3 files changed, 66 insertions, 0 deletions
diff --git a/smtpd/Makefile b/smtpd/Makefile
new file mode 100644
index 0000000..a29254f
--- /dev/null
+++ b/smtpd/Makefile
@@ -0,0 +1,8 @@
+all: dkim
+        sudo mkdir -p /etc/smtpd /etc/mail
+        sudo ln -sf `pwd`/smtpd.conf /etc/smtpd/smtpd.conf
+        sudo cp mail/* /etc/mail/
+dkim:
+        ls /etc/mail/{passwd,dkim.key,dkim.txt}
+passwd:
+        sudo echo $$(id -un):$$(smtpctl encrypt)
diff --git a/smtpd/mail/spam b/smtpd/mail/spam
new file mode 100755
index 0000000..3c48717
--- /dev/null
+++ b/smtpd/mail/spam
@@ -0,0 +1,11 @@
+#! /bin/bash
+SIZE=$(ls --size /tmp/spam | cut -d' ' -f1)
+if test $SIZE -gt 10000; then
+  cat >/tmp/spam
+else
+  cat >>/tmp/spam       
+fi
+true
diff --git a/smtpd/smtpd.conf b/smtpd/smtpd.conf
new file mode 100644
index 0000000..e8a5042
--- /dev/null
+++ b/smtpd/smtpd.conf
@@ -0,0 +1,47 @@
+# This is the smtpd server system-wide configuration file.
+# See smtpd.conf(5) for more information, refs:
+#       https://man.openbsd.org/smtpd.conf.5
+#       https://unixdigest.com/tutorials/arch-linux-mail-server-tutorial-part-2-opensmtpd-dovecot-dkimproxy-and-lets-encrypt.html
+# TIPS: Add a new/group vamil for processing dirty stuffs:
+#   useradd -m -c "Virtual Mail" -d /var/vmail -s /sbin/nologin vmail
+# Certificates from Let's Encrypt.
+pki mail.topo.tw cert "/etc/mail/ssl/fullchain.cer"
+pki mail.topo.tw key "/etc/mail/ssl/mail.topo.tw.key"
+# DKIM, command:
+#       sudo PIPX_HOME=/opt/pipx PIPX_BIN_DIR=/usr/local/bin pipx install --force git+https://github.com/palant/opensmtpd-filters.git
+# refs: https://palant.info/2020/11/09/adding-dkim-support-to-opensmtpd-with-custom-filters/
+filter dkimsign proc-exec "/usr/local/bin/dkimsign topo.tw:dkim:/etc/mail/dkim.key"
+filter dkimverify proc-exec "/usr/local/bin/dkimverify topo.tw"
+filter dkim chain {"dkimsign", "dkimverify"}
+# refs: https://man.openbsd.org/table.5
+table passwd file:/etc/mail/passwd
+# To also accept external mail over IPv4 or IPv6,
+# respectively replace "listen on localhost" with:
+#
+# listen on 0.0.0.0
+# listen on ::
+listen on lo
+listen on enp1s0 inet4 hostname "mail.topo.tw" port 25 tls pki mail.topo.tw filter "dkim"
+listen on enp1s0 inet4 hostname "mail.topo.tw" port 587 tls-require mask-src pki mail.topo.tw auth-optional <passwd> filter "dkim"
+# Allow delivery from local or domain-owned-by-me
+action "me" maildir "/home/pham/Maildir" virtual { "@" = "pham" }
+match from any for domain "topo.tw" action "me"
+match from local for local action "me"
+# Allow outgoing emails: authenticated connection only
+action "relay" relay
+#match from local for any action "relay"
+match auth ! from local for any action "relay"
+match from local for any action "relay"
+# SPAM: deliver spam to custom mda
+action "spam" mda "/etc/mail/spam" virtual { "@" = "pham" }
+#match from any for rcpt-to "valxxx@megamail.com.br" action "relay"
+#match from any for any action "spam"
+#match for any reject

diff --git a/smtpd/Makefile b/smtpd/Makefile new file mode 100644 index 0000000..a29254f --- /dev/null +++ b/smtpd/Makefile
@@ -0,0 +1,8 @@
	1	all: dkim
	2	sudo mkdir -p /etc/smtpd /etc/mail
	3	sudo ln -sf `pwd`/smtpd.conf /etc/smtpd/smtpd.conf
	4	sudo cp mail/* /etc/mail/
	5	dkim:
	6	ls /etc/mail/{passwd,dkim.key,dkim.txt}
	7	passwd:
	8	sudo echo $$(id -un):$$(smtpctl encrypt)


diff --git a/smtpd/mail/spam b/smtpd/mail/spam new file mode 100755 index 0000000..3c48717 --- /dev/null +++ b/smtpd/mail/spam
@@ -0,0 +1,11 @@
	1	#! /bin/bash
	2
	3	SIZE=$(ls --size /tmp/spam \| cut -d' ' -f1)
	4
	5	if test $SIZE -gt 10000; then
	6	cat >/tmp/spam
	7	else
	8	cat >>/tmp/spam
	9	fi
	10
	11	true


diff --git a/smtpd/smtpd.conf b/smtpd/smtpd.conf new file mode 100644 index 0000000..e8a5042 --- /dev/null +++ b/smtpd/smtpd.conf
@@ -0,0 +1,47 @@
	1	# This is the smtpd server system-wide configuration file.
	2	# See smtpd.conf(5) for more information, refs:
	3	# https://man.openbsd.org/smtpd.conf.5
	4	# https://unixdigest.com/tutorials/arch-linux-mail-server-tutorial-part-2-opensmtpd-dovecot-dkimproxy-and-lets-encrypt.html
	5
	6	# TIPS: Add a new/group vamil for processing dirty stuffs:
	7	# useradd -m -c "Virtual Mail" -d /var/vmail -s /sbin/nologin vmail
	8
	9	# Certificates from Let's Encrypt.
	10	pki mail.topo.tw cert "/etc/mail/ssl/fullchain.cer"
	11	pki mail.topo.tw key "/etc/mail/ssl/mail.topo.tw.key"
	12
	13	# DKIM, command:
	14	# sudo PIPX_HOME=/opt/pipx PIPX_BIN_DIR=/usr/local/bin pipx install --force git+https://github.com/palant/opensmtpd-filters.git
	15	# refs: https://palant.info/2020/11/09/adding-dkim-support-to-opensmtpd-with-custom-filters/
	16	filter dkimsign proc-exec "/usr/local/bin/dkimsign topo.tw:dkim:/etc/mail/dkim.key"
	17	filter dkimverify proc-exec "/usr/local/bin/dkimverify topo.tw"
	18	filter dkim chain {"dkimsign", "dkimverify"}
	19
	20	# refs: https://man.openbsd.org/table.5
	21	table passwd file:/etc/mail/passwd
	22
	23	# To also accept external mail over IPv4 or IPv6,
	24	# respectively replace "listen on localhost" with:
	25	#
	26	# listen on 0.0.0.0
	27	# listen on ::
	28	listen on lo
	29	listen on enp1s0 inet4 hostname "mail.topo.tw" port 25 tls pki mail.topo.tw filter "dkim"
	30	listen on enp1s0 inet4 hostname "mail.topo.tw" port 587 tls-require mask-src pki mail.topo.tw auth-optional <passwd> filter "dkim"
	31
	32	# Allow delivery from local or domain-owned-by-me
	33	action "me" maildir "/home/pham/Maildir" virtual { "@" = "pham" }
	34	match from any for domain "topo.tw" action "me"
	35	match from local for local action "me"
	36
	37	# Allow outgoing emails: authenticated connection only
	38	action "relay" relay
	39	#match from local for any action "relay"
	40	match auth ! from local for any action "relay"
	41	match from local for any action "relay"
	42
	43	# SPAM: deliver spam to custom mda
	44	action "spam" mda "/etc/mail/spam" virtual { "@" = "pham" }
	45	#match from any for rcpt-to "valxxx@megamail.com.br" action "relay"
	46	#match from any for any action "spam"
	47	#match for any reject