blob: fdb7d8733d652c06c529ee0175f1fd487a8fbfa6 (
plain)
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
|
# This is the smtpd server system-wide configuration file.
# See smtpd.conf(5) for more information, refs:
# https://man.openbsd.org/smtpd.conf.5
# https://unixdigest.com/tutorials/arch-linux-mail-server-tutorial-part-2-opensmtpd-dovecot-dkimproxy-and-lets-encrypt.html
# TIPS: Add a new/group vamil for processing dirty stuffs:
# useradd -m -c "Virtual Mail" -d /var/vmail -s /sbin/nologin vmail
smtp max-message-size 3G
# Certificates from Let's Encrypt.
pki mail.topo.tw cert "/etc/mail/ssl/fullchain.cer"
pki mail.topo.tw key "/etc/mail/ssl/mail.topo.tw.key"
# DKIM, command:
# sudo PIPX_HOME=/opt/pipx PIPX_BIN_DIR=/usr/local/bin pipx install --force git+https://github.com/palant/opensmtpd-filters.git
# refs: https://palant.info/2020/11/09/adding-dkim-support-to-opensmtpd-with-custom-filters/
filter dkimsign proc-exec "/usr/local/bin/dkimsign topo.tw:dkim:/etc/mail/dkim.key"
filter dkimverify proc-exec "/usr/local/bin/dkimverify topo.tw"
filter dkim chain {"dkimsign", "dkimverify"}
# refs: https://man.openbsd.org/table.5
table passwd file:/etc/mail/passwd
# To also accept external mail over IPv4 or IPv6,
# respectively replace "listen on localhost" with:
#
# listen on 0.0.0.0
# listen on ::
listen on lo
listen on enp1s0 inet4 hostname "mail.topo.tw" port 25 tls pki mail.topo.tw filter "dkim"
listen on enp1s0 inet4 hostname "mail.topo.tw" port 587 tls-require mask-src pki mail.topo.tw auth-optional <passwd> filter "dkim"
# Allow delivery from local or domain-owned-by-me
#action "me" maildir "/home/pham/Maildir" virtual { "@" = "pham" }
action "me" lmtp "/var/run/dovecot/lmtp" virtual { "@" = "pham" }
match from any for domain "topo.tw" action "me"
match from local for local action "me"
# Allow outgoing emails: authenticated connection only
action "relay" relay
#match from local for any action "relay"
match auth ! from local for any action "relay"
match from local for any action "relay"
# SPAM: deliver spam to custom mda
action "spam" mda "/etc/mail/spam" virtual { "@" = "pham" }
#match from any for rcpt-to "valxxx@megamail.com.br" action "relay"
#match from any for any action "spam"
#match for any reject
|
