", a => 'rsa-sha256', ttl => 10*24*3600 },
+    "newdomain.com"  => { d => "newdomain.com", a => 'rsa-sha256', ttl => 10*24*3600 },
+    ...
+});
+
    
+
+
+
    Use one DKIM key for all mail domains
    
+
    For compatibility with dkim_milter the signing domain can include a '*'
+as a wildcard - this is not recommended as this way amavisd could produce
+signatures which have no corresponding public key published in DNS.
+The proper way is to have one dkim_key entry for each mail domain.
    
+
    If you still want to try this, please follow below steps:
    
+
+
    dkim_key('mydomain.com', "dkim", "/var/lib/dkim/mydomain.com.pem");
+
    
+
+
+
    dkim_key('*', "dkim", "/var/lib/dkim/mydomain.com.pem");
+
    
+
+
+
    With above setting, all outbound emails with be signed with this dkim key.
+And Amavisd will show a warning message when start amavisd service:
    
+
    
+
    dkim: wildcard in signing domain (key#1, *), may produce unverifiable
+signatures with no published public key, avoid!
    
+
    
+
    See also
    
+
    If you found something wrong
+in this document, please do
+contact us to fix it.
    ©© Creative Commons
    
\ No newline at end of file
diff --git a/html/turn.on.debug.mode.in.dovecot.html b/html/turn.on.debug.mode.in.dovecot.html
index fa54502d..f76c61bc 100644
--- a/html/turn.on.debug.mode.in.dovecot.html
+++ b/html/turn.on.debug.mode.in.dovecot.html
@@ -11,23 +11,16 @@
     
         // Document Index
     
    Turn on debug mode in Dovecot
    
+
    
+
    Don't know where Amavisd config file is? check this tutorial:
+Locations of configuration and log files of mojor components.
    
+
    
 
    To turn on debug mode in Dovecot, please update below parameter in Dovecot
 config file dovecot.conf:
    
-
 
    mail_debug = yes
 
    
 
 
    Restart Dovecot service.
    
-
    Dovecot is configured to log into 3 log files:
    
-
 
    If you need authentication and password related debug message, turn on related
 settings and restart dovecot service.
    
 
    auth_verbose = yes
diff --git a/installation/install.iredmail.on.rhel.md b/installation/install.iredmail.on.rhel.md
index e42aa6d3..b1019495 100644
--- a/installation/install.iredmail.on.rhel.md
+++ b/installation/install.iredmail.on.rhel.md
@@ -105,7 +105,7 @@ Now disable it immediately without rebooting your server.
 It's now ready to start iRedMail installer, it will ask you several simple
 questions, that's all steps to setup a full-featured mail server.
 
-> For Chinese users: Our domain name "iredmail.org" is blocked in China mainland since Jun 04, 2011, please replace all 'iredmail.org' by its IP address "106.187.51.47" (without quotes) in /root/iRedMail-x.y.z/pkgs/get_all.sh BEFORE executing "iRedMail.sh". This is a Linode VPS hosted on Tokyo, Japan.
+> For Chinese users: Our domain name "iredmail.org" is blocked in China mainland since Jun 04, 2011, please replace all 'iredmail.org' by its IP address "106.187.51.47" (without quotes) in /root/iRedMail-x.y.z/pkgs/get_all.sh BEFORE executing "iRedMail.sh". This is a Linode VPS hosted in Tokyo, Japan.
 
 ```
 # cd /root/iRedMail-x.y.z/
diff --git a/troubleshooting/turn.on.debug.mode.in.dovecot.md b/troubleshooting/turn.on.debug.mode.in.dovecot.md
index 74aa4cde..b1fbfbe0 100644
--- a/troubleshooting/turn.on.debug.mode.in.dovecot.md
+++ b/troubleshooting/turn.on.debug.mode.in.dovecot.md
@@ -1,24 +1,17 @@
 # Turn on debug mode in Dovecot
 
+> Don't know where Amavisd config file is? check this tutorial:
+> [Locations of configuration and log files of mojor components](file.locations.html#dovecot).
+
 To turn on debug mode in Dovecot, please update below parameter in Dovecot
 config file `dovecot.conf`:
 
-* on Linux and OpenBSD, it's `/etc/dovecot/dovecot.conf`
-* on FreeBSD, it's `/usr/local/etc/dovecot/dovecot.conf`
-
 ```
 mail_debug = yes
 ```
 
 Restart Dovecot service.
 
-Dovecot is configured to log into 3 log files:
-
-* `/var/log/dovecot.log`: main log file.
-* `/var/log/dovecot-sieve.log`: sieve related log.
-* `/var/log/dovecot-lmtp.log`: lmtp related log. __NOTE__: old iRedMail release
-  doesn't have this file.
-
 If you need authentication and password related debug message, turn on related
 settings and restart dovecot service.