Browse Source

Update design document for mail server

Mike Ashley 7 years ago
parent
commit
6108f39899
1 changed files with 54 additions and 6 deletions
  1. 54
    6
      roles/mailserver/DESIGN.md

+ 54
- 6
roles/mailserver/DESIGN.md View File

@@ -1,12 +1,60 @@
1 1
 # Design Description for Mailserver Role
2 2
 
3
+## Overview
4
+
5
+Postfix is the MTA, Dovecot the LDA and IMAP server, and Rspamd is the
6
+only milter used.
7
+
8
+Mail delivery looks like this:
9
+
10
+  Remote MTA -> Rspamd (milter) -> Postfix -> Rspamd (rspamc) -> Dovecot -> user mailbox
11
+
12
+Mail from the remote MTA is received by Postfix and run through
13
+Rspamd.  Greylisting and rejects happen in this pipeline.  Once
14
+Postfix receives the message, it is sent to Dovecot over LMTP.
15
+Dovecot uses the antispam module to run rspamc (employing Rspamd).
16
+The sieve module is finally used to process headers added by Rspamd or
17
+any other milters.
18
+
3 19
 ## Mail filters
4 20
 
5
-Four mail filters are used:
21
+The only mail filter (milter) used is [Rspamd](https://rspamd.com),
22
+which runs on port 11332.  Rspamd is hooked into postfix with the
23
+`smtpd_milters` variable.  See `etc_postfix_main.cf`.
24
+
25
+## Debugging
26
+
27
+### Full-text search with Solr
28
+
29
+The configuration file `90-plugin.conf` hooks dovecot to use Solr for
30
+full-text search.  It appears in fact that full-text search is only
31
+the subject and not the body, but this needs verified.
32
+
33
+To debug, add the keyword `debug` to the options list in the variable
34
+`fts_solr` in `90-plugin.conf`.  Options in this variable are
35
+separated by spaces.  Review `/var/log/mail.log` while searching to
36
+see the URLs used to query Solr.  You can repeat these searches from
37
+your local web browser by using ssh to port forward (i.e., -L
38
+8080:127.0.0.1:8080).  Also, the url `http://127.0.0.1:8080/solr` will
39
+get you to a complicated admin page but is another way to avenue for
40
+verifying that solr is working.
41
+
42
+### Rspamd
43
+
44
+A few tips:
45
+
46
+- Rspam's console listens on `127.0.0.1:11334`.  As above, you can use
47
+  ssh to port forward (e.g., -L 8080:localhost:11334).  The password is `d1`.
48
+- Use `rspamadm` to look at the configuration.
49
+- Use `rspamc` or the web-based console to scan problematic messages
50
+  and see how rspamd scores them.
51
+
52
+### DMARC
6 53
 
7
-* [Postgrey](http://postgrey.schweikert.ch/), which runes on port 10023 and is hooked into postfix with the `smtpd_recipient_restrictions` variable;
8
-* [OpenDKIM](http://www.opendkim.org/), which runs on port 8891;
9
-* [OpenDMARC](http://www.trusteddomain.org/opendmarc/), which runs on port 54321; and
10
-* [Rspamd](https://rspamd.com), which runs on port 11332.
54
+For verifying DMARC operation, read the rpsamd log in
55
+`/var/log/rspamd` to verify the report generator is running.
11 56
 
12
-OpenDKIM, OpenDMARC, and Rspamd are all hooked into postfix with the `smtpd_milters` variable.  All of this can be found in `etc_postfix_main.cf`.
57
+For receiving reports, you will get an email if a message comes from
58
+your server that fails authentication (although by configuring
59
+`p=none`, any such email should not be rejected by the other
60
+server).

Loading…
Cancel
Save