nickslowinski/mailcow-dockerized-docs
1
0
Fork 0
Code Issues Pull-Requests Projekte Releases Pakete Wiki Aktivität

Merge pull request #276 from sschwetz/patch4

Quellcode durchsuchen 
Update to firststeps-trust_networks.md  and docs/prerequisite-dns.md
Dieser Commit ist enthalten in:
André Peters 2021-05-04 12:37:49 +02:00 committet von GitHub
Commit f215041b83
Es konnte kein GPG-SchlĂĽssel zu dieser Signatur gefunden werden
GPG-SchlĂĽssel-ID: 4AEE18F83AFDEB23
2 geänderte Dateien mit 42 neuen und 15 gelöschten Zeilen
Statistiken anzeigen Patch-Datei herunterladen Diff-Datei herunterladen Alle Dateien ausklappen Alle Dateien einklappen

36
docs/firststeps-trust_networks.md
Datei anzeigen

@ -1,11 +1,37 @@
Per default mailcow considers all networks as untrusted, except for its own IPV4_NETWORK and IPV6_NETWORK scope. Though it is reasonable in most cases, you may want to loosen this restriction under certain circumstances to allow connections from other networks. By default mailcow considers **all networks as untrusted** excluding its own IPV4_NETWORK and IPV6_NETWORK scopes. Though it is reasonable in most cases, there may be circumstances that you need to loosen this restriction.
To change this behaviour override the default value of `mynetworks` parameter through the `data/conf/postfix/extra.cf` configuration file. By default mailcow uses `mynetworks_style = subnet` to determine internal subnets and leaves `mynetworks` unconfigured.
**Important**: Do **not** remove the networks listed as `IPV4_NETWORK` and `IPV6_NETWORK` in your mailcow.conf. You should also keep local addresses. To add `1.2.3.4/32` it may look like the configuration below: If you decide to set `mynetworks`, Postfix ignores the mynetworks_style setting. This means you **have to** add the IPV4_NETWORK and IPV6_NETWORK scopes as well as loopback subnets manually!
## Unauthenticated relaying
!!! Warning
Incorrect setup of `mynetworks` will allow your server to be used as an open relay. If abused, this **will** affect your ability to send emails and can take some time to be resolved.
### IPv4 hosts/subnets
To add the subnet `192.168.2.0/24` to the trusted networks you may use the following configuration, depending on your IPV4_NETWORK and IPV6_NETWORK scopes:
Edit `data/conf/postfix/extra.cf`:
``` ```
mynetworks = 127.0.0.0/8 [::ffff:127.0.0.0]/104 [::1]/128 [fe80::]/10 172.22.1.0/24 [fd4d:6169:6c63:6f77::]/64 1.2.3.4/32 mynetworks = 127.0.0.0/8 [::ffff:127.0.0.0]/104 [::1]/128 [fe80::]/10 172.22.1.0/24 [fd4d:6169:6c63:6f77::]/64 192.168.2.0/24
``` ```
Per default we use "mynetworks_style = subnet" to only include local networks we are part of. Run `docker-compose restart postfix-mailcow` to apply your new settings.
### IPv6 hosts/subnets
Adding IPv6 hosts is done the same as IPv4, however the subnet needs to be placed in brackets `[]` with the netmask appended.
To add the subnet 2001:db8::/32 to the trusted networks you may use the following configuration, depending on your IPV4_NETWORK and IPV6_NETWORK scopes:
``` data/conf/postfix/extra.cf
mynetworks = 127.0.0.0/8 [::ffff:127.0.0.0]/104 [::1]/128 [fe80::]/10 172.22.1.0/24 [fd4d:6169:6c63:6f77::]/64 [2001:db8::]/32
```
Run `docker-compose restart postfix-mailcow` to apply your new settings.
!!! Info
More information about mynetworks can be found in the [Postfix documentation](http://www.postfix.org/postconf.5.html#mynetworks).

21
docs/prerequisite-dns.md
Datei anzeigen

@ -84,9 +84,11 @@ Here are some tools you can use to verify your DNS configuration:
## Misc ## Misc
### Optional DMARC Statistics ### Optional DMARC Statistics
If you are interested in statistics, you can additionally register with some of the many below DMARC statistic services, or self-host your own.
**NOTE:** It is worth considering that if you request DMARC statistic reports to your mailcow server, if there are issues with that domain you may not get accurate results. You can consider using an alternative email domain for recieving DMARC reports. If you are interested in statistics, you can additionally register with some of the many below DMARC statistic services - or self-host your own.
!!! Tip
It is worth considering that if you request DMARC statistic reports to your mailcow server and your mailcow server is not configured correctly to receive these reports, you may not get accurate and complete results. Please consider using an alternative email domain for receiving DMARC reports.
It is worth mentioning, that the following suggestions are not a comprehensive list of all services and tools avaialble, but only a small few of the many choices. It is worth mentioning, that the following suggestions are not a comprehensive list of all services and tools avaialble, but only a small few of the many choices.
@ -96,18 +98,15 @@ It is worth mentioning, that the following suggestions are not a comprehensive l
- [Postmark](https://dmarc.postmarkapp.com) - [Postmark](https://dmarc.postmarkapp.com)
- [Dmarcian](https://dmarcian.com/) - [Dmarcian](https://dmarcian.com/)
**NOTE:** The services may provide you with a TXT record, which you would insert into your DNS records as the provider specifies. This record will give you details about spam-classified mails by your domain. However, please ensure to read the providers documentation from the service you choose, as this process may vary and not all providers may use a TXT record. !!! Tip
### Email Test for SPF, DKIM and DMARC: These services may provide you with a TXT record you need to insert into your DNS records as the provider specifies. Please ensure to read the providers documentation from the service you choose as this process may vary.
To test send an email to the email below and wait for a reply: ### Email test for SPF, DKIM and DMARC:
check-auth@verifier.port25.com To run a rudimentary email authentication check, send a mail to `check-auth at verifier.port25.com` and wait for a reply. You will find a report similar to the following:
You will get a report back that looks like the following:
``` ```
========================================================== ==========================================================
Summary of Results Summary of Results
========================================================== ==========================================================
@ -122,8 +121,10 @@ Details:
========================================================== ==========================================================
.... ....
``` ```
The full report will contain more technical details this is just the first section, we found this to be quite usful for testing both outgoing mail and spam scores.
The full report will contain more technical details.
### Fully Qualified Domain Name (FQDN) ### Fully Qualified Domain Name (FQDN)
[^1]: A **Fully Qualified Domain Name** (**FQDN**) is the complete (absolute) domain name for a specific computer or host, on the Internet. The FQDN consists of at least three parts divided by a dot: the hostname (myhost), the domain name (mydomain) and the top level domain in short **tld** (com). In the example of `mx.mailcow.email` the hostname would be `mx`, the domain name `mailcow` and the tld `email`. [^1]: A **Fully Qualified Domain Name** (**FQDN**) is the complete (absolute) domain name for a specific computer or host, on the Internet. The FQDN consists of at least three parts divided by a dot: the hostname (myhost), the domain name (mydomain) and the top level domain in short **tld** (com). In the example of `mx.mailcow.email` the hostname would be `mx`, the domain name `mailcow` and the tld `email`.