# This is the smtpd server system-wide configuration file.
# See smtpd.conf(5) for more information, refs:
# 	https://man.openbsd.org/smtpd.conf.5
# 	https://unixdigest.com/tutorials/arch-linux-mail-server-tutorial-part-2-opensmtpd-dovecot-dkimproxy-and-lets-encrypt.html

# TIPS: Add a new/group vamil for processing dirty stuffs:
#   useradd -m -c "Virtual Mail" -d /var/vmail -s /sbin/nologin vmail

smtp max-message-size 3G

# Certificates from Let's Encrypt.
pki mail.topo.tw cert "/etc/mail/ssl/fullchain.cer"
pki mail.topo.tw key "/etc/mail/ssl/mail.topo.tw.key"

# DKIM, command:
# 	sudo PIPX_HOME=/opt/pipx PIPX_BIN_DIR=/usr/local/bin pipx install --force git+https://github.com/palant/opensmtpd-filters.git
# refs: https://palant.info/2020/11/09/adding-dkim-support-to-opensmtpd-with-custom-filters/
filter dkimsign proc-exec "/usr/local/bin/dkimsign topo.tw:dkim:/etc/mail/dkim.key"
filter dkimverify proc-exec "/usr/local/bin/dkimverify topo.tw"
filter dkim chain {"dkimsign", "dkimverify"}

# refs: https://man.openbsd.org/table.5
table passwd file:/etc/mail/passwd

# To also accept external mail over IPv4 or IPv6,
# respectively replace "listen on localhost" with:
#
# listen on 0.0.0.0
# listen on ::
listen on lo
listen on enp1s0 inet4 hostname "mail.topo.tw" port 25 tls pki mail.topo.tw filter "dkim"
listen on enp1s0 inet4 hostname "mail.topo.tw" port 587 tls-require mask-src pki mail.topo.tw auth-optional <passwd> filter "dkim"

# Allow delivery from local or domain-owned-by-me
#action "me" maildir "/home/pham/Maildir" virtual { "@" = "pham" }
action "me" lmtp "/var/run/dovecot/lmtp" virtual { "@" = "pham" }
match from any for domain "topo.tw" action "me"
match from local for local action "me"

# Allow outgoing emails: authenticated connection only
action "relay" relay helo mail.topo.tw
#match from local for any action "relay"
match auth ! from local for any action "relay"
match from local for any action "relay"

# SPAM: deliver spam to custom mda
action "spam" mda "/etc/mail/spam" virtual { "@" = "pham" }
#match from any for rcpt-to "valxxx@megamail.com.br" action "relay"
#match from any for any action "spam"
#match for any reject