Maddy: Difference between revisions

(7 intermediate revisions by 4 users not shown)

Line 124:

=== MTA-STS ===

MTA-STS enforces secure TLS configuration for servers which support this standard. We already advertised this feature in the DNS records above, but we also have to serve a static configuration file using a web server. We use the web server [[Caddy]] to do this but of course you can ~~[[Category:Web_Servers use others~~ too]].

MTA-STS enforces secure TLS configuration for servers which support this standard. We already advertised this feature in the DNS records above, but we also have to serve a static configuration file using a web server. We use the web server [[Caddy]] to do this but of course you can other Web Servers too.

{{file|/etc/nixos/configuration.nix|nix|<nowiki>

Line 154:

# nix shell nixpkgs#hash-slinger --command tlsa --~~create --selector 1~~ --protocol tcp ~~-p 25 --create~~ mx1.example.org

# nix shell nixpkgs#hash-slinger --command tlsa --port=25 --protocol=tcp mx1.example.org

</syntaxhighlight>

Add the key to a new TLSA record in your nameserver

Or you can generate it directly from the TLS-certificate that you are using with maddy:<syntaxhighlight lang="console">

# openssl x509 -in cert.pem -pubkey -noout | openssl ec -pubin -outform der | sha256sum

</syntaxhighlight>Add the key to a new TLSA record in your nameserver

{{file|/etc/nixos/configuration.nix|nix|<nowiki>

Line 226:

Line 228:

locals."dkim_signing.conf".text = ''

selector = "default";

domain = "project-insanity.org";

path = "/var/lib/maddy/dkim_keys/$domain_$selector.key";

'';

Line 236:

Line 239:

The second part in this example replaces a part in the default config of the Maddy module and inserts the rspamd check to the message pipeline as described in the [https://maddy.email/reference/checks/rspamd upstream documentation].

The [[rspamd]] article also has some notes on how to achieve training for spam/ham mails using an additional helper script.

=== Mail attachement size ===

Line 249:

Line 254:

''dmarc yes

max_message_size 64M''] options.services.maddy.config.default;

[...]

</nowiki>}}

=== Alias addresses ===

The following example will add an alias <code>mailA@example.org</code> for the local mail address <code>mailB@example.org</code> meaning that every mail send to <code>mailA</code> will get delivered to <code>mailB</code>.

{{file|/etc/nixos/configuration.nix|nix|<nowiki>

{ options, lib, ... }: {

services.maddy.config = builtins.replaceStrings [

"optional_step file /etc/maddy/aliases"

] [

"optional_step static {

entry mailA@example.org mailB@example.org

}"] options.services.maddy.config.default;

[...]

Line 328:

Line 350:

== See also ==

* [https://maddy.email Maddy homepage and documentation]

* [[Stalwart]], an open-source, all-in-one mail server solution that supports JMAP, IMAP4, and SMTP protocols

* [https://nixos-mailserver.readthedocs.io/en/latest Simple NixOS Mailserver]

* [[Imapsync]], useful tool to migrate mailboxes to a new server

[[Category:Mail Server]]

[[Category:Server]]

@@ Line 124: / Line 124: @@
 === MTA-STS ===
-MTA-STS enforces secure TLS configuration for servers which support this standard. We already advertised this feature in the DNS records above, but we also have to serve a static configuration file using a web server. We use the web server [[Caddy]] to do this but of course you can [[Category:Web_Servers use others too]].
+MTA-STS enforces secure TLS configuration for servers which support this standard. We already advertised this feature in the DNS records above, but we also have to serve a static configuration file using a web server. We use the web server [[Caddy]] to do this but of course you can other Web Servers too.
 {{file|/etc/nixos/configuration.nix|nix|<nowiki>
@@ Line 154: / Line 154: @@
 <syntaxhighlight lang="console">
-# nix shell nixpkgs#hash-slinger --command tlsa  --create --selector 1 --protocol tcp -p 25 --create mx1.example.org
+# nix shell nixpkgs#hash-slinger --command tlsa --port=25 --protocol=tcp mx1.example.org
 </syntaxhighlight>
-Add the key to a new TLSA record in your nameserver
+Or you can generate it directly from the TLS-certificate that you are using with maddy:<syntaxhighlight lang="console">
+# openssl x509 -in cert.pem -pubkey -noout | openssl ec -pubin -outform der | sha256sum
+</syntaxhighlight>Add the key to a new TLSA record in your nameserver
 {{file|/etc/nixos/configuration.nix|nix|<nowiki>
@@ Line 226: / Line 228: @@
    locals."dkim_signing.conf".text = ''
      selector = "default";
+    domain = "project-insanity.org";
      path = "/var/lib/maddy/dkim_keys/$domain_$selector.key";
    '';
@@ Line 236: / Line 239: @@
 The second part in this example replaces a part in the default config of the Maddy module and inserts the rspamd check to the message pipeline as described in the [https://maddy.email/reference/checks/rspamd upstream documentation].
+The [[rspamd]] article also has some notes on how to achieve training for spam/ham mails using an additional helper script.
 === Mail attachement size ===
@@ Line 249: / Line 254: @@
    ''dmarc yes
     max_message_size 64M''] options.services.maddy.config.default;
+[...]
+</nowiki>}}
+=== Alias addresses ===
+The following example will add an alias <code>mailA@example.org</code> for the local mail address <code>mailB@example.org</code> meaning that every mail send to <code>mailA</code> will get delivered to <code>mailB</code>.
+{{file|/etc/nixos/configuration.nix|nix|<nowiki>
+{ options, lib, ... }: {
+services.maddy.config = builtins.replaceStrings [
+  "optional_step file /etc/maddy/aliases"
+] [
+  "optional_step static {
+     entry mailA@example.org mailB@example.org
+   }"] options.services.maddy.config.default;
 [...]
@@ Line 328: / Line 350: @@
 == See also ==
 * [https://maddy.email Maddy homepage and documentation]
+* [[Stalwart]], an open-source, all-in-one mail server solution that supports JMAP, IMAP4, and SMTP protocols
+* [https://nixos-mailserver.readthedocs.io/en/latest Simple NixOS Mailserver]
 * [[Imapsync]], useful tool to migrate mailboxes to a new server
 [[Category:Mail Server]]
+[[Category:Server]]