§2024-11-01

If you like to switch to another mongoDB server, two files have to be modified

• /etc/wildduck/dbs.toml
• /opt/haraka/config/wildduck.yaml

1. /etc/wildduck/dbs.toml

# mongodb connection string for the main database
# mongo="mongodb://127.0.0.1:27017/wildduck"
mongo="mongodb://siteRootAdmin:b23258585@redisMongo03.yushei.com.tw:27017,redisMongo04.yushei.com.tw:27017,redisMongo05.yushei.com.tw:27017/YuSheiWildduck?authSource=admin&replicaSet=ys20220318"

# redis connection string to connect to a single master (see below for Sentinel example)
#redis="redis://127.0.0.1:6379/3"

# WildDuck allows using different kind of data in different databases
# If you do not provide a database config value, then main database connection
# is used for everything
# You can either use a database name (uses shared connection) or a configutaion
# url (creates a separate connection) for each databases

# Optional database name or connection url for GridFS if you do not want to
# use the main db for storing attachments. Useful if you want
# to use a different mount folder or storage engine
#gridfs="wildduck"

# Optional database name or connection url for users collection if you do not want to
# use the main db for storing user/address data. Useful if you want
# to use a different mount folder or storage engine
#users="wildduck"

# Optional database name or connection url for ZoneMTA queue database. This is
# used to push outbound emails to the sending queue
sender="zone-mta"

#queued="mail"

[redis]
host="127.0.0.1"
port=6379
db=3

## Connect to Redis Sentinel instead of single master
# [redis]
# name="mymaster"
# password=""
# db=3
# [[redis.sentinels]]
#   host="54.36.85.113"
#   port=26379
# [[redis.sentinels]]
#   host="54.36.85.114"
#   port=26379
# [[redis.sentinels]]
#   host="54.36.85.115"
#   port=26379

---

2. 

-/etc/systemd/system/haraka.service 

[Unit] Description=Haraka MX Server After=mongod.service redis.service

[Service] Environment="NODE_ENV=production" WorkingDirectory=/opt/haraka ExecStart=/usr/bin/node ./node_modules/.bin/haraka -c . #--> default to /opt/haraka/config/ Type=simple Restart=always SyslogIdentifier=haraka

[Install] WantedBy=multi-user.target

$ ls -l /opt/haraka/config/ total 52 -rw-r--r-- 1 deploy deploy 73 Sep 27 14:41 clamd.ini -rw-r--r-- 1 deploy deploy 9 Sep 27 14:41 databytes -rw-r--r-- 1 root root 0 Sep 27 14:42 dhparams.pem drwxr-xr-x 2 deploy deploy 29 Sep 27 14:40 dkim -rw-r--r-- 1 deploy deploy 5 Sep 27 14:40 host_list -rw-r--r-- 1 deploy deploy 64 Sep 27 14:40 internalcmd_key -rw-r--r-- 1 deploy deploy 277 Sep 27 14:40 log.ini -rw-r--r-- 1 deploy deploy 16 Sep 27 14:41 me -rw-r--r-- 1 deploy deploy 263 Sep 27 14:41 plugins -rw-r--r-- 1 deploy deploy 1657 Sep 27 14:40 plugins.bak -rw-r--r-- 1 deploy deploy 345 Sep 27 14:41 rspamd.ini -rw-r--r-- 1 deploy deploy 12 Sep 27 14:41 smtpgreeting -rw-r--r-- 1 deploy deploy 1803 Sep 27 14:41 smtp.ini -rw-r--r-- 1 deploy deploy 75 Sep 27 14:41 tls.ini -rw-r--r-- 1 deploy deploy 2900 Sep 27 14:41 wildduck.yaml

¶ onfiguration Files

- wildduck.yaml: This file likely contains the configuration settings for integrating with the WildDuck email server. You should review this file for settings specific to your WildDuck setup.
- plugins: This file lists the plugins that are enabled for your Haraka instance. You may want to check this file to see if the eildduck plugin is listed and to ensure it's properly configured.
- smtp.ini: This file contains settings related to the SMTP protocol, including authentication and security settings.
- tls.ini: This file includes settings for Transport Layer Security (TLS), which is essential for secure email transmission.
- log.ini: This file configures logging options for Haraka, which can be useful for troubleshooting.
- rspamd.ini: If you are using Rspamd for spam filtering, this file contains its configuration.

- /opt/haraka/config/wildduck.yaml 

Connect to a master instance or Redis

redis: port: 6379 host: '127.0.0.1' db: 3

password: ""

Or alternatively, connect to Redis Sentinel

redis:

name: "mymaster"

password: ""

db: 3

sentinels:

- host: "1.2.3.4"

port: 26379

- host: "1.2.3.5"

port: 26379

- host: "1.2.3.6"

port: 26379

mongo: # connection string for main messages database # url: 'mongodb://127.0.0.1:27017/wildduck' url: 'mongodb://siteRootAdmin:b23258585@redisMongo03.yushei.com.tw:27017,redisMongo04.yushei.com.tw:27017,redisMongo05.yushei.com.tw:27017/YuSheiWildduck?authSource=admin&replicaSet=ys20220318'

## database name or connection string for the users db
#users: "users"

## database name or connection string for the attachments db
#gridfs: "attachments"

## database name or connection string for the outbound queue
sender: 'zone-mta'

sender: # Push messages to ZoneMTA queue for delivery # if false then no messages are sent enabled: true

# which ZoneMTA queue to use by default. This mostly affects forwarded messages
zone: 'default'

# Collection name for GridFS storage
gfs: 'mail'

# Collection name for the queue
# see [dbs].sender option for choosing correct database to use for ZoneMTA queues
# by default the main wildduck database is used
collection: 'zone-queue'

# Hashing secret for loop detection
# Must be shared with wildduck
# If not set then looping is not tracked
loopSecret: 'be6EeVeew8aK'

srs: # must be shared with ZoneMTA SRS config, otherwise messages sent from ZoneMTA are not recognized by Haraka secret: 'be6EeVeew8aK'

attachments: type: 'gridstore' bucket: 'attachments' decodeBase64: true

limits: windowSize: 3600 # 1 hour rcptIp: 100 # allowed messages for the same recipient from same IP during window size rcptWindowSize: 60 # 1 minute rcpt: 60 # allowed messages for the same recipient during window size

gelf: enabled: false component: 'mx' options: graylogPort: 12201 graylogHostname: '127.0.0.1' connection: 'lan'

rspamd: # do not process forwarding addresses for messages with the following spam score forwardSkip: 10

# if a message has one of the tags listed here with positive score, the message will be rejected
blacklist:
    - DMARC_POLICY_REJECT

# if a message has one of the tags listed here with positive score, the message will be soft rejected
softlist:
    - RBL_ZONE

# define special responses
responses:
    DMARC_POLICY_REJECT: "Unauthenticated email from {host} is not accepted due to domain's DMARC policy"
    RBL_ZONE: '[{host}] was found from Zone RBL'

auth: dns: # How many DNS lookups to perform for SPF until considering the validation as failed # Probably should be 10 instead maxLookups: 50

# If a public key has fewer bits than required, then DKIM and ARC keys are considered failing by policy
minBitLength: 1024