diff --git a/content/blog/2022-04-05-systemd-nspawn-postfix.md b/content/blog/2022-04-05-systemd-nspawn-postfix.md index 30a2af8..7bf63ed 100644 --- a/content/blog/2022-04-05-systemd-nspawn-postfix.md +++ b/content/blog/2022-04-05-systemd-nspawn-postfix.md @@ -30,7 +30,7 @@ is running Arch: [root@host /]# mkdir /opt/postfix [root@host /]# pacstrap -c /opt/postfix base postfix openbsd-netcat opendkim perl [root@host /]# systemd-nspawn -D /opt/postfix - ># passwd # choose a [temporary] password you can remember for the rest of setup + ># passwd # choose some password you can remember for the rest of setup ># exit ``` @@ -54,9 +54,9 @@ we can then forward ports across the NAT just like you would forward ports from postfix login: root Password: -[root@postfix ~]# systemctl enable systemd-resolved && systemctl start systemd-resolved -[root@postfix ~]# systemctl enable postfix && systemctl start postfix -# then create the db which postfix uses to map email address to linux user accounts: +[root@postfix ~]# systemctl enable --now systemd-resolved +[root@postfix ~]# systemctl enable --now postfix +# then create the db which maps email address to linux user accounts: [root@postfix ~]# newaliases ``` @@ -113,7 +113,8 @@ so for these changes to take effect, you'll need to edit `lib/systemd/system/pos ```diff - ExecStart=/usr/bin/postfix start -+ ExecStart=/usr/bin/bash -c '/usr/bin/postfix set-permissions && /usr/bin/postfix start' ++ ExecStart=/usr/bin/bash -c '/usr/bin/postfix set-permissions \ ++ && /usr/bin/postfix start' ``` because systemd limits postfix's ability to write outside of `/var/spool`, you'll need to change which files postfix tries to enforce permissions. in `etc/postfix/postfix-files`, comment out every line which starts with one of: @@ -147,7 +148,7 @@ outgoing messages: [root@host /opt/postfix]$ cp usr/share/doc/opendkim/opendkim.conf.sample \ etc/opendkim/opendkim.conf # update the `Domain` field -# point the `KeyFile` to /home/vmail/dkim/mx1.private (we'll generate that in a second) +# point the `KeyFile` to /home/vmail/dkim/mx1.private (created later) # set `UserID` to `vmail` # make sure `Socket` points to `inet:8891@localhost` # and consider changing Canonicalization from simple/simple to relaxed/simple @@ -169,7 +170,7 @@ generate the keys (run this as the `vmail` user): start the service: ```sh -[root@postfix /]# systemctl start opendkim && systemctl enable opendkim +[root@postfix /]# systemctl enable --now opendkim ``` add the `mx1._domainkey` TXT record (documented in /home/vmail/dkim/mx1.txt) into your zone file.