On 10/21/2017 11:25 AM, Wietse Venema wrote: > cac...@quantum-equities.com: >> How does DNS know where mail.example1.com is? Should I set it in >> my registrar, in the mail system, in Apache as a virtual domain, >> or where? > Normally, someone pays a registrar, so that the payer can configure > the names of DNS servers that hold DNS records for example1.com. > > Wietse
Understand, I do have a registrar for my domains, but there I have
always set ns1.{hoster}.com and ns2.{hoster}.com as the DNS servers.
(I've always used shared hosting in the past, but now am making my first
hosting cloud instance)
I believe that I may now have the solution, and would appreciate
confirmation.
I must run dnsmasq in my cloud hosting instance (the same instance
running Apache for my websites), to accept outside connections on port
53, and set it to reference first /etc/hosts (which correlates my
website domains to the instance's WAN IP) and then fall back to the
normal outside DNS servers for that cloud instance for unknown domains.
Also in dnsmasq.conf, to respond to MX requests, I must set:
mx-host=example1.com,mail.example1.com,50
mx-host=example2.com,mail.example2.com,50
mx-host=example3.com,mail.example3.com,50
Nothing documents what that Priority number is for, but otherwise correct?
And then I must present port 25 (postfix) to the outside world to
receive SMTP, and port 110 (dovecot) for me to pick up email that's been
stored?
In main.cf, I believe:
myhostname = mail.example1.com
mydomain = example1.com
mydestination = localhost
local_recipient_maps =
mynetworks = ??.??.??.0/24, 127.0.0.0/8 (I don't understand what to
set this to, if I want to pick up mail from several places with varying IPs)
relay_domains =
virtual_mailbox_domains = mail.example1.com mail.example2.com
mail.example3.com
virtual_mailbox_base = /var/spool/mail/vhosts
virtual_mailbox_maps = hash:/etc/postfix/vmailbox
virtual_minimum_uid = 100
virtual_uid_maps = static:5000
virtual_gid_maps = static:5000
virtual_alias_maps = hash:/etc/postfix/virtual
mailbox_command =
smtpd_client_restrictions = sleep 5
smtpd_delay_reject = no
smtpd_sender_restrictions = reject_unknown_sender_domain
smtpd_error_sleep_time = 30
smtpd_soft_error_limit = 10
smtpd_hard_error_limit = 20
smtpd_sasl_local_domain =
smtpd_sasl_auth_enable = yes
smtpd_sasl_type = cyrus
smtpd_sasl_security_options = noanonymous
smtpd_sasl_authenticated_header = no
smtpd_use_tls = yes
smtpd_tls_received_header = yes
smtpd_tls_security_level = encrypt
smtpd_tls_auth_only = yes
smtp_tls_note_starttls_offer = yes
smtpd_tls_key_file = /etc/pki/tls/private/postfix.key
smtpd_tls_cert_file = /etc/pki/tls/certs/postfix.pem
smtpd_tls_dh1024_param_file = /etc/pki/tls/private/postfix.dh.param
tls_random_source = dev:/dev/urandom
smtpd_tls_mandatory_protocols = !SSLv2, !SSLv3, !TLSv1, !TLSv1.1
smtpd_tls_protocols = !SSLv2, !SSLv3, !TLSv1, !TLSv1.1
smtp_tls_mandatory_protocols = !SSLv2, !SSLv3, !TLSv1, !TLSv1.1
smtp_tls_protocols = !SSLv2, !SSLv3, !TLSv1, !TLSv1.1
smtp_tls_exclude_ciphers = EXP, MEDIUM, LOW, DES, 3DES, SSLv2
smtpd_tls_exclude_ciphers = EXP, MEDIUM, LOW, DES, 3DES, SSLv2
tls_high_cipherlist =
kEECDH:+kEECDH+SHA:kEDH:+kEDH+SHA:+kEDH+CAMELLIA:kECDH:+kECDH+SHA:kRSA:$
tls_medium_cipherlist =
kEECDH:+kEECDH+SHA:kEDH:+kEDH+SHA:+kEDH+CAMELLIA:kECDH:+kECDH+SHA:kRS$
smtp_tls_ciphers = high
smtpd_tls_ciphers = high
/etc/postfix/virtual (hashed to virtual.db):
# Redirect system email so it can be picked up
root r...@example1.com
/etc/postfix/vmailbox (hashed to vmailbox.db):
us...@example1.com example1.com/user1
us...@example1.com example1.com/user2
us...@example1.com example1.com/user3
us...@example2.com example2.com/user1
us...@example2.com example2.com/user2
us...@example2.com example2.com/user3
us...@example3.com example3.com/user1
us...@example3.com example3.com/user2
us...@example3.com example3.com/user3
# Don't know whether to use a catchall, from a security perspective.
# If unknown users are bounced, that gives spammers info,
# but if absorbed to /dev/null could encourage them to send more.
I haven't completely figured out TLS yet, but otherwise above, am I on
the right track?
Also I haven't figured out where to set passwords to -send- email. It
must be in the vicinity of vmailbox.db.
Thank you Wietse, for Postfix.
0x946C680E.asc
Description: application/pgp-keys
