1 files changed, 191 insertions, 0 deletions
diff --git a/_posts/mail.md b/_posts/mail.md
new file mode 100644
index 0000000..b908d81
--- /dev/null
+++ b/_posts/mail.md
@@ -0,0 +1,191 @@
+apt install postfix dovecot-imapd opendkim postfix-policyd-spf-python maildrop roundcube prayer nginx postfix-mta-sts-resolver hash-slinger
+
+vim /etc/dovecot/conf.d/10-mail.conf
+	mail_location = maildir:~/Maildir
+
+vim /etc/dovecot/conf.d/10-ssl.conf
+	ssl_cert = </etc/ssl/certifikati/fullchain.pem
+	ssl_key = </etc/ssl/certifikati/privkey.pem
+
+vim /etc/postfix/header\_checks
+	/^X-Originating-IP:/	IGNORE
+	/^Received:.*ESMTPSA/	IGNORE
+
+vim /etc/postfix/command\_filter
+	/^(.*)šijanec(.*)$/	$1 xn--ijanec-9jb $2
+
+vim /etc/postfix/destinations
+	if !/seznami/
+	/ijanec/	ALLOW
+	/241/		ALLOW
+	/146/		ALLOW
+	/235/		ALLOW
+	/gimb.tk/	ALLOW
+	/xn--jha/	ALLOW
+	endif
+
+usermod -aG opendkim postfix
+mkdir /var/spool/postfix/opendkim
+chown opendkim:opendkim /var/spool/postfix/opendkim
+
+opendkim-genkey -D /etc/dkimkeys -s mail
+
+dodaj vsebino /etc/dkimkeys/mail.txt v DNS zone za domeno
+
+vim /etc/opendkim.conf
+	LogWhy	yes
+	UserID	opendkim:opendkim
+	Domain	sijanec.eu,sijanec.org,sijanec.net,xn--ijanec-9jb.eu in tako dalje
+	Selector	mail
+	KeyFile	/etc/dkimkeys/mail.private
+	Socket	local:/var/spool/postfix/opendkim/opendkim.sock
+
+vim /etc/postfix-policyd-spf-python/policyd-spf.conf
+	HELO_reject = False
+	Mail_From_reject = False
+
+vim /etc/postfix/main.cf
+	smtp_header_checks = regexp:/etc/postfix/header_checks
+	smtpd_tls_cert_file = /etc/ssl/certifikati/fullchain.pem
+	smtpd_tls_key_file = /etc/ssl/certifikati/privkey.pem
+	smtpd_tls_received_header = yes
+	smtpd_command_filter = pcre:/etc/postfix/command_filter
+	mydomain = sijanec.eu
+	mydestination = pcre:/etc/postfix/destinations
+	smtp_address_preference = ipv4
+	mailbox_command = /usr/bin/maildrop -d $(USER)
+	smtp_bind_address = 89.212.146.168
+	smtpd_recipient_restrictions = permit_sasl_authenticated, permit_mynetworks, reject_unauth_destination, check_policy_service unix:private/policyd-spf
+	policyd-spf_time_limit = 3600
+	message_size_limit = 1222333444
+	milter_protocol = 2
+	milter_default_action = accept
+	smtpd_milters = unix:/opendkim/opendkim.sock
+	non_smtpd_milters = unix:/opendkim/opendkim.sock
+	smtp_tls_policy_maps = socketmap:inet:127.0.0.1:8451:postfix
+	smtpd_sasl_type = dovecot
+	smtpd_sasl_path = private/auth
+	smtpd_sasl_auth_enable = yes
+
+vim /etc/postfix/master.cf
+	odkomentiraj: smtp, submission, smtps (ostali potrebni so že odkomentirani)
+	dodaj na konec:
+	policyd-spf	unix	-	n	n	-	0	spawn
+		user=policyd-spf argv=/usr/bin/policy-spf
+
+vim /etc/dovecot/conf.d/10-master.conf
+	# ta block že obstaja v privzeti konfiguraciji
+	# https://www.postfix.org/SASL_README.html
+	service auth {
+		unix_listener /var/spool/postfix/private/auth {
+			user = postfix
+			group = postfix
+			mode = 0660
+		}
+	}
+
+vim /etc/dovecot/conf.d/15-mailboxes.conf
+	# ti blocki že obstajajo v privzeti konfiguraciji, treba jih je samo dopolniti
+	namespace inbox {
+		mailbox Drafts {
+			special_use = \Drafts
+			auto = subscribe
+		}
+		mailbox Junk {
+			special_use = \Junk
+			auto = subscribe
+		}
+		mailbox Trash {
+			special_use = \Trash
+			auto = subscribe
+		}
+		mailbox Sent {
+			special_use = \Sent
+			auto = subscribe
+		}
+	}
+
+vim ~/.mailfilter
+	if (/.*librehosting@radiostudent\.si.*/ || /.*kiberpipa\.org.*/ || /.*lugos\.si.*/)
+	{
+        	to $HOME/Maildir/.liste.lugos
+	}
+	if (/.*oss-security.*/ || /.*debian-security-announce.*/)
+	{
+	        to $HOME/Maildir/.liste.oss-security
+	}
+	in tako dalje
+
+iz IMAP klienta je treba **PRED DODAJANJEM MAPE** v ~/.mailfilter izdelati mapo, v nasprotnem primeru bo maildrop naredil mbox datoteko, česar nočemo.
+
+chown $USER:$USER ~/.mailfilter
+chmod 0600 ~/.mailfilter
+
+vim /etc/maildroprc
+DEFAULT="$HOME/Maildir"
+
+tlsa --create sijanec.eu
+dodaj output v DNS domensko zono (nginx mora teči s pravilnim certifikatom!) - spremeni zapis v DNS zoni, ko spremeniš cert
+
+rndc freeze
+vim /var/lib/bind/db.sijanec.eu
+	_mta-sts	IN	TXT	"v=STSv1; id=2"
+	mta-sts	IN	CNAME	mail
+	@	IN	MX	10	mail
+	mail	IN	A	89.212.146.168
+	_dmarc	IN	TXT	"v=DMARC1; p=none; rua=mailto:dmarc-aggregate@sijanec.eu; ruf=mailto:dmarc-forensic@sijanec.eu; fo=1"
+	@	IN	TXT	"v=spf1 mx a ip4:89.212.146.168/32 a:mail.sijanec.eu ~all"
+	*.sijanec.eu._report._dmarc	IN	TXT	"v=DMARC1"
+	sijanec.eu._report._dmarc	IN	TXT	"v=DMARC1"
+	*.sijanec.org._report._dmarc	IN	TXT	"v=DMARC1"
+	sijanec.org._report._dmarc	IN	TXT	"v=DMARC1"	; in isto za ostale domene
+	_smtp._tls	IN	TXT	"v=TLSRPTv1; rua=mailto:tls@sijanec.eu"
+	@	IN	CAA	128	issue	"letsencrypt.org"
+	@	IN	CAA	128	issuewild	"letsencrypt.org"
+	@	IN	CAA	128	iodef	"mailto:caa-violation@sijanec.eu"
+	*	IN	CAA	128	issue	"letsencrypt.org"
+	*	IN	CAA	128	issuewild	"letsencrypt.org"
+	*	IN	CAA	128	iodef	"mailto:caa-violation@sijanec.eu"
+rndc thaw
+
+vim /etc/aliases
+	mailer-daemon: postmaster
+	postmaster: root
+	nobody: root
+	hostmaster: root
+	webmaster: root
+	listmaster: root
+	www: root
+	ftp: root
+	abuse: root
+	noc: root
+	security: root
+	root: a
+	anton: a
+	whois: hostmaster
+	dns: whois
+	devnull: null
+	null: |/dev/null
+	luka: anton
+	dmarc-aggregate: postmaster
+	dmrac-forensic: postmaster
+	caa-violation: hostmaster
+	tls: postmaster
+
+newaliases
+
+vim /var/www/html/.well-known/mta-sts.txt
+	version: STSv1
+	mode: testing
+	mx: mail.sijanec.eu
+	mx: mail.sijanec.org
+	mx: mail.sijanec.net
+	mx: mail.xn--ijanec-9jb.eu
+	mx: mail.xn--ijanec-9jb.org
+	mx: mail.xn--ijanec-9jb.net
+	mx: mail.xn--ijanec-9jb.si
+	mx: mail.xn--ijanec-9jb.com
+	max_age: 31557600
+	comment: karkoli
+
+systemctl restart postfix dovecot opendkim prayer nginx postfix-mta-sts-resolver bind9