Differences

This shows you the differences between two versions of the page.

--- mail [2014/05/17 21:08]
mb [DKIM]
+++ mail [2019/09/29 16:34] (current)
mb [account creation]
@@ Line 2: / Line 2: @@
 marmot provides a multi-domain IMAP/SMTP mail service, powered by [[http://www.exim.org/|Exim]] and [[http://www.cyrusimap.org/|Cyrus IMAP]].
-SSL is available, using a locally-brewed marmot.wormnet.eu certificate.
 All IPC with backend services (spamd, clamd, pgsql, lmtpd) is performed over unix domain sockets.
@@ Line 55: / Line 53: @@
 If it's a new domain, please add it to the ''loginrealms'' line in ''/etc/imapd.conf'' on marmot.
-Then use ''cyradm -u cyrus localhost'' on marmot (password in aformentioned ''shadow'' table) and issue "''cm user/username@domain''". Then set an appropriate quota, eg ''sq user/username@domain 100000''.
+Then use ''cyradm -u cyrus localhost'' on marmot (password in aformentioned ''shadow'' table) and issue "''cm user/username@domain''". Then set an appropriate quota, eg ''sq user/username@domain STORAGE 100000''.
+==== shared mailboxes ====
+A mailbox which does //not// begin ''user/'' is not in an INBOX, but a shared mailbox. You can create them in ''cyradm'' with ''cm'', as above, then use ''sam'' and ''lam'' to set and view appropriate permissions, eg:
+  localhost> lam admin/postmaster@wormnet.eu
+  anyone p
+  lentinj@wormnet.eu lrswipkxtecd
+  mb@wormnet.eu lrswipkxtecd
+If, as in this example, you set ''anyone p'', then Exim will deliver straight into that mailbox with e-mail address ''+admin/postmaster@wormnet.eu''.
 ===== aliases/forwarding =====
@@ Line 95: / Line 104: @@
   INSERT INTO dkim VALUES ('wormnet.eu', 'cat');
-Then generate a keypair on marmot:
+Then generate a keypair on marmot (1024-bit considered right in 2014; latterly 2048 suggested in RFC8301):
+  SELECTOR="cat"
   cd /etc/exim4/dkim
   mkdir -m 750 wormnet.eu
   cd wormnet.eu
-  openssl genrsa -out cat 1024
+  openssl genrsa -out ${SELECTOR} 1024
-  openssl rsa -in cat -out cat.pub -pubout -outform PEM
+  openssl rsa -in ${SELECTOR} -out ${SELECTOR}.pub -pubout -outform PEM
-  chmod o= cat*
+  chmod o= ${SELECTOR}*
+  echo "v=DKIM1; h=sha256; p=$(grep -vE '^\-\-\-' ${SELECTOR}.pub | tr -d '\n'); t=s;"
 And finally mangle the public key into a DNS TXT record. See [[http://www.zytrax.com/books/dns/ch9/dkim.html|here]] for some tweakables.
@@ Line 108: / Line 119: @@
   _adsp._domainkey IN TXT "dkim=all;"
   cat._domainkey   IN TXT "v=DKIM1; h=sha256; p=MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCzl70kXqRENAgRfWRZ2WyvLtdQe22E1OvZMgIAwPV8GHraN2z0YCXgkeO7DW5t/0sOOa9z/hOmASTilds0oo2qgCmcJwV/YzGNAY0nw1CWAawIr5LlkLGzrLwvSv69iMsQJlsHMbqij0ljQpVuJ+DY5S0FYsgMlnyYWgE4EmEL5wIDAQAB; t=s;"
+==== key rotation ====
+Just make a new keypair (with a new name) / and associated TXT record. Then ''UPDATE'' your row in the ''dkim'' table. The old TXT record can be deleted after a week.
+People seem to think rotating keys quarterly is a good idea.
 ===== Allowing mail relaying from particular hosts =====

WormNet Wiki

User Tools

Site Tools

Differences

Page Tools