Tech:Mail

From Meta
Jump to navigation Jump to search

Mail is currently running on misc1 under mail.miraheze.org. The install is a standard postfix and dovecot install with implemented auth controls shared between both. All shell accounts on misc1 automatically become email accounts.


Add new email accounts[edit | edit source]

Create a new user with a uid between 500-999 with shell set to /sbin/nologin. Example below for john (john AT miraheze.org):

adduser --shell /sbin/nologin --uid 502 john;

Aliases[edit | edit source]

Aliases are managed by puppet in the postfix modules (files/aliases).

Anti-spoofing[edit | edit source]

We use following standard techniques to combat email address spoofing.

DKIM[edit | edit source]

DKIM is used to sign all emails out-going from misc1. The public key is stored in DNS (in TXT format) and the private key is stored in private git. It can be generated by doing opendkim-genkey -s mail -d miraheze.org.

This generates a public and private key pair. The private key should be stored in private git while the public key should be added to the DNS repo in order allow the world to verify emails.

SPF[edit | edit source]

SPF records are set to only accept mails from misc1 and Gmail.

DMARC[edit | edit source]

Our DMARC policy informs to reject If above techniques fails: incoming mail servers are instructed to not accept any mails that does not pass the requirements.

See also[edit | edit source]