summaryrefslogtreecommitdiffstats
path: root/software/email.page
blob: 306bc154f20c14e60e10401d217d11b98e91db75 (plain)
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89

Laptop Setup
---------------

offlineimap synchronization to maildir, notmuch indexing, mutt-kr client.

What I want when online:

- instant (less than 1 second) email send
- with MUA open, instant (less than 1 second) email receive (IMAP IDLE)
- with MUA closed, regular (15 minute) imap synchronization, and single command
  to quickly synchronize and send any queued messages

What I want when offline:

- full email archive to search over, sort, reply, etc
- cache send messages to an outbox folder, to be sent later (or deleted before
  connecting)

Compile mutt-kr:

    $ sudo aptitude install offlineimap notmuch libgpgme11-dev libnotmuch-dev \
        libsasl2-dev libdb-dev
    $ # in mutt-kr checkout:
    $ ./prepare
    $ ./configure --enable-dependency-tracking --enable-notmuch \
            --enable-gpgme --enable-hcache --enable-imap --enable-smtp \
            --with-ssl --with-gnutls --with-sasl --with-curses --with-regex

Install and configure offlineimap:

    $ sudo aptitude install offlineimap

Fetch cacert [a la](http://docs.offlineimap.org/en/latest/FAQ.html#how-do-i-generate-an-sslcacertfile-file):

    $ openssl s_client -CApath /etc/ssl/certs -connect ${hostname}:imaps -showcerts \
       | perl -ne 'print if /BEGIN/../END/; print STDERR if /return/' > $sslcacertfile
       ^D
    $ # copy resulting file to /etc/ssl/certs
    $ # test with:
    $ openssl s_client -CAfile $sslcacertfile -connect ${hostname}:imaps 2>&1 </dev/null

TODO: use notmuch-mutt package

Android Setup
---------------

K-9 mail client. No GPG configured.

Server Setup
---------------

Dovcot and postfix, installed mostly following "linode library" instructions.

Set dovecot's ``mail_max_userip_connections`` to ~40 or more if using K-9 mail,
or you'll get errors about "AUTHENTICATE PLAIN" This is because K-9 makes many
parallel connections.

mailman for mailing lists. or enemies-of-carlotta.

setup SPF records.

References:

* [need for high (40+) mail_max_userip_connections in dovecot](http://www.dovecot.org/list/dovecot/2011-September/061221.html)
* [write up of contemporary (2012) techniques](http://blog.phusion.nl/2012/09/10/mail-in-2012-from-an-admins-perspective/)

http://sealedabstract.com/code/nsa-proof-your-e-mail-in-2-hours/

Postfix Domain Blacklist
-------------------------

At some point I started getting >= one spam message per second from a `qq.com`
spoofer. I blacklisted that sender domain using
[these directions](https://nacko.net/postfix-block-specific-from-specific-domains-centos-6-rhel-6/):

Edit `/etc/postfix/sender_access`:

    qq.com DISCARD

Run:

    sudo postmap /etc/postfix/sender_access

Edit `/etc/postfix/main.cf`:

    smtpd_sender_restrictions = check_sender_access hash:/etc/postfix/sender_access

Restart postfix.