Added opensmtpd article
This commit is contained in:
parent
88b281ef55
commit
8cbe9093d6
1 changed files with 60 additions and 0 deletions
60
content/docs/openbsd/smtpd.md
Normal file
60
content/docs/openbsd/smtpd.md
Normal file
|
|
@ -0,0 +1,60 @@
|
|||
---
|
||||
title: smtpd.conf
|
||||
description: OpenSMTPD templates
|
||||
---
|
||||
|
||||
## Simple relay
|
||||
|
||||
Here is my template for a simple smtp relay. The host names in the outbound action are to be customized obviously, and in my setups `yen` the relay destination is only reachable via wireguard. If not in such setup, smtps with authentication is to be configured :
|
||||
|
||||
{{< highlight conf >}}
|
||||
table aliases file:/etc/mail/aliases
|
||||
|
||||
listen on socket
|
||||
listen on lo0
|
||||
|
||||
action "local_mail" mbox alias <aliases>
|
||||
action "outbound" relay host "smtp://yen" mail-from "root+phoenix@adyxax.org"
|
||||
|
||||
match from local for local action "local_mail"
|
||||
match from local for any action "outbound"
|
||||
{{< /highlight >}}
|
||||
|
||||
## Primary mx
|
||||
|
||||
Here is my primary mx configuration as a sample :
|
||||
|
||||
{{< highlight conf >}}
|
||||
pki adyxax.org cert "/etc/ssl/yen.adyxax.org.crt"
|
||||
pki adyxax.org key "/etc/ssl/private/yen.adyxax.org.key"
|
||||
|
||||
|
||||
filter "dkimsign" proc-exec "filter-dkimsign -d adyxax.eu -d adyxax.org -s 2020111301 -k /etc/mail/dkim/private.key" user _dkimsign group _dkimsign
|
||||
filter check_dyndns phase connect match rdns regex { '.*\.dyn\..*', '.*\.dsl\..*' } disconnect "550 no residential connections"
|
||||
filter check_rdns phase connect match !rdns disconnect "550 no rDNS is so 80s"
|
||||
filter check_fcrdns phase connect match !fcrdns disconnect "550 no FCrDNS is so 80s"
|
||||
|
||||
|
||||
table aliases file:/etc/mail/aliases
|
||||
table domains file:/etc/mail/domains
|
||||
table virtuals file:/etc/mail/virtuals
|
||||
|
||||
|
||||
listen on egress tls pki adyxax.org filter { check_dyndns, check_rdns, check_fcrdns }
|
||||
listen on egress port submission tls-require pki adyxax.org auth filter dkimsign
|
||||
listen on socket
|
||||
listen on lo0
|
||||
listen on wg0 filter dkimsign # if you need to relay emails from your wireguard to the internet like I do
|
||||
|
||||
|
||||
action "local_mail" mbox alias <aliases>
|
||||
action "cyrus" lmtp "/var/run/cyrus/socket/lmtp" virtual <virtuals>
|
||||
action "outbound" relay
|
||||
|
||||
|
||||
match from any for domain <domains> action "cyrus"
|
||||
match from local for local action "local_mail"
|
||||
|
||||
match from any auth for any action "outbound"
|
||||
match from mail-from "root+phoenix@adyxax.org" for any action "outbound" # if you need to relay emails from another machine to the internet like I do
|
||||
{{< /highlight >}}
|
||||
Loading…
Add table
Reference in a new issue