mirror/docker-mailserver.docker-mailserver
1
0
Fork 0
mirror of https://github.com/docker-mailserver/docker-mailserver.git synced 2025-08-04 01:55:29 +02:00
Code Issues Projects Releases Packages Wiki Activity Actions 4

deploy: a0ee472501

Browse source
This commit is contained in:
github-actions[bot] 2021-09-22 23:30:04 +00:00
parent 07afd2c901
commit 4d20a99272
46 changed files with 847 additions and 862 deletions
Download patch file Download diff file Expand all files Collapse all files

16
edge/config/best-practices/autodiscover/index.html
View file

@ -6,7 +6,7 @@
<meta charset="utf-8">
<meta name="viewport" content="width=device-width,initial-scale=1">
<meta name="description" content="A fullstack but simple mail server (SMTP, IMAP, LDAP, Antispam, Antivirus, etc.) using Docker.">
<meta name="description" content="A fullstack but simple mail-server (SMTP, IMAP, LDAP, Antispam, Antivirus, etc.) using Docker.">
@ -16,7 +16,7 @@
<link rel="canonical" href="https://docker-mailserver.github.io/docker-mailserver/edge/config/best-practices/autodiscover/">
<link rel="icon" href="../../../assets/logo/favicon-32x32.png">
<meta name="generator" content="mkdocs-1.2.2, mkdocs-material-7.2.6">
<meta name="generator" content="mkdocs-1.2.2, mkdocs-material-7.2.8">
@ -24,7 +24,7 @@
<link rel="stylesheet" href="../../../assets/stylesheets/main.802231af.min.css">
<link rel="stylesheet" href="../../../assets/stylesheets/main.92558b1b.min.css">
<link rel="stylesheet" href="../../../assets/stylesheets/palette.3f5d1f46.min.css">
@ -1037,7 +1037,7 @@
<li class="md-nav__item">
<a href="../../../examples/tutorials/mailserver-behind-proxy/" class="md-nav__link">
Mailserver behind Proxy
Mail-Server behind a Proxy
</a>
</li>
@ -1088,7 +1088,7 @@
<li class="md-nav__item">
<a href="../../../examples/uses-cases/forward-only-mailserver-with-ldap-authentication/" class="md-nav__link">
Forward-Only Mailserver with LDAP
Forward-Only Mail-Server with LDAP
</a>
</li>
@ -1260,7 +1260,7 @@
<h1>Auto-discovery</h1>
<p>Email auto-discovery means a client email is able to automagically find out about what ports and security options to use, based on the mail server URL. It can help simplify the tedious / confusing task of adding own's email account for non-tech savvy users.</p>
<p>Email auto-discovery means a client email is able to automagically find out about what ports and security options to use, based on the mail-server URI. It can help simplify the tedious / confusing task of adding own's email account for non-tech savvy users.</p>
<p>Email clients will search for auto-discoverable settings and prefill almost everything when a user enters its email address <img alt="❤" class="twemoji" src="https://twemoji.maxcdn.com/v/latest/svg/2764.svg" title=":heart:" /></p>
<p>There exists <a href="https://hub.docker.com/r/monogramm/autodiscover-email-settings/">autodiscover-email-settings</a> on which provides IMAP/POP/SMTP/LDAP autodiscover capabilities on Microsoft Outlook/Apple Mail, autoconfig capabilities for Thunderbird or kmail and configuration profiles for iOS/Apple Mail.</p>
@ -1344,10 +1344,10 @@
<div class="md-dialog" data-md-component="dialog">
<div class="md-dialog__inner md-typeset"></div>
</div>
<script id="__config" type="application/json">{"base": "../../..", "features": ["navigation.tabs", "navigation.top", "navigation.expand", "navigation.instant"], "translations": {"clipboard.copy": "Copy to clipboard", "clipboard.copied": "Copied to clipboard", "search.config.lang": "en", "search.config.pipeline": "trimmer, stopWordFilter", "search.config.separator": "[\\s\\-]+", "search.placeholder": "Search", "search.result.placeholder": "Type to start searching", "search.result.none": "No matching documents", "search.result.one": "1 matching document", "search.result.other": "# matching documents", "search.result.more.one": "1 more on this page", "search.result.more.other": "# more on this page", "search.result.term.missing": "Missing", "select.version.title": "Select version"}, "search": "../../../assets/javascripts/workers/search.409db549.min.js", "version": {"provider": "mike"}}</script>
<script id="__config" type="application/json">{"base": "../../..", "features": ["navigation.tabs", "navigation.top", "navigation.expand", "navigation.instant"], "translations": {"clipboard.copy": "Copy to clipboard", "clipboard.copied": "Copied to clipboard", "search.config.lang": "en", "search.config.pipeline": "trimmer, stopWordFilter", "search.config.separator": "[\\s\\-]+", "search.placeholder": "Search", "search.result.placeholder": "Type to start searching", "search.result.none": "No matching documents", "search.result.one": "1 matching document", "search.result.other": "# matching documents", "search.result.more.one": "1 more on this page", "search.result.more.other": "# more on this page", "search.result.term.missing": "Missing", "select.version.title": "Select version"}, "search": "../../../assets/javascripts/workers/search.94ec81fe.min.js", "version": {"provider": "mike"}}</script>
<script src="../../../assets/javascripts/bundle.756773cc.min.js"></script>
<script src="../../../assets/javascripts/bundle.48dfec6c.min.js"></script>
</body>

44
edge/config/best-practices/dkim/index.html
View file

@ -6,7 +6,7 @@
<meta charset="utf-8">
<meta name="viewport" content="width=device-width,initial-scale=1">
<meta name="description" content="A fullstack but simple mail server (SMTP, IMAP, LDAP, Antispam, Antivirus, etc.) using Docker.">
<meta name="description" content="A fullstack but simple mail-server (SMTP, IMAP, LDAP, Antispam, Antivirus, etc.) using Docker.">
@ -16,7 +16,7 @@
<link rel="canonical" href="https://docker-mailserver.github.io/docker-mailserver/edge/config/best-practices/dkim/">
<link rel="icon" href="../../../assets/logo/favicon-32x32.png">
<meta name="generator" content="mkdocs-1.2.2, mkdocs-material-7.2.6">
<meta name="generator" content="mkdocs-1.2.2, mkdocs-material-7.2.8">
@ -24,7 +24,7 @@
<link rel="stylesheet" href="../../../assets/stylesheets/main.802231af.min.css">
<link rel="stylesheet" href="../../../assets/stylesheets/main.92558b1b.min.css">
<link rel="stylesheet" href="../../../assets/stylesheets/palette.3f5d1f46.min.css">
@ -1096,7 +1096,7 @@
<li class="md-nav__item">
<a href="../../../examples/tutorials/mailserver-behind-proxy/" class="md-nav__link">
Mailserver behind Proxy
Mail-Server behind a Proxy
</a>
</li>
@ -1147,7 +1147,7 @@
<li class="md-nav__item">
<a href="../../../examples/uses-cases/forward-only-mailserver-with-ldap-authentication/" class="md-nav__link">
Forward-Only Mailserver with LDAP
Forward-Only Mail-Server with LDAP
</a>
</li>
@ -1386,14 +1386,16 @@
<p>To enable DKIM signature, <strong>you must have created at least one email account</strong>. Once its done, just run the following command to generate the signature:</p>
<div class="highlight"><pre><span></span><code>./setup.sh config dkim
</code></pre></div>
<p>After generating DKIM keys, you should restart the mail server. DNS edits may take a few minutes to hours to propagate. The script assumes you're being in the directory where the <code>config/</code> directory is located. The default keysize when generating the signature is 4096 bits for now. If you need to change it (e.g. your DNS provider limits the size), then provide the size as the first parameter of the command:</p>
<p>After generating DKIM keys, you should restart <code>docker-mailserver</code>. DNS edits may take a few minutes to hours to propagate.</p>
<p>The script should ideally be run with a volume for <em>config</em> attached (eg: <code>./docker-data/dms/config/:/tmp/docker-mailserver/</code>), otherwise by default it will mount <code>./config/:/tmp/docker-mailserver/</code>.</p>
<p>The default keysize when generating the signature is 4096 bits for now. If you need to change it (e.g. your DNS provider limits the size), then provide the size as the first parameter of the command:</p>
<div class="highlight"><pre><span></span><code>./setup.sh config dkim keysize &lt;keysize&gt;
</code></pre></div>
<p>For LDAP systems that do not have any directly created user account you can run the following command (since <code>8.0.0</code>) to generate the signature by additionally providing the desired domain name (if you have multiple domains use the command multiple times or provide a comma-separated list of domains): </p>
<div class="highlight"><pre><span></span><code>./setup.sh config dkim keysize &lt;key-size&gt; domain &lt;domain.tld&gt;<span class="o">[</span>,&lt;domain2.tld&gt;<span class="o">]</span>
<p>For LDAP systems that do not have any directly created user account you can run the following command (since <code>8.0.0</code>) to generate the signature by additionally providing the desired domain name (if you have multiple domains use the command multiple times or provide a comma-separated list of domains):</p>
<div class="highlight"><pre><span></span><code>./setup.sh config dkim keysize &lt;key-size&gt; domain &lt;example.com&gt;<span class="o">[</span>,&lt;not-example.com&gt;<span class="o">]</span>
</code></pre></div>
<p>Now the keys are generated, you can configure your DNS server with DKIM signature, simply by adding a TXT record. If you have direct access to your DNS zone file, then it's only a matter of pasting the content of <code>config/opendkim/keys/domain.tld/mail.txt</code> in your <code>domain.tld.hosts</code> zone.</p>
<div class="highlight"><pre><span></span><code><span class="gp">$ </span>dig mail._domainkey.domain.tld TXT
<p>Now the keys are generated, you can configure your DNS server with DKIM signature, simply by adding a TXT record. If you have direct access to your DNS zone file, then it's only a matter of pasting the content of <code>docker-data/dms/config/opendkim/keys/example.com/mail.txt</code> in your <code>example.com.hosts</code> zone.</p>
<div class="highlight"><pre><span></span><code><span class="gp">$ </span>dig mail._domainkey.example.com TXT
<span class="go">---</span>
<span class="go">;; ANSWER SECTION</span>
<span class="go">mail._domainkey.&lt;DOMAIN&gt; 300 IN TXT &quot;v=DKIM1; k=rsa; p=AZERTYUIOPQSDFGHJKLMWXCVBN/AZERTYUIOPQSDFGHJKLMWXCVBN/AZERTYUIOPQSDFGHJKLMWXCVBN/AZERTYUIOPQSDFGHJKLMWXCVBN/AZERTYUIOPQSDFGHJKLMWXCVBN/AZERTYUIOPQSDFGHJKLMWXCVBN/AZERTYUIOPQSDFGHJKLMWXCVBN/AZERTYUIOPQSDFGHJKLMWXCVBN&quot;</span>
@ -1408,9 +1410,9 @@
</ol>
<div class="admonition note">
<p class="admonition-title">Note</p>
<p>Sometimes the key in <code>config/opendkim/keys/domain.tld/mail.txt</code> can be on multiple lines. If so then you need to concatenate the values in the TXT record:</p>
<p>Sometimes the key in <code>docker-data/dms/config/opendkim/keys/example.com/mail.txt</code> can be on multiple lines. If so then you need to concatenate the values in the TXT record:</p>
</div>
<div class="highlight"><pre><span></span><code><span class="gp">$ </span>dig mail._domainkey.domain.tld TXT
<div class="highlight"><pre><span></span><code><span class="gp">$ </span>dig mail._domainkey.example.com TXT
<span class="go">---</span>
<span class="go">;; ANSWER SECTION</span>
<span class="go">mail._domainkey.&lt;DOMAIN&gt; 300 IN TXT &quot;v=DKIM1; k=rsa; &quot;</span>
@ -1429,21 +1431,21 @@
<span class="na">Socket inet:12301@localhost</span>
<span class="na">PidFile /var/run/opendkim/opendkim.pid</span>
<span class="na">ReportAddress postmaster@my-domain.com</span>
<span class="na">ReportAddress postmaster@example.com</span>
<span class="na">SendReports yes</span>
<span class="na">Mode v</span>
</code></pre></div>
<h2 id="switch-off-dkim"><a class="toclink" href="#switch-off-dkim">Switch Off DKIM</a></h2>
<p>Simply remove the DKIM key by recreating (not just relaunching) the mailserver container.</p>
<p>Simply remove the DKIM key by recreating (not just relaunching) the <code>docker-mailserver</code> container.</p>
<h2 id="debugging"><a class="toclink" href="#debugging">Debugging</a></h2>
<ul>
<li><a href="https://addons.mozilla.org/en-US/thunderbird/addon/dkim-verifier">DKIM-verifer</a>: A add-on for the mail client Thunderbird.</li>
<li>You can debug your TXT records with the <code>dig</code> tool.</li>
</ul>
<div class="highlight"><pre><span></span><code><span class="gp">$ </span>dig TXT mail._domainkey.domain.tld
<div class="highlight"><pre><span></span><code><span class="gp">$ </span>dig TXT mail._domainkey.example.com
<span class="go">---</span>
<span class="go">; &lt;&lt;&gt;&gt; DiG 9.10.3-P4-Debian &lt;&lt;&gt;&gt; TXT mail._domainkey.domain.tld</span>
<span class="go">; &lt;&lt;&gt;&gt; DiG 9.10.3-P4-Debian &lt;&lt;&gt;&gt; TXT mail._domainkey.example.com</span>
<span class="go">;; global options: +cmd</span>
<span class="go">;; Got answer:</span>
<span class="go">;; -&gt;&gt;HEADER&lt;&lt;- opcode: QUERY, status: NOERROR, id: 39669</span>
@ -1452,10 +1454,10 @@
<span class="go">;; OPT PSEUDOSECTION:</span>
<span class="go">; EDNS: version: 0, flags:; udp: 512</span>
<span class="go">;; QUESTION SECTION:</span>
<span class="go">;mail._domainkey.domain.tld. IN TXT</span>
<span class="go">;mail._domainkey.example.com. IN TXT</span>
<span class="go">;; ANSWER SECTION:</span>
<span class="go">mail._domainkey.domain.tld. 3600 IN TXT &quot;v=DKIM1; k=rsa; p=MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCxBSjG6RnWAdU3oOlqsdf2WC0FOUmU8uHVrzxPLW2R3yRBPGLrGO1++yy3tv6kMieWZwEBHVOdefM6uQOQsZ4brahu9lhG8sFLPX4MaKYN/NR6RK4gdjrZu+MYSdfk3THgSbNwIDAQAB&quot;</span>
<span class="go">mail._domainkey.example.com. 3600 IN TXT &quot;v=DKIM1; k=rsa; p=MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCxBSjG6RnWAdU3oOlqsdf2WC0FOUmU8uHVrzxPLW2R3yRBPGLrGO1++yy3tv6kMieWZwEBHVOdefM6uQOQsZ4brahu9lhG8sFLPX4MaKYN/NR6RK4gdjrZu+MYSdfk3THgSbNwIDAQAB&quot;</span>
<span class="go">;; Query time: 50 msec</span>
<span class="go">;; SERVER: 127.0.1.1#53(127.0.1.1)</span>
@ -1465,7 +1467,7 @@
<hr />
<div class="admonition warning">
<p class="admonition-title">Key sizes &gt;=4096-bit</p>
<p>Keys of 4096 bits could de denied by some mailservers. According to <a href="https://tools.ietf.org/html/rfc6376">https://tools.ietf.org/html/rfc6376</a> keys are preferably between 512 and 2048 bits. See issue <a href="https://github.com/docker-mailserver/docker-mailserver/issues/1854">#1854</a>.</p>
<p>Keys of 4096 bits could de denied by some mail-servers. According to <a href="https://tools.ietf.org/html/rfc6376">https://tools.ietf.org/html/rfc6376</a> keys are preferably between 512 and 2048 bits. See issue <a href="https://github.com/docker-mailserver/docker-mailserver/issues/1854">#1854</a>.</p>
</div>
@ -1548,10 +1550,10 @@
<div class="md-dialog" data-md-component="dialog">
<div class="md-dialog__inner md-typeset"></div>
</div>
<script id="__config" type="application/json">{"base": "../../..", "features": ["navigation.tabs", "navigation.top", "navigation.expand", "navigation.instant"], "translations": {"clipboard.copy": "Copy to clipboard", "clipboard.copied": "Copied to clipboard", "search.config.lang": "en", "search.config.pipeline": "trimmer, stopWordFilter", "search.config.separator": "[\\s\\-]+", "search.placeholder": "Search", "search.result.placeholder": "Type to start searching", "search.result.none": "No matching documents", "search.result.one": "1 matching document", "search.result.other": "# matching documents", "search.result.more.one": "1 more on this page", "search.result.more.other": "# more on this page", "search.result.term.missing": "Missing", "select.version.title": "Select version"}, "search": "../../../assets/javascripts/workers/search.409db549.min.js", "version": {"provider": "mike"}}</script>
<script id="__config" type="application/json">{"base": "../../..", "features": ["navigation.tabs", "navigation.top", "navigation.expand", "navigation.instant"], "translations": {"clipboard.copy": "Copy to clipboard", "clipboard.copied": "Copied to clipboard", "search.config.lang": "en", "search.config.pipeline": "trimmer, stopWordFilter", "search.config.separator": "[\\s\\-]+", "search.placeholder": "Search", "search.result.placeholder": "Type to start searching", "search.result.none": "No matching documents", "search.result.one": "1 matching document", "search.result.other": "# matching documents", "search.result.more.one": "1 more on this page", "search.result.more.other": "# more on this page", "search.result.term.missing": "Missing", "select.version.title": "Select version"}, "search": "../../../assets/javascripts/workers/search.94ec81fe.min.js", "version": {"provider": "mike"}}</script>
<script src="../../../assets/javascripts/bundle.756773cc.min.js"></script>
<script src="../../../assets/javascripts/bundle.48dfec6c.min.js"></script>
</body>

37
edge/config/best-practices/dmarc/index.html
View file

@ -6,7 +6,7 @@
<meta charset="utf-8">
<meta name="viewport" content="width=device-width,initial-scale=1">
<meta name="description" content="A fullstack but simple mail server (SMTP, IMAP, LDAP, Antispam, Antivirus, etc.) using Docker.">
<meta name="description" content="A fullstack but simple mail-server (SMTP, IMAP, LDAP, Antispam, Antivirus, etc.) using Docker.">
@ -16,7 +16,7 @@
<link rel="canonical" href="https://docker-mailserver.github.io/docker-mailserver/edge/config/best-practices/dmarc/">
<link rel="icon" href="../../../assets/logo/favicon-32x32.png">
<meta name="generator" content="mkdocs-1.2.2, mkdocs-material-7.2.6">
<meta name="generator" content="mkdocs-1.2.2, mkdocs-material-7.2.8">
@ -24,7 +24,7 @@
<link rel="stylesheet" href="../../../assets/stylesheets/main.802231af.min.css">
<link rel="stylesheet" href="../../../assets/stylesheets/main.92558b1b.min.css">
<link rel="stylesheet" href="../../../assets/stylesheets/palette.3f5d1f46.min.css">
@ -1070,7 +1070,7 @@
<li class="md-nav__item">
<a href="../../../examples/tutorials/mailserver-behind-proxy/" class="md-nav__link">
Mailserver behind Proxy
Mail-Server behind a Proxy
</a>
</li>
@ -1121,7 +1121,7 @@
<li class="md-nav__item">
<a href="../../../examples/uses-cases/forward-only-mailserver-with-ldap-authentication/" class="md-nav__link">
Forward-Only Mailserver with LDAP
Forward-Only Mail-Server with LDAP
</a>
</li>
@ -1325,20 +1325,17 @@
<h1>DMARC</h1>
<div class="admonition note">
<p class="admonition-title">Note</p>
<p>DMARC Guide: <a href="https://github.com/internetstandards/toolbox-wiki/blob/master/DMARC-how-to.md">https://github.com/internetstandards/toolbox-wiki/blob/master/DMARC-how-to.md</a></p>
</div>
<p>More information at <a href="https://github.com/internetstandards/toolbox-wiki/blob/master/DMARC-how-to.md">DMARC Guide</a>.</p>
<h2 id="enabling-dmarc"><a class="toclink" href="#enabling-dmarc">Enabling DMARC</a></h2>
<p>In <code>docker-mailserver</code>, DMARC is pre-configured out-of the box. The only thing you need to do in order to enable it, is to add new TXT entry to your DNS.</p>
<p>In contrast with <a href="../dkim/">DKIM</a>, DMARC DNS entry does not require any keys, but merely setting the <a href="https://github.com/internetstandards/toolbox-wiki/blob/master/DMARC-how-to.md#overview-of-dmarc-configuration-tags">configuration values</a>. You can either handcraft the entry by yourself or use one of available generators (like <a href="https://dmarcguide.globalcyberalliance.org/">https://dmarcguide.globalcyberalliance.org/</a>).</p>
<p>Typically something like this should be good to start with (don't forget to replace <code>@domain.com</code> to your actual domain)
<div class="highlight"><pre><span></span><code>_dmarc.domain.com. IN TXT &quot;v=DMARC1; p=none; rua=mailto:dmarc.report@domain.com; ruf=mailto:dmarc.report@domain.com; sp=none; ri=86400&quot;
</code></pre></div></p>
<p>Or a bit more strict policies (mind <code>p=quarantine</code> and <code>sp=quarantine</code>):
<div class="highlight"><pre><span></span><code>_dmarc IN TXT &quot;v=DMARC1; p=quarantine; rua=mailto:dmarc.report@domain.com; ruf=mailto:dmarc.report@domain.com; fo=0; adkim=r; aspf=r; pct=100; rf=afrf; ri=86400; sp=quarantine&quot;
</code></pre></div></p>
<p>DMARC status is not being displayed instantly in Gmail for instance. If you want to check it directly after DNS entries, you can use some services around the Internet such as <a href="https://dmarcguide.globalcyberalliance.org/">https://dmarcguide.globalcyberalliance.org/</a> or <a href="https://ondmarc.redsift.com/">https://ondmarc.redsift.com/</a>. In other case, email clients will show "DMARC: PASS" in ~1 day or so.</p>
<p>In <code>docker-mailserver</code>, DMARC is pre-configured out of the box. The only thing you need to do in order to enable it, is to add new <code>TXT</code> entry to your DNS.</p>
<p>In contrast with <a href="../dkim/">DKIM</a>, the DMARC DNS entry does not require any keys, but merely setting the [configuration values][dmarc-howto-configtags]. You can either handcraft the entry by yourself or use one of available generators (like <a href="https://dmarcguide.globalcyberalliance.org">this one</a>).</p>
<p>Typically something like this should be good to start with (<em>don't forget to replace <code>@example.com</code> to your actual domain</em>):</p>
<div class="highlight"><pre><span></span><code>_dmarc.example.com. IN TXT &quot;v=DMARC1; p=none; rua=mailto:dmarc.report@example.com; ruf=mailto:dmarc.report@example.com; sp=none; ri=86400&quot;
</code></pre></div>
<p>Or a bit more strict policies (<em>mind <code>p=quarantine</code> and <code>sp=quarantine</code></em>):</p>
<div class="highlight"><pre><span></span><code>_dmarc IN TXT &quot;v=DMARC1; p=quarantine; rua=mailto:dmarc.report@example.com; ruf=mailto:dmarc.report@example.com; fo=0; adkim=r; aspf=r; pct=100; rf=afrf; ri=86400; sp=quarantine&quot;
</code></pre></div>
<p>DMARC status is not being displayed instantly in Gmail for instance. If you want to check it directly after DNS entries, you can use some services around the Internet such as from <a href="https://dmarcguide.globalcyberalliance.org">Global Cyber Alliance</a> or <a href="https://ondmarc.redsift.com">RedSift</a>. In other cases, email clients will show "DMARC: PASS" in ~1 day or so.</p>
<p>Reference: <a href="https://github.com/docker-mailserver/docker-mailserver/issues/1511">#1511</a></p>
@ -1421,10 +1418,10 @@
<div class="md-dialog" data-md-component="dialog">
<div class="md-dialog__inner md-typeset"></div>
</div>
<script id="__config" type="application/json">{"base": "../../..", "features": ["navigation.tabs", "navigation.top", "navigation.expand", "navigation.instant"], "translations": {"clipboard.copy": "Copy to clipboard", "clipboard.copied": "Copied to clipboard", "search.config.lang": "en", "search.config.pipeline": "trimmer, stopWordFilter", "search.config.separator": "[\\s\\-]+", "search.placeholder": "Search", "search.result.placeholder": "Type to start searching", "search.result.none": "No matching documents", "search.result.one": "1 matching document", "search.result.other": "# matching documents", "search.result.more.one": "1 more on this page", "search.result.more.other": "# more on this page", "search.result.term.missing": "Missing", "select.version.title": "Select version"}, "search": "../../../assets/javascripts/workers/search.409db549.min.js", "version": {"provider": "mike"}}</script>
<script id="__config" type="application/json">{"base": "../../..", "features": ["navigation.tabs", "navigation.top", "navigation.expand", "navigation.instant"], "translations": {"clipboard.copy": "Copy to clipboard", "clipboard.copied": "Copied to clipboard", "search.config.lang": "en", "search.config.pipeline": "trimmer, stopWordFilter", "search.config.separator": "[\\s\\-]+", "search.placeholder": "Search", "search.result.placeholder": "Type to start searching", "search.result.none": "No matching documents", "search.result.one": "1 matching document", "search.result.other": "# matching documents", "search.result.more.one": "1 more on this page", "search.result.more.other": "# more on this page", "search.result.term.missing": "Missing", "select.version.title": "Select version"}, "search": "../../../assets/javascripts/workers/search.94ec81fe.min.js", "version": {"provider": "mike"}}</script>
<script src="../../../assets/javascripts/bundle.756773cc.min.js"></script>
<script src="../../../assets/javascripts/bundle.48dfec6c.min.js"></script>
</body>

28
edge/config/best-practices/spf/index.html
View file

@ -6,7 +6,7 @@
<meta charset="utf-8">
<meta name="viewport" content="width=device-width,initial-scale=1">
<meta name="description" content="A fullstack but simple mail server (SMTP, IMAP, LDAP, Antispam, Antivirus, etc.) using Docker.">
<meta name="description" content="A fullstack but simple mail-server (SMTP, IMAP, LDAP, Antispam, Antivirus, etc.) using Docker.">
@ -16,7 +16,7 @@
<link rel="canonical" href="https://docker-mailserver.github.io/docker-mailserver/edge/config/best-practices/spf/">
<link rel="icon" href="../../../assets/logo/favicon-32x32.png">
<meta name="generator" content="mkdocs-1.2.2, mkdocs-material-7.2.6">
<meta name="generator" content="mkdocs-1.2.2, mkdocs-material-7.2.8">
@ -24,7 +24,7 @@
<link rel="stylesheet" href="../../../assets/stylesheets/main.802231af.min.css">
<link rel="stylesheet" href="../../../assets/stylesheets/main.92558b1b.min.css">
<link rel="stylesheet" href="../../../assets/stylesheets/palette.3f5d1f46.min.css">
@ -1077,7 +1077,7 @@
<li class="md-nav__item">
<a href="../../../examples/tutorials/mailserver-behind-proxy/" class="md-nav__link">
Mailserver behind Proxy
Mail-Server behind a Proxy
</a>
</li>
@ -1128,7 +1128,7 @@
<li class="md-nav__item">
<a href="../../../examples/uses-cases/forward-only-mailserver-with-ldap-authentication/" class="md-nav__link">
Forward-Only Mailserver with LDAP
Forward-Only Mail-Server with LDAP
</a>
</li>
@ -1351,19 +1351,19 @@
<h2 id="add-a-spf-record"><a class="toclink" href="#add-a-spf-record">Add a SPF Record</a></h2>
<p>To add a SPF record in your DNS, insert the following line in your DNS zone:</p>
<div class="highlight"><pre><span></span><code>; MX record must be declared for SPF to work
domain.com. IN MX 1 mail.domain.com.
example.com. IN MX 1 mail.example.com.
; SPF record
domain.com. IN TXT &quot;v=spf1 mx ~all&quot;
example.com. IN TXT &quot;v=spf1 mx ~all&quot;
</code></pre></div>
<p>This enables the <em>Softfail</em> mode for SPF. You could first add this SPF record with a very low TTL.<br />
<em>SoftFail</em> is a good setting for getting started and testing, as it lets all email through, with spams tagged as such in the mailbox.</p>
<p>This enables the <em>Softfail</em> mode for SPF. You could first add this SPF record with a very low TTL.</p>
<p><em>SoftFail</em> is a good setting for getting started and testing, as it lets all email through, with spams tagged as such in the mailbox.</p>
<p>After verification, you <em>might</em> want to change your SPF record to <code>v=spf1 mx -all</code> so as to enforce the <em>HardFail</em> policy. See <a href="http://www.open-spf.org/SPF_Record_Syntax">http://www.open-spf.org/SPF_Record_Syntax</a> for more details about SPF policies.</p>
<p>In any case, increment the SPF record's TTL to its final value.</p>
<h2 id="backup-mx-secondary-mx"><a class="toclink" href="#backup-mx-secondary-mx">Backup MX, Secondary MX</a></h2>
<p>For whitelisting a IP Address from the SPF test, you can create a config file (see <a href="https://www.linuxcertif.com/man/5/policyd-spf.conf"><code>policyd-spf.conf</code></a>) and mount that file into <code>/etc/postfix-policyd-spf-python/policyd-spf.conf</code>.</p>
<p><strong>Example:</strong></p>
<p>Create and edit a <code>policyd-spf.conf</code> file here <code>/&lt;your docker-mailserver dir&gt;/config/postfix-policyd-spf.conf</code>:</p>
<p>Create and edit a <code>policyd-spf.conf</code> file at <code>docker-data/dms/config/postfix-policyd-spf.conf</code>:</p>
<div class="highlight"><pre><span></span><code><span class="na">debugLevel</span> <span class="o">=</span> <span class="s">1</span>
<span class="c1">#0(only errors)-4(complete data received)</span>
@ -1371,11 +1371,11 @@ domain.com. IN TXT &quot;v=spf1 mx ~all&quot;
<span class="c1"># Preferably use IP-Addresses for whitelist lookups:</span>
<span class="na">Whitelist</span> <span class="o">=</span> <span class="s">192.168.0.0/31,192.168.1.0/30</span>
<span class="c1"># Domain_Whitelist = mx1.mybackupmx.com,mx2.mybackupmx.com</span>
<span class="c1"># Domain_Whitelist = mx1.not-example.com,mx2.not-example.com</span>
</code></pre></div>
<p>Then add this line to <code>docker-compose.yml</code>:</p>
<div class="highlight"><pre><span></span><code><span class="nt">volumes</span><span class="p">:</span>
<span class="p p-Indicator">-</span> <span class="l l-Scalar l-Scalar-Plain">./config/postfix-policyd-spf.conf:/etc/postfix-policyd-spf-python/policyd-spf.conf</span>
<span class="p p-Indicator">-</span> <span class="l l-Scalar l-Scalar-Plain">./docker-data/dms/config/postfix-policyd-spf.conf:/etc/postfix-policyd-spf-python/policyd-spf.conf</span>
</code></pre></div>
@ -1458,10 +1458,10 @@ domain.com. IN TXT &quot;v=spf1 mx ~all&quot;
<div class="md-dialog" data-md-component="dialog">
<div class="md-dialog__inner md-typeset"></div>
</div>
<script id="__config" type="application/json">{"base": "../../..", "features": ["navigation.tabs", "navigation.top", "navigation.expand", "navigation.instant"], "translations": {"clipboard.copy": "Copy to clipboard", "clipboard.copied": "Copied to clipboard", "search.config.lang": "en", "search.config.pipeline": "trimmer, stopWordFilter", "search.config.separator": "[\\s\\-]+", "search.placeholder": "Search", "search.result.placeholder": "Type to start searching", "search.result.none": "No matching documents", "search.result.one": "1 matching document", "search.result.other": "# matching documents", "search.result.more.one": "1 more on this page", "search.result.more.other": "# more on this page", "search.result.term.missing": "Missing", "select.version.title": "Select version"}, "search": "../../../assets/javascripts/workers/search.409db549.min.js", "version": {"provider": "mike"}}</script>
<script id="__config" type="application/json">{"base": "../../..", "features": ["navigation.tabs", "navigation.top", "navigation.expand", "navigation.instant"], "translations": {"clipboard.copy": "Copy to clipboard", "clipboard.copied": "Copied to clipboard", "search.config.lang": "en", "search.config.pipeline": "trimmer, stopWordFilter", "search.config.separator": "[\\s\\-]+", "search.placeholder": "Search", "search.result.placeholder": "Type to start searching", "search.result.none": "No matching documents", "search.result.one": "1 matching document", "search.result.other": "# matching documents", "search.result.more.one": "1 more on this page", "search.result.more.other": "# more on this page", "search.result.term.missing": "Missing", "select.version.title": "Select version"}, "search": "../../../assets/javascripts/workers/search.94ec81fe.min.js", "version": {"provider": "mike"}}</script>
<script src="../../../assets/javascripts/bundle.756773cc.min.js"></script>
<script src="../../../assets/javascripts/bundle.48dfec6c.min.js"></script>
</body>