kevin/server-configs
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity

Add the newly required ssl_dh stuff to dovecot

Browse source
This commit is contained in:
Kevin MacMartin 2018-03-23 15:02:51 -04:00
parent 730cbedc55
commit 980760b9d8
2 changed files with 11 additions and 9 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

19
README.md
View file

@ -65,15 +65,16 @@ dovecot pam.d postfix procmailrc skel systemd opendkim
7. In `/etc/postfix/main.cf` replace `SOMETHING.REPLACEME.TLD` with the hostname of the server and `REPLACEME.TLD` with the domain
8. Run `opendkim-genkey -r -s REPLACEME -d REPLACEME.TLD` where `REPLACEME.TLD` is the domain, and `REPLACEME` is the first part of the domain
9. In `/etc/postfix/aliases`, replace the instance of `REPLACEME` with the user that should receive domain-level emails
10. Run `newaliases` to update the aliases database with the contents of `/etc/postfix/aliases`
11. Run `systemctl start postfix dovecot opendkim` to start the mail services and `systemctl status postfix dovecot opendkim` to check for errors
12. If there were no errors in the previous command, run `systemctl enable postfix dovecot opendkim` to enable the mail services at boot
13. Create an MX DNS record for `REPLACEME.TLD` containing the hostname (`REPLACEME.TLD` can usually be left out of the input field)
14. Create a TXT DNS record for the host `REPLACEME._domainkey.REPLACEME.TLD` containing `v=DKIM1; k=rsa; s=email; p=PASSWORD`, replacing the occurance of `REPLACEME` with the first part of the domain, `REPLACEME.TLD` with the full domain, and `PASSWORD` with the string following `p=` in `/etc/opendkim/REPLACEME.txt` (`REPLACEME.TLD` can usually be left out of the input field)
15. Create a TXT DNS record for the host `REPLACEME.TLD` containing `v=spf1 mx -all` (`REPLACEME.TLD` can usually be left out of the input field)
16. Create a TXT DNS record for the host `_dmarc.REPLACEME.TLD` containing `v=DMARC1; p=none` (`REPLACEME.TLD` can usually be left out of the input field)
17. Set the reverse DNS record for the VPS to the hostname
18. Add `postfix.service` and `dovecot.service` to the `ExecStartPost` service reload in `/etc/systemd/system/certbot-renewal.service` and run `systemctl daemon-reload`
10. Run `openssl dhparam -out /etc/dovecot/dh.pem 4096`
11. Run `newaliases` to update the aliases database with the contents of `/etc/postfix/aliases`
12. Run `systemctl start postfix dovecot opendkim` to start the mail services and `systemctl status postfix dovecot opendkim` to check for errors
13. If there were no errors in the previous command, run `systemctl enable postfix dovecot opendkim` to enable the mail services at boot
14. Create an MX DNS record for `REPLACEME.TLD` containing the hostname (`REPLACEME.TLD` can usually be left out of the input field)
15. Create a TXT DNS record for the host `REPLACEME._domainkey.REPLACEME.TLD` containing `v=DKIM1; k=rsa; s=email; p=PASSWORD`, replacing the occurance of `REPLACEME` with the first part of the domain, `REPLACEME.TLD` with the full domain, and `PASSWORD` with the string following `p=` in `/etc/opendkim/REPLACEME.txt` (`REPLACEME.TLD` can usually be left out of the input field)
16. Create a TXT DNS record for the host `REPLACEME.TLD` containing `v=spf1 mx -all` (`REPLACEME.TLD` can usually be left out of the input field)
17. Create a TXT DNS record for the host `_dmarc.REPLACEME.TLD` containing `v=DMARC1; p=none` (`REPLACEME.TLD` can usually be left out of the input field)
18. Set the reverse DNS record for the VPS to the hostname
19. Add `postfix.service` and `dovecot.service` to the `ExecStartPost` service reload in `/etc/systemd/system/certbot-renewal.service` and run `systemctl daemon-reload`
### Add Accounts

1
dovecot/conf.d/10-ssl.conf Normal file
View file

@ -0,0 +1 @@
ssl_dh = </etc/dovecot/dh.pem