Chris, In my opinion it needs a lot of reading and testing to make the puzzle in one go.
But for path A -> B -> C -> D -> E -> F -> G -> H -> I, you might also want to do A -> B first and test it. That means send an email between two users locally. This way you'll understand better the role of each component as you go on every simple step I used a couple of blogs, mailling lists and man to build it http://technoquarter.blogspot.com/ https://frozen-geek.net/openbsd-email-server-1/ Le lundi 17 septembre 2018 à 22:20:24 UTC+2, Chris Bennett <cpb_m...@bennettconstruction.us> a écrit : On Mon, Sep 17, 2018 at 06:33:52PM +0000, Mik J wrote: > > Really it will take time, here are the components I installed for this to > work: opensmtp, dkimproxy, clamav, clamsmtp, nginx, roundcube, prosody, > dovecot, let's encrypt, bind > > I'm using imapsync for the migration and plan to use openldap and bogofilter. Here is where my problem is. OpenSMTPD and Dovecot, yes. Then, everywhere I look, I see an endless combination of different spam solutions. Every guide I've seen online tends to be a little out of date, as the knobs have all changed. And I have yet to find an explanation as to why they selected a particular combination. It seems that I should move to IMAP, but then I have to ask myself if that is even justified. I don't really know. I don't mind throwing in PostgreSQL, but where are some good table/column examples? Every guide just jumps straight to you need to install: A -> B -> C -> D -> E -> F -> G -> H -> I Whoa. I'm on severe overload here. It's kept me from even installing Dovecot yet since I don't even know crap about B -> C -> D -> E I don't mind putting in the work. But can anyone recommend a slower solution? Say skip C -> D -> E for now, but add them in bit by bit which gives me time to actually study them? I really don't like cut and paste. I really want to get rid of as much spam as I can, but I'm patient. Also, other than the mailing lists, almost everything is starting to be HTML emails. > > Yes, this hostmaster work is more important for deliverability than the > *optional* TLS & DKIM stuff, which I still don't bother at all with... > > Along with correct DNS PTR records (and matching SMTP HELO hostname), > basic SPF & DMARC DNS records are almost essential to send. > > With almost all inbound connections being spam, fighting that is the > main task of the postmaster. Aggressive spamd settings are needed here. > > After that, the MTA needs to be able to check the DNS validity of the > sender's SMTP HELO hostname, and check their DNS PTR record is valid, > and both the mail's envelope and address from domains have MX records. > > Most spam is sent by infected consumer devices, which do not have valid > reverse DNS, nor a valid HELO hostname. After greylisting, bad DNS is > the biggest indicator of spam. An MTA needs a lot of DNS knobs to tweak. > > Following that, the sender's IP address needs to be checked against > multiple reliable DNS black and lists, and a cumulative score being > totalled up to decide to reject or pass on to the next stage of tests. > > TLS & DKIM have very little value. The postmaster instead needs to work > closely with the hostmaster and concentrate on good DNS practice/tests. Then there is this part. Umm, I'd like to get this all correct. Despite reading up on this that I've done, without seeing any correct examples, I feel a little like my DMARC is being put up my DKIM, to be a little graphic. I would like nothing more than an example of the whole ball of wax that I can use to cut and paste with my info substituted. This has got to be a lot simpler than what I've seen as far as explanations, which has left me very frustrated. Worse, I got stuck for months without a laptop/desktop to work from. Yeah, I know I said cut and paste here. Shrug. This email thing is kinda important. I feel like a little kid trying to make pancakes with a fork instead of a spatula in a pressure cooker. Right now is a good time for me to learn all this. I don't get or send much email. But I'm planning on trying to make a real living wage online. If that works, I better have this all figured out by then. Turns out that right hip problems are genetic from my father's side of the family. All I can say is Ouch! I need to figure this out. Hey, thanks for any help and a special thanks for those clever OpenSMTPD people. Wow, sendmail was a real bitch! Chris Bennett