Add an FAQ section to READMEHEAD master

author: Sam Chudnick <sam@chudnick.com> 2023-07-03 10:53:52 -0400
committer: Sam Chudnick <sam@chudnick.com> 2023-07-03 10:53:52 -0400
commit: 598c3cac83056c9618c59a49722889fe4944dbf6 (patch)
tree: 83a000c8e525fe6206bab11e8331432105d6d8a8
parent: 75585abd68e52d37579c694e641b5a87fffa6e02 (diff)
1 files changed, 43 insertions, 0 deletions
diff --git a/README.md b/README.md
index 1ef02fe..0318337 100644
--- a/README.md
+++ b/README.md
@@ -57,3 +57,46 @@ If you have passwordless sudo configured --ask-become-pass is not necessary.
 The playbook finishes by generating the DNS records required for mail verification.
 You can find these records under /home/root/dns\_records once the playbook finishes.
 The records are in BIND9 format but the values can be extracted for use on any platform.
+## FAQ
+### Distros
+I have only tested this on Debian 12 and that is currently the only "supported" distro.  
+This will likely not work on Debian 11 due to some changes with the spamassassin package, but could easily be modified to work.  
+It will likely also work with current versions of Ubuntu but may require some modifications there also.
+YMMV with any non Debian-based distro.
+### Users
+This configuration uses the local system for authentication.
+Additionally, postfix login and local maps are used so that not every user on the system can receive mail.
+To create a new mail user use the following script:
+```
+# create unix account - do not allow user to login to system
+useradd --shell /usr/sbin/nologin --create-home --user-group $username
+# login map
+echo "$username@$(cat /etc/mailname)    $username" >> /etc/postfix/login_maps   
+postmap /etc/postfix/login_maps
+# local recipient map
+echo "$username $username" >> /etc/postfix/local_maps
+postmap /etc/postfix/local_maps
+# reload postfix to make changes live
+postfix reload
+# set the user's password
+passwd $username
+```
+This will create a user on the system that is allowed to send and receive mail.
+As a security precaution, the user's shell is set to /usr/sbin/nologin to prevent 
+management access to the server.
+### Multiple Domains
+The playbook will configure the mail server for a single domain.  However, there is nothing in the configuration preventing a mult-domain setup.
+Setting up multiple domains will require some manual configuration of postfix main.cf.
author	Sam Chudnick <sam@chudnick.com>	2023-07-03 10:53:52 -0400
committer	Sam Chudnick <sam@chudnick.com>	2023-07-03 10:53:52 -0400
commit	598c3cac83056c9618c59a49722889fe4944dbf6 (patch)
tree	83a000c8e525fe6206bab11e8331432105d6d8a8
parent	75585abd68e52d37579c694e641b5a87fffa6e02 (diff)

diff --git a/README.md b/README.md index 1ef02fe..0318337 100644 --- a/README.md +++ b/README.md
@@ -57,3 +57,46 @@ If you have passwordless sudo configured --ask-become-pass is not necessary.
57	The playbook finishes by generating the DNS records required for mail verification.	57	The playbook finishes by generating the DNS records required for mail verification.
58	You can find these records under /home/root/dns\_records once the playbook finishes.	58	You can find these records under /home/root/dns\_records once the playbook finishes.
59	The records are in BIND9 format but the values can be extracted for use on any platform.	59	The records are in BIND9 format but the values can be extracted for use on any platform.
		60
		61
		62	## FAQ
		63
		64	### Distros
		65	I have only tested this on Debian 12 and that is currently the only "supported" distro.
		66
		67	This will likely not work on Debian 11 due to some changes with the spamassassin package, but could easily be modified to work.
		68
		69	It will likely also work with current versions of Ubuntu but may require some modifications there also.
		70
		71	YMMV with any non Debian-based distro.
		72
		73	### Users
		74	This configuration uses the local system for authentication.
		75	Additionally, postfix login and local maps are used so that not every user on the system can receive mail.
		76
		77	To create a new mail user use the following script:
		78	```
		79	# create unix account - do not allow user to login to system
		80	useradd --shell /usr/sbin/nologin --create-home --user-group $username
		81
		82	# login map
		83	echo "$username@$(cat /etc/mailname) $username" >> /etc/postfix/login_maps
		84	postmap /etc/postfix/login_maps
		85
		86	# local recipient map
		87	echo "$username $username" >> /etc/postfix/local_maps
		88	postmap /etc/postfix/local_maps
		89
		90	# reload postfix to make changes live
		91	postfix reload
		92
		93	# set the user's password
		94	passwd $username
		95	```
		96	This will create a user on the system that is allowed to send and receive mail.
		97	As a security precaution, the user's shell is set to /usr/sbin/nologin to prevent
		98	management access to the server.
		99
		100	### Multiple Domains
		101	The playbook will configure the mail server for a single domain. However, there is nothing in the configuration preventing a mult-domain setup.
		102	Setting up multiple domains will require some manual configuration of postfix main.cf.