User Tools

Differences

This shows you the differences between two versions of the page.

Link to this comparison view

Next revision		Previous revision
email:mailscanner [2025/06/16 08:08] – created - external edit 127.0.0.1email:mailscanner [2025/06/16 09:51] (current) willy
Line 1: Line 1:
 ====== N) Mail Scanner ====== ====== N) Mail Scanner ======
  
-The DNS (Domain Name Service) plays a critical role in email deliveryYou need to create set of DNS records to make sure that your email can be delivered and that email can be delivered to you as well.+[[https://www.mailscanner.info|MailScanner]] is tool that integrates your mail server (MTA = Postfix) with antivirus scanners and Spam Assassin.
  
-The basic record to setup is the MX recordwhich tells the email servers //which server(s)// handle email for your domain.+MailScanner Gentoo latest package is obsoleteyou must install manually.
  
-This page will make a general overview of all the needed records, more details are presented in each configuration section later on.+Download generic 'Nix tarball from [[https://github.com/MailScanner/v5/releases|GitHub]] releases page
  
-Please __note__ that you will need **more** that the records defined in this page for a domain to operate properly: this is only for email.+decompress and run install.sh 
 +<code bash> 
 +mkdir /opt/mailscanner 
 +cd /opt/mailscanner 
 +wget ... 
 +tar xvf <downloaded file> 
 +cd MailScanner-xxx 
 +./install.sh 
 +ln -s /usr/lib/MailScanner/init/msmilter-init /etc/init.d/ 
 +rc-update add msmilter-init default 
 +</code>
  
 +follow instructions and answer the various questions.
  
-===== Reverse DNS ===== +MailScanner setup, see [[https://www.mailscanner.info/postfix/|here]]. 
- +/etc/MailScanner.conf:
-A reverse DNS setup is how you translate an IP to a DNS name. This is the //opposite// of DNS, where you translate a domain to an IP. +
- +
-This is important to be properly set, and is usually defined aside from your actual DNS management panel of your provider. +
- +
-If you cannot set it, some providers don't support it, it's ok. Better set it up, if possible. When set, it will help email deliverability. +
- +
- +
-===== MX record ===== +
- +
-An **MX** record (mandatory) tells who manages emails for your domain. You can have more than one, to build a chain of backup servers, but that is outside the scope of this guide. I assume your MX record points to **mail.mydomain.com**. +
- +
-Please note that this implies as well the existence of an **A** record for //mail.mydomain.com//. +
- +
-Example:+
 <code> <code>
-mail.mydomain.com.    x.y.w.z             1800 A +Run As User = postfix 
-webmail.mydomain.com. mail.mydomain.com.    1800 CNAME +Run As Group = postfix 
-@               10 mail.mydomain.com3600 MX+Incoming Queue Dir = /var/spool/MailScanner/milterin 
 +Outgoing Queue Dir = /var/spool/MailScanner/milterout 
 +MTA = msmail 
 +MSMail Queue Type = short 
 +MSMail Delivery Method = QMQP 
 +MSMail Socket Type = inet 
 +MSMail Socket Dir = /var/spool/postfix/public/qmqp 
 +MSMail Relay Port = 628 
 +MSMail Relay Address = 127.0.0.1
 </code> </code>
  
- +/etc/default:
-===== SPF record ===== +
- +
-For SPF to work, you need to setup a proper TXT record like the following:+
 <code> <code>
-@ v=spf1 mx a -all 3600 TXT+run_mailscanner=1
 </code> </code>
  
- +Postfix setup. 
-===== DKIM record ===== +main.cf:
- +
-The DKIM record contains the public part of your domain DKIM keys:+
 <code> <code>
-mydomain.com._domainkey"v=DKIM1; k=rsa; p=<< mykey >>" 3600 TXT          +# MailScanner milter 
 +#smtpd_milters = inet:127.0.0.1:33333 
 +# MailScanner milter may use QMQP for delivery 
 +qmqpd_authorized_clients 127.0.0.1 
 +</code> 
 +master.cf: 
 +<code> 
 +628       inet  n                               qmqpd
 </code> </code>
  
-In the above example //<< mykey >>// is a very long random characters string. 
  
 +====== Install MailWatch ======
  
-===== DMARC record =====+[[https://mailwatch.org/|here]]. 
  
-The DMARC record is used to publish your domain DMARC strategy +Follow docs [[https://docs.mailwatch.org/install/installing.html|here]]. 
 + 
 +/etc/MailScanner/MailScanner.conf:
 <code> <code>
-_dmarc.mydomain.com. "v=DMARC1; p=reject; rua=mailto:postmaster@mydomain.com;" 3600 TXT +Always Looked Up Last &MailWatchLogging 
-_smtp_tls.mydomain.com. """v=TLSRPTv1; rua=mailto:postmaster@mydomain.com""" 3600 TXT+Detailed Spam Report yes 
 +Quarantine Whole Message yes 
 +Quarantine Whole Messages As Queue Files no 
 +Include Scores In SpamAssassin Report = yes 
 +Quarantine User = root 
 +Quarantine Group = apache (this should be the same group as your web server) 
 +Quarantine Permissions 0660
 </code> </code>
  
 +Set queues permissions:
 +<code bash>
 +usermod -a -G postfix apache
 +chmod g+rx /var/spool/postfix/hold
 +chmod g+rx /var/spool/postfix/incoming/
 +chgrp postfix /var/spool/postfix/incoming
 +chgrp postfix /var/spool/postfix/hold
 +</code>
  
-===== Discoverability records ===== 
  
-The following set of SRV records facilitate mail clients to discover your IMAP and SMTP servers: 
-<code> 
-_imaps._tcp.mail.mydomain.com. 0 1 993 mail.mydomain.com. 3600 SRV 
-_submissions._tcp.mail.mydomain.com. 0 1 465 mail.mydomain.com. 3600 SRV 
-_imap._tcp.mail.mydomain.com. 0 1 143 mail.mydomain.com. 3600 SRV 
-_submission._tcp.mail.mydomain.com. 0 1 587 mail.mydomain.com. 3600 SRV 
-</code> 
  
  

This website uses technical cookies only. No information is shared with anybody or used in any way but provide the website in your browser.

More information