User Tools

Differences

This shows you the differences between two versions of the page.

Link to this comparison view

Next revision		Previous revision
email:mailscanner [2025/06/16 08:08] – created - external edit 127.0.0.1email:mailscanner [2025/07/24 14:00] (current) willy
Line 1: Line 1:
 ====== N) Mail Scanner ====== ====== N) Mail Scanner ======
  
-The DNS (Domain Name Serviceplays critical role in email delivery. You need to create a set of DNS records to make sure that your email can be delivered and that email can be delivered to you as well.+**Note:** this page is a work in progress (abandoned at this timeand only general guideline, as i choose not to install any antivirus or spam scanning tools at the moment.
  
-The basic record to setup is the MX record, which tells the email servers //which server(s)// handle email for your domain.+[[https://www.mailscanner.info|MailScanner]] is a tool that integrates your mail server (MTA = Postfixwith antivirus scanners and Spam Assassin.
  
-This page will make a general overview of all the needed recordsmore details are presented in each configuration section later on.+MailScanner Gentoo latest package is obsoleteyou must install manually.
  
-Please __note__ that you will need **more** that the records defined in this page for a domain to operate properlythis is only for email.+Download generic 'Nix tarball from [[https://github.com/MailScanner/v5/releases|GitHub]] releases page
  
 +decompress and run install.sh
 +<code bash>
 +mkdir /opt/mailscanner
 +cd /opt/mailscanner
 +wget ...
 +tar xvf <downloaded file>
 +cd MailScanner-xxx
 +./install.sh
 +ln -s /usr/lib/MailScanner/init/msmilter-init /etc/init.d/
 +rc-update add msmilter-init default
 +</code>
  
-===== Reverse DNS =====+follow instructions and answer the various questions.
  
-A reverse DNS setup is how you translate an IP to a DNS name. This is the //opposite// of DNS, where you translate a domain to an IP. +MailScanner setup, see [[https://www.mailscanner.info/postfix/|here]]. 
- +/etc/MailScanner.conf:
-This is important to be properly set, and is usually defined aside from your actual DNS management panel of your provider. +
- +
-If you cannot set it, some providers don't support it, it's ok. Better set it up, if possible. When set, it will help email deliverability. +
- +
- +
-===== MX record ===== +
- +
-An **MX** record (mandatory) tells who manages emails for your domain. You can have more than one, to build a chain of backup servers, but that is outside the scope of this guide. I assume your MX record points to **mail.mydomain.com**. +
- +
-Please note that this implies as well the existence of an **A** record for //mail.mydomain.com//. +
- +
-Example:+
 <code> <code>
-mail.mydomain.com.    x.y.w.z             1800 A +Run As User = postfix 
-webmail.mydomain.com. mail.mydomain.com.    1800 CNAME +Run As Group = postfix 
-@               10 mail.mydomain.com3600 MX+Incoming Queue Dir = /var/spool/MailScanner/milterin 
 +Outgoing Queue Dir = /var/spool/MailScanner/milterout 
 +MTA = msmail 
 +MSMail Queue Type = short 
 +MSMail Delivery Method = QMQP 
 +MSMail Socket Type = inet 
 +MSMail Socket Dir = /var/spool/postfix/public/qmqp 
 +MSMail Relay Port = 628 
 +MSMail Relay Address = 127.0.0.1
 </code> </code>
  
- +/etc/default:
-===== SPF record ===== +
- +
-For SPF to work, you need to setup a proper TXT record like the following:+
 <code> <code>
-@ v=spf1 mx a -all 3600 TXT+run_mailscanner=1
 </code> </code>
  
- +Postfix setup. 
-===== DKIM record ===== +main.cf:
- +
-The DKIM record contains the public part of your domain DKIM keys:+
 <code> <code>
-mydomain.com._domainkey"v=DKIM1; k=rsa; p=<< mykey >>" 3600 TXT          +# MailScanner milter 
 +#smtpd_milters = inet:127.0.0.1:33333 
 +# MailScanner milter may use QMQP for delivery 
 +qmqpd_authorized_clients 127.0.0.1 
 +</code> 
 +master.cf: 
 +<code> 
 +628       inet  n                               qmqpd
 </code> </code>
  
-In the above example //<< mykey >>// is a very long random characters string. 
  
 +====== Install MailWatch ======
  
-===== DMARC record =====+[[https://mailwatch.org/|here]]. 
  
-The DMARC record is used to publish your domain DMARC strategy +Follow docs [[https://docs.mailwatch.org/install/installing.html|here]]. 
 + 
 +/etc/MailScanner/MailScanner.conf:
 <code> <code>
-_dmarc.mydomain.com. "v=DMARC1; p=reject; rua=mailto:postmaster@mydomain.com;" 3600 TXT +Always Looked Up Last &MailWatchLogging 
-_smtp_tls.mydomain.com. """v=TLSRPTv1; rua=mailto:postmaster@mydomain.com""" 3600 TXT+Detailed Spam Report yes 
 +Quarantine Whole Message yes 
 +Quarantine Whole Messages As Queue Files no 
 +Include Scores In SpamAssassin Report = yes 
 +Quarantine User = root 
 +Quarantine Group = apache (this should be the same group as your web server) 
 +Quarantine Permissions 0660
 </code> </code>
  
 +Set queues permissions:
 +<code bash>
 +usermod -a -G postfix apache
 +chmod g+rx /var/spool/postfix/hold
 +chmod g+rx /var/spool/postfix/incoming/
 +chgrp postfix /var/spool/postfix/incoming
 +chgrp postfix /var/spool/postfix/hold
 +</code>
  
-===== Discoverability records ===== 
  
-The following set of SRV records facilitate mail clients to discover your IMAP and SMTP servers: 
-<code> 
-_imaps._tcp.mail.mydomain.com. 0 1 993 mail.mydomain.com. 3600 SRV 
-_submissions._tcp.mail.mydomain.com. 0 1 465 mail.mydomain.com. 3600 SRV 
-_imap._tcp.mail.mydomain.com. 0 1 143 mail.mydomain.com. 3600 SRV 
-_submission._tcp.mail.mydomain.com. 0 1 587 mail.mydomain.com. 3600 SRV 
-</code>