§2024-09-26 failed!!
Here you can find an example install script to install WildDuck with Haraka and ZoneMTA. The install script is self contained, you can upload to your server and start it as root. It fetches all required files from Github. After installation you should see exactly the same web interface as in https://webmail.wildduck.email/
The install script should work with Ubuntu version from 22.04 (probably also with 20.04) and the server must be blank. Blank meaning that there should be no existing software installed (eg. Apache, MySQL or Postfix). If the server already has something installed, then remove the extra applications before running this script. This also means that you should not run the install script in a VPS that you already use for other stuff.
¶What does it do?
This install script installs and configures the following components:
- WildDuck Mail Server for IMAP and POP3
- Haraka with WildDuck plugin for incoming email
- ZoneMTA with WildDuck plugin for outbound email
- WildDuck Webmail for creating accounts and viewing messages
- Nginx to serve the webmail component
- acme.sh to manage Let's Encrypt certificates
- Rspamd to check messages for spam. Messages detected as spam are routed to Junk Mail folder by default
- ClamAV to check messages for viruses. ClamAV is disabled by default, you need to enable it in the Haraka plugins file
- Unprivileged Deploy user to easily checkout and publish code changes via git
- ufw firewall to only allow public ports (so make sure your ssh runs on port 22 or otherwise change the install script first)
¶What it does not configure:
- DNS settings. These you need to handle yourself. See domainname-nameserver.txt file after installation for DNS configuration (includes DKIM)
¶Security
All components use TLS/HTTPS with Let's Encrypt certificates by default. Webmail component allows to set up two factor authentication (both TOTP and U2F). If 2FA is enabled then you can also generate application specific passwords for external applications (eg. for the IMAP client) from the Webmail interface as master password can not be used in that case.
¶TOTP (Time-based One-Time Password) and U2F (Universal 2nd Factor) are both authentication methods used to enhance security.
- TOTP
- What it is: TOTP generates a temporary code that changes every 30 seconds, typically used in two-factor authentication (2FA).
- How it works: It uses a shared secret (a key known only to the server and the user's device) and the current time to generate a unique code. Users enter this code along with their password to log in.
- Usage: Commonly found in authentication apps like Google Authenticator or Authy.
- U2F
- What it is: U2F is a physical security key standard that adds a second layer of authentication.
- How it works: Users insert a USB key (or use a compatible NFC device) into their computer or tap it on a mobile device. The key generates a unique response to the server's challenge, verifying the user's identity.
- Usage: Often implemented in services like Google, Facebook, and Dropbox to enhance security.
Both TOTP and U2F help protect against unauthorized access by requiring something you know (your password) and something you have (a code or a physical key).
- start a newly build mail.yushei.net, a blank ordoid-n2 with 256G SDram
alexlai@mail:~$ cat /etc/os-release
PRETTY_NAME="Debian GNU/Linux 12 (bookworm)"
alexlai@mail:~$ mkdir -p build/WildDuck && cd $_
$ wget -O - https://raw.githubusercontent.com/nodemailer/wildduck/master/setup/get_install.sh | bash
$ ls
00_install_global_functions_variables.sh 05_install_packages.sh 10_install_wildduck_webmail.sh 15_install_deploy.sh
01_install_commits.sh 06_install_enable_services.sh 11_install_nginx.sh install.sh
02_install_prerequisites.sh 07_install_wildduck.sh 12_install_ufw_rules.sh
03_install_check_running_services.sh 08_install_haraka.sh 13_install_ssl_certs.sh
04_install_import_keys.sh 09_install_zone_mta.sh 14_install_start_services.sh
$ sudo ./install.sh yushei.net mail.yushei.net >log 2>&1 &
$ tail -f log
DOMAINNAME: yushei.net, HOSTNAME: mail.yushei.net
lsof stands for "list open files" and is a powerful tool that allows you to gather information about files and processes that are currently open on your system.
Where mydomain.com is the email address domain and mail.mydomain.com is the hostname of current server.
Make sure that used hostname points to current server as the install script tries to fetch an SSL certificate from Let's Encrypt. The MX for email address domain should point to server hostname.
If the installation succeeds then the installer writes DNS configuration to domainname-nameserver.txt file. Set up the provided DNS entries from this file before sending and receiving email.
Next point your browser to https://mydomain.com/ and you should see the WildDuck example webmail app where you can create an email account.
-
Config files
- WildDuck: /etc/wildduck
- ZoneMTA: /etc/zone-mta
- WildDuck Webmail: /etc/wildduck/wildduck-webmail.toml
- Haraka: /opt/haraka/config
-
Log files
- All stdout and stderr is written to service specific log files. For example WildDuck server logs can be found from /var/log/wildduck-server/wildduck-server.log.
-
Code changes
- Install script sets up applications as remote git repositories. You can clone these to your own machine using a special deploy user. If you push changes back to the remote repo, related services are restarted automatically.
$ git clone deploy@hostname:/var/opt/wildduck.git
$ cd wildduck
$ git checkout master
$ .... make some changes
$ git add .
$ git commit -m "made some changes"
$ git push origin master -f
2024-09-27 odriodN2 bookworm
$ cat log
DOMAINNAME: yushei.net, HOSTNAME: mail.yushei.net
Get:1 http://security.debian.org/debian-security bookworm-security InRelease [48.0 kB]
Hit:2 http://deb.debian.org/debian bookworm InRelease
Get:3 http://deb.debian.org/debian bookworm-updates InRelease [55.4 kB]
Get:4 http://deb.debian.org/debian unstable InRelease [202 kB]
Get:5 http://ppa.linuxfactory.or.kr bookworm InRelease [44.2 kB]
Get:6 http://security.debian.org/debian-security bookworm-security/main Sources [110 kB]
Get:7 https://download.jitsi.org stable/ InRelease [1,682 B]
Get:8 http://deb.debian.org/debian unstable/main arm64 Packages.diff/Index [63.6 kB]
Get:9 http://deb.debian.org/debian unstable/main Translation-en.diff/Index [63.6 kB]
Get:10 http://deb.debian.org/debian unstable/non-free arm64 Packages.diff/Index [63.3 kB]
Get:11 http://deb.debian.org/debian unstable/non-free Translation-en.diff/Index [63.3 kB]
Get:12 http://deb.debian.org/debian unstable/contrib arm64 Packages.diff/Index [63.3 kB]
Get:13 http://deb.debian.org/debian unstable/main arm64 Packages T-2024-09-27-0204.05-F-2024-09-22-0206.19.pdiff [332 kB]
Get:14 https://download.jitsi.org stable/ Packages [94.3 kB]
Get:13 http://deb.debian.org/debian unstable/main arm64 Packages T-2024-09-27-0204.05-F-2024-09-22-0206.19.pdiff [332 kB]
Get:15 http://deb.debian.org/debian unstable/main Translation-en T-2024-09-27-0204.05-F-2024-09-22-0206.19.pdiff [17.4 kB]
Get:15 http://deb.debian.org/debian unstable/main Translation-en T-2024-09-27-0204.05-F-2024-09-22-0206.19.pdiff [17.4 kB]
Get:16 http://deb.debian.org/debian unstable/non-free arm64 Packages T-2024-09-24-2005.48-F-2024-09-22-0206.19.pdiff [8,624 B]
Get:16 http://deb.debian.org/debian unstable/non-free arm64 Packages T-2024-09-24-2005.48-F-2024-09-22-0206.19.pdiff [8,624 B]
Get:17 http://deb.debian.org/debian unstable/non-free Translation-en T-2024-09-24-2005.48-F-2024-09-22-0206.19.pdiff [1,143 B]
Get:17 http://deb.debian.org/debian unstable/non-free Translation-en T-2024-09-24-2005.48-F-2024-09-22-0206.19.pdiff [1,143 B]
Get:18 http://deb.debian.org/debian unstable/contrib arm64 Packages T-2024-09-26-1404.14-F-2024-09-22-0206.19.pdiff [1,481 B]
Get:18 http://deb.debian.org/debian unstable/contrib arm64 Packages T-2024-09-26-1404.14-F-2024-09-22-0206.19.pdiff [1,481 B]
Fetched 1,234 kB in 5s (247 kB/s)
Reading package lists...
Reading package lists...
Building dependency tree...
Reading state information...
lsb-release is already the newest version (12.0-1).
lsb-release set to manually installed.
ca-certificates is already the newest version (20230311).
curl is already the newest version (7.88.1-10+deb12u7).
gnupg is already the newest version (2.2.40-1.1).
The following packages were automatically installed and are no longer required:
libc-ares2 node-busboy node-cjs-module-lexer node-undici node-xtend
nodejs-doc
Use 'sudo apt autoremove' to remove them.
0 upgraded, 0 newly installed, 0 to remove and 7 not upgraded.
-- Executing 01_install_commits.sh subscript --
-- Executing 02_install_prerequisites.sh subscript --
Checking lsof
Checking ps
-- Executing 03_install_check_running_services.sh subscript --
Checking programs listening on port 25,587,993,995,80,443
OK: port 25 (SMTP) is free
OK: port 587 (SMTP TLS) is free
OK: port 993 (IMAP SSL/TLS) is free
OK: port 995 (POP3 SSL/TLS) is free
OK: port 80 (HTTP) is free
OK: port 443 (HTTPS) is free
-- Executing 04_install_import_keys.sh subscript --
Get:1 https://deb.nodesource.com/node_20.x nodistro InRelease [12.1 kB]
Hit:2 http://deb.debian.org/debian bookworm InRelease
Hit:3 http://security.debian.org/debian-security bookworm-security InRelease
Hit:4 http://deb.debian.org/debian bookworm-updates InRelease
Get:5 https://deb.nodesource.com/node_20.x nodistro/main arm64 Packages [9,124 B]
Hit:6 http://deb.debian.org/debian unstable InRelease
Hit:7 http://ppa.linuxfactory.or.kr bookworm InRelease
Hit:9 https://download.jitsi.org stable/ InRelease
Ign:10 https://repo.mongodb.org/apt/ubuntu bookworm/mongodb-org/7.0 InRelease
Err:11 https://repo.mongodb.org/apt/ubuntu bookworm/mongodb-org/7.0 Release
404 Not Found [IP: 54.230.71.125 443]
Get:8 https://rspamd.com/apt-stable bookworm InRelease [3,161 B]
Get:12 https://rspamd.com/apt-stable bookworm/main arm64 Packages [1,576 B]
Reading package lists...
W: Skipping acquire of configured file 'main/source/Sources' as repository 'https://deb.nodesource.com/node_20.x nodistro InRelease' does not seem to provide it (sources.list entry misspelt?)
E: The repository 'https://repo.mongodb.org/apt/ubuntu bookworm/mongodb-org/7.0 Release' does not have a Release file.
-- Executing 05_install_packages.sh subscript --
Hit:1 http://security.debian.org/debian-security bookworm-security InRelease
Hit:2 https://deb.nodesource.com/node_20.x nodistro InRelease
Hit:3 http://deb.debian.org/debian bookworm InRelease
Hit:4 http://ppa.linuxfactory.or.kr bookworm InRelease
Hit:5 http://deb.debian.org/debian bookworm-updates InRelease
Hit:6 http://deb.debian.org/debian unstable InRelease
Hit:8 https://download.jitsi.org stable/ InRelease
Ign:9 https://repo.mongodb.org/apt/ubuntu bookworm/mongodb-org/7.0 InRelease
Err:10 https://repo.mongodb.org/apt/ubuntu bookworm/mongodb-org/7.0 Release
404 Not Found [IP: 54.230.71.69 443]
Hit:7 https://rspamd.com/apt-stable bookworm InRelease
Reading package lists...
W: Skipping acquire of configured file 'main/source/Sources' as repository 'https://deb.nodesource.com/node_20.x nodistro InRelease' does not seem to provide it (sources.list entry misspelt?)
E: The repository 'https://repo.mongodb.org/apt/ubuntu bookworm/mongodb-org/7.0 Release' does not have a Release file.
Reading package lists...
Building dependency tree...
Reading state information...
E: Unable to locate package mongodb-org
Reading package lists...
Building dependency tree...
Reading state information...
The following packages were automatically installed and are no longer required:
libc-ares2 node-busboy node-cjs-module-lexer node-undici node-xtend
nodejs-doc
Use 'sudo apt autoremove' to remove them.
The following additional packages will be installed:
fonts-glyphicons-halflings libjs-bootstrap4 libjs-popper.js libjs-requirejs
libluajit-5.1-2 libluajit-5.1-common libsodium23
Recommended packages:
node-jquery
The following NEW packages will be installed:
fonts-glyphicons-halflings libjs-bootstrap4 libjs-popper.js libjs-requirejs
libluajit-5.1-2 libluajit-5.1-common libsodium23 rspamd
0 upgraded, 8 newly installed, 0 to remove and 7 not upgraded.
Need to get 4,678 kB of archives.
After this operation, 20.7 MB of additional disk space will be used.
Get:1 http://deb.debian.org/debian bookworm/main arm64 fonts-glyphicons-halflings all 1.009~3.4.1+dfsg-3 [162 kB]
Get:2 http://deb.debian.org/debian bookworm/main arm64 libjs-popper.js all 1.16.1+ds-6 [52.4 kB]
Get:3 http://deb.debian.org/debian bookworm/main arm64 libjs-bootstrap4 all 4.6.1+dfsg1-4 [517 kB]
Get:4 http://deb.debian.org/debian bookworm/main arm64 libjs-requirejs all 2.3.6+ds+~2.1.34-2 [196 kB]
Get:5 http://deb.debian.org/debian bookworm/main arm64 libluajit-5.1-common all 2.1.0~beta3+git20220320+dfsg-4.1 [49.8 kB]
Get:6 http://deb.debian.org/debian bookworm/main arm64 libluajit-5.1-2 arm64 2.1.0~beta3+git20220320+dfsg-4.1 [239 kB]
Get:7 http://deb.debian.org/debian bookworm/main arm64 libsodium23 arm64 1.0.18-1 [119 kB]
Get:8 http://deb.debian.org/debian bookworm/main arm64 rspamd arm64 3.4-1 [3,343 kB]
Fetched 4,678 kB in 1s (4,553 kB/s)
Selecting previously unselected package fonts-glyphicons-halflings.
(Reading database ... 48089 files and directories currently installed.)
Preparing to unpack .../0-fonts-glyphicons-halflings_1.009~3.4.1+dfsg-3_all.deb ...
Unpacking fonts-glyphicons-halflings (1.009~3.4.1+dfsg-3) ...
Selecting previously unselected package libjs-popper.js.
Preparing to unpack .../1-libjs-popper.js_1.16.1+ds-6_all.deb ...
Unpacking libjs-popper.js (1.16.1+ds-6) ...
Selecting previously unselected package libjs-bootstrap4.
Preparing to unpack .../2-libjs-bootstrap4_4.6.1+dfsg1-4_all.deb ...
Unpacking libjs-bootstrap4 (4.6.1+dfsg1-4) ...
Selecting previously unselected package libjs-requirejs.
Preparing to unpack .../3-libjs-requirejs_2.3.6+ds+~2.1.34-2_all.deb ...
Unpacking libjs-requirejs (2.3.6+ds+~2.1.34-2) ...
Selecting previously unselected package libluajit-5.1-common.
Preparing to unpack .../4-libluajit-5.1-common_2.1.0~beta3+git20220320+dfsg-4.1_all.deb ...
Unpacking libluajit-5.1-common (2.1.0~beta3+git20220320+dfsg-4.1) ...
Selecting previously unselected package libluajit-5.1-2:arm64.
Preparing to unpack .../5-libluajit-5.1-2_2.1.0~beta3+git20220320+dfsg-4.1_arm64.deb ...
Unpacking libluajit-5.1-2:arm64 (2.1.0~beta3+git20220320+dfsg-4.1) ...
Selecting previously unselected package libsodium23:arm64.
Preparing to unpack .../6-libsodium23_1.0.18-1_arm64.deb ...
Unpacking libsodium23:arm64 (1.0.18-1) ...
Selecting previously unselected package rspamd.
Preparing to unpack .../7-rspamd_3.4-1_arm64.deb ...
Unpacking rspamd (3.4-1) ...
Setting up libsodium23:arm64 (1.0.18-1) ...
Setting up libjs-popper.js (1.16.1+ds-6) ...
Setting up fonts-glyphicons-halflings (1.009~3.4.1+dfsg-3) ...
Setting up libjs-requirejs (2.3.6+ds+~2.1.34-2) ...
Setting up libluajit-5.1-common (2.1.0~beta3+git20220320+dfsg-4.1) ...
Setting up libjs-bootstrap4 (4.6.1+dfsg1-4) ...
Setting up libluajit-5.1-2:arm64 (2.1.0~beta3+git20220320+dfsg-4.1) ...
Setting up rspamd (3.4-1) ...
Created symlink /etc/systemd/system/multi-user.target.wants/rspamd.service → /lib/systemd/system/rspamd.service.
Processing triggers for man-db (2.11.2-2) ...
Processing triggers for libc-bin (2.36-9+deb12u8) ... <-- stops here,
-
but, after I restarted the machine,
systemctl stop nginxthen do it again -
` $ sudo ./install.sh yushei.net mail.yushei.net >log-01 2>&1 &
$ cat log-01
DOMAINNAME: yushei.net, HOSTNAME: mail.yushei.net
Hit:1 https://deb.nodesource.com/node_20.x nodistro InRelease
Hit:2 http://deb.debian.org/debian bookworm InRelease
Hit:3 http://deb.debian.org/debian bookworm-updates InRelease
Hit:4 http://deb.debian.org/debian unstable InRelease
Hit:5 http://security.debian.org/debian-security bookworm-security InRelease
Get:6 http://ppa.linuxfactory.or.kr bookworm InRelease [44.2 kB]
Hit:8 https://download.jitsi.org stable/ InRelease
Ign:9 https://repo.mongodb.org/apt/ubuntu bookworm/mongodb-org/7.0 InRelease
Hit:7 https://rspamd.com/apt-stable bookworm InRelease
Err:10 https://repo.mongodb.org/apt/ubuntu bookworm/mongodb-org/7.0 Release
404 Not Found [IP: 54.230.71.16 443]
Reading package lists...
W: Skipping acquire of configured file 'main/source/Sources' as repository 'https://deb.nodesource.com/node_20.x nodistro InRelease' does not seem to provide it (sources.list entry misspelt?)
E: The repository 'https://repo.mongodb.org/apt/ubuntu bookworm/mongodb-org/7.0 Release' does not have a Release file.
Reading package lists...
Building dependency tree...
Reading state information...
lsb-release is already the newest version (12.0-1).
ca-certificates is already the newest version (20230311).
curl is already the newest version (7.88.1-10+deb12u7).
gnupg is already the newest version (2.2.40-1.1).
The following packages were automatically installed and are no longer required:
libc-ares2 node-busboy node-cjs-module-lexer node-undici node-xtend
nodejs-doc
Use 'sudo apt autoremove' to remove them.
0 upgraded, 0 newly installed, 0 to remove and 7 not upgraded.
-- Executing 01_install_commits.sh subscript --
-- Executing 02_install_prerequisites.sh subscript --
Checking lsof
Checking ps
-- Executing 03_install_check_running_services.sh subscript --
Checking programs listening on port 25,587,993,995,80,443
OK: port 25 (SMTP) is free
OK: port 587 (SMTP TLS) is free
OK: port 993 (IMAP SSL/TLS) is free
OK: port 995 (POP3 SSL/TLS) is free
OK: port 80 (HTTP) is free
OK: port 443 (HTTPS) is free
-- Executing 04_install_import_keys.sh subscript --
useradd: user 'wildduck' already exists
User wildduck already exists
useradd: user 'deploy' already exists
User deploy already exists
Hit:1 https://deb.nodesource.com/node_20.x nodistro InRelease
Hit:2 http://deb.debian.org/debian bookworm InRelease
Hit:3 http://deb.debian.org/debian bookworm-updates InRelease
Hit:4 http://security.debian.org/debian-security bookworm-security InRelease
Hit:5 http://deb.debian.org/debian unstable InRelease
Hit:6 http://ppa.linuxfactory.or.kr bookworm InRelease
Hit:8 https://download.jitsi.org stable/ InRelease
Ign:9 https://repo.mongodb.org/apt/ubuntu bookworm/mongodb-org/7.0 InRelease
Err:10 https://repo.mongodb.org/apt/ubuntu bookworm/mongodb-org/7.0 Release
404 Not Found [IP: 54.230.71.125 443]
Hit:7 https://rspamd.com/apt-stable bookworm InRelease
Reading package lists...
W: Skipping acquire of configured file 'main/source/Sources' as repository 'https://deb.nodesource.com/node_20.x nodistro InRelease' does not seem to provide it (sources.list entry misspelt?)
E: The repository 'https://repo.mongodb.org/apt/ubuntu bookworm/mongodb-org/7.0 Release' does not have a Release file.
-- Executing 05_install_packages.sh subscript --
Hit:1 http://deb.debian.org/debian bookworm InRelease
Hit:2 http://security.debian.org/debian-security bookworm-security InRelease
Hit:3 http://deb.debian.org/debian bookworm-updates InRelease
Hit:4 https://deb.nodesource.com/node_20.x nodistro InRelease
Hit:5 http://deb.debian.org/debian unstable InRelease
Hit:6 http://ppa.linuxfactory.or.kr bookworm InRelease
Ign:7 https://repo.mongodb.org/apt/ubuntu bookworm/mongodb-org/7.0 InRelease
Hit:9 https://download.jitsi.org stable/ InRelease
Err:10 https://repo.mongodb.org/apt/ubuntu bookworm/mongodb-org/7.0 Release
404 Not Found [IP: 13.35.7.108 443]
Hit:8 https://rspamd.com/apt-stable bookworm InRelease
Reading package lists...
E: The repository 'https://repo.mongodb.org/apt/ubuntu bookworm/mongodb-org/7.0 Release' does not have a Release file.
W: Skipping acquire of configured file 'main/source/Sources' as repository 'https://deb.nodesource.com/node_20.x nodistro InRelease' does not seem to provide it (sources.list entry misspelt?)
Reading package lists...
Building dependency tree...
Reading state information...
E: Unable to locate package mongodb-org
Reading package lists...
Building dependency tree...
Reading state information...
rspamd is already the newest version (3.4-1).
The following packages were automatically installed and are no longer required:
libc-ares2 node-busboy node-cjs-module-lexer node-undici node-xtend
nodejs-doc
Use 'sudo apt autoremove' to remove them.
0 upgraded, 0 newly installed, 0 to remove and 7 not upgraded.
-- Executing 06_install_enable_services.sh subscript --
/home/alexlai/build/WildDuck/06_install_enable_services.sh: line 10: pwgen: command not found
/home/alexlai/build/WildDuck/06_install_enable_services.sh: line 11: pwgen: command not found
/home/alexlai/build/WildDuck/06_install_enable_services.sh: line 12: pwgen: command not found
/home/alexlai/build/WildDuck/06_install_enable_services.sh: line 13: -e: command not found
Failed to enable unit: Unit file mongod.service does not exist.
Synchronizing state of redis-server.service with SysV service script with /lib/systemd/systemd-sysv-install.
Executing: /lib/systemd/systemd-sysv-install enable redis-server
-- These are the installed and required programs:
/home/alexlai/build/WildDuck/06_install_enable_services.sh: line 19: node: command not found
Redis server v=7.0.15 sha=00000000:0 malloc=jemalloc-5.3.0 bits=64 build=8fef3e995a542118
/home/alexlai/build/WildDuck/06_install_enable_services.sh: line 21: mongod: command not found
HOSTNAME: mail.yushei.net
-- Installing npm globally (workaround)
/home/alexlai/build/WildDuck/06_install_enable_services.sh: line 26: npm: command not found
-- Executing 07_install_wildduck.sh subscript --
Cloning into bare repository 'wildduck.git'...
Note: switching to '9a61cff18689f773b01a77d00d6e309507fb5dd8'.
You are in 'detached HEAD' state. You can look around, make experimental
changes and commit them, and you can discard any commits you make in this
state without impacting any branches by switching back to a branch.
If you want to create a new branch to retain commits you create, you may
do so (now or later) by using -c with the switch command. Example:
git switch -c <new-branch-name>
Or undo this operation with:
git switch -
Turn off this advice by setting config variable advice.detachedHead to false
HEAD is now at 9a61cff chore(master): release 1.45.0 [skip-ci] (#717)
/home/alexlai/build/WildDuck/07_install_wildduck.sh: line 58: npm: command not found
/home/alexlai/build/WildDuck/00_install_global_functions_variables.sh: line 268: /etc/rsyslog.d/25-wildduck-server.conf: No such file or directory
Created symlink /etc/systemd/system/multi-user.target.wants/wildduck.service → /etc/systemd/system/wildduck.service.
-- Executing 08_install_haraka.sh subscript --
Cloning into bare repository 'haraka-plugin-wildduck.git'...
/home/alexlai/build/WildDuck/08_install_haraka.sh: line 36: npm: command not found
/home/alexlai/build/WildDuck/08_install_haraka.sh: line 37: haraka: command not found
/home/alexlai/build/WildDuck/08_install_haraka.sh: line 38: cd: /opt/haraka: No such file or directory
/home/alexlai/build/WildDuck/08_install_haraka.sh: line 39: npm: command not found
fatal: Invalid path '/opt/haraka': No such file or directory
/home/alexlai/build/WildDuck/08_install_haraka.sh: line 46: npm: command not found
/home/alexlai/build/WildDuck/08_install_haraka.sh: line 48: cd: /opt/haraka: No such file or directory
mv: cannot stat 'config/plugins': No such file or directory
/home/alexlai/build/WildDuck/08_install_haraka.sh: line 51: config/databytes: No such file or directory
/home/alexlai/build/WildDuck/08_install_haraka.sh: line 52: config/me: No such file or directory
/home/alexlai/build/WildDuck/08_install_haraka.sh: line 53: config/smtpgreeting: No such file or directory
/home/alexlai/build/WildDuck/08_install_haraka.sh: line 67: config/plugins: No such file or directory
/home/alexlai/build/WildDuck/08_install_haraka.sh: line 70: config/tls.ini: No such file or directory
/home/alexlai/build/WildDuck/08_install_haraka.sh: line 94: config/rspamd.ini: No such file or directory
/home/alexlai/build/WildDuck/08_install_haraka.sh: line 99: config/clamd.ini: No such file or directory
cp: cannot stat 'plugins/wildduck/config/wildduck.yaml': No such file or directory
sed: can't read config/wildduck.yaml: No such file or directory
/home/alexlai/build/WildDuck/00_install_global_functions_variables.sh: line 268: /etc/rsyslog.d/25-haraka.conf: No such file or directory
/home/alexlai/build/WildDuck/08_install_haraka.sh: line 124: config/smtp.ini: No such file or directory
chown: cannot access '/opt/haraka': No such file or directory
Created symlink /etc/systemd/system/multi-user.target.wants/haraka.service → /etc/systemd/system/haraka.service.
-- Executing 09_install_zone_mta.sh subscript --
Cloning into bare repository 'zone-mta.git'...
Cloning into bare repository 'zonemta-wildduck.git'...
Note: switching to '2ec1ba85a44c4665a6326271c8162ee76c4d6d02'.
You are in 'detached HEAD' state. You can look around, make experimental
changes and commit them, and you can discard any commits you make in this
state without impacting any branches by switching back to a branch.
If you want to create a new branch to retain commits you create, you may
do so (now or later) by using -c with the switch command. Example:
git switch -c <new-branch-name>
Or undo this operation with:
git switch -
Turn off this advice by setting config variable advice.detachedHead to false
HEAD is now at 2ec1ba8 Bumped zone-mta
Note: switching to 'f029b8d69aaa255b1c4f426848f994be21be8cd0'.
You are in 'detached HEAD' state. You can look around, make experimental
changes and commit them, and you can discard any commits you make in this
state without impacting any branches by switching back to a branch.
If you want to create a new branch to retain commits you create, you may
do so (now or later) by using -c with the switch command. Example:
git switch -c <new-branch-name>
Or undo this operation with:
git switch -
Turn off this advice by setting config variable advice.detachedHead to false
HEAD is now at f029b8d chore(master): release 1.32.16 [skip-ci] (#29)
writing RSA key
/home/alexlai/build/WildDuck/09_install_zone_mta.sh: line 100: node: command not found
/home/alexlai/build/WildDuck/09_install_zone_mta.sh: line 103: npm: command not found
/home/alexlai/build/WildDuck/09_install_zone_mta.sh: line 106: npm: command not found
/home/alexlai/build/WildDuck/00_install_global_functions_variables.sh: line 268: /etc/rsyslog.d/25-zone-mta.conf: No such file or directory
Created symlink /etc/systemd/system/multi-user.target.wants/zone-mta.service → /etc/systemd/system/zone-mta.service.
-- Executing 10_install_wildduck_webmail.sh subscript --
Cloning into bare repository 'wildduck-webmail.git'...
Note: switching to '40ee1ef973de33de5bdf3e6b7e877d156d87436a'.
You are in 'detached HEAD' state. You can look around, make experimental
changes and commit them, and you can discard any commits you make in this
state without impacting any branches by switching back to a branch.
If you want to create a new branch to retain commits you create, you may
do so (now or later) by using -c with the switch command. Example:
git switch -c <new-branch-name>
Or undo this operation with:
git switch -
Turn off this advice by setting config variable advice.detachedHead to false
HEAD is now at 40ee1ef Set the same max password length for every field
sudo: npm: command not found
sudo: npm: command not found
/home/alexlai/build/WildDuck/00_install_global_functions_variables.sh: line 268: /etc/rsyslog.d/25-wildduck-www.conf: No such file or directory
Created symlink /etc/systemd/system/multi-user.target.wants/wildduck-webmail.service → /etc/systemd/system/wildduck-webmail.service.
-- Executing 11_install_nginx.sh subscript --
.....+...........+.............+......+.....+......+..........+...+.....+......+.+++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++*.+++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++*.................+..+.+...............+......+...+..+......+.......+...+............+.....+.+...............+....................+......+...+++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
...........+.......+......+..+.......+.....+.+++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++*.+...+...+...........+...+.+.....+....+...+.........+++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++*.+...+...+.+...+......+..+....+........+.......+......+........+.+......+........+....+..+.........+++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
-----
nginx.service is not active, cannot reload.
-- Executing 12_install_ufw_rules.sh subscript --
/home/alexlai/build/WildDuck/12_install_ufw_rules.sh: line 14: ufw: command not found
/home/alexlai/build/WildDuck/12_install_ufw_rules.sh: line 15: ufw: command not found
/home/alexlai/build/WildDuck/12_install_ufw_rules.sh: line 16: ufw: command not found
/home/alexlai/build/WildDuck/12_install_ufw_rules.sh: line 17: ufw: command not found
/home/alexlai/build/WildDuck/12_install_ufw_rules.sh: line 18: ufw: command not found
/home/alexlai/build/WildDuck/12_install_ufw_rules.sh: line 19: ufw: command not found
/home/alexlai/build/WildDuck/12_install_ufw_rules.sh: line 20: ufw: command not found
/home/alexlai/build/WildDuck/12_install_ufw_rules.sh: line 21: ufw: command not found
-- Executing 13_install_ssl_certs.sh subscript --
Redirecting output to ‘wget-log’.
[Fri Sep 27 01:31:23 PM CST 2024] It is recommended to install socat first.
[Fri Sep 27 01:31:23 PM CST 2024] We use socat for standalone server if you use standalone mode.
[Fri Sep 27 01:31:23 PM CST 2024] If you don't use standalone mode, just ignore this warning.
[Fri Sep 27 01:31:23 PM CST 2024] Installing to /root/.acme.sh
[Fri Sep 27 01:31:23 PM CST 2024] Installed to /root/.acme.sh/acme.sh
[Fri Sep 27 01:31:23 PM CST 2024] Installing alias to '/root/.bashrc'
[Fri Sep 27 01:31:23 PM CST 2024] OK, Close and reopen your terminal to start using acme.sh
[Fri Sep 27 01:31:23 PM CST 2024] Installing cron job
55 1 * * * "/opt/acmesh/.acme.sh"/acme.sh --cron --home "/opt/acmesh/.acme.sh" > /dev/null
[Fri Sep 27 01:31:23 PM CST 2024] Good, bash is found, so change the shebang to use bash as preferred.
[Fri Sep 27 01:31:23 PM CST 2024] OK
[Fri Sep 27 01:31:24 PM CST 2024] Using CA: https://acme-v02.api.letsencrypt.org/directory
[Fri Sep 27 01:31:24 PM CST 2024] Create account key ok.
[Fri Sep 27 01:31:25 PM CST 2024] Registering account: https://acme-v02.api.letsencrypt.org/directory
[Fri Sep 27 01:31:26 PM CST 2024] Registered
[Fri Sep 27 01:31:26 PM CST 2024] ACCOUNT_THUMBPRINT='qn_aL8n0q53VwtOfbYZOUEGs16PH7N9N8rhDl6362KU'
[Fri Sep 27 01:31:26 PM CST 2024] Creating domain key
[Fri Sep 27 01:31:26 PM CST 2024] The domain key is here: /root/.acme.sh/mail.yushei.net_ecc/mail.yushei.net.key
[Fri Sep 27 01:31:26 PM CST 2024] Single domain='mail.yushei.net'
[Fri Sep 27 01:31:26 PM CST 2024] Getting domain auth token for each domain
[Fri Sep 27 01:31:28 PM CST 2024] Getting webroot for domain='mail.yushei.net'
[Fri Sep 27 01:31:28 PM CST 2024] Verifying: mail.yushei.net
[Fri Sep 27 01:31:28 PM CST 2024] Nginx mode for domain:mail.yushei.net
[Fri Sep 27 01:31:29 PM CST 2024] Found conf file: /etc/nginx/sites-enabled/mail.yushei.net
[Fri Sep 27 01:31:29 PM CST 2024] Backup /etc/nginx/sites-enabled/mail.yushei.net to /root/.acme.sh/mail.yushei.net_ecc/backup/mail.yushei.net.nginx.conf
[Fri Sep 27 01:31:29 PM CST 2024] Check the nginx conf before setting up.
2024/09/27 13:31:29 [warn] 4955#4955: duplicate extension "wasm", content type: "application/wasm", previous content type: "application/wasm" in /etc/nginx/sites-enabled/yushei.net.conf:5
nginx: the configuration file /etc/nginx/nginx.conf syntax is ok
nginx: configuration file /etc/nginx/nginx.conf test is successful
[Fri Sep 27 01:31:29 PM CST 2024] OK, Set up nginx config file
[Fri Sep 27 01:31:29 PM CST 2024] nginx conf is done, let's check it again.
2024/09/27 13:31:29 [warn] 4961#4961: duplicate extension "wasm", content type: "application/wasm", previous content type: "application/wasm" in /etc/nginx/sites-enabled/yushei.net.conf:5
nginx: the configuration file /etc/nginx/nginx.conf syntax is ok
nginx: configuration file /etc/nginx/nginx.conf test is successful
[Fri Sep 27 01:31:29 PM CST 2024] Reload nginx
2024/09/27 13:31:29 [warn] 4963#4963: duplicate extension "wasm", content type: "application/wasm", previous content type: "application/wasm" in /etc/nginx/sites-enabled/yushei.net.conf:5
2024/09/27 13:31:29 [notice] 4963#4963: signal process started
2024/09/27 13:31:29 [error] 4963#4963: invalid PID number "" in "/run/nginx.pid"
[Fri Sep 27 01:31:29 PM CST 2024] It seems that nginx reload error, let's restore.
[Fri Sep 27 01:31:29 PM CST 2024] Please add '--debug' or '--log' to check more details.
[Fri Sep 27 01:31:29 PM CST 2024] See: https://github.com/acmesh-official/acme.sh/wiki/How-to-debug-acme.sh
Warning: Failed to generate certificates, using self-signed certs
-- Executing 14_install_start_services.sh subscript --
/etc/tmpfiles.d/haraka-log.conf:1: Failed to resolve user 'syslog': No such process
/etc/tmpfiles.d/wildduck-server-log.conf:1: Failed to resolve user 'syslog': No such process
/etc/tmpfiles.d/wildduck-www-log.conf:1: Failed to resolve user 'syslog': No such process
/etc/tmpfiles.d/zone-mta-log.conf:1: Failed to resolve user 'syslog': No such process
Failed to restart rsyslog.service: Unit rsyslog.service not found.
Failed to start mongod.service: Unit mongod.service not found.
-- Executing 15_install_deploy.sh subscript --
Waiting for the server to start up................
- install mongodb
$ wget https://repo.mongodb.org/apt/ubuntu/dists/jammy/mongodb-org/8.0/multiverse/binary-arm64/mongodb-org-server_8.0.0_arm64.deb
$ sudo dpkg -i mongodb-org-server_8.0.0_arm64.deb
[sudo] password for alexlai:
use mongod-aarch64-r7.0.0-rc8
¶ Executing 13_install_ssl_certs.sh subscript --
Redirecting output to ‘wget-log’.
[Thu Sep 26 04:09:11 PM CST 2024] It is recommended to install socat first.
[Thu Sep 26 04:09:11 PM CST 2024] We use socat for standalone server if you use standalone mode.
[Thu Sep 26 04:09:11 PM CST 2024] If you don't use standalone mode, just ignore this warning.
[Thu Sep 26 04:09:11 PM CST 2024] Installing to /root/.acme.sh
[Thu Sep 26 04:09:11 PM CST 2024] Installed to /root/.acme.sh/acme.sh
[Thu Sep 26 04:09:11 PM CST 2024] Installing alias to '/root/.bashrc'
[Thu Sep 26 04:09:11 PM CST 2024] OK, Close and reopen your terminal to start using acme.sh
[Thu Sep 26 04:09:11 PM CST 2024] Installing cron job
no crontab for root
no crontab for root
[Thu Sep 26 04:09:11 PM CST 2024] Good, bash is found, so change the shebang to use bash as preferred.
[Thu Sep 26 04:09:12 PM CST 2024] OK
[Thu Sep 26 04:09:13 PM CST 2024] Using CA: https://acme-v02.api.letsencrypt.org/directory
[Thu Sep 26 04:09:13 PM CST 2024] Create account key ok.
[Thu Sep 26 04:09:14 PM CST 2024] Registering account: https://acme-v02.api.letsencrypt.org/directory
[Thu Sep 26 04:09:15 PM CST 2024] Registered
[Thu Sep 26 04:09:15 PM CST 2024] ACCOUNT_THUMBPRINT='tT15cSPXbbDkyr2F9Dxs_gYHBxTLLT88wLqPXzYCPLk'
[Thu Sep 26 04:09:16 PM CST 2024] Creating domain key
[Thu Sep 26 04:09:16 PM CST 2024] The domain key is here: /root/.acme.sh/mail.hc4Noble.yushei.net_ecc/mail.hc4Noble.yushei.net.key
[Thu Sep 26 04:09:16 PM CST 2024] Single domain='mail.hc4Noble.yushei.net'
[Thu Sep 26 04:09:16 PM CST 2024] Getting domain auth token for each domain
[Thu Sep 26 04:09:18 PM CST 2024] Getting webroot for domain='mail.hc4Noble.yushei.net'
[Thu Sep 26 04:09:18 PM CST 2024] Verifying: mail.hc4Noble.yushei.net
[Thu Sep 26 04:09:18 PM CST 2024] Nginx mode for domain:mail.hc4Noble.yushei.net
[Thu Sep 26 04:09:18 PM CST 2024] Found conf file: /etc/nginx/sites-enabled/mail.hc4Noble.yushei.net
[Thu Sep 26 04:09:18 PM CST 2024] Backup /etc/nginx/sites-enabled/mail.hc4Noble.yushei.net to /root/.acme.sh/mail.hc4Noble.yushei.net_ecc/backup/mail.hc4Noble.yushei.net.nginx.conf
[Thu Sep 26 04:09:18 PM CST 2024] Check the nginx conf before setting up.
nginx: the configuration file /etc/nginx/nginx.conf syntax is ok
nginx: configuration file /etc/nginx/nginx.conf test is successful
[Thu Sep 26 04:09:18 PM CST 2024] OK, Set up nginx config file
[Thu Sep 26 04:09:18 PM CST 2024] nginx conf is done, let's check it again.
nginx: the configuration file /etc/nginx/nginx.conf syntax is ok
nginx: configuration file /etc/nginx/nginx.conf test is successful
[Thu Sep 26 04:09:19 PM CST 2024] Reload nginx
nginx: [error] invalid PID number "" in "/run/nginx.pid"
[Thu Sep 26 04:09:19 PM CST 2024] It seems that nginx reload error, let's restore.
[Thu Sep 26 04:09:19 PM CST 2024] Please add '--debug' or '--log' to check more details.
[Thu Sep 26 04:09:19 PM CST 2024] See: https://github.com/acmesh-official/acme.sh/wiki/How-to-debug-acme.sh
Warning: Failed to generate certificates, using self-signed certs
¶ Executing 14_install_start_services.sh subscript --
¶Executing 15_install_deploy.sh subscript --
Waiting for the server to start up...........
Registering DKIM key for hc4Noble.yushei.net
{"domain":"hc4Noble.yushei.net","selector":"sep2024","description":"Default DKIM key for hc4Noble.yushei.net","privateKey":"-----BEGIN PRIVATE KEY-----\nMIICdgIBADANBgkqhkiG9w0BAQEFAASCAmAwggJcAgEAAoGBAOMrv3w9RIOrR7CD\nJQn3xXpzMZGqEB9g76kVtB8Tz1Afz5dbgbkXVvSbZLFUVxPNCeHd+/XPB/WQnRkZ\ngl9Sop0/pX1Wt2x2AnDhJ20hDrlzuWPfaGaPtYIOhqUsWDJ8WrSQgtnZuk792JBF\nr72cxOFLbq9q26npxVch2qjlljp5AgMBAAECgYAnoxt/JwWMX9dbYhaVXakUS4Mr\nolu7zeMjQokyHve+SD6lby78R6lBdtej5U5oQw9lXKE46428+CWhGoVX8ogyyY20\nCiA1yd6kAWhfGwd685xMhKoac/47LaUvbIDmixir3M3QGysgJAOIOdJOIyGmA4ap\nE0X2ezhTLaZ4p+H2jQJBAPseNYmzCIv6IT0iXNlu+BBi/FYv+tmQUXY9h+oeeK6o\na8KOw0rJ8/C+vxrtuFqQqGDoyDWJbePdxE2zApPENaMCQQDnlls27SdxqwxGoiq7\nk+P5e/e2NIXQJOUbd7kr6512C3/G/41vl2GVzkES4Yr9v4N2Vvc3ffCvcuGnxLw6\nnPkzAkBbb5GA9R6ckVQ/BV8XkO9kUBafb1MAmyr+ScNOfQ/mUM8EBaWYetaHB31g\nWcSxvVCCEOCtlb/co6hRvmem1F/PAkBw078Cxo22AkiLzQwWsRmbfbsUiQg8fQ0l\n0bFkZXkkfru0/uIwYMdJTeBES6AEuh5ZNEtjPLdbMxQfQWkXAU0jAkEAn5jIsn+E\ntogPtnrQZLvyvSE/JLX670a7KooaiX65bBZl3s/DSYj1lLNyNT4fu36ThQ83nUPO\nU5+OoiGnKrRKgw==\n-----END PRIVATE KEY-----\n"}
% Total % Received % Xferd Average Speed Time Time Time Current
Dload Upload Total Spent Left Speed
100 1969 100 911 100 1058 3358 3900 --:--:-- --:--:-- --:--:-- 7319
HTTP/1.1 200 OK
Server: WildDuck API
vary: origin,access-control-request-method,access-control-request-headers
Content-Type: application/json; charset=utf-8
Content-Length: 911
Date: Thu, 26 Sep 2024 08:09:38 GMT
Connection: keep-alive
Keep-Alive: timeout=5
{
"id": "66f516c24ce9adb110913d5d",
"domain": "hc4noble.yushei.net",
"selector": "sep2024",
"description": "Default DKIM key for hc4Noble.yushei.net",
"fingerprint": "be:6e:e6:7f:ac:dd:39:47:bd:35:be:22:31:59:18:a3:02:f5:f9:89:bd:5f:da:cc:73:9a:4a:4e:ba:a1:1e:ea",
"publicKey": "-----BEGIN PUBLIC KEY-----\nMIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDjK798PUSDq0ewgyUJ98V6czGR\nqhAfYO+pFbQfE89QH8+XW4G5F1b0m2SxVFcTzQnh3fv1zwf1kJ0ZGYJfUqKdP6V9\nVrdsdgJw4SdtIQ65c7lj32hmj7WCDoalLFgyfFq0kILZ2bpO/diQRa+9nMThS26v\natup6cVXIdqo5ZY6eQIDAQAB\n-----END PUBLIC KEY-----\n",
"dnsTxt": {
"name": "sep2024._domainkey.hc4noble.yushei.net",
"value": "v=DKIM1;t=s;p=MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDjK798PUSDq0ewgyUJ98V6czGRqhAfYO+pFbQfE89QH8+XW4G5F1b0m2SxVFcTzQnh3fv1zwf1kJ0ZGYJfUqKdP6V9VrdsdgJw4SdtIQ65c7lj32hmj7WCDoalLFgyfFq0kILZ2bpO/diQRa+9nMThS26vatup6cVXIdqo5ZY6eQIDAQAB"
},
"success": true
}
DEPLOY SETUP
1. Add your ssh key to /home/deploy/.ssh/authorized_keys
2. Clone application code
$ git clone deploy@mail.hc4Noble.yushei.net:/var/opt/wildduck.git
$ git clone deploy@mail.hc4Noble.yushei.net:/var/opt/zone-mta.git
$ git clone deploy@mail.hc4Noble.yushei.net:/var/opt/wildduck-webmail.git
$ git clone deploy@mail.hc4Noble.yushei.net:/var/opt/haraka-plugin-wildduck.git
$ git clone deploy@mail.hc4Noble.yushei.net:/var/opt/zonemta-wildduck.git
3. After making a change in local copy deploy to server
$ git push origin master
(you might need to use -f when pushing first time)
NAMESERVER SETUP
================
MX
--
Add this MX record to the hc4Noble.yushei.net DNS zone:
hc4Noble.yushei.net. IN MX 5 mail.hc4Noble.yushei.net.
SPF
---
Add this TXT record to the hc4Noble.yushei.net DNS zone:
hc4Noble.yushei.net. IN TXT "v=spf1 a:mail.hc4Noble.yushei.net a:hc4Noble.yushei.net ip4:210.242.152.235 ~all"
Or:
hc4Noble.yushei.net. IN TXT "v=spf1 a:mail.hc4Noble.yushei.net ip4:210.242.152.235 ~all"
hc4Noble.yushei.net. IN TXT "v=spf1 ip4:210.242.152.235 ~all"
Some explanation:
SPF is basically a DNS entry (TXT), where you can define,
which server hosts (a:[HOSTNAME]) or ip address (ip4:[IP_ADDRESS])
are allowed to send emails.
So the receiver server (eg. gmail's server) can look up this entry
and decide if you(as a sender server) is allowed to send emails as
this email address.
If you are unsure, list more a:, ip4 entries, rather then fewer.
Example:
company website: awesome.com
company's email server: mail.awesome.com
company's reverse dns entry for this email server: mail.awesome.com -> 11.22.33.44
SPF record in this case would be:
awesome.com. IN TXT "v=spf1 a:mail.awesome.com a:awesome.com ip4:11.22.33.44 ~all"
The following servers can send emails for *@awesome.com email addresses:
awesome.com (company's website handling server)
mail.awesome.com (company's mail server)
11.22.33.44 (company's mail server's ip address)
Please note, that a:mail.awesome.com is the same as ip4:11.22.33.44, so it is
redundant. But better safe than sorry.
And in this example, the company's website handling server can also send
emails and in general it is an outbound only server.
If a website handles email sending (confirmation emails, contact form, etc).
DKIM
----
Add this TXT record to the hc4Noble.yushei.net DNS zone:
sep2024._domainkey.hc4Noble.yushei.net. IN TXT "v=DKIM1;k=rsa;p=MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDjK798PUSDq0ewgyUJ98V6czGRqhAfYO+pFbQfE89QH8+XW4G5F1b0m2SxVFcTzQnh3fv1zwf1kJ0ZGYJfUqKdP6V9VrdsdgJw4SdtIQ65c7lj32hmj7WCDoalLFgyfFq0kILZ2bpO/diQRa+9nMThS26vatup6cVXIdqo5ZY6eQIDAQAB"
The DKIM .json text we added to wildduck server:
curl -i -XPOST http://localhost:8080/dkim \
-H 'Content-type: application/json' \
-d '{"domain":"hc4Noble.yushei.net","selector":"sep2024","description":"Default DKIM key for hc4Noble.yushei.net","privateKey":"-----BEGIN PRIVATE KEY-----\nMIICdgIBADANBgkqhkiG9w0BAQEFAASCAmAwggJcAgEAAoGBAOMrv3w9RIOrR7CD\nJQn3xXpzMZGqEB9g76kVtB8Tz1Afz5dbgbkXVvSbZLFUVxPNCeHd+/XPB/WQnRkZ\ngl9Sop0/pX1Wt2x2AnDhJ20hDrlzuWPfaGaPtYIOhqUsWDJ8WrSQgtnZuk792JBF\nr72cxOFLbq9q26npxVch2qjlljp5AgMBAAECgYAnoxt/JwWMX9dbYhaVXakUS4Mr\nolu7zeMjQokyHve+SD6lby78R6lBdtej5U5oQw9lXKE46428+CWhGoVX8ogyyY20\nCiA1yd6kAWhfGwd685xMhKoac/47LaUvbIDmixir3M3QGysgJAOIOdJOIyGmA4ap\nE0X2ezhTLaZ4p+H2jQJBAPseNYmzCIv6IT0iXNlu+BBi/FYv+tmQUXY9h+oeeK6o\na8KOw0rJ8/C+vxrtuFqQqGDoyDWJbePdxE2zApPENaMCQQDnlls27SdxqwxGoiq7\nk+P5e/e2NIXQJOUbd7kr6512C3/G/41vl2GVzkES4Yr9v4N2Vvc3ffCvcuGnxLw6\nnPkzAkBbb5GA9R6ckVQ/BV8XkO9kUBafb1MAmyr+ScNOfQ/mUM8EBaWYetaHB31g\nWcSxvVCCEOCtlb/co6hRvmem1F/PAkBw078Cxo22AkiLzQwWsRmbfbsUiQg8fQ0l\n0bFkZXkkfru0/uIwYMdJTeBES6AEuh5ZNEtjPLdbMxQfQWkXAU0jAkEAn5jIsn+E\ntogPtnrQZLvyvSE/JLX670a7KooaiX65bBZl3s/DSYj1lLNyNT4fu36ThQ83nUPO\nU5+OoiGnKrRKgw==\n-----END PRIVATE KEY-----\n"}'
Please refer to the manual how to change/delete/update DKIM keys
via the REST api (with curl on localhost) for the newest version.
List DKIM keys:
curl -i http://localhost:8080/dkim
Delete DKIM:
curl -i -XDELETE http://localhost:8080/dkim/59ef21aef255ed1d9d790e81
Move DKIM keys to another machine:
Save the above curl command and dns entry.
Also copy the following two files too:
/opt/zone-mta/keys/[MAILDOMAIN]-dkim.cert
/opt/zone-mta/keys/[MAILDOMAIN]-dkim.pem
pem: private key (guard it well)
cert: public key
DMARC
---
Add this TXT record to the hc4Noble.yushei.net DNS zone:
_dmarc.hc4Noble.yushei.net. IN TXT "v=DMARC1; p=reject;"
PTR
---
Make sure that your public IP has a PTR record set to mail.hc4Noble.yushei.net.
If your hosting provider does not allow you to set PTR records but has
assigned their own hostname, then edit /etc/zone-mta/pools.toml and replace
the hostname mail.hc4Noble.yushei.net with the actual hostname of this server.
TL;DR
-----
Add the following DNS records to the hc4Noble.yushei.net DNS zone:
hc4Noble.yushei.net. IN MX 5 mail.hc4Noble.yushei.net.
hc4Noble.yushei.net. IN TXT "v=spf1 ip4:210.242.152.235 ~all"
sep2024._domainkey.hc4Noble.yushei.net. IN TXT "v=DKIM1;k=rsa;p=MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDjK798PUSDq0ewgyUJ98V6czGRqhAfYO+pFbQfE89QH8+XW4G5F1b0m2SxVFcTzQnh3fv1zwf1kJ0ZGYJfUqKdP6V9VrdsdgJw4SdtIQ65c7lj32hmj7WCDoalLFgyfFq0kILZ2bpO/diQRa+9nMThS26vatup6cVXIdqo5ZY6eQIDAQAB"
_dmarc.hc4Noble.yushei.net. IN TXT "v=DMARC1; p=reject;"
(this text is also stored to /home/alexlai/build/WildDuck/hc4Noble.yushei.net-nameserver.txt)
All done, open https://mail.hc4Noble.yushei.net/ in your browser