WormNet Wiki

User Tools

Site Tools

Trace:
mail

Differences

This shows you the differences between two versions of the page.

Link to this comparison view

Both sides previous revisionPrevious revision
Next revision		Previous revision
mail [2014/05/17 20:08] – [DKIM] mbmail [2019/09/29 15:34] (current) – [account creation] mb
Line 2: Line 2:
  
 marmot provides a multi-domain IMAP/SMTP mail service, powered by [[http://www.exim.org/|Exim]] and [[http://www.cyrusimap.org/|Cyrus IMAP]]. marmot provides a multi-domain IMAP/SMTP mail service, powered by [[http://www.exim.org/|Exim]] and [[http://www.cyrusimap.org/|Cyrus IMAP]].
- 
-SSL is available, using a locally-brewed marmot.wormnet.eu certificate. 
  
 All IPC with backend services (spamd, clamd, pgsql, lmtpd) is performed over unix domain sockets. All IPC with backend services (spamd, clamd, pgsql, lmtpd) is performed over unix domain sockets.
Line 55: Line 53:
 If it's a new domain, please add it to the ''loginrealms'' line in ''/etc/imapd.conf'' on marmot. If it's a new domain, please add it to the ''loginrealms'' line in ''/etc/imapd.conf'' on marmot.
  
-Then use ''cyradm -u cyrus localhost'' on marmot (password in aformentioned ''shadow'' table) and issue "''cm user/username@domain''". Then set an appropriate quota, eg ''sq user/username@domain 100000''.+Then use ''cyradm -u cyrus localhost'' on marmot (password in aformentioned ''shadow'' table) and issue "''cm user/username@domain''". Then set an appropriate quota, eg ''sq user/username@domain STORAGE 100000''
 + 
 +==== shared mailboxes ==== 
 + 
 +A mailbox which does //not// begin ''user/'' is not in an INBOX, but a shared mailbox. You can create them in ''cyradm'' with ''cm'', as above, then use ''sam'' and ''lam'' to set and view appropriate permissions, eg: 
 + 
 +  localhost> lam admin/postmaster@wormnet.eu 
 +  anyone p 
 +  lentinj@wormnet.eu lrswipkxtecd 
 +  mb@wormnet.eu lrswipkxtecd 
 + 
 +If, as in this example, you set ''anyone p'', then Exim will deliver straight into that mailbox with e-mail address ''+admin/postmaster@wormnet.eu''.
  
 ===== aliases/forwarding ===== ===== aliases/forwarding =====
Line 95: Line 104:
   INSERT INTO dkim VALUES ('wormnet.eu', 'cat');   INSERT INTO dkim VALUES ('wormnet.eu', 'cat');
      
-Then generate a keypair on marmot (1024-bit still considered right in 2014):+Then generate a keypair on marmot (1024-bit considered right in 2014; latterly 2048 suggested in RFC8301):
  
 +  SELECTOR="cat"
   cd /etc/exim4/dkim   cd /etc/exim4/dkim
   mkdir -m 750 wormnet.eu   mkdir -m 750 wormnet.eu
   cd wormnet.eu   cd wormnet.eu
-  openssl genrsa -out cat 1024 +  openssl genrsa -out ${SELECTOR} 1024 
-  openssl rsa -in cat -out cat.pub -pubout -outform PEM +  openssl rsa -in ${SELECTOR} -out ${SELECTOR}.pub -pubout -outform PEM 
-  chmod o= cat*+  chmod o= ${SELECTOR}* 
 +  echo "v=DKIM1; h=sha256; p=$(grep -vE '^\-\-\-' ${SELECTOR}.pub | tr -d '\n'); t=s;"
  
 And finally mangle the public key into a DNS TXT record. See [[http://www.zytrax.com/books/dns/ch9/dkim.html|here]] for some tweakables. And finally mangle the public key into a DNS TXT record. See [[http://www.zytrax.com/books/dns/ch9/dkim.html|here]] for some tweakables.
Line 108: Line 119:
   _adsp._domainkey IN TXT "dkim=all;"   _adsp._domainkey IN TXT "dkim=all;"
   cat._domainkey   IN TXT "v=DKIM1; h=sha256; p=MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCzl70kXqRENAgRfWRZ2WyvLtdQe22E1OvZMgIAwPV8GHraN2z0YCXgkeO7DW5t/0sOOa9z/hOmASTilds0oo2qgCmcJwV/YzGNAY0nw1CWAawIr5LlkLGzrLwvSv69iMsQJlsHMbqij0ljQpVuJ+DY5S0FYsgMlnyYWgE4EmEL5wIDAQAB; t=s;"   cat._domainkey   IN TXT "v=DKIM1; h=sha256; p=MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCzl70kXqRENAgRfWRZ2WyvLtdQe22E1OvZMgIAwPV8GHraN2z0YCXgkeO7DW5t/0sOOa9z/hOmASTilds0oo2qgCmcJwV/YzGNAY0nw1CWAawIr5LlkLGzrLwvSv69iMsQJlsHMbqij0ljQpVuJ+DY5S0FYsgMlnyYWgE4EmEL5wIDAQAB; t=s;"
 +==== key rotation ====
 +
 +Just make a new keypair (with a new name) / and associated TXT record. Then ''UPDATE'' your row in the ''dkim'' table. The old TXT record can be deleted after a week.
 +
 +People seem to think rotating keys quarterly is a good idea.
  
 ===== Allowing mail relaying from particular hosts ===== ===== Allowing mail relaying from particular hosts =====
mail.1400357325.txt.gz · Last modified: 2014/05/17 20:08 by mb