hyperreal/techne
1
0
Fork 0
mirror of https://codeberg.org/hyperreal/techne synced 2024-11-01 14:23:06 +01:00
Code Issues Actions Packages Projects Releases Wiki Activity

Add lemmy.org

Browse Source
This commit is contained in:
Jeffrey Serio 2024-09-29 02:31:39 -05:00
parent 8dcda8ab13
commit 42e94ae6f5
1 changed files with 53 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

53
lemmy.org Normal file
View File

@ -0,0 +1,53 @@
#+TITLE: Lemmy
** Configure SPF and DKIM for SMTP postfix-relay
Source: [[https://github.com/wader/postfix-relay#spf]]
- Add remote forwarding for rsyslog.
- Make the DKIM keys persist indefinitely in a volume at ~./volumes/postfix-dkim:/etc/opendkim/keys~.
- ~./volumes~ is relative to the parent directory of the ~docker-compose.yml~ file for the Lemmy instance. E.g. ~/docker/lemmy/volumes~.
Edit ~docker-compose.yml~:
#+BEGIN_SRC yaml
postfix:
image: mwader/postfix-relay
environment:
- POSTFIX_myhostname=lemmy.hyperreal.coffee
- OPENDKIM_DOMAINS=lemmy.hyperreal.coffee
- RSYSLOG_TO_FILE=yes
- RSYSLOG_TIMESTAMP=yes
- RSYSLOG_REMOTE_HOST=<ip addr of remote logging server>
- RSYSLOG_REMOTE_PORT=514
- RSYSLOG_REMOTE_TEMPLATE=RSYSLOG_ForwardFormat
volumes:
- ./volumes/postfix-dkim:/etc/opendkim/keys
- ./volumes/logs:/var/log
restart: "always"
logging: *default-logging
#+END_SRC
#+BEGIN_SRC shell
docker-compose up -d
#+END_SRC
On domain registrar, add the following TXT records:
| Type | Name | Content |
|------+-----------------------+----------------------------------------------|
| TXT | lemmy | "v=spf1 a max ipv4:<ip addr of server> -all" |
| TXT | mail._domainkey.lemmy | "v=DKIM1; h=sha256; k=rsa; p=<pubkey>" |
The content of ~mail._domainkey.lemmy~ is obtained from the log output of the wader/postfix-relay Docker container.
#+BEGIN_SRC shell
docker logs lemmy-postfix-1
#+END_SRC
To test this, allow a few hours for the DNS changes to propagate, then log out of the Lemmy instance and send a password reset request. If the reset confirmation email doesn't go to the spam folder, it works. The email service provider will be able to determine the email is from an authentic email address.
*** Resources
- [[https://en.wikipedia.org/wiki/DomainKeys_Identified_Mail][DomainKeys Identified Mail - Wikipedia]]
- [[https://en.wikipedia.org/wiki/Sender_Policy_Framework][Sender Policy Framework - Wikipedia]]
- [[https://en.wikipedia.org/wiki/DMARC][DMARC]]