cleanup

2021-02-12 11:17:23 +08:00 · 2021-02-12 11:17:23 +08:00 · 46441bb33e
parent d898a78c5f
commit 46441bb33e
2 changed files with 26 additions and 144 deletions
--- a/README.md
+++ b/README.md
@ -1,124 +0,0 @@
 # Email server setup script
 This is a heavily modified version of
 [LukeSmith's emailwiz](https://github.com/LukeSmithxyz/emailwiz). Basically
 everything (except comments) in the original script is rewrited to suit OpenBSD.
 I wrote this script during the gruelling process of installing and setting up
 an email server.  It perfectly reproduces my successful steps to ensure the
 same setup time and time again.
 Read this readme and peruse the script's comments before running it.  Expect it
 to fail and you have to do bug testing and you will be very happy when it
 actually works perfectly.
 ## This script installs
 - **OpenSMTPD** to send and receive mail.
 - **Dovecot** to get mail to your email client (mutt, Thunderbird, etc).
 - Config files that unique the two above securely with native log-ins.
 - **Rspamd** to prevent spam and allow you to make custom filters.
 - **opensmtpd-filter-dkimsign** to validate you so you can send to Gmail and
  other big sites.
 ## This script does _not_
 - use a SQL database or anything like that.
 - set up a graphical interface for mail like Roundcube or Squirrel Mail. If you
  want that, you'll have to install it yourself. I just use
  [isync/msmtp/mutt-wizard](https://github.com/lukesmithxyz/mutt-wizard) to
  have an offline mirror of my email setup and I recommend the same. There are
  other ways of doing it though, like Thunderbird, etc.
 ## Requirements
 1. A **OpenBSD server**. I've tested this on a
   [Vultr](https://www.vultr.com/?ref=8608122) OpenBSD server and their setup
   works, but I suspect other VPS hosts will have similar/possibly identical
   default settings which will let you run this on them. Note that the affiliate
   link there to Vultr gives you a $100 credit for the first month to play
   around.
 2. **A Let's Encrypt SSL certificate for your site's `mta` subdomain**.
   Create a `httpd(1)` site at `mta.domain.tld` and get a certificate
   for it with `acme-client(1)`.
 3. You need two little DNS records set on your domain registrar's site/DNS
   server: (1) an **MX record** pointing to your own main domain/IP and (2) a
   **CNAME record** for your `mta.` subdomain.
 4. **A Reverse DNS entry for your site.** Go to your VPS settings and add an
   entry for your IPV4 Reverse DNS that goes from your IP address to
   `mta.domain.tld`. If you would like IPV6, you can do the same for
   that. This has been tested on Vultr, and all decent VPS hosts will have
   a section on their instance settings page to add a reverse DNS PTR entry.
   You can use the 'Test Email Server' or ':smtp' tool on
   [mxtoolbox](https://mxtoolbox.com/SuperTool.aspx) to test if you set up
   a reverse DNS correctly. This step is not required for everyone, but some
   big email services like gmail will stop emails coming from mail servers
   with no/invalid rDNS lookups. This means your email will fail to even
   make it to the receipients spam folder; it will never make it to them.
 6. Some VPS providers block port 25 (used to send mail). You may need to
   request that this port be opened to send mail successfully. Although I have
   never had to do this on a Vultr VPS, others have had this issue so if you
   cannot send, contact your VPS provider.
 7. Edit parameter section in emailwiz script. For example, change `${domain}` to
 `changchukuan.name` and `${subdom}` to `mta`.
 ## Post-install requirement!
 - After the script runs, you'll have to add additional DNS TXT records which
  are displayed at the end when the script is complete. They will help ensure
  your mail is validated and secure.
 - Modify rspamd whitelists/blacklists in `/etc/rspamd/local.d` to yout need.
 ## Making new users/mail accounts
 Let's say we want to add a user Billy and let him receive mail, run this:
 ```
 useradd -m billy
 passwd billy
 ```
 A user's mail will appear in `~/Maildir/`. If you want to see your mail while
 ssh'd in the server, you could just install mutt, add `set spoolfile="+Inbox"`
 to your `~/.muttrc` and use mutt to view and reply to mail. You'll probably want
 to log in remotely though:
 ## Logging in from Thunderbird or mutt (and others) remotely
 Let's say you want to access your mail with Thunderbird or mutt or another
 email program. For my domain, the server information will be as follows:
 - SMTP server: `mta.domain.tld`
 - SMTP port: 465
 - IMAP server: `mta.domain.tld`
 - IMAP port: 993
 - Username `user` (I.e. *not* `user@domain.tld`)
 The last point is important. Many email systems use a full email address on
 login. Since we just simply use local BSDAuth logins, only the user's name is
 used (this makes a difference if you're using luke's
 [mutt-wizard](https://github.com/lukesmithxyz/mutt-wizard), etc.).
 ## Tweaking things
 You're a big boy now if you have your own mail server!
 You can tweak smtpd (sending mail
 ## Furthur reading
 - [poolp's guide](https://poolp.org/posts/2019-09-14/setting-up-a-mail-server-with-opensmtpd-dovecot-and-rspamd/)
 ## Troubleshooting -- Can't send mail?
 - Always check `/var/log/maillog` and `/var/log/rspamd` to see the specific
  problem.
 - Go to [this site](https://appmaildev.com/en/dkim) to test your TXT records.
  If your DKIM, SPF or DMARC tests fail you probably copied in the TXT records
  incorrectly.
 - If everything looks good and you *can* send mail, but it still goes to Gmail
  or another big provider's spam directory, your domain (especially if it's a
  new one) might be on a public spam list.  Check
  [this site](https://mxtoolbox.com/blacklists.aspx) to see if it is. Don't
  worry if you are: sometimes especially new domains are automatically assumed
  to be spam temporaily. If you are blacklisted by one of these, look into it
  and it will explain why and how to remove yourself.
--- a/46
+++ b/46
@ -10,41 +10,43 @@
 #	IMAPs server:  mta.domain.tld (${subdom}.${domain})
 #	IMAPs Setting: port 993, SSL/TLS, PLAIN
 #	User:          user name w/o '@domain.tld'
-
+#
 # Firewall setting, open following port:
-#	SMPT  port 25
+#	smtp  port 25
-#	SMTPs port 465
+#	smtps port 465
-#	IMAPs port 993
+#	imaps port 993
-
+#
 # Mail will be stored in non-retarded Maildirs because it's ${current_year}.
 # This makes it easier for use with isync, which is what I care about so I can
 # have an offline repo of mail.
-
+#
 # The mailbox names are: Inbox, Sent, Drafts, Archive, Spam, Trash
-
+#
 # Use the typical unix login system for mail users. Users will log into their
 # email with their passnames on the server. No usage of a redundant mySQL
 # database to do this.
-
+#
-# Rspamd whitelists and blacklists are in /etc/rspamd/.local.d. Modify them to
+# Rspamd whitelists and blacklists are in /etc/rspamd/.local.d
-# your own need.
+# Modify them to your own need.
 #
 # DEPENDENCIES BEFORE RUNNING
 #
-
+#
 # 1. Modify "Paramater" section to your need.
-
+#
-# 2. Have a OpenBSD 6.8 system with a static IP and all that. Pretty much any
+# 2. Have a OpenBSD system with a static IP and all that. Pretty much any
 # default VPS offered by a company will have all the basic stuff you need.
-
+#
 # 3. Have a Let's Encrypt SSL certificate for mx.domain.tld
 # (${subdom}.${domain}) using httpd(1) and acme-client(1).
-
+#
 # 4. If you've been toying around with your server settings trying to get
 # smtpd/dovecot/rspamd/etc. I recommend you to clear out /etc/mail, /etc/dovecot
 # , and /etc/rspamd/local.d yourself if needbe, because this script is build on
 # top of only the defaults.
 #
 # 5. Setup doas(1) so we can act as _dkimsign user
 #
 # Parameters
@ -52,11 +54,12 @@
 # Modify this section to your need
 readonly domain='domain.tld'
-readonly subdom='mta'
+readonly subdom='mta0'
 # DO NOT modify this part
 readonly maildomain="${subdom}.${domain}"
 readonly progname="$(basename "$0")"
 # Certificate for smtp
 readonly certfile="/etc/ssl/${maildomain}.fullchain.pem"
 readonly keyfile="/etc/ssl/private/${maildomain}.key"
@ -79,7 +82,8 @@ fi
 printf '%s: Installing programs...\n' "${progname}"
-pkg_add opensmtpd-filter-dkimsign dovecot dovecot-pigeonhole rspamd opensmtpd-filter-rspamd
+pkg_add opensmtpd-filter-dkimsign dovecot dovecot-pigeonhole rspamd \
    opensmtpd-filter-rspamd
 if test ! -f '/etc/doas.conf'; then
 	printf '%s: doas(1) not configured.\n' "${progname}" 2>&1
@ -316,9 +320,7 @@ if ! grep -q 'dovecot' /etc/login.conf; then
 	cp -f /etc/login.conf /etc/login.conf.def
 	cat << EOF >> /etc/login.conf
 #
 # Dovecot entry
 #
 dovecot:\\
        :openfiles-cur=1024:\\
        :openfiles-max=2048:\\
@ -360,7 +362,9 @@ for x in 'local_bl_from.map.inc' 'local_bl_ip.map.inc' 'local_bl_rcpt.map.inc' \
 done
 cat << EOF > /etc/rspamd/local.d/multimap.conf
 #
 # Blacklists
 #
 local_bl_ip {
 	type = "ip";
@ -386,7 +390,9 @@ local_bl_rcpt {
 	score = 5;
 }
 #
 # Whitelists
 #
 local_wl_ip {
 	type = "ip";
@ -426,7 +432,7 @@ doas -u _dkimsign openssl genrsa -out "${dkimkey}" 2048
 # Restart daemons
 #
-for x in 'smtpd' 'dovecot' 'rspamd'; do
+for x in 'smtpd' 'dovecot' 'rspamd' 'redis'; do
 	printf '%s: Enabling %s...' "${progname}" "${x}"
 	rcctl enable "${x}" 2>&1 > /dev/null && printf ' Done\n' || printf ' Failed\n'
 	printf '%s: Restarting %s...' "${progname}" "${x}"