2. Reinstall Clamav
apt-get remove clamav clamav-daemon
apt-get install clamav clamav-daemon
/etc/init.d/clamav-daemon restart
/etc/init.d/clamav-freshclam restart
3. Register TLS cert on startssl.com
4. When STARTSSL.COM send email to webmaster@youmaildomain.com to verify domain, maybe it is listed in greylist and is denied by postfix, so you should add ip and account of starssl into whitelist (you can check using tail -f /var/log/mail.log for detect ip and email account of startssl)
cd /opt/iredapd/tools/
python wblist_admin.py --list --whitelist
python wblist_admin.py --add --whitelist 4.14.40.143 no-reply@startcomca.com
python wblist_admin.py --add --whitelist 4.14.40.142 no-reply@startcomca.com
5. When register TLS cert successfully, you will receive a zip (assum it is gbsofts.net.zip) file contains cert and other info, download it and put into /root/cert/
mkdir /root/cert
cd /root/cert
openssl req -newkey rsa:2048 -keyout gbsofts.net.key -out gbsofts.net.csr
openssl rsa -in gbsofts.net.key -out gbsofts.net.decrypt.key
wget --no-check-certificate https://www.startssl.com/certs/ca-bundle.pem -O startssl-ca-bundle.crt
unzip gbsofts.net.zip
unzip NginxServer.zip
cat 1_gbsofts.net_bundle.crt gbsofts.net.decrypt.key > gbsofts.net.pem
nano /etc/nginx/conf.d/00-default.conf
ssl_certificate /root/cert/1_gbsofts.net_bundle.crt;nano /etc/postfix/main.cf
ssl_certificate_key /root/cert/gbsofts.net.decrypt.key;
smtpd_tls_key_file = /root/cert/gbsofts.net.decrypt.key
smtpd_tls_cert_file = /root/cert/1_gbsofts.net_bundle.crt
smtpd_tls_CAfile = /root/cert/startssl-ca-bundle.crt
nano /etc/dovecot/dovecot.conf
ssl_cert = </root/cert/1_gbsofts.net_bundle.crtservice postfix restart
ssl_key = </root/cert/gbsofts.net.decrypt.key
service dovecot restart
service nginx restart
6. Add TXT record to domain to set SPF
v=spf1 ip4:a.b.c.d ~all
for other domain, add TXT
v=spf1 include:otherdomain.com ip4:a.b.c.d ~all
No comments:
Post a Comment