Apply suggestions from code review
Fixing some typos etc. Co-authored-by: Casper <casperklein@users.noreply.github.com>
This commit is contained in:
parent
1929cb4e29
commit
8551080525
|
@ -13,19 +13,19 @@ hide:
|
||||||
**Requirements:**
|
**Requirements:**
|
||||||
|
|
||||||
- A _public server_ with a static IP, like many VPS providers offer. It will only relay mail to DMS, no mail is stored on this system.
|
- A _public server_ with a static IP, like many VPS providers offer. It will only relay mail to DMS, no mail is stored on this system.
|
||||||
- A _private server_ (eg: a local system at home) that will run DMS.
|
- A _private server_ (e.g.: a local system at home) that will run DMS.
|
||||||
- Both servers are connected to the same network via a VPN (_optional convenience for trust via the `mynetworks` setting_).
|
- Both servers are connected to the same network via a VPN (_optional convenience for trust via the `mynetworks` setting_).
|
||||||
|
|
||||||
---
|
---
|
||||||
|
|
||||||
The guide below will assume the VPN is setup on `192.168.2.0/24` with:
|
The guide below will assume the VPN is setup on `192.168.2.0/24` with:
|
||||||
|
|
||||||
- The _public server_ using `192.168.2.2`
|
- The _public server_ is using `192.168.2.2`
|
||||||
- The _private server_ using `192.168.2.3`
|
- The _private server_ is using `192.168.2.3`
|
||||||
|
|
||||||
The goal of this guide is to configure a _public server_ that can receive inbound mail and relay that over to DMS on a _private server_, which can likewise submit mail outbound through a _public server_ or service.
|
The goal of this guide is to configure a _public server_ that can receive inbound mail and relay that over to DMS on a _private server_, which can likewise submit mail outbound through a _public server_ or service.
|
||||||
|
|
||||||
The primary motivation is to keep your mail storage private, instead of storing to disk unencrypted on a VPS host.
|
The primary motivation is to keep your mail storage private instead of storing it to disk unencrypted on a VPS host.
|
||||||
|
|
||||||
## DNS setup
|
## DNS setup
|
||||||
|
|
||||||
|
@ -35,10 +35,11 @@ Set your A, MX and PTR records for the _public server_ as if it were running DMS
|
||||||
|
|
||||||
!!! example "DNS Zone file example"
|
!!! example "DNS Zone file example"
|
||||||
|
|
||||||
For this guide we assume DNS is configured with:
|
For this guide, we assume DNS is configured with:
|
||||||
|
|
||||||
- A public reachable IP address of `11.22.33.44`
|
- A public reachable IP address of `11.22.33.44`
|
||||||
- Mail for `@example.com` addresses should have an MX record to `mail.example.com` which A record then resolves to the IP of your _public server_.
|
- Mail for `@example.com` addresses must have an MX record pointing to `mail.example.com`.
|
||||||
|
- An A record for `mail.example.com` pointing to the IP address of your _public server_.
|
||||||
|
|
||||||
```txt
|
```txt
|
||||||
$ORIGIN example.com
|
$ORIGIN example.com
|
||||||
|
@ -49,7 +50,7 @@ Set your A, MX and PTR records for the _public server_ as if it were running DMS
|
||||||
@ IN MX 10 mail.example.com.
|
@ IN MX 10 mail.example.com.
|
||||||
```
|
```
|
||||||
|
|
||||||
SPF records should also be setup as you normally would for `mail.example.com`.
|
SPF records should also be set up as you normally would for `mail.example.com`.
|
||||||
|
|
||||||
## Public Server (Basic Postfix setup)
|
## Public Server (Basic Postfix setup)
|
||||||
|
|
||||||
|
@ -116,7 +117,7 @@ It's necessary to adjust some settings afterwards.
|
||||||
- Avoid including `mail.example.com` in `mydestination`, in fact you can just set `localhost` or nothing at all here as we want all mail to be relayed to our _private server_ (DMS).
|
- Avoid including `mail.example.com` in `mydestination`, in fact you can just set `localhost` or nothing at all here as we want all mail to be relayed to our _private server_ (DMS).
|
||||||
- `mynetworks` should contain your VPN network (_eg: `192.168.2.0/24` subnet_).
|
- `mynetworks` should contain your VPN network (_eg: `192.168.2.0/24` subnet_).
|
||||||
- Important are `transport_maps = hash:/etc/postfix/transport` and `relay_domains = $mydestination, hash:/etc/postfix/relay`, with their file contents covered below.
|
- Important are `transport_maps = hash:/etc/postfix/transport` and `relay_domains = $mydestination, hash:/etc/postfix/relay`, with their file contents covered below.
|
||||||
- For good measure also disable `local_recipient_maps`.
|
- For good measure, also disable `local_recipient_maps`.
|
||||||
- You should have a valid certificate configured for `mail.example.com`.
|
- You should have a valid certificate configured for `mail.example.com`.
|
||||||
|
|
||||||
!!! warning "Open relay"
|
!!! warning "Open relay"
|
||||||
|
@ -161,18 +162,18 @@ It's necessary to adjust some settings afterwards.
|
||||||
|
|
||||||
Instead of a file, you could alternatively configure `main.cf` with `relay_domains = example.com`.
|
Instead of a file, you could alternatively configure `main.cf` with `relay_domains = example.com`.
|
||||||
|
|
||||||
!!! note "Files configured with `hash:` table type must run `postmap` to apply changes"
|
!!! note "Files configured with `hash:` table type must run `postmap` to apply changes."
|
||||||
|
|
||||||
Run `postmap /etc/postfix/transport` and `postmap /etc/postfix/relay` after creating or updating either of these files, this processes them into a separate file for Postfix to use.
|
Run `postmap /etc/postfix/transport` and `postmap /etc/postfix/relay` after creating or updating either of these files, this processes them into a separate file for Postfix to use.
|
||||||
|
|
||||||
## Private Server (Running DMS)
|
## Private Server (Running DMS)
|
||||||
|
|
||||||
You can setup your DMS instance as you normally would.
|
You can set up your DMS instance as you normally would.
|
||||||
|
|
||||||
- Be careful to not give it a hostname of `mail.example.com`. Instead use `internal-mail.example.com` or something similar.
|
- Be careful not to give it a hostname of `mail.example.com`. Instead, use `internal-mail.example.com` or something similar.
|
||||||
- DKIM can be setup as usual since it considers checks whether the message body has been tampered with, which our public relay doesn't do. Set DKIM up for `mail.example.com`.
|
- DKIM can be setup as usual since it considers checks whether the message body has been tampered with, which our public relay doesn't do. Set DKIM up for `mail.example.com`.
|
||||||
|
|
||||||
Next we need to configure our _private server_ to relay all outbound mail through the _public server_ (or a separate smarthost service). The setup is [similar to the default relay setup][docs::relay-host-details].
|
Next, we need to configure our _private server_ to relay all outbound mail through the _public server_ (or a separate smarthost service). The setup is [similar to the default relay setup][docs::relay-host-details].
|
||||||
|
|
||||||
<!-- This empty quote block is purely for a visual border -->
|
<!-- This empty quote block is purely for a visual border -->
|
||||||
!!! quote ""
|
!!! quote ""
|
||||||
|
|
Loading…
Reference in New Issue