blob: 306bc154f20c14e60e10401d217d11b98e91db75 (
plain)
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
|
Laptop Setup
---------------
offlineimap synchronization to maildir, notmuch indexing, mutt-kr client.
What I want when online:
- instant (less than 1 second) email send
- with MUA open, instant (less than 1 second) email receive (IMAP IDLE)
- with MUA closed, regular (15 minute) imap synchronization, and single command
to quickly synchronize and send any queued messages
What I want when offline:
- full email archive to search over, sort, reply, etc
- cache send messages to an outbox folder, to be sent later (or deleted before
connecting)
Compile mutt-kr:
$ sudo aptitude install offlineimap notmuch libgpgme11-dev libnotmuch-dev \
libsasl2-dev libdb-dev
$ # in mutt-kr checkout:
$ ./prepare
$ ./configure --enable-dependency-tracking --enable-notmuch \
--enable-gpgme --enable-hcache --enable-imap --enable-smtp \
--with-ssl --with-gnutls --with-sasl --with-curses --with-regex
Install and configure offlineimap:
$ sudo aptitude install offlineimap
Fetch cacert [a la](http://docs.offlineimap.org/en/latest/FAQ.html#how-do-i-generate-an-sslcacertfile-file):
$ openssl s_client -CApath /etc/ssl/certs -connect ${hostname}:imaps -showcerts \
| perl -ne 'print if /BEGIN/../END/; print STDERR if /return/' > $sslcacertfile
^D
$ # copy resulting file to /etc/ssl/certs
$ # test with:
$ openssl s_client -CAfile $sslcacertfile -connect ${hostname}:imaps 2>&1 </dev/null
TODO: use notmuch-mutt package
Android Setup
---------------
K-9 mail client. No GPG configured.
Server Setup
---------------
Dovcot and postfix, installed mostly following "linode library" instructions.
Set dovecot's ``mail_max_userip_connections`` to ~40 or more if using K-9 mail,
or you'll get errors about "AUTHENTICATE PLAIN" This is because K-9 makes many
parallel connections.
mailman for mailing lists. or enemies-of-carlotta.
setup SPF records.
References:
* [need for high (40+) mail_max_userip_connections in dovecot](http://www.dovecot.org/list/dovecot/2011-September/061221.html)
* [write up of contemporary (2012) techniques](http://blog.phusion.nl/2012/09/10/mail-in-2012-from-an-admins-perspective/)
http://sealedabstract.com/code/nsa-proof-your-e-mail-in-2-hours/
Postfix Domain Blacklist
-------------------------
At some point I started getting >= one spam message per second from a `qq.com`
spoofer. I blacklisted that sender domain using
[these directions](https://nacko.net/postfix-block-specific-from-specific-domains-centos-6-rhel-6/):
Edit `/etc/postfix/sender_access`:
qq.com DISCARD
Run:
sudo postmap /etc/postfix/sender_access
Edit `/etc/postfix/main.cf`:
smtpd_sender_restrictions = check_sender_access hash:/etc/postfix/sender_access
Restart postfix.
|
