Child pages
  • Serversetup multi-tenant Kopano+Postfix+SASL+rspamd+openLDAP (Debian 10 buster)

Versions Compared

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.

...

Code Block
title/etc/apache2/sites-enabled # cat kopano.conf
<VirtualHost 1.2.3.4:80>

  ServerName      mailwebmail.example.com
  ServerAdmin     webmaster@example.com

  RewriteEngine   On
  RewriteCond     %{HTTPS} off
  RewriteRule     ^(.*)$   https://%{SERVER_NAME}%{REQUEST_URI} [L,R]

</VirtualHost>

<VirtualHost 1.2.3.4:443>
  ServerName              mailwebmail.example.com
  ServerAdmin             webmaster@example.com


  SSLEngine               on
  SSLCertificateFile      /etc/ssl/private/webmail.example.com/cert.pem
  SSLCertificateKeyFile   /etc/ssl/private/webmail.example.com/privkey.pem
  SSLCertificateChainFile /etc/ssl/private/webmail.example.com/chain.pem
  SSLCACertificateFile    /etc/ssl/private/webmail.example.com/fullchain.pem
  SSLProtocol             all -SSLv2 -SSLv3 -TLSv1 -TLSv1.1
  SSLHonorCipherOrder     on
  SSLCompression          off
  SSLSessionTickets       off
  SSLOpenSSLConfCmd       DHParameters "/etc/apache2/dhparams_4096.pem"
  SSLCipherSuite          ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-SHA384:ECDHE-RSA-AES256-SHA384:ECDHE-ECDSA-AES128-SHA256:ECDHE-RSA-AES128-SHA256

  Protocols               h2 h2c http/1.1

  Include /etc/apache2/sites-available/kopano-webapp.conf 
  Include /etc/apache2/conf-available/z-push.conf
  Include /etc/apache2/conf-available/z-push-autodiscover.conf

  ErrorLog  /var/log/apache2/kopano-error.log
  CustomLog /var/log/apache2/kopano-access.log combined

</VirtualHost>

...

The kopano webapp now should load (with a valid certificate) in your browser with this domain: "https://lamwebmail.example.com".

rspamd 

rpamd has become the swiss armyknife when it comes to spam filtering, virus scanning and so on. We will also install "inotify-spamlearn" so that mails that are tagged as "Junk" are automatically sent to rspamd for spam training.

...