drpuur
/
mailserver
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity
Mailserver (alte Version)
1 Commit 1 Branch 0 Tags 51 KiB
Jinja 77.5%
HTML 14.1%
Shell 8.1%
NASL 0.3%
Go to file
Joerg Lehmann eac272444f Initial commit 2020-12-04 20:07:39 +01:00
ansible Initial commit 2020-12-04 20:07:39 +01:00
.gitignore Initial commit 2020-12-04 20:07:39 +01:00
README.md Initial commit 2020-12-04 20:07:39 +01:00

README.md

mailserver - Mail Server mail.nbit.ch

Als Grundlage soll https://thomas-leister.de/mailserver-debian-buster/ dienen, jedoch verwenden wir CentOS 8.

Code zum Erstellen des Servers

Spezifikaktion:

  • CentOS 8
  • Hetzner Cloud Server
  • mailcow (Docker-basiert)

Erstellen des Servers

Mit dem Binary hcloud von: https://github.com/hetznercloud/cli

Temporaer einen API Key erstellen (nachher wieder loeschen)

$ hcloud context create nbit.ch $ hcloud image list # zeigt moegliche Images $ hcloud server-type list # zeigt moegliche Typen

$ hcloud server create --name mail --image centos-8 --type cx21 --ssh-key joerg@cinnamon.nbit.ch $ hcloud server set-rdns mail --hostname mail.nbit.ch $ IPV6="$(hcloud server ip mail -6)" $ hcloud server set-rdns mail --ip $IPV6 --hostname mail.nbit.ch

DNS Eintraege erstellen: $ hcloud server ip mail $ hcloud server ip mail -6

Root-Passwort setzen (das machen wir von Hand)

Ansible Playbook laufen lassen

$ cd ansible $ ansible-playbook -i production mailserver.yml

Zertifikate erzeugen

systemctl stop nginx

certbot certonly --noninteractive --standalone --agree-tos -m postmaster@nbit.ch -d mail2.nbit.ch -d smtp.nbit.ch -d imap.nbit.ch

systemctl start nginx

DB erstellen

mysql

MariaDB [(none)]> create database vmail CHARACTER SET 'utf8'; MariaDB [(none)]> grant select on vmail.* to 'vmail'@'localhost' identified by 'vmaildbpass';

anderes Passwort waehlen!

MariaDB [(none)]> use vmail;

Folgende Statements durchfuehren:

CREATE TABLE domains ( id int unsigned NOT NULL AUTO_INCREMENT, domain varchar(255) NOT NULL, PRIMARY KEY (id), UNIQUE KEY (domain) );

CREATE TABLE accounts ( id int unsigned NOT NULL AUTO_INCREMENT, username varchar(64) NOT NULL, domain varchar(255) NOT NULL, password varchar(255) NOT NULL, quota int unsigned DEFAULT '0', enabled boolean DEFAULT '0', sendonly boolean DEFAULT '0', PRIMARY KEY (id), UNIQUE KEY (username, domain), FOREIGN KEY (domain) REFERENCES domains (domain) );

CREATE TABLE aliases ( id int unsigned NOT NULL AUTO_INCREMENT, source_username varchar(64), source_domain varchar(255) NOT NULL, destination_username varchar(64) NOT NULL, destination_domain varchar(255) NOT NULL, enabled boolean DEFAULT '0', PRIMARY KEY (id), UNIQUE KEY (source_username, source_domain, destination_username, destination_domain), FOREIGN KEY (source_domain) REFERENCES domains (domain) );

CREATE TABLE tlspolicies ( id int unsigned NOT NULL AUTO_INCREMENT, domain varchar(255) NOT NULL, policy enum('none', 'may', 'encrypt', 'dane', 'dane-only', 'fingerprint', 'verify', 'secure') NOT NULL, params varchar(255), PRIMARY KEY (id), UNIQUE KEY (domain) );

DKIM Signing (manuell einrichten)