From: Christian Heller Date: Tue, 27 Nov 2018 21:53:01 +0000 (+0100) Subject: WIP. X-Git-Url: https://plomlompom.com/repos/add_task?a=commitdiff_plain;h=51f9a28f9bd2e65cdaf51062a9586a0f747cf41b;p=config WIP. --- diff --git a/all_new_2018/linkable_etc_files/mail/etc/opendkim.conf b/all_new_2018/linkable_etc_files/mail/etc/opendkim.conf index c7691ea..dbd31b4 100644 --- a/all_new_2018/linkable_etc_files/mail/etc/opendkim.conf +++ b/all_new_2018/linkable_etc_files/mail/etc/opendkim.conf @@ -6,7 +6,7 @@ Syslog yes # Required to use local socket with MTAs that access the socket as a non- # privileged user (e.g. Postfix) -UMask 002 +UMask 007 # Sign for example.com with key in /etc/dkimkeys/dkim.key using # selector '2007' (e.g. 2007._domainkey.example.com) diff --git a/all_new_2018/linkable_etc_files/server/etc/iptables/rules.v4 b/all_new_2018/linkable_etc_files/server/etc/iptables/rules.v4 index fa4882d..3e518d5 100644 --- a/all_new_2018/linkable_etc_files/server/etc/iptables/rules.v4 +++ b/all_new_2018/linkable_etc_files/server/etc/iptables/rules.v4 @@ -8,6 +8,9 @@ -A INPUT -p icmp -j ACCEPT # SSH -A INPUT -p tcp --dport 22 -j ACCEPT +# HTTP; uncomment for creating LetsEncrypt certificates in standalone mode. +#-A INPUT -p tcp --dport 80 -j ACCEPT +# SMTP (allowing for STARTTLS); necessary for mail server to mail server banter # HTTPS in theory, in practice my second SSH port, see sshd_config -A INPUT -p tcp --dport 443 -j ACCEPT # SMTP (allowing for STARTTLS); necessary for mail server to mail server banter diff --git a/all_new_2018/setup_mail.sh b/all_new_2018/setup_mail.sh index 285ecb6..f19d36e 100755 --- a/all_new_2018/setup_mail.sh +++ b/all_new_2018/setup_mail.sh @@ -1,8 +1,8 @@ #/bin/sh set -e -selector=$1 -if [ ! -n "${selector}" ]; then +dkim_selector=$1 +if [ ! -n "${dkim_selector}" ]; then echo "Give DKIM selector argument." false fi @@ -12,14 +12,17 @@ mkdir -p /etc/dkimkeys/ add_dkim_record=0 if [ ! -f "/etc/dkimkeys/${dkim_selector}.private" ]; then add_dkim_record=1 + set +e dpkg -s opendkim-tools &> /dev/null preinstalled="$?" + set -e if [ ! "${preinstalled}" -eq "0" ]; then apt install -y opendkim-tools fi opendkim-genkey -s "${dkim_selector}" + mv "${dkim_selector}.private" /etc/dkimkeys/ if [ ! "${preinstalled}" -eq "0" ]; then - apt --purge autoremove opendkim-tools + apt -y --purge autoremove opendkim-tools fi fi @@ -41,7 +44,8 @@ echo "$(hostname -f)" > /etc/mailname # Everything should now be ready for installations. apt install -y postfix dovecot-imapd opendkim -echo "TODO: Ensure a proper SPF entry for this system in your DNS configuration." +echo "TODO: Ensure MX entry for your system in your DNS configuration." +echo "TODO: Ensure a proper SPF entry for this system in your DNS configuration; something like 'v=spf1 a mx -all' mapped to your subdomain." if [ "${add_dkim_record}" -eq "1" ]; then echo "TODO: Add the following DKIM entry to your DNS configuration (possibly with slightly changed host entry – if your mail domain includes a subdomain, append that with a dot):" cat "${dkim_selector}.txt"