On 3/4/19 5:40 AM, Robert Moskowitz wrote: > > > On 3/1/19 12:53 PM, Ben Archuleta wrote: >> Hello All, >> >> >> I need to set up a new mail server to replace an aging CentOS 6.3 mail >> server. I was wondering what were some of the best guides on the web >> for Postfix (Maildir), Spamassassin, ClamAV, Dovecot? > > I am close to upgrading my mailserver. My current instructions are at: > > http://www.htt-consult.com/Centos7-mailserver.html > > I need to finish: > > SHA256 or SHA512 instead of MD5 for the password (Just need to finish up > the roundcube password change script) > dovecotadm backup for the mail > and something to backup the mysql > > Otherwise my testing has been good. > > Of course adding stuff like DKIM, DANE, etc. would be nice. Note with DKIM - OpenDKIM defaults to 1024-bit RSA but that is no longer recommended and some services no longer consider it valid. 2048-bit RSA is the current recommended. The problem is that since DKIM keys do not expire, sysadmins got lazy and never bothered to periodically generate new ones, making 1024-bit RSA unsuitable. Ed25519 is also now available but support for it is not wide-spread yet.