TARDIS Project

User Tools

Site Tools

Trace:
hosts:virtual_machines:web:mail

Differences

This shows you the differences between two versions of the page.

Link to this comparison view

Both sides previous revisionPrevious revision
Next revision		Previous revision
hosts:virtual_machines:web:mail [2023/02/21 20:20] tcmalhosts:virtual_machines:web:mail [2023/08/30 17:55] (current) – [Configuration locations] tcmal
Line 1: Line 1:
 [[meta:autogen:start|​]] [[meta:autogen:start|​]]
 +===== Mail =====
 ^ Name | Mail | ^ Name | Mail |
 ^ Ports | 993, 587, 143, 465, 25 (tcp) | ^ Ports | 993, 587, 143, 465, 25 (tcp) |
Line 12: Line 13:
  
   - Postfix receives an incoming SMTP connection   - Postfix receives an incoming SMTP connection
-  - Postfix queries [[hosts:enclave:ldap|LDAP]] to find the user/alias for the address.+  - Postfix queries [[hosts:virtual_machines:enclave:ldap|LDAP]] to find the user/alias for the address.
   - Postfix checks it with rspamd   - Postfix checks it with rspamd
   - If rspamd decides we should deliver it, we pass it to dovecot through LMTP   - If rspamd decides we should deliver it, we pass it to dovecot through LMTP
-  - Dovecot queries [[hosts:enclave:ldap|LDAP]] again and places it in the user's mailbox+  - Dovecot queries [[hosts:virtual_machines:enclave:ldap|LDAP]] again and places it in the user's mailbox
   - The user then uses their MUA to access their mailbox through dovecot (over IMAP)   - The user then uses their MUA to access their mailbox through dovecot (over IMAP)
  
Line 22: Line 23:
   - Postfix receives an SMTP connection on port 587   - Postfix receives an SMTP connection on port 587
   - The user authenticates, which postfix asks dovecot for help with   - The user authenticates, which postfix asks dovecot for help with
-    - Dovecot uses bind authentication against our [[hosts:enclave:ldap|LDAP]]+    - Dovecot uses bind authentication against our [[hosts:virtual_machines:enclave:ldap|LDAP]]
   - Postfix cleans up the headers and passes it to OpenDKIM to do signing   - Postfix cleans up the headers and passes it to OpenDKIM to do signing
   - Postfix sends the signed message to wherever it needs to go   - Postfix sends the signed message to wherever it needs to go
Line 32: Line 33:
 ===== Configuration locations ===== ===== Configuration locations =====
  
-Managed declaratively using [[https://git.tardisproject.uk/tardis/nix/-/tree/main/profiles/services/email|Nix]].+Managed declaratively using [[https://git.tardisproject.uk/tardis/nix/-/tree/main/profiles/email|Nix]].
  
 ===== Adding a custom domain ===== ===== Adding a custom domain =====
Line 45: Line 46:
     * This happens because dovecot creates the initial directory as belonging to whatever user first received mail, which will break as soon as any other user tries to use it, including dovecot's internal users     * This happens because dovecot creates the initial directory as belonging to whatever user first received mail, which will break as soon as any other user tries to use it, including dovecot's internal users
   - Login to IMAP or Webmail using your new email address (with domain), and your regular Tardis password.   - Login to IMAP or Webmail using your new email address (with domain), and your regular Tardis password.
 +
 +==== Sending ====
 +
 +  - Do everything for receiving above
 +  - Add an SPF record: A TXT Record at root with value''v=spf1 a:mail.tardisproject.uk -all''
 +  - Add a DKIM record: A TXT Record at ''dkim2._domainkey'' with value ''v=DKIM1; k=rsa; p=MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCdBQ6Y4RwXECU1dQy/LUHDmPPPDjbSPDWdxP+CQDLnQQGLQMNehkBqdHhuBzknJHlvj5CJ7NWFGxO0mcGZo7ojPgDZ718m0W7sBgPyDRq8PU0WCVXD1PBJFfe7+IssTm1s84ba9iHzlUFXVmixMIQPhJaj63gia367xDrr98IFYwIDAQAB''
 +  - Add a DMARC record: A TXT Record at ''_dmarc'' with value ''v=DMARC1; p=none; rua=mailto:dmarc@tardisproject.uk; aspf=s;''
 +  - Add your domain to the opendkim domains list [[https://git.tardisproject.uk/tardis/nix/-/blob/main/profiles/services/email/opendkim.nix#L13|here]] and redeploy.
 +  - [[https://www.mail-tester.com/|Test it]]. This is meant for newsletters so it will mention some irrelevant stuff, but both SPF and DKIM should pass.
  
  
hosts/virtual_machines/web/mail.1677010837.txt.gz · Last modified: 2023/02/21 20:20 by tcmal