Differenze tra le versioni 6 e 14 (in 8 versioni)

Mailman Configuration

Mailman

Download the mailman-2.1.39 tarball, uncompress it, then compile it and install it:

./configure --prefix=/usr/local/mailman --with-python=/usr/bin/python2.7  --with-mail-gid=nogroup
make
make install

Fix permissions with:

usr/local/mailman/bin/check_perms -f

/usr/local/mailman/bin/mailmanctl restart

Apache

Configure apache, use HTTPS through letsencrypt.

In bind, create A record for ml.ninux.org

$ORIGIN ninux.org.
ml                      A       176.111.173.140

Use certbot to obtain a letsencrypt certificate:

certbot --apache -d ml.ninux.org run

Postfix

In main.cf

#DKIM
milter_default_action = accept
milter_protocol = 2
smtpd_milters = inet:localhost:8892
non_smtpd_milters = inet:localhost:8892

Use apache letsencrypt certificates also for postfix

smtpd_tls_cert_file=/etc/letsencrypt/live/ml.ninux.org/fullchain.pem
smtpd_tls_key_file=/etc/letsencrypt/live/ml.ninux.org/privkey.pem
smtpd_use_tls=yes

In master.cf

mailman   unix  -       n       n       -       -       pipe
  flags=FR user=list argv=/usr/local/mailman/bin/postfix-to-mailman.py ${nexthop} ${user}
policyd-spf  unix  -       n       n       -       0       spawn
  user=policyd-spf argv=/usr/sbin/postfix-policyd-spf-perl

DKIM

We use OpenDKIM

Generate a 2048 bits key

opendkim-genkey -b 2048 -d ml.ninux.org -D /etc/mail/dkim-keys/ml.ninux.org -s mail -v

/etc/opendkim.conf

Syslog                  yes
UMask                   002
Domain                  ml.ninux.org
KeyFile                 /etc/mail/dkim-keys/ml.ninux.org/mail.private
Selector                mail
Socket                  inet:8892@localhost
OversignHeaders         From

The DNS entry to be added to bind is in /etc/mail/dkim-keys/ml.ninux.org/mail.txt

DNS entries in bind for SPF, DMARC and DKIM

$ORIGIN ninux.org.
_dmarc                  TXT     "v=DMARC1\; p=none\; sp=none\; adkim=r\; aspf=r\; rua=mailto:nino@ninux.org\; ruf=mailto:nino@ninux.org\; fo=1\;"
mail._domainkey         TXT     "v=DKIM1\; h=sha256\; k=rsa\; " "p=MIIBI...NeyP" "a...B"
ml                      A       176.111.173.140
                        MX      10 ml
                        TXT     "v=spf1 ip4:176.111.173.140 -all"
                        SPF     "v=spf1 ip4:176.111.173.140 -all"

$ORIGIN ml.ninux.org.
_dmarc                  TXT     "v=DMARC1\; p=none\; sp=none\; adkim=r\; aspf=r\; rua=mailto:nino@ninux.org\; ruf=mailto:nino@ninux.org\; fo=1\;"
mail._domainkey         TXT     "v=DKIM1\; h=sha256\; k=rsa\; " "p=MIIBI...NeyP" "a...B"

Verify with dig, e.g.

$ dig +short @1.1.1.1 mail._domainkey.ml.ninux.org TXT
"v=DKIM1; h=sha256; k=rsa; " "p=MIIBI...NeyP" "a...B"

$ dig +short @1.1.1.1 mail._domainkey.ninux.org TXT
"v=DKIM1; h=sha256; k=rsa; " "p=MIIBI...NeyP" "a...B"

-  ⇤ ← Versione 6 del 2025-02-12 21:51:30 → 
  Dimensione: 652
  Autore: ClauzClauz
  Commento:
+   ← Versione 14 del 2025-02-12 22:39:43 → ⇥
  Dimensione: 3001
  Autore: ClauzClauz
  Commento:
-Le cancellazioni sono segnalate in questo modo.
+Le aggiunte sono segnalate in questo modo.
 Linea 23:
+Configure apache, use HTTPS through letsencrypt.
-Linea 24:
+Linea 25:
-== Postfix ==
pipe to opendkim
letsencrypt
+In bind, create A record for ml.ninux.org
{{{
$ORIGIN ninux.org.
ml                      A       176.111.173.140
}}}
-Linea 28:
+Linea 31:
-== Postfix to mailman py ==

== Postfix antispam ==

== DKIM ==
OpenDKIM
2048 bit key
+Use certbot to obtain a letsencrypt certificate:
-Linea 37:
+Linea 33:
-dig +short @1.1.1.1 mail._domainkey.ml.ninux.org TXT
+certbot --apache -d ml.ninux.org run
-Linea 41:
+Linea 37:
-== SPF ==
+== Postfix ==
-Linea 43:
+Linea 39:
-== Spamassassin ==
+In main.cf
{{{
#DKIM
milter_default_action = accept
milter_protocol = 2
smtpd_milters = inet:localhost:8892
non_smtpd_milters = inet:localhost:8892
}}}

Use apache letsencrypt certificates also for postfix
{{{
smtpd_tls_cert_file=/etc/letsencrypt/live/ml.ninux.org/fullchain.pem
smtpd_tls_key_file=/etc/letsencrypt/live/ml.ninux.org/privkey.pem
smtpd_use_tls=yes
}}}

In master.cf
{{{
mailman   unix  -       n       n       -       -       pipe
  flags=FR user=list argv=/usr/local/mailman/bin/postfix-to-mailman.py ${nexthop} ${user}
policyd-spf  unix  -       n       n       -       0       spawn
  user=policyd-spf argv=/usr/sbin/postfix-policyd-spf-perl
}}}

== DKIM ==
We use OpenDKIM

Generate a 2048 bits key
{{{
opendkim-genkey -b 2048 -d ml.ninux.org -D /etc/mail/dkim-keys/ml.ninux.org -s mail -v
}}}

/etc/opendkim.conf
{{{
Syslog                  yes
UMask                   002
Domain                  ml.ninux.org
KeyFile                 /etc/mail/dkim-keys/ml.ninux.org/mail.private
Selector                mail
Socket                  inet:8892@localhost
OversignHeaders         From
}}}

The DNS entry to be added to bind is in /etc/mail/dkim-keys/ml.ninux.org/mail.txt

== DNS entries in bind for SPF, DMARC and DKIM ==

{{{

$ORIGIN ninux.org.
_dmarc                  TXT     "v=DMARC1\; p=none\; sp=none\; adkim=r\; aspf=r\; rua=mailto:nino@ninux.org\; ruf=mailto:nino@ninux.org\; fo=1\;"
mail._domainkey         TXT     "v=DKIM1\; h=sha256\; k=rsa\; " "p=MIIBI...NeyP" "a...B"
ml                      A       176.111.173.140
                        MX      10 ml
                        TXT     "v=spf1 ip4:176.111.173.140 -all"
                        SPF     "v=spf1 ip4:176.111.173.140 -all"

$ORIGIN ml.ninux.org.
_dmarc                  TXT     "v=DMARC1\; p=none\; sp=none\; adkim=r\; aspf=r\; rua=mailto:nino@ninux.org\; ruf=mailto:nino@ninux.org\; fo=1\;"
mail._domainkey         TXT     "v=DKIM1\; h=sha256\; k=rsa\; " "p=MIIBI...NeyP" "a...B"
}}}

Verify with dig, e.g.

{{{
$ dig +short @1.1.1.1 mail._domainkey.ml.ninux.org TXT
"v=DKIM1; h=sha256; k=rsa; " "p=MIIBI...NeyP" "a...B"

$ dig +short @1.1.1.1 mail._domainkey.ninux.org TXT
"v=DKIM1; h=sha256; k=rsa; " "p=MIIBI...NeyP" "a...B"
}}}