166
edits
Changes
Jump to navigation
Jump to search
Line 39:
Line 39: − + − + Line 52:
Line 52: + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + +
Instructions for set up in Thunderbird
hostname TXT "v=spf1 redirect=_spf.hostname.sugarlabs.org"
hostname TXT "v=spf1 redirect=_spf.hostname.sugarlabs.org"
_spf.hostname TXT "v=spf1 ip4:IPv4_of_hostname/mask ip6:IPv6_of_hostname/64 a:hostname.sugarlabs.org mx:hostname.sugarlabs.org ~all"
_spf.hostname TXT "v=spf1 ip4:IPv4_of_hostname/mask ip6:IPv6_of_hostname/mask a:hostname.sugarlabs.org mx:hostname.sugarlabs.org ~all"
The a and mx values are authorized mail server by domain name and authorized server by domain MX record, the MX record should also be defined
The '''a''' and '''mx''' values are authorized mail server by domain name and authorized server by domain MX record, the MX record should also be defined
for hostname.
for hostname.
To test DKIM, send an email to autorespond+dkim@dk.elandsys.com
To test DKIM, send an email to autorespond+dkim@dk.elandsys.com
To generate an ed25519 key to use for DKIM, you can use openssl
# Generate ed25519 key
$ openssl genpkey -algorithm ed25519 -out dkim_private.pem
# Generate public key from private key
$ openssl pkey -in dkim_private.pem -pubout -out dkim_public.pem
For ed25519 keys, the p value in the DKIM record must only contain the BASE64 encoded public key, without an ASN.1 structure
$ openssl asn1parse -in dkim_public.pem -offset 12 -noout -out /dev/stdout | openssl base64
VGhpcyBpcyBqc3V0ZSBhc29ka2ZvYXNrZWpkZmtsc2pkZgo=
Your entry would look like this
selector1._domainkey.hostname TXT "v=DKIM1; g=*; k=ed25519; p=VGhpcyBpcyBqc3V0ZSBhc29ka2ZvYXNrZWpkZmtsc2pkZgo="
_adsp._domainkey.hostname TXT "dkim=unknown"
When using an ed25519 key, you'll need to add a fallback RSA key for backward compatibility.
# Generate rsa key
$ openssl genrsa -out rsa_private.key 2048
# Generate public key from private key
$ openssl rsa -in rsa_private.key -pubout -outform der 2>/dev/null | openssl base64 -A
You can then add a KeyTable and SigningTable to your opendkim.conf
KeyTable refile:/etc/opendkim/KeyTable
SigningTable refile:/etc/opendkim/SigningTable
# Contents of KeyTable with both keys
selector1._domainkey.hostname.sugarlabs.org hostname.domain-name:selector1:/path/to/selector1/private/*.key
selector2._domainkey.hostname.sugarlabs.org hostname.domain-name:selector2:/path/to/selector2/private/*.key
# Contents of SigningTable
*@hostname.domain-name selector1._domainkey.hostname.sugarlabs.org
*@hostname.domain-name selector2._domainkey.hostname.sugarlabs.org
Then add a DKIM record for the second selector
w-mail._domainkey.weblate IN TXT ("v=DKIM1; h=sha256; k=rsa; p="*")
The value of p is the public key of the generated RSA key above.
Ensure your private keys are on hostname.
== Set up ==
=== Thunderbird ===
These are the settings for setting up SMTP with Thunderbird. Note that you use your LDAP username and password, and that the username __'''does not'''__ have "@sugarlabs.org" at the end.
{|class=wikitable
! Server name !! Port !! Connection security !! Authentication method !! User name
|-
| smtp.sugarlabs.org || 587 || STARTTLS || Normal Password || your LDAP username -- AND WITHOUT @SUGARLABS.ORG AT THE END!
|}
Example:
[[File:Screenshot from 2024-06-13 22-45-20.png|thumb|left|example of smtp set up in thunderbird ]]
== See also ==
== See also ==