This commit is contained in:
Quentin 2024-01-23 20:21:03 +01:00
parent 2a84690647
commit 2e26863b5f
Signed by: quentin
GPG key ID: E9602264D639FF68
3 changed files with 122 additions and 6 deletions

View file

@ -3,7 +3,8 @@ title = "Service Managers (eg. systemd)"
weight = 40 weight = 40
+++ +++
You may want to start Aerogramme on boot. You may want to start Aerogramme automatically on boot,
restart it if it crashes, etc. Such actions can be achieved through a service manager.
## systemd ## systemd
@ -60,6 +61,15 @@ sudo aerogramme \
sudo systemctl reload aerogramme sudo systemctl reload aerogramme
``` ```
## Other service managers
Other service managers exists: SMF (illumos / solaris), OpenRC (alpine & co), rc (FreeBSD, OpenBSD, NetBSD).
Feel free to open a PR to add some documentation.
You would not use System V initialization scripts...
<!--
## docker-compose ## docker-compose
An example docker compose deployment with Garage included: An example docker compose deployment with Garage included:
@ -84,3 +94,4 @@ services:
- garage-meta:/var/lib/garage/meta - garage-meta:/var/lib/garage/meta
- garage-data:/var/lib/garage/data - garage-data:/var/lib/garage/data
``` ```
-->

View file

@ -3,4 +3,98 @@ title = "SMTP servers"
weight = 50 weight = 50
+++ +++
Todo Many email Message Transfer Agent (MTA) supports LMTP delivery.
Some of them are covered here.
## Postfix
Configuring Postfix requires to add these 2 lines to `main.cf`:
```ini
virtual_mailbox_domains = your-domain.tld
virtual_transport = lmtp:[::1]:1025
```
Make sure that `your-domain.org` is not already configured in the `mydomain` variable,
or it might conflict with Postfix local delivery logic.
*Indeed, Postfix internally has its default configuration for "local" mail delivery,
that maps to the old way of managing emails. LMTP delivery is a more recent, and maps
to the "virtual" mail delivery mechanisms of Postfix. Your goal is thus to deactivate
as much as possible the "local" delivery capabilities of Postfix and only allow
the "virtual" ones.*
You can learn more about Postfix LMTP capabilities on this page: [lmtp(8)](https://www.postfix.org/lmtp.8.html).
## OpenSMTPD
Something like below might work (untested):
```bash
action "remote_mail" lmtp "/var/run/dovecot/lmtp" rcpt-to virtual <virtuals>
match from any for domain "your-domain.tld" action "remote_mail"
```
The syntax is described in their manpage [smtpd.conf(5)](https://man.openbsd.org/smtpd.conf#lmtp).
## Other servers
[Maddy](https://maddy.email/) might be configured to deliver LMTP messages to Aerogramme through its [SMTP & LMTP transparent forwarding](https://maddy.email/reference/targets/smtp/#smtp-lmtp-transparent-forwarding) feature.
[Exim](https://www.exim.org/) has some support [for LMTP](https://www.exim.org/exim-html-current/doc/html/spec_html/ch-the_lmtp_transport.html) too.
[sendmail](https://www.proofpoint.com/us/products/email-protection/open-source-email-solution) might deliver to LMTP through a dedicated binary named [smtpc](https://www.sympa.community/manual/customize/lmtp-delivery.html)
<!--
Let start by creating a folder for Postfix, for example `/opt/aerogramme-postfix`:
```bash
mkdir /tmp/aerogramme-postfix
cd /opt/aerogramme-postfix
mkdir queue
```
To run Postfix, you need some users / groups setup (do it in a container if you don't want to mess up your system):
```bash
sudo useradd postfix
sudo groupadd postdrop
```
The considered `main.cf`:
```
mynetworks=127.0.0.0/8
compatibility_level=3.6
queue_directory=/tmp/postfix-test/queue
data_directory=/tmp/postfix-test/data
maillog_file=/dev/stdout
alias_database=
alias_maps=
virtual_mailbox_domains=saint-ex.deuxfleurs.org
virtual_transport=lmtp:[::1]:1025
```
The considered `master.cf`:
```
smtp inet n - n - - smtpd
smtp unix - - n - - smtp
lmtp unix - - n - - lmtp
anvil unix - - n - 1 anvil
rewrite unix - - n - - trivial-rewrite
cleanup unix n - n - 0 cleanup
qmgr fifo n - n 300 1 qmgr
tlsmgr unix - - n 1000? 1 tlsmgr
bounce unix - - n - 0 bounce
defer unix - - n - 0 bounce
trace unix - - n - 0 bounce
error unix - - n - - error
retry unix - - n - - error
discard unix - - n - - discard
virtual unix - n n - - virtual
proxymap unix - - n - - proxymap
postlog unix-dgram n - n - 1 postlogd
```
-->

View file

@ -41,13 +41,24 @@ This example will be given for Let's Encrypt with Lego for a DNS01 challenge wit
```bash ```bash
GANDIV5_API_KEY=xxx \ GANDIV5_API_KEY=xxx \
GANDIV5_PERSONAL_ACCESS_TOKEN=xxx \ GANDIV5_PERSONAL_ACCESS_TOKEN=xxx \
lego --email you@example.tld --dns gandiv5 --domains imap.example.tld --domains smtp.example.tld run lego \
--email you@example.tld \
--dns gandiv5 \
--domain example.tld \
--domains imap.example.tld \
--domains smtp.example.tld \
run
``` ```
*Note: theoretically only `GANDIV5_PERSONAL_ACCESS_TOKEN` should be required, but it did not work for me.* *Note 1: theoretically only `GANDIV5_PERSONAL_ACCESS_TOKEN` should be required, but it did not work for me.*
*Note 2: we generate a certificate for the root domain and SMTP because it will simplify your testing while following the cookbook.
But if you already have a working email stack, it's not required.*
If the command ran successfully, you now have 2 files: If the command ran successfully, you now have 2 files:
- `.lego/certificates/imap.example.tld.crt` - `.lego/certificates/example.tld.crt`
- `.lego/certificates/imap.example.tld.key` - `.lego/certificates/example.tld.key`
You can directly use them in Aerogramme (the first one must be put on `certs` and the second one on `key`). You can directly use them in Aerogramme (the first one must be put on `certs` and the second one on `key`).
You must configure some way to automatically renew your certificates, the [lego documentation](https://go-acme.github.io/lego/usage/cli/renew-a-certificate/) explains how you can do it.