init commit

3 files changed, 66 insertions, 0 deletions

diff --git a/smtpd/Makefile b/smtpd/Makefile
new file mode 100644
index 0000000..a29254f
--- /dev/null
+++ b/smtpd/Makefile
@@ -0,0 +1,8 @@
+all: dkim
+        sudo mkdir -p /etc/smtpd /etc/mail
+        sudo ln -sf `pwd`/smtpd.conf /etc/smtpd/smtpd.conf
+        sudo cp mail/* /etc/mail/
+dkim:
+        ls /etc/mail/{passwd,dkim.key,dkim.txt}
+passwd:
+        sudo echo $$(id -un):$$(smtpctl encrypt)
diff --git a/smtpd/mail/spam b/smtpd/mail/spam
new file mode 100755
index 0000000..3c48717
--- /dev/null
+++ b/smtpd/mail/spam
@@ -0,0 +1,11 @@
+#! /bin/bash
+
+SIZE=$(ls --size /tmp/spam | cut -d' ' -f1)
+
+if test $SIZE -gt 10000; then
+  cat >/tmp/spam
+else
+  cat >>/tmp/spam       
+fi
+
+true
diff --git a/smtpd/smtpd.conf b/smtpd/smtpd.conf
new file mode 100644
index 0000000..e8a5042
--- /dev/null
+++ b/smtpd/smtpd.conf
@@ -0,0 +1,47 @@
+# This is the smtpd server system-wide configuration file.
+# See smtpd.conf(5) for more information, refs:
+#       https://man.openbsd.org/smtpd.conf.5
+#       https://unixdigest.com/tutorials/arch-linux-mail-server-tutorial-part-2-opensmtpd-dovecot-dkimproxy-and-lets-encrypt.html
+
+# TIPS: Add a new/group vamil for processing dirty stuffs:
+#   useradd -m -c "Virtual Mail" -d /var/vmail -s /sbin/nologin vmail
+
+# Certificates from Let's Encrypt.
+pki mail.topo.tw cert "/etc/mail/ssl/fullchain.cer"
+pki mail.topo.tw key "/etc/mail/ssl/mail.topo.tw.key"
+
+# DKIM, command:
+#       sudo PIPX_HOME=/opt/pipx PIPX_BIN_DIR=/usr/local/bin pipx install --force git+https://github.com/palant/opensmtpd-filters.git
+# refs: https://palant.info/2020/11/09/adding-dkim-support-to-opensmtpd-with-custom-filters/
+filter dkimsign proc-exec "/usr/local/bin/dkimsign topo.tw:dkim:/etc/mail/dkim.key"
+filter dkimverify proc-exec "/usr/local/bin/dkimverify topo.tw"
+filter dkim chain {"dkimsign", "dkimverify"}
+
+# refs: https://man.openbsd.org/table.5
+table passwd file:/etc/mail/passwd
+
+# To also accept external mail over IPv4 or IPv6,
+# respectively replace "listen on localhost" with:
+#
+# listen on 0.0.0.0
+# listen on ::
+listen on lo
+listen on enp1s0 inet4 hostname "mail.topo.tw" port 25 tls pki mail.topo.tw filter "dkim"
+listen on enp1s0 inet4 hostname "mail.topo.tw" port 587 tls-require mask-src pki mail.topo.tw auth-optional <passwd> filter "dkim"
+
+# Allow delivery from local or domain-owned-by-me
+action "me" maildir "/home/pham/Maildir" virtual { "@" = "pham" }
+match from any for domain "topo.tw" action "me"
+match from local for local action "me"
+
+# Allow outgoing emails: authenticated connection only
+action "relay" relay
+#match from local for any action "relay"
+match auth ! from local for any action "relay"
+match from local for any action "relay"
+
+# SPAM: deliver spam to custom mda
+action "spam" mda "/etc/mail/spam" virtual { "@" = "pham" }
+#match from any for rcpt-to "valxxx@megamail.com.br" action "relay"
+#match from any for any action "spam"
+#match for any reject