From 598c3cac83056c9618c59a49722889fe4944dbf6 Mon Sep 17 00:00:00 2001 From: Sam Chudnick Date: Mon, 3 Jul 2023 10:53:52 -0400 Subject: Add an FAQ section to README --- README.md | 43 +++++++++++++++++++++++++++++++++++++++++++ 1 file changed, 43 insertions(+) diff --git a/README.md b/README.md index 1ef02fe..0318337 100644 --- a/README.md +++ b/README.md @@ -57,3 +57,46 @@ If you have passwordless sudo configured --ask-become-pass is not necessary. The playbook finishes by generating the DNS records required for mail verification. You can find these records under /home/root/dns\_records once the playbook finishes. The records are in BIND9 format but the values can be extracted for use on any platform. + + +## FAQ + +### Distros +I have only tested this on Debian 12 and that is currently the only "supported" distro. + +This will likely not work on Debian 11 due to some changes with the spamassassin package, but could easily be modified to work. + +It will likely also work with current versions of Ubuntu but may require some modifications there also. + +YMMV with any non Debian-based distro. + +### Users +This configuration uses the local system for authentication. +Additionally, postfix login and local maps are used so that not every user on the system can receive mail. + +To create a new mail user use the following script: +``` +# create unix account - do not allow user to login to system +useradd --shell /usr/sbin/nologin --create-home --user-group $username + +# login map +echo "$username@$(cat /etc/mailname) $username" >> /etc/postfix/login_maps +postmap /etc/postfix/login_maps + +# local recipient map +echo "$username $username" >> /etc/postfix/local_maps +postmap /etc/postfix/local_maps + +# reload postfix to make changes live +postfix reload + +# set the user's password +passwd $username +``` +This will create a user on the system that is allowed to send and receive mail. +As a security precaution, the user's shell is set to /usr/sbin/nologin to prevent +management access to the server. + +### Multiple Domains +The playbook will configure the mail server for a single domain. However, there is nothing in the configuration preventing a mult-domain setup. +Setting up multiple domains will require some manual configuration of postfix main.cf. -- cgit v1.2.3