La nécessité d’auto-héberger son serveur de mails !
▻http://www.dsfc.net/infrastructure/messagerie-infrastructure/necessite-auto-heberger-son-serveur-de-mails
L’utilisation des services Mail gratuits se trouve très vite incompatible avec des campagnes d’envoi de mails en nombre.
#Messagerie #DKIM #DMARC #Dovecot #Formateur_Dovecot #Formateur_Postfix #Let's_Encrypt #Postfix #SPF
Sisimai | The successor to bounceHammer, Library to parse bounce mails | Sisimai : Mail Analyzing Interface
Sisimai is the successor of bounceHammer, is a Mail Analyzing Interface: a Perl module and a Ruby Gem for parsing RFC5322 #bounce #emails and for generating structured data such as #JSON.
Pourrait être utile pour la gestion des bounces sur #seenthis ? ping @biggrizzly
Postfix : SASL auth with PAM and passwd file
How to configure #Postfix to authenticate users with #SASL, #PAM and a custom #passwd file (#Debian Linux Jessie)
Here are the clues and hints I’d have been happy to find gathered in one single place to avoid such waste of time...
1) How to activate a PAM plugin in order to use a custom passwd file
Create the passwd file :
echo "myuser@mydomain.tld:"$( mkpasswd -m sha-512 "mypassword" ) > /etc/postfix/my_passwd_file apt-get install libpam-pwdfileecho 'auth required pam_pwdfile.so pwdfile=/etc/postfix/my_passwd_file
account required pam_permit.so
session required pam_permit.so
password required pam_deny.so' > /etc/pam.d/smtpapt-get install pamtester
pamtester -v smtp myuser@mydomain.tld authenticate pamtester: invoking pam_start(smtp, myuser@mydomain.tld, ...)
pamtester: performing operation - authenticate
Password:
pamtester: successfully authenticated
pamtester is as far as I can see in SF a not maintained project, but it is included as a standard package in Debian, which is a very good thing to test the authenticate chain from the very beginning.
I’ve actived the debug mode for PAM by creating a file in /etc :
touch /etc/pam_debugThen, second step, the sasl auth daemon. I’ve tried before to directly tell sasl to use pam, but it was refusing to authenticate without beeing able to obtain any hint in the log files. saslauthd is far more verbose and it has helped me a lot to reach the goal.
2) Configure saslauthd
Follow the first recipe in the Debian page :
►https://wiki.debian.org/PostfixAndSASL
This recipe is almost correct for my passwd file. Except that by default, it separates the user name and the domain :
Sep 9 10:17:39 smtpout saslauthd[829]: DEBUG: auth_pam: pam_authenticate failed: User not known to the underlying authentication module
Sep 9 10:17:39 smtpout saslauthd[829]: do_auth : auth failure: [user=myuser] [service=smtp] [realm=mydomain.tld] [mech=pam] [reason=PAM auth error]
The solution is to add an option in the saslauthd config file :
vi /etc/default/saslauthd-postfixAnd modify the “OPTIONS” line :
OPTIONS="-c -r -m /var/spool/postfix/var/run/saslauthd"The “-r” option protects the mail address from being separated from its domain. Check “man saslauthd” :
-r Combine the realm with the login (with an ’@’ sign in between). e.g. login: “foo” realm: “bar” will get passed as login: “foo@bar”. Note that the realm will still be passed, which may lead to unexpected behavior for authentication mechanisms that make use of the realm, however for mechanisms which don’t, such as getpwent, this is the only way to authenticate domain-specific users sharing the same userid.
If you want to check saslauth, you may use :
testsaslauthd -u "myuser@mydomain.tld" -p "mypassword" -f /var/spool/postfix/var/run/saslauthd/mux -s smtp3) Then, the last test : check that Postfix accepts to authenticate users...
Many blog posts explain how to test SMTP AUTH using telnet... But... they usually propose deprecated ways to encode the credentials...
►https://www.ndchost.com/wiki/mail/test-smtp-auth-telnet
In my case, the perl encoding for the user was wrong. I obtained a good encoding this way :
echo -n "myuser@mydomain.tld" | base64
echo -n "mypassword" | base64#SMTP conversation :
user@localhost [~]# telnet exampledomain.com 25
Trying 1.1.1.1...
Connected to exampledomain.com (1.1.1.1).
Escape character is '^]'.
220-server1.exampledomain.com ESMTP Exim 4.66 #1 Wed, 09 May 2007 23:55:12 +0200
220-We do not authorize the use of this system to transport unsolicited,
220 and/or bulk e-mail.
EHLO exampledomain.com
250-server1.exampledomain.com Hello [1.1.1.2]
250-SIZE 52428800
250-PIPELINING
250-AUTH PLAIN LOGIN
250-STARTTLS
250 HELP
AUTH LOGIN
334 VXNlcm5hbWU6
dXNlcm5hbWUuY29t
334 UGFzc3dvcmQ6
bXlwYXNzd29yZA==
235 Authentication succeededDon’t forget to check the logs, it’s useful to understand what’s wrong :
tail /var/log/auth.log
tail /var/log/syslog
tail /var/log/mail.logReferences :
▻https://github.com/tiwe-de/libpam-pwdfile
▻http://pamtester.sourceforge.net
►https://wiki.debian.org/PostfixAndSASL
►https://www.ndchost.com/wiki/mail/test-smtp-auth-telnet
4 jours pour comprendre les services #Réseau sous #Linux
▻http://www.dsfc.net/formations/reseau-formations/services-reseau-linux
Au cours de cette formation, nous aborderons le #SSH, #Iptables, Vstfpd, Apache, le NFS, Samba, mais aussi les serveurs #Dhcp et #Bind ainsi que #Postfix, #Dovecot et #Squid.
#Centos #Dns #Formateur_Centos #Formateur_Linux #Formateur_Postfix #Formateur_Services_Réseaux_Linux #Formateur_Squid #Formateur_SquidGuard #Réseau_Linux #Réseaux_Linux #Services_Réseaux_Linux #SquidGuard
#SSMTP, un serveur #SMTP pour vos #Applications_Web
▻http://www.dsfc.net/infrastructure/messagerie-infrastructure/ssmtp-serveur-smtp-pour-applications-web
L’installation et La configuration de SSMTP vous prendront quelques minutes à peine pour disposer d’un serveur d’envoi adapté à vos applications Web.
#Messagerie #ESMTP #Lamp #MSMTP #Postfix
Trois #RFC sur le protocole #DANE viennent de sortir, l’un sur l’utilisation de DANE avec #SMTP (#Postfix a un bon support de DANE), l’autre sur l’utilisation de DANE avec les enregistrements DNS SRV (par exemple pour #XMPP) et le dernier sur l’utilisation concrète de DANE, avec quelques conseils opérationnels.
▻http://www.bortzmeyer.org/7671.html ▻http://www.bortzmeyer.org/7672.html ▻http://www.bortzmeyer.org/7673.html
Raspberry Pi Email Server
▻http://www.samhobbs.co.uk/raspberry-pi-email-server
The RasPi’s small size and low power consumption make it an ideal choice for use as a home email server. After trying a couple of different pieces of software, I finally found an excellent combination: Postfix with Dovecot and Squirrelmail, plus Spamasssassin and Sieve for spam filtering.
Voilà un bon tutoriel, c’est à dire complet, didactique et clair, pour l’installation d’un serveur email personnel avec Postfix et Dovecot.
#Auto-hébergement_(informatique) #Courrier_électronique #Dovecot #IMAP #Postfix #Raspberry_Pi #SMTP
Bon par contre je me heurte encore à la configuration de deux serveurs côte à côte (et pas juste un nom de domaine en alias). C’est pas simple tout ça.
#Raspbian (le Pi peut avoir plein de systèmes d’exploitation différents)
NSA-proof your e-mail in 2 hours | Sealed Abstract
►http://sealedabstract.com/code/nsa-proof-your-e-mail-in-2-hours
Mode d’emploi pour installer toute la pile #postfix #dovecot #dspam etc, en deux heures. Bien sûr il suffit qu’une seule de ces lignes t’échappe et ton mail est rejeté, supprimé, se balade dans la nature…
#email #selfhosting via la liste #caliop
Je me méfie beaucoup des tutoriels « Do X in N hours » La plupart du temps, on n’atteint ce score que s’il n’y a aucun problème, or il y en a toujours.
Mais, surtout, une fois les N heures passées, on se retrouve avec un truc qu’il faut maintenir : mettre les logiciels à jour, surveiller l’espace disque, déboguer les problèmes. Et cela prend du temps, bien plus que les N heures.
Should I switch from #Sendgrid to #Amazon_SES ?
►https://willj.net/2011/01/25/should-i-switch-from-sendgrid-to-amazon-ses
Probably yes, at least if price is your main concern and you are just concerned with sending email and not with extras. I wanted to see just how the Amazon SES prices stacked up against (that I am aware of) the next cheapest provider, Sendgrid
►https://willj.net/wp-content/uploads/2011/01/emails-price-comparison1.png
