Added opendkim to mailsrv

working on adding docs for SPF, DKIM, & DMARC
Added destination blacklisting using .deny files in aliases.d
4 changed files with 19 additions and 15 deletions
--- a/mailsrv/Containerfile
+++ b/mailsrv/Containerfile
@ -29,7 +29,7 @@ ARG FILESUID=5000
 ARG DEBIAN_FRONTEND=noninteractive

 # install packages we want
-RUN apt update -y && apt install -y rsyslog postfix dovecot-imapd dovecot-lmtpd dovecot-sieve cron
+RUN apt update -y && apt install -y rsyslog postfix dovecot-imapd dovecot-lmtpd dovecot-sieve cron opendkim

 # add virtual mail user
 RUN addgroup --gid ${FILESUID:?} vmail && \
--- a/mailsrv/assets/bin/mkvirt
+++ b/mailsrv/assets/bin/mkvirt
@ -15,10 +15,13 @@ cat /vol/data/users | cut -d':' -f1 | perl -pe 's/(.*)/\1 ./' > /etc/postfix/use
 postmap /etc/postfix/users

 ### Aliases ###
-# copy aliases to postifx config
+# copy aliases to postfix config
 cd /etc/postfix
 cat /vol/data/aliases.d/*.list > aliases
 postmap aliases
+# copy blacklist to postfix config
+cat /vol/data/aliases.d/*.deny > deny
+postmap deny

 ### Reload ###
 postfix reload
--- a/mailsrv/assets/postfix/main.cf.part
+++ b/mailsrv/assets/postfix/main.cf.part
@ -61,15 +61,8 @@ smtpd_helo_restrictions = permit_mynetworks, permit_sasl_authenticated, reject_i
 smtpd_data_restrictions = reject_unauth_pipelining
 # reject unauthorized relay attempts
 smtpd_relay_restrictions = permit_mynetworks, permit_sasl_authenticated, reject_unauth_destination
-# reject mail from IPs listed in spam list
-smtpd_recipient_restrictions =
-        permit_mynetworks,
-        permit_sasl_authenticated,
-#        reject_rbl_client zen.spamhaus.org,
-#        reject_rhsbl_reverse_client dbl.spamhaus.org,
-#        reject_rhsbl_helo dbl.spamhaus.org,
-#        reject_rhsbl_sender dbl.spamhaus.org,
-        permit
+# reject blacklisted addresses
+smtpd_recipient_restrictions = check_recipient_access hash:/etc/postfix/deny, permit

 ### Misc ###
 # whether to send "new mail" notifications to users
--- a/mailsrv/docs/Deploy.md
+++ b/mailsrv/docs/Deploy.md
@ -3,15 +3,15 @@
 ## create dirs

 ```
-sudo mkdir -p /srv/vol/mailsrv/{db,mail,ssl}
+sudo mkdir -p /srv/vol/mailsrv/{data,mail,ssl}
 sudo chown -R 5000:5000 /srv/vol/mailsrv
 sudo chmod go-rwx /srv/vol/mailsrv/ssl
 ```
-put your `users` and `aliases.d` in the `db` directory. Mail will go in the `mail` directory.
+put your `users` and `aliases.d` in the `data` directory. Mail will go in the `mail` directory.

 ```
 sudo -i
-cd /srv/vol/mailsrv/db
+cd /srv/vol/mailsrv/data
 mkdir aliases.d
 ```

@ -40,13 +40,21 @@ then make sure configuration has taken place by running:
 nft -f /etc/nftables.conf
 ```

-## set up domain name
+## DNS config

 Set up a DNS A Record pointing to your host machine. Make sure it works by running:
 ```
 ping ${dnsname:?}
 ```

+### SPF
+
+wildcards *only* work for domains that don't already exist.
+
+### DKIM
+
+### DMARC
+
 ## get SSL certificates from letsencrypt

 install acme.sh
Author	SHA1	Message	Date
Mar Alegre	7e8dcc25c2	Added opendkim to mailsrv	4 years ago
Mar Alegre	4745d4f64b	working on adding docs for SPF, DKIM, & DMARC	4 years ago
Mar Alegre	2d202cb38b	Added destination blacklisting using .deny files in aliases.d	4 years ago
Mar Alegre	f6b644defc	removed recipient restrictions (if we want them, will add with spamassassin)	4 years ago