Maddy: Difference between revisions

Line 30:

=== DNS records ===

~~Ensure that the domain you're going~~ to ~~use has <code>MX</code>~~ DNS ~~records probably configured~~. ~~They should point to~~ the ~~correct public IP addresses~~ of ~~your server running~~ Maddy.

It is possibly easier to configure our own authoritative-only DNS server, which provides important configuration information to other mail servers and clients. For details about the meaning of the specific DNS records or manual setup instructions see the [https://maddy.email/tutorials/setting-up/ Maddy setup tutorial].

<~~syntaxhighlight lang~~="~~console~~">

{{file|/etc/nixos/configuration.nix|nix|<nowiki>

~~# dig MX example.org~~

services.nsd = {

;~~; ANSWER SECTION:~~

enable = true;

example.org. ~~3364 IN MX 0 mx1~~.example.org.

interfaces = [

~~# dig~~ A ~~mx1~~.~~example~~.~~org~~

"0.0.0.0"

~~;; ANSWER SECTION~~:

"::"

mx1~~.example.org. 3392 IN~~ A 8.8.8.8

];

~~# dig~~ AAAA mx1.example.org

zones."example.org.".data = ''

;; ~~ANSWER SECTION~~:

@ SOA ns.example.org noc.example.org 666 7200 3600 1209600 3600

~~mx1.~~example.org. ~~3364 IN AAAA 2001:db8:85a3:8d3:1319:8a2e:370:7348~~

@ A 1.2.3.4

~~</syntaxhighlight>~~

@ AAAA abcd::eeff

@ MX 10 mx1

mx1 A 1.2.3.4

mx1 AAAA abcd::eeff

@ TXT "v=spf1 mx ~all"

mx1 TXT "v=spf1 mx ~all"

_dmarc TXT "v=DMARC1; p=quarantine; ruf=mailto:postmaster@example.org

_mta-sts TXT "v=STSv1; id=1"

_smtp._tls TXT "v=TLSRPTv1;rua=mailto:postmaster@example.org"

default._domainkey TXT "v=DKIM1; k=ed25519; p=nAcUUozPlhc4VPhp7hZl+owES7j7OlEv0laaDEDBAqg="

'';

};

~~Consult~~ your ~~domain provider~~ on ~~how to configure these records~~.

Update the IPv4 and IPv6 addresses after <code>A</code> and <code>AAAA</code> to the one which points to the publc IP addresses of your mail server. The last entry is used by the <code>DKIM</code> authentication mechanism which enables recipients to verify the authenticity of mails send by your server. Create the following DNS record by using the value of the file Maddy generated on first startup <code>/var/lib/maddy/dkim_keys/example.org_default.dns</code>.

~~An other record called <code>SPF</code> should~~ also ~~be present, telling that only servers in~~ the ~~<code>MX</code> are allowed to send mails for this domain~~

Now that your server also runs a DNS daemon besides the mail server, you have to configure it as the external nameserver of your domain <code>example.org</code>. Please consult your domain provider on how to do that.

~~<syntaxhighlight lang="console">~~

~~# dig TXT example.org~~

~~;; ANSWER SECTION:~~

~~example.org. 3600 IN TXT "v=spf1 mx ~all"~~

~~# dig TXT mx1.example.org~~

~~;; ANSWER SECTION:~~

~~mx1.example.org. 3600 IN TXT "v=spf1 mx ~all"~~

~~# dig TXT _dmarc.example.org~~

~~;; ANSWER SECTION:~~

~~_dmarc.example.org. 3600 IN TXT "v=DMARC1; p=quarantine; ruf=mailto:postmaster@example.org"~~

~~# dig TXT _mta-sts.example.org~~

~~;; ANSWER SECTION:~~

~~_mta-sts.example.org. TXT "v=STSv1; id=1"~~

~~# dig TXT _smtp._tls.example.org~~

~~;; ANSWER SECTION:~~

~~_smtp._tls.example.org. TXT "v=TLSRPTv1;rua=mailto:postmaster@example.org"~~

~~</syntaxhighlight>~~

~~Using the <code>DMARC</code> record~~, ~~we enforce a permissive policy and request reports about broken messages. The last to entries mark the domain <code>MTA-STS</code> compatible.~~

~~The last entry is used by the <code>DKIM</code> authentication mechanism which enables recipients~~ to ~~verify~~ the ~~authenticity~~ of ~~mails send by~~ your ~~server. Create the following DNS record by using the value of the file Maddy generated on first startup~~ <code>~~/var/lib/maddy/dkim_keys/~~example.~~org_default.dns~~</code>.

~~<syntaxhighlight lang="console">~~

~~# dig TXT default._domainkey.example.org~~

~~;; ANSWER SECTION:~~

~~default~~.~~_domainkey.example.org. TXT "v=DKIM1; k=ed25519; p=nAcUUozPlhc4VPhp7hZl+owES7j7OlEv0laaDEDBAqg="~~

~~</syntaxhighlight>~~

=== Managing users and inboxes ===

@@ Line 30: / Line 30: @@
 === DNS records ===
-Ensure that the domain you're going to use has <code>MX</code> DNS records probably configured. They should point to the correct public IP addresses of your server running Maddy.
+It is possibly easier to configure our own authoritative-only DNS server, which provides important configuration information to other mail servers and clients. For details about the meaning of the specific DNS records or manual setup instructions see the [https://maddy.email/tutorials/setting-up/ Maddy setup tutorial].
-<syntaxhighlight lang="console">
+{{file|/etc/nixos/configuration.nix|nix|<nowiki>
-# dig MX example.org
+services.nsd = {
-;; ANSWER SECTION:
+  enable = true;
-example.org. 3364 IN	MX	0 mx1.example.org.
+  interfaces = [
-# dig A mx1.example.org
+    "0.0.0.0"
-;; ANSWER SECTION:
+    "::"
-mx1.example.org.	3392 IN	A	8.8.8.8
+  ];
-# dig AAAA mx1.example.org
+  zones."example.org.".data = ''
-;; ANSWER SECTION:
+    @ SOA ns.example.org noc.example.org 666 7200 3600 1209600 3600
-mx1.example.org.	3364 IN	AAAA	2001:db8:85a3:8d3:1319:8a2e:370:7348
+    @ A 1.2.3.4
-</syntaxhighlight>
+    @ AAAA abcd::eeff
+    @ MX 10 mx1
+    mx1 A 1.2.3.4
+    mx1 AAAA abcd::eeff
+    @ TXT "v=spf1 mx ~all"
+    mx1 TXT "v=spf1 mx ~all"
+    _dmarc TXT "v=DMARC1; p=quarantine; ruf=mailto:postmaster@example.org
+    _mta-sts TXT "v=STSv1; id=1"
+    _smtp._tls TXT "v=TLSRPTv1;rua=mailto:postmaster@example.org"
+    default._domainkey TXT "v=DKIM1; k=ed25519; p=nAcUUozPlhc4VPhp7hZl+owES7j7OlEv0laaDEDBAqg="
+  '';
+};
-Consult your domain provider on how to configure these records.
+Update the IPv4 and IPv6 addresses after <code>A</code> and <code>AAAA</code> to the one which points to the publc IP addresses of your mail server. The last entry is used by the <code>DKIM</code> authentication mechanism which enables recipients to verify the authenticity of mails send by your server. Create the following DNS record by using the value of the file Maddy generated on first startup <code>/var/lib/maddy/dkim_keys/example.org_default.dns</code>.
-An other record called <code>SPF</code> should also be present, telling that only servers in the <code>MX</code> are allowed to send mails for this domain
+Now that your server also runs a DNS daemon besides the mail server, you have to configure it as the external nameserver of your domain <code>example.org</code>. Please consult your domain provider on how to do that.
-<syntaxhighlight lang="console">
-# dig TXT example.org
-;; ANSWER SECTION:
-example.org. 3600 IN	TXT	"v=spf1 mx ~all"
-# dig TXT mx1.example.org
-;; ANSWER SECTION:
-mx1.example.org. 3600 IN	TXT	"v=spf1 mx ~all"
-# dig TXT _dmarc.example.org
-;; ANSWER SECTION:
-_dmarc.example.org. 3600	IN TXT	"v=DMARC1; p=quarantine; ruf=mailto:postmaster@example.org"
-# dig TXT _mta-sts.example.org
-;; ANSWER SECTION:
-_mta-sts.example.org.   TXT    "v=STSv1; id=1"
-# dig TXT _smtp._tls.example.org
-;; ANSWER SECTION:
-_smtp._tls.example.org. TXT    "v=TLSRPTv1;rua=mailto:postmaster@example.org"
-</syntaxhighlight>
-Using the <code>DMARC</code> record, we enforce a permissive policy and request reports about broken messages. The last to entries mark the domain <code>MTA-STS</code> compatible.
-The last entry is used by the <code>DKIM</code> authentication mechanism which enables recipients to verify the authenticity of mails send by your server. Create the following DNS record by using the value of the file Maddy generated on first startup <code>/var/lib/maddy/dkim_keys/example.org_default.dns</code>.
-<syntaxhighlight lang="console">
-# dig TXT default._domainkey.example.org
-;; ANSWER SECTION:
-default._domainkey.example.org. TXT   "v=DKIM1; k=ed25519; p=nAcUUozPlhc4VPhp7hZl+owES7j7OlEv0laaDEDBAqg="
-</syntaxhighlight>
 === Managing users and inboxes ===