Browse Source

Update README

master
Timo Röhling 8 years ago
parent
commit
f422325ccd
1 changed files with 23 additions and 13 deletions
  1. 23
    13
      README.md

+ 23
- 13
README.md View File

11
 
11
 
12
 Sender Rewriting Scheme Crash Course
12
 Sender Rewriting Scheme Crash Course
13
 ------------------------------------
13
 ------------------------------------
14
-Imagine your server receives a mail from alice@example.com
14
+Imagine your server receives a mail from `alice@example.com`
15
 that is to be forwarded. If example.com uses the Sender Policy Framework
15
 that is to be forwarded. If example.com uses the Sender Policy Framework
16
 to indicate that all legit mails originate from their server, your
16
 to indicate that all legit mails originate from their server, your
17
 forwarded mail might be bounced, because you have no permission to send
17
 forwarded mail might be bounced, because you have no permission to send
18
 on behalf of example.com. The solution is that you map the address to
18
 on behalf of example.com. The solution is that you map the address to
19
 your own domain, e.g.
19
 your own domain, e.g.
20
-SRS0+xxxx=yy=example.com=alice@yourdomain.org (forward SRS). If the
20
+`SRS0+xxxx=yy=example.com=alice@yourdomain.org` (forward SRS). If the
21
 mail is bounced later and a notification arrives, you can extract the
21
 mail is bounced later and a notification arrives, you can extract the
22
 original address from the rewritten one (reverse SRS) and return the
22
 original address from the rewritten one (reverse SRS) and return the
23
 notification to the sender. You might notice that the reverse SRS can
23
 notification to the sender. You might notice that the reverse SRS can
24
-be abused to turn your server into an open relay. For this reason, xxxx
25
-and yy are a cryptographic signature and a time stamp. If the signature
24
+be abused to turn your server into an open relay. For this reason, `xxxx`
25
+and `yy` are a cryptographic signature and a time stamp. If the signature
26
 does not match, the address is forged and the mail can be discarded.
26
 does not match, the address is forged and the mail can be discarded.
27
 
27
 
28
 Building
28
 Building
47
 
47
 
48
 *   `GENERATE_SRS_SECRET` (default: `ON`). Generate a random secret on install.
48
 *   `GENERATE_SRS_SECRET` (default: `ON`). Generate a random secret on install.
49
 *   `USE_APPARMOR` (default: `OFF`): Install an AppArmor profile for the daemon.
49
 *   `USE_APPARMOR` (default: `OFF`): Install an AppArmor profile for the daemon.
50
+*   `USE_SELINUX` (default: `OFF`): Install an SELinux policy module for
51
+    the daemon.
50
 *   `INIT_FLAVOR` (default: auto-detect). Select the appriopriate startup
52
 *   `INIT_FLAVOR` (default: auto-detect). Select the appriopriate startup
51
-    script type. Must be one of (`systemd`, `upstart`,`sysv-lsb`,`sysv-redhat`) or `none`.
53
+    script type. Must be one of (`systemd`, `upstart`,`sysv-lsb`,`sysv-redhat`)
54
+    or `none`.
52
 *   `CHROOT_DIR` (default: `${CMAKE_INSTALL_PREFIX}/lib/postsrsd`). Chroot jail
55
 *   `CHROOT_DIR` (default: `${CMAKE_INSTALL_PREFIX}/lib/postsrsd`). Chroot jail
53
     for the daemon.
56
     for the daemon.
54
 *   `SYSCONF_DIR` (default: `/etc`). Location of system configuration files.
57
 *   `SYSCONF_DIR` (default: `/etc`). Location of system configuration files.
56
     the postsrsd settings.
59
     the postsrsd settings.
57
 *   `DOC_DIR` (default: `${CMAKE_INSTALL_PREFIX}/share/doc/postsrsd`). Install
60
 *   `DOC_DIR` (default: `${CMAKE_INSTALL_PREFIX}/share/doc/postsrsd`). Install
58
     destination for documentation files.
61
     destination for documentation files.
62
+*   `SYSD_UNIT_DIR` (default: `${SYSCONF_DIR}/systemd/system`). Install
63
+    destination for systemd startup files.
59
 
64
 
60
 Installing
65
 Installing
61
 ----------
66
 ----------
66
 Configuration
71
 Configuration
67
 -------------
72
 -------------
68
 
73
 
69
-The configuration is located in `/etc/default/postsrsd` by default. You must store
70
-at least one secret key in `/etc/postsrsd.secret`. The installer tries to generate
71
-one from `/dev/urandom`. Be careful that no one can guess your secret,
72
-because anyone who knows it can use your mail server as open relay!
73
-Each line of `/etc/postsrsd.secret` is used as secret. The first secret is
74
-used for signing and verification, the others for verification only.
74
+The configuration is located in `/etc/default/postsrsd` by default. On many
75
+systems, the default configuration will work out-of-the-box, but please take
76
+the two minutes to check the settings for yourself. Also, please make sure
77
+that Postfix has the correct domain name configured, i.e.
78
+`postconf -h mydomain` returns the correct value.
79
+
80
+You must store at least one secret key in `/etc/postsrsd.secret`. The installer
81
+tries to generate one from `/dev/urandom`. Be careful that no one can guess
82
+your secret, because anyone who knows it can use your mail server as open
83
+relay!  Each line of `/etc/postsrsd.secret` is used as secret. The first secret
84
+is used for signing and verification, the others for verification only.
75
 
85
 
76
 PostSRSd exposes its functionality via two TCP lookup tables. The
86
 PostSRSd exposes its functionality via two TCP lookup tables. The
77
 recommended Postfix configuration is to add the following fragment to
87
 recommended Postfix configuration is to add the following fragment to
78
 your main.cf:
88
 your main.cf:
79
 
89
 
80
-    sender_canonical_maps = tcp:127.0.0.1:10001
90
+    sender_canonical_maps = tcp:localhost:10001
81
     sender_canonical_classes = envelope_sender
91
     sender_canonical_classes = envelope_sender
82
-    recipient_canonical_maps = tcp:127.0.0.1:10002
92
+    recipient_canonical_maps = tcp:localhost:10002
83
     recipient_canonical_classes= envelope_recipient,header_recipient
93
     recipient_canonical_classes= envelope_recipient,header_recipient
84
 
94
 
85
 This will transparently rewrite incoming and outgoing envelope addresses,
95
 This will transparently rewrite incoming and outgoing envelope addresses,

Loading…
Cancel
Save