From 97e60971d46938c4aad9467b6f54e591d6aff16f Mon Sep 17 00:00:00 2001 From: Robin Raymond Date: Fri, 23 Feb 2018 16:28:23 +0100 Subject: [PATCH 1/7] Create ISSUE_TEMPLATE.md --- ISSUE_TEMPLATE.md | 18 ++++++++++++++++++ 1 file changed, 18 insertions(+) create mode 100644 ISSUE_TEMPLATE.md diff --git a/ISSUE_TEMPLATE.md b/ISSUE_TEMPLATE.md new file mode 100644 index 0000000..492dce7 --- /dev/null +++ b/ISSUE_TEMPLATE.md @@ -0,0 +1,18 @@ +(Use this template for bugs, feel free to delete it for other issues) + +#### SNM Version: (e.g. v2.1.3) +#### Nixos Version: (e.g. 17.09 or unstable) + +#### Relevant part of the config to reproduce: + + + +#### What I expected to happen: + + + +#### What happend: + + + +#### Relevant journald log: From e5e3e61f97671cb4ba828d413e03625b604a5ce5 Mon Sep 17 00:00:00 2001 From: Robin Raymond Date: Fri, 23 Feb 2018 16:29:22 +0100 Subject: [PATCH 2/7] Update ISSUE_TEMPLATE.md --- ISSUE_TEMPLATE.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/ISSUE_TEMPLATE.md b/ISSUE_TEMPLATE.md index 492dce7..480c542 100644 --- a/ISSUE_TEMPLATE.md +++ b/ISSUE_TEMPLATE.md @@ -11,7 +11,7 @@ -#### What happend: +#### What happened: From 6c502061651d55bee12889d3033c73304ffe07f9 Mon Sep 17 00:00:00 2001 From: Robin Raymond Date: Wed, 28 Feb 2018 13:57:08 +0100 Subject: [PATCH 3/7] move setup guide to wiki --- README.md | 195 +----------------------------------------------------- 1 file changed, 1 insertion(+), 194 deletions(-) diff --git a/README.md b/README.md index fd9b990..fc2bb70 100644 --- a/README.md +++ b/README.md @@ -100,200 +100,7 @@ For a complete list of options, see `default.nix`. ## How to Set Up a 10/10 Mail Server Guide -Mail servers can be a tricky thing to set up. This guide is supposed to run you -through the most important steps to achieve a 10/10 score on `mail-tester.com`. - -What you need: - - * A server with a public IP (referred to as `server-IP`) - * A Fully Qualified Domain Name (`FQDN`) where your server is reachable, - so that other servers can find yours. Common FQDN include `mx.example.com` - (where `example.com` is a domain you own) or `mail.example.com`. The domain - is referred to as `server-domain` (`example.com` in the above example) and - the `FQDN` is referred to by `server-FQDN` (`mx.example.com` above). - * A list of domains you want to your email server to serve. (Note that this - does not have to include `server-domain`, but may of course). These will be - referred to as `domains`. As an example, `domains = [ example1.com, - example2.com ]`. - -### A) Setup server - -The following describes a server setup that is fairly complete. Even though -there are more possible options (see `default.nix`), these should be the most -common ones. - -```nix -{ config, pkgs, ... }: -{ - imports = [ - (builtins.fetchTarball "https://github.com/r-raymond/nixos-mailserver/archive/v2.1.3.tar.gz") - ]; - - mailserver = { - enable = true; - fqdn = ; - domains = [ ]; - - # A list of all login accounts. To create the password hashes, use - # mkpasswd -m sha-512 "super secret password" - loginAccounts = { - "user1@example.com" = { - hashedPassword = "$6$/z4n8AQl6K$kiOkBTWlZfBd7PvF5GsJ8PmPgdZsFGN1jPGZufxxr60PoR0oUsrvzm2oQiflyz5ir9fFJ.d/zKm/NgLXNUsNX/"; - - aliases = [ - "postmaster@example.com" - "postmaster@example2.com" - ]; - - # Make this user the catchAll address for domains example.com and - # example2.com - catchAll = [ - "example.com" - "example2.com" - ]; - }; - - "user2@example.com" = { ... }; - }; - - # Extra virtual aliases. These are email addresses that are forwarded to - # loginAccounts addresses. - extraVirtualAliases = { - # address = forward address; - "abuse@example.com" = "user1@example.com"; - }; - - # Use Let's Encrypt certificates. Note that this needs to set up a stripped - # down nginx and opens port 80. - certificateScheme = 3; - - # Enable IMAP and POP3 - enableImap = true; - enablePop3 = true; - enableImapSsl = true; - enablePop3Ssl = true; - - # Enable the ManageSieve protocol - enableManageSieve = true; - - # whether to scan inbound emails for viruses (note that this requires at least - # 1 Gb RAM for the server. Without virus scanning 256 MB RAM should be plenty) - virusScanning = false; - }; -} -``` - -After a `nixos-rebuild switch --upgrade` your server should be good to go. If -you want to use `nixops` to deploy the server, look in the subfolder `nixops` -for some inspiration. - - -### B) Setup everything else - -#### Step 1: Set DNS entry for server - -Add a DNS record to the domain `server-domain` with the following entries - -| Name (Subdomain) | TTL | Type | Priority | Value | -| ---------------- | ----- | ---- | -------- | ----------------- | -| `server-FQDN` | 10800 | A | | `server-IP` | - -This resolved DNS equries for `server-FQDN` to `server-IP`. You can test if your -setting is correct by - -``` -ping -64 bytes from (): icmp_seq=1 ttl=46 time=21.3 ms -... -``` - -Note that it can take a while until a DNS entry is propagated. - -#### Step 2: Set rDNS (reverse DNS) entry for server -Wherever you have rented your server, you should be able to set reverse DNS -entries for the IP's you own. Add an entry resolving `server-IP` to -`server-FQDN` - -You can test if your setting is correct by - -``` -host -.in-addr.arpa domain name pointer . -``` - -Note that it can take a while until a DNS entry is propagated. - -#### Step 3: Set `MX` Records - -For every `domain` in `domains` do: - * Add a `MX` record to the domain `domain` - - | Name (Subdomain) | TTL | Type | Priority | Value | - | ---------------- | ----- | ---- | -------- | ----------------- | - | `domain` | | MX | 10 | `server-FQDN` | - -You can test this via -``` -dig -t MX - -... -;; ANSWER SECTION: - 10800 IN MX 10 -... -``` - -Note that it can take a while until a DNS entry is propagated. - -#### Step 4: Set `SPF` Records - -For every `domain` in `domains` do: - * Add a `SPF` record to the domain `domain` - - | Name (Subdomain) | TTL | Type | Priority | Value | - | ---------------- | ----- | ---- | -------- | ----------------- | - | `domain` | 10800 | TXT | | `v=spf1 ip4: -all` | - -You can check this with `dig -t TXT ` similar to the last section. Note -that `SPF` records are set as `TXT` records since RFC1035. - -Note that it can take a while until a DNS entry is propagated. If you want to -use multiple servers for your email handling, don't forget to add all server -IP's to this list. - -#### Step 5: Set `DKIM` signature - -In this section we assume that your `dkimSelector` is set to `mail`. If you have a different selector, replace -all `mail`'s below accordingly. - -For every `domain` in `domains` do: - * Go to your server and navigate to the dkim key directory (by default - `/var/dkim`). There you will find a public key for any domain in the - `domain.txt` file. It will look like - ``` - mail._domainkey IN TXT "v=DKIM1; r=postmaster; g=*; k=rsa; p=" ; ----- DKIM mail for domain.tld - ``` - * Add a `DKIM` record to the domain `domain` - - | Name (Subdomain) | TTL | Type | Priority | Value | - | ---------------- | ----- | ---- | -------- | ----------------- | - | mail._domainkey.`domain` | 10800 | TXT | | `v=DKIM1; p=` | - - -You can check this with `dig -t TXT mail._domainkey.` similar to the last section. - -Note that it can take a while until a DNS entry is propagated. - - -### C) Test your Setup - -Write an email to your aunt (who has been waiting for your reply far too long), -and sign up for some of the finest newsletters the Internet has. Maybe you want -to sign up for the [SNM Announcement List](https://www.freelists.org/list/snm)? - -Besides that, you can send an email to [mail-tester.com](https://www.mail-tester.com/) and see how you score, -and let [mxtoolbox.com](http://mxtoolbox.com/) take a look at your setup, but if you followed -the steps closely then everything should be awesome! - +Check out the [Complete Setup Guide](https://github.com/r-raymond/nixos-mailserver/wiki/A-Complete-Setup-Guide) in the project's wiki. ## How to Backup From 35fff89f119ae57dc99e2f8c776ecb4a5a4c6612 Mon Sep 17 00:00:00 2001 From: Robin Raymond Date: Wed, 28 Feb 2018 13:59:44 +0100 Subject: [PATCH 4/7] Move backup section to wiki --- README.md | 16 +--------------- 1 file changed, 1 insertion(+), 15 deletions(-) diff --git a/README.md b/README.md index fc2bb70..503b007 100644 --- a/README.md +++ b/README.md @@ -104,21 +104,7 @@ Check out the [Complete Setup Guide](https://github.com/r-raymond/nixos-mailserv ## How to Backup -This is really easy. First off you should have a backup of your -`configuration.nix` file where you have the server config (but that is already -in a git repository right?) - -Next you need to backup `/var/vmail` or whatever you have specified for the -option `mailDirectory`. This is where all the mails reside. Good options are a -cron job with `rsync` or `scp`. But really anything works, as it is simply a -folder with plenty of files in it. If your backup solution does not preserve the -owner of the files don't forget to `chown` them to `virtualMail:virtualMail` if you copy -them back (or whatever you specified as `vmailUserName`, and `vmailGoupName`). - -Finally you can (optionally) make a backup of `/var/dkim` (or whatever you -specified as `dkimKeyDirectory`). If you should lose those don't worry, new ones -will be created on the fly. But you will need to repeat step `B)5` and correct -all the `dkim` keys. +Checkout the [Complete Backup Guide](https://github.com/r-raymond/nixos-mailserver/wiki/A-Complete-Backup-Guide). Backups are easy with `SNM`. ## How to Test for Development From c3582e13cb522e2710d69f1315dcc55c7ba52917 Mon Sep 17 00:00:00 2001 From: Robin Raymond Date: Wed, 28 Feb 2018 14:01:07 +0100 Subject: [PATCH 5/7] Remove outdated change log. --- README.md | 8 +------- 1 file changed, 1 insertion(+), 7 deletions(-) diff --git a/README.md b/README.md index 503b007..45a8d58 100644 --- a/README.md +++ b/README.md @@ -59,13 +59,7 @@ D9FE 4119 F082 6F15 93BD BD36 6162 DBA5 635E A16A ### Changelog -#### v1.0 -> v1.1 - * Changed structure to Nix Modules - * Adds Sieve support - -#### v1.1 -> v2.0 - * rename domain to fqdn, seperate fqdn from domains - * multi domain support +See the [mailing list archive](https://www.freelists.org/archive/snm/) ### Quick Start From 6c2bfe55e8a8d32e6c9d5ed63ad3352243359cc8 Mon Sep 17 00:00:00 2001 From: Robin Raymond Date: Wed, 28 Feb 2018 14:03:31 +0100 Subject: [PATCH 6/7] Link to contributors --- README.md | 35 +---------------------------------- 1 file changed, 1 insertion(+), 34 deletions(-) diff --git a/README.md b/README.md index 45a8d58..2044331 100644 --- a/README.md +++ b/README.md @@ -123,41 +123,8 @@ openssl s_client -host mail.example.com -port 143 -starttls imap ``` -## A Complete Mail Server Without Moving Parts - -### Used Technologies - * Nixos - * Nixpkgs - * Dovecot - * Postfix - * Rmilter - * Rspamd - * Clamav - * Opendkim - * Pam - -### Features - * unlimited domain - * unlimited mail accounts - * unlimited aliases for every mail account - * spam and virus checking - * dkim signing of outgoing emails - * imap (optionally pop3) - * startTLS - -### Nonfeatures - * moving parts - * SQL databases - * configurations that need to be made after `nixos-rebuild switch` - * complicated storage schemes - * webclients / http-servers - ## Contributors - * Special thanks to @Infinisil for the module rewrite - * Special thanks to @jbboehr for multidomain implementation - * @danbst - * @phdoerfler - * @eqyiel +See the [contributor tab](https://github.com/r-raymond/nixos-mailserver/graphs/contributors) ### Alternative Implementations * [NixCloud Webservices](https://github.com/nixcloud/nixcloud-webservices) From 95dad50dcba6eeef7a86e663a859512350b3b76f Mon Sep 17 00:00:00 2001 From: Robin Raymond Date: Wed, 28 Feb 2018 14:07:50 +0100 Subject: [PATCH 7/7] Move development to wiki page --- README.md | 23 ++--------------------- 1 file changed, 2 insertions(+), 21 deletions(-) diff --git a/README.md b/README.md index 2044331..4018b27 100644 --- a/README.md +++ b/README.md @@ -100,28 +100,9 @@ Check out the [Complete Setup Guide](https://github.com/r-raymond/nixos-mailserv Checkout the [Complete Backup Guide](https://github.com/r-raymond/nixos-mailserver/wiki/A-Complete-Backup-Guide). Backups are easy with `SNM`. -## How to Test for Development - -You can test the setup via `nixops`. After installation, do - -``` -nixops create nixops/single-server.nix nixops/vbox.nix -d mail -nixops deploy -d mail -nixops info -d mail -``` - -You can then test the server via e.g. `telnet`. To log into it, use - -``` -nixops ssh -d mail mailserver -``` - -To test imap manually use - -``` -openssl s_client -host mail.example.com -port 143 -starttls imap -``` +## Development +See the [How to Develop SNM](https://github.com/r-raymond/nixos-mailserver/wiki/How-to-Develop-SNM) wiki page. ## Contributors See the [contributor tab](https://github.com/r-raymond/nixos-mailserver/graphs/contributors)