diff --git a/docs/_source/locale/en/LC_MESSAGES/mail-libre-is.po b/docs/_source/locale/en/LC_MESSAGES/mail-libre-is.po index 056b23e..5dac7e0 100644 --- a/docs/_source/locale/en/LC_MESSAGES/mail-libre-is.po +++ b/docs/_source/locale/en/LC_MESSAGES/mail-libre-is.po @@ -9,7 +9,7 @@ msgid "" msgstr "" "Project-Id-Version: Libre Developers Documentation 0\n" "Report-Msgid-Bugs-To: \n" -"POT-Creation-Date: 2024-09-01 15:51-0600\n" +"POT-Creation-Date: 2024-09-01 16:05-0600\n" "PO-Revision-Date: YEAR-MO-DA HO:MI+ZONE\n" "Last-Translator: FULL NAME \n" "Language: en\n" @@ -158,428 +158,445 @@ msgid "" msgstr "" #: ../../../_source/mail-libre-is.rst:167 -#: ../../../_source/mail-libre-is.rst:399 -msgid "Dovecot" +msgid "The main components in use:" msgstr "" #: ../../../_source/mail-libre-is.rst:169 -msgid "``_" +msgid "Certbot (Let's Encrypt)" msgstr "" -#: ../../../_source/mail-libre-is.rst:172 -#: ../../../_source/mail-libre-is.rst:245 -msgid "MariaDB" +#: ../../../_source/mail-libre-is.rst:171 +msgid "``_" msgstr "" -#: ../../../_source/mail-libre-is.rst:175 -#: ../../../_source/mail-libre-is.rst:872 -msgid "OpenDMARC" -msgstr "" - -#: ../../../_source/mail-libre-is.rst:177 -msgid "``_" -msgstr "" - -#: ../../../_source/mail-libre-is.rst:179 -msgid "``_" -msgstr "" - -#: ../../../_source/mail-libre-is.rst:181 -#: ../../../_source/mail-libre-is.rst:297 -msgid "Postfix" -msgstr "" - -#: ../../../_source/mail-libre-is.rst:183 -msgid "``_" -msgstr "" - -#: ../../../_source/mail-libre-is.rst:187 -msgid "DNS" -msgstr "" - -#: ../../../_source/mail-libre-is.rst:188 -msgid "Add a DNS mx record, so it returns result like this:" -msgstr "" - -#: ../../../_source/mail-libre-is.rst:195 -msgid "Set IP for mail.libre.is. Set up reverse DNS records." -msgstr "" - -#: ../../../_source/mail-libre-is.rst:200 +#: ../../../_source/mail-libre-is.rst:173 +#: ../../../_source/mail-libre-is.rst:217 msgid "Debian" msgstr "" -#: ../../../_source/mail-libre-is.rst:201 +#: ../../../_source/mail-libre-is.rst:175 +msgid "``_" +msgstr "" + +#: ../../../_source/mail-libre-is.rst:177 +#: ../../../_source/mail-libre-is.rst:416 +msgid "Dovecot" +msgstr "" + +#: ../../../_source/mail-libre-is.rst:179 +msgid "``_" +msgstr "" + +#: ../../../_source/mail-libre-is.rst:182 +#: ../../../_source/mail-libre-is.rst:262 +msgid "MariaDB" +msgstr "" + +#: ../../../_source/mail-libre-is.rst:184 +msgid "``_" +msgstr "" + +#: ../../../_source/mail-libre-is.rst:186 +#: ../../../_source/mail-libre-is.rst:314 +msgid "Postfix" +msgstr "" + +#: ../../../_source/mail-libre-is.rst:188 +msgid "``_" +msgstr "" + +#: ../../../_source/mail-libre-is.rst:190 +msgid "redis" +msgstr "" + +#: ../../../_source/mail-libre-is.rst:192 +msgid "``_" +msgstr "" + +#: ../../../_source/mail-libre-is.rst:194 +#: ../../../_source/mail-libre-is.rst:392 +msgid "rspamd" +msgstr "" + +#: ../../../_source/mail-libre-is.rst:196 +msgid "``_" +msgstr "" + +#: ../../../_source/mail-libre-is.rst:198 +msgid "unbound" +msgstr "" + +#: ../../../_source/mail-libre-is.rst:200 +msgid "``_" +msgstr "" + +#: ../../../_source/mail-libre-is.rst:204 +msgid "DNS" +msgstr "" + +#: ../../../_source/mail-libre-is.rst:205 +msgid "Add a DNS mx record, so it returns result like this:" +msgstr "" + +#: ../../../_source/mail-libre-is.rst:212 +msgid "Set IP for mail.libre.is. Set up reverse DNS records." +msgstr "" + +#: ../../../_source/mail-libre-is.rst:218 msgid "" "Install Debian stable (bookworm). Install rsyslog for old school convenience:" msgstr "" -#: ../../../_source/mail-libre-is.rst:210 +#: ../../../_source/mail-libre-is.rst:227 msgid "Firewall" msgstr "" -#: ../../../_source/mail-libre-is.rst:211 +#: ../../../_source/mail-libre-is.rst:228 msgid "Open TCP ports." msgstr "" -#: ../../../_source/mail-libre-is.rst:231 +#: ../../../_source/mail-libre-is.rst:248 msgid "Apache" msgstr "" -#: ../../../_source/mail-libre-is.rst:232 +#: ../../../_source/mail-libre-is.rst:249 msgid "" "The Apache webserver is used out of laziness as it allows easy certificate " "updates with certbot. A webmail server won't be running on the main mail " "server." msgstr "" -#: ../../../_source/mail-libre-is.rst:241 +#: ../../../_source/mail-libre-is.rst:258 msgid "Open up firewall ports 80 and 443." msgstr "" -#: ../../../_source/mail-libre-is.rst:246 +#: ../../../_source/mail-libre-is.rst:263 msgid "The main database server." msgstr "" -#: ../../../_source/mail-libre-is.rst:254 +#: ../../../_source/mail-libre-is.rst:271 msgid "Add databases. Change password to something secure." msgstr "" -#: ../../../_source/mail-libre-is.rst:298 +#: ../../../_source/mail-libre-is.rst:315 msgid "The main SMTP mail server." msgstr "" -#: ../../../_source/mail-libre-is.rst:305 +#: ../../../_source/mail-libre-is.rst:322 msgid "" "Set up postfix to use MariaDB. Edit /etc/postfix/mysql-virtual-mailbox-" "domains.cf and add below, using the mailserver password used in MariaDB." msgstr "" -#: ../../../_source/mail-libre-is.rst:318 +#: ../../../_source/mail-libre-is.rst:335 msgid "Edit /etc/postfix/mysql-virtual-mailbox-maps.cf and add below contents:" msgstr "" -#: ../../../_source/mail-libre-is.rst:328 +#: ../../../_source/mail-libre-is.rst:345 msgid "Edit /etc/postfix/mysql-virtual-alias-maps.cf and add below:" msgstr "" -#: ../../../_source/mail-libre-is.rst:338 +#: ../../../_source/mail-libre-is.rst:355 msgid "Edit /etc/postfix/mysql-email2email.cf and add:" msgstr "" -#: ../../../_source/mail-libre-is.rst:348 +#: ../../../_source/mail-libre-is.rst:365 msgid "Then run these commands:" msgstr "" -#: ../../../_source/mail-libre-is.rst:365 +#: ../../../_source/mail-libre-is.rst:382 msgid "Redis" msgstr "" -#: ../../../_source/mail-libre-is.rst:366 +#: ../../../_source/mail-libre-is.rst:383 msgid "" "Note, the licensing of Redis has gone bad. The version in Debian is OK. But " "in the future, probably replace with a fork." msgstr "" -#: ../../../_source/mail-libre-is.rst:375 -msgid "rspamd" -msgstr "" - -#: ../../../_source/mail-libre-is.rst:376 +#: ../../../_source/mail-libre-is.rst:393 msgid "Spam control." msgstr "" -#: ../../../_source/mail-libre-is.rst:384 +#: ../../../_source/mail-libre-is.rst:401 msgid "Certbot" msgstr "" -#: ../../../_source/mail-libre-is.rst:385 +#: ../../../_source/mail-libre-is.rst:402 msgid "" "Encryption certificates with Let's Encrypt. Not using an Apache webserver on " "the mail server makes getting new certificates a bit more complex." msgstr "" -#: ../../../_source/mail-libre-is.rst:400 +#: ../../../_source/mail-libre-is.rst:417 msgid "Just using encrypted IMAPS, not POP." msgstr "" -#: ../../../_source/mail-libre-is.rst:407 +#: ../../../_source/mail-libre-is.rst:424 msgid "" "Note, since IPv6 isn't being used, the dovecot install barfs. Edit /etc/" "dovecot/dovecot.conf and add this line, where appropriate:" msgstr "" -#: ../../../_source/mail-libre-is.rst:414 +#: ../../../_source/mail-libre-is.rst:431 msgid "" "Note, this is removing the \"::\" from listen, which using IPv6. Then re-run " "the install so the packages are happy. Note, the re-install won't overwrite " "the \"listen\" change." msgstr "" -#: ../../../_source/mail-libre-is.rst:423 +#: ../../../_source/mail-libre-is.rst:440 msgid "Add user and set up configs" msgstr "" -#: ../../../_source/mail-libre-is.rst:451 +#: ../../../_source/mail-libre-is.rst:468 msgid "Edit /etc/dovecot/conf.d/10-master.conf and add:" msgstr "" -#: ../../../_source/mail-libre-is.rst:462 +#: ../../../_source/mail-libre-is.rst:479 msgid "" "Edit /etc/dovecot/conf.d/10-ssl.conf, set key locations, and make it " "required." msgstr "" -#: ../../../_source/mail-libre-is.rst:471 +#: ../../../_source/mail-libre-is.rst:488 msgid "" "Edit /etc/dovecot/dovecot-sql.conf.ext file and add these lines at the " "bottom, changing the password to the mailserver database password." msgstr "" -#: ../../../_source/mail-libre-is.rst:494 +#: ../../../_source/mail-libre-is.rst:511 msgid "Set file permissions." msgstr "" -#: ../../../_source/mail-libre-is.rst:501 +#: ../../../_source/mail-libre-is.rst:518 msgid "Edit /etc/dovecot/conf.d/10-master.conf and change to:" msgstr "" -#: ../../../_source/mail-libre-is.rst:514 +#: ../../../_source/mail-libre-is.rst:531 msgid "Restart dovecot server." msgstr "" -#: ../../../_source/mail-libre-is.rst:520 +#: ../../../_source/mail-libre-is.rst:537 msgid "Run this to tell postfix to deliver to dovecot:" msgstr "" -#: ../../../_source/mail-libre-is.rst:526 +#: ../../../_source/mail-libre-is.rst:543 msgid "Edit /etc/dovecot/conf.d/20-lmtp.conf and change line like this:" msgstr "" -#: ../../../_source/mail-libre-is.rst:533 +#: ../../../_source/mail-libre-is.rst:550 msgid "Restart dovecot again...." msgstr "" -#: ../../../_source/mail-libre-is.rst:541 +#: ../../../_source/mail-libre-is.rst:558 msgid "More postfix" msgstr "" -#: ../../../_source/mail-libre-is.rst:542 +#: ../../../_source/mail-libre-is.rst:559 msgid "More postfix configuration, now that the above is set up." msgstr "" -#: ../../../_source/mail-libre-is.rst:544 +#: ../../../_source/mail-libre-is.rst:561 msgid "Set postfix to use dovecot for authentication:" msgstr "" -#: ../../../_source/mail-libre-is.rst:558 +#: ../../../_source/mail-libre-is.rst:575 msgid "Edit /etc/postfix/master.cf and change thusly:" msgstr "" -#: ../../../_source/mail-libre-is.rst:575 -#: ../../../_source/mail-libre-is.rst:702 +#: ../../../_source/mail-libre-is.rst:592 +#: ../../../_source/mail-libre-is.rst:719 msgid "Run:" msgstr "" -#: ../../../_source/mail-libre-is.rst:581 +#: ../../../_source/mail-libre-is.rst:598 msgid "Restart postfix:" msgstr "" -#: ../../../_source/mail-libre-is.rst:587 +#: ../../../_source/mail-libre-is.rst:604 msgid "" "Does it ever end? Edit /etc/postfix/master.cf and add to bottom of " "submission section." msgstr "" -#: ../../../_source/mail-libre-is.rst:599 +#: ../../../_source/mail-libre-is.rst:616 msgid "" "Allow aliases to send by adding this file (XXX check OK) /etc/postfix/" "aliases.cf with this contents:" msgstr "" -#: ../../../_source/mail-libre-is.rst:607 +#: ../../../_source/mail-libre-is.rst:624 msgid "Make sure all is good:" msgstr "" -#: ../../../_source/mail-libre-is.rst:615 +#: ../../../_source/mail-libre-is.rst:632 msgid "rspamd Configuration" msgstr "" -#: ../../../_source/mail-libre-is.rst:616 +#: ../../../_source/mail-libre-is.rst:633 msgid "Configure postfix for rspamd." msgstr "" -#: ../../../_source/mail-libre-is.rst:624 +#: ../../../_source/mail-libre-is.rst:641 msgid "Edit /etc/rspamd/override.d/milter_headers.conf and add:" msgstr "" -#: ../../../_source/mail-libre-is.rst:630 +#: ../../../_source/mail-libre-is.rst:647 msgid "Edit /etc/dovecot/conf.d/90-sieve.conf and change:" msgstr "" -#: ../../../_source/mail-libre-is.rst:636 +#: ../../../_source/mail-libre-is.rst:653 msgid "Create dir for new sieve filter:" msgstr "" -#: ../../../_source/mail-libre-is.rst:642 +#: ../../../_source/mail-libre-is.rst:659 msgid "" "Create /etc/dovecot/sieve-after/spam-to-folder.sieve with these contents:" msgstr "" -#: ../../../_source/mail-libre-is.rst:653 +#: ../../../_source/mail-libre-is.rst:670 msgid "Then compile it:" msgstr "" -#: ../../../_source/mail-libre-is.rst:659 +#: ../../../_source/mail-libre-is.rst:676 msgid "Set up redis by adding /etc/rspamd/override.d/redis.conf with this:" msgstr "" -#: ../../../_source/mail-libre-is.rst:665 +#: ../../../_source/mail-libre-is.rst:682 msgid "" "Add this /etc/rspamd/override.d/classifier-bayes.conf with below contents:" msgstr "" -#: ../../../_source/mail-libre-is.rst:671 +#: ../../../_source/mail-libre-is.rst:688 msgid "Add /etc/rspamd/local.d/classifier-bayes.conf with:" msgstr "" -#: ../../../_source/mail-libre-is.rst:677 +#: ../../../_source/mail-libre-is.rst:694 msgid "Edit /etc/dovecot/conf.d/20-imap.conf and change:" msgstr "" -#: ../../../_source/mail-libre-is.rst:683 +#: ../../../_source/mail-libre-is.rst:700 msgid "" "Edit /etc/dovecot/conf.d/90-sieve.conf and add below to \"plugins\" section:" msgstr "" -#: ../../../_source/mail-libre-is.rst:708 +#: ../../../_source/mail-libre-is.rst:725 msgid "Create /etc/dovecot/sieve/learn-spam.sieve with contents:" msgstr "" -#: ../../../_source/mail-libre-is.rst:715 +#: ../../../_source/mail-libre-is.rst:732 msgid "Create /etc/dovecot/sieve/learn-ham.sieve and add:" msgstr "" -#: ../../../_source/mail-libre-is.rst:729 +#: ../../../_source/mail-libre-is.rst:746 msgid "Run this to compile:" msgstr "" -#: ../../../_source/mail-libre-is.rst:738 +#: ../../../_source/mail-libre-is.rst:755 msgid "Create /etc/dovecot/sieve/rspamd-learn-spam.sh with contents:" msgstr "" -#: ../../../_source/mail-libre-is.rst:745 +#: ../../../_source/mail-libre-is.rst:762 msgid "Create /etc/dovecot/sieve/rspamd-learn-ham.sh with contents:" msgstr "" -#: ../../../_source/mail-libre-is.rst:752 +#: ../../../_source/mail-libre-is.rst:769 msgid "Set ownership and permissions on scripts:" msgstr "" -#: ../../../_source/mail-libre-is.rst:761 +#: ../../../_source/mail-libre-is.rst:778 msgid "Unbound" msgstr "" -#: ../../../_source/mail-libre-is.rst:762 +#: ../../../_source/mail-libre-is.rst:779 msgid "" "For proper spam filtering with rspam, unbound DNS resolver should be used." msgstr "" -#: ../../../_source/mail-libre-is.rst:768 +#: ../../../_source/mail-libre-is.rst:785 msgid "Change /etc/resolv.conf to:" msgstr "" -#: ../../../_source/mail-libre-is.rst:775 +#: ../../../_source/mail-libre-is.rst:792 msgid "Also add to /etc/rspamd/local.d/options.inc" msgstr "" -#: ../../../_source/mail-libre-is.rst:785 +#: ../../../_source/mail-libre-is.rst:802 msgid "DKIM" msgstr "" -#: ../../../_source/mail-libre-is.rst:786 +#: ../../../_source/mail-libre-is.rst:803 msgid "Set up DNS for DKIM." msgstr "" -#: ../../../_source/mail-libre-is.rst:795 +#: ../../../_source/mail-libre-is.rst:812 msgid "" "Add a 2024090101._domainkey TXT DNS record at the ISP, with contents of the " "\"p=\" and the rest, for example:" msgstr "" -#: ../../../_source/mail-libre-is.rst:802 +#: ../../../_source/mail-libre-is.rst:819 msgid "Create /etc/rspamd/local.d/dkim_signing.conf with contents:" msgstr "" -#: ../../../_source/mail-libre-is.rst:809 +#: ../../../_source/mail-libre-is.rst:826 msgid "Create /etc/rspamd/dkim_selectors.map with contents:" msgstr "" -#: ../../../_source/mail-libre-is.rst:815 +#: ../../../_source/mail-libre-is.rst:832 msgid "Restart again..." msgstr "" -#: ../../../_source/mail-libre-is.rst:821 +#: ../../../_source/mail-libre-is.rst:838 msgid "" "Take teh contents from running dkim_keygen above and add it this file: /var/" "lib/rspamd/dkim/libre.is.2024090101.key" msgstr "" -#: ../../../_source/mail-libre-is.rst:824 +#: ../../../_source/mail-libre-is.rst:841 msgid "" "Just add the PRIVATE KEY section, not the last two lines. Fix it's " "permissions:" msgstr "" -#: ../../../_source/mail-libre-is.rst:834 +#: ../../../_source/mail-libre-is.rst:851 msgid "SPF" msgstr "" -#: ../../../_source/mail-libre-is.rst:835 +#: ../../../_source/mail-libre-is.rst:852 msgid "Set up SPF." msgstr "" -#: ../../../_source/mail-libre-is.rst:837 +#: ../../../_source/mail-libre-is.rst:854 msgid "Add a DNS TXT record like this:" msgstr "" -#: ../../../_source/mail-libre-is.rst:845 +#: ../../../_source/mail-libre-is.rst:862 +msgid "DMARC" +msgstr "" + +#: ../../../_source/mail-libre-is.rst:863 +msgid "Create a DNS TXT record for the domain _dmarc.libre.is with contents:" +msgstr "" + +#: ../../../_source/mail-libre-is.rst:871 msgid "Spamhaus" msgstr "" -#: ../../../_source/mail-libre-is.rst:846 +#: ../../../_source/mail-libre-is.rst:872 msgid "" "Spamhaus may automagically list the IP to be blocked when it is new. To " "remove, just go to:" msgstr "" -#: ../../../_source/mail-libre-is.rst:849 +#: ../../../_source/mail-libre-is.rst:875 msgid "``_" msgstr "" -#: ../../../_source/mail-libre-is.rst:851 +#: ../../../_source/mail-libre-is.rst:877 msgid "" "Then enter the IP address of the server and fill out the form. They will " "send a confirmation email with a link. Go to that link and it will be " "immediately removed." msgstr "" - -#: ../../../_source/mail-libre-is.rst:857 -msgid "Other" -msgstr "" - -#: ../../../_source/mail-libre-is.rst:858 -msgid "Perhaps these too." -msgstr "" - -#: ../../../_source/mail-libre-is.rst:865 -msgid "Perhaps easier to admin with this script." -msgstr "" - -#: ../../../_source/mail-libre-is.rst:867 -msgid "``_" -msgstr "" - -#: ../../../_source/mail-libre-is.rst:873 -msgid "Requires database setup." -msgstr "" diff --git a/docs/_source/mail-libre-is.rst b/docs/_source/mail-libre-is.rst index 9a57d70..a523c8b 100644 --- a/docs/_source/mail-libre-is.rst +++ b/docs/_source/mail-libre-is.rst @@ -164,6 +164,16 @@ This install is based on this guide: For more information and details about what is what, refer to that site. +The main components in use: + +Certbot (Let's Encrypt) + + ``_ + +Debian + + ``_ + Dovecot ``_ @@ -171,17 +181,24 @@ Dovecot MariaDB - -OpenDMARC - - ``_ - - ``_ + ``_ Postfix ``_ +redis + + ``_ + +rspamd + + ``_ + +unbound + + ``_ + DNS === @@ -841,6 +858,15 @@ Add a DNS TXT record like this: v=spf1 mx a ip4:70.39.110.156/32 include:mail.libre.is -all +DMARC +===== +Create a DNS TXT record for the domain _dmarc.libre.is with contents: + +.. code-block:: cfg + + v=DMARC1; p=reject; rua=mailto:postmaster@libre.is; ruf=mailto:postmaster@libre.is; fo=0; adkim=r; aspf=r; pct=100; rf=afrf; ri=86400; sp=reject + + Spamhaus ======== Spamhaus may automagically list the IP to be blocked when it is new. @@ -852,30 +878,3 @@ Then enter the IP address of the server and fill out the form. They will send a confirmation email with a link. Go to that link and it will be immediately removed. - -Other -===== -Perhaps these too. - -.. code-block:: sh - - apt install postfix-policyd-spf-python rspamd - apt install fail2ban spamassassin sqlgrey opendkim-tools make - -Perhaps easier to admin with this script. - - ``_ - - - -OpenDMARC -========= -Requires database setup. - - -.. code-block:: sh - - sudo apt install opendmarc - - -