diff options
| author | Julien Dessaux | 2021-04-19 17:19:13 +0200 |
|---|---|---|
| committer | Julien Dessaux | 2021-04-19 17:20:50 +0200 |
| commit | 8cbe9093d6e3362529d005f62c756785ab52aa6a (patch) | |
| tree | bb1551ea5d98f1be084844c00bc6c42f693bbb5f /content | |
| parent | Fixed nginx configurations syntax highlighting (diff) | |
| download | www-8cbe9093d6e3362529d005f62c756785ab52aa6a.tar.gz www-8cbe9093d6e3362529d005f62c756785ab52aa6a.tar.bz2 www-8cbe9093d6e3362529d005f62c756785ab52aa6a.zip | |
Added opensmtpd article
Diffstat (limited to 'content')
| -rw-r--r-- | content/docs/openbsd/smtpd.md | 60 |
1 files changed, 60 insertions, 0 deletions
diff --git a/content/docs/openbsd/smtpd.md b/content/docs/openbsd/smtpd.md new file mode 100644 index 0000000..a92382e --- /dev/null +++ b/content/docs/openbsd/smtpd.md @@ -0,0 +1,60 @@ +--- +title: smtpd.conf +description: OpenSMTPD templates +--- + +## Simple relay + +Here is my template for a simple smtp relay. The host names in the outbound action are to be customized obviously, and in my setups `yen` the relay destination is only reachable via wireguard. If not in such setup, smtps with authentication is to be configured : + +{{< highlight conf >}} +table aliases file:/etc/mail/aliases + +listen on socket +listen on lo0 + +action "local_mail" mbox alias <aliases> +action "outbound" relay host "smtp://yen" mail-from "root+phoenix@adyxax.org" + +match from local for local action "local_mail" +match from local for any action "outbound" +{{< /highlight >}} + +## Primary mx + +Here is my primary mx configuration as a sample : + +{{< highlight conf >}} +pki adyxax.org cert "/etc/ssl/yen.adyxax.org.crt" +pki adyxax.org key "/etc/ssl/private/yen.adyxax.org.key" + + +filter "dkimsign" proc-exec "filter-dkimsign -d adyxax.eu -d adyxax.org -s 2020111301 -k /etc/mail/dkim/private.key" user _dkimsign group _dkimsign +filter check_dyndns phase connect match rdns regex { '.*\.dyn\..*', '.*\.dsl\..*' } disconnect "550 no residential connections" +filter check_rdns phase connect match !rdns disconnect "550 no rDNS is so 80s" +filter check_fcrdns phase connect match !fcrdns disconnect "550 no FCrDNS is so 80s" + + +table aliases file:/etc/mail/aliases +table domains file:/etc/mail/domains +table virtuals file:/etc/mail/virtuals + + +listen on egress tls pki adyxax.org filter { check_dyndns, check_rdns, check_fcrdns } +listen on egress port submission tls-require pki adyxax.org auth filter dkimsign +listen on socket +listen on lo0 +listen on wg0 filter dkimsign # if you need to relay emails from your wireguard to the internet like I do + + +action "local_mail" mbox alias <aliases> +action "cyrus" lmtp "/var/run/cyrus/socket/lmtp" virtual <virtuals> +action "outbound" relay + + +match from any for domain <domains> action "cyrus" +match from local for local action "local_mail" + +match from any auth for any action "outbound" +match from mail-from "root+phoenix@adyxax.org" for any action "outbound" # if you need to relay emails from another machine to the internet like I do +{{< /highlight >}} |