From 1a4c1e65e1e4de2681f247c0ec89db6e0fa0d52a Mon Sep 17 00:00:00 2001 From: Julien Dessaux Date: Tue, 4 May 2021 18:15:50 +0200 Subject: Added secondary mx config to smtpd article --- content/docs/openbsd/smtpd.md | 31 +++++++++++++++++++++++++++++++ 1 file changed, 31 insertions(+) diff --git a/content/docs/openbsd/smtpd.md b/content/docs/openbsd/smtpd.md index a92382e..b6afaf6 100644 --- a/content/docs/openbsd/smtpd.md +++ b/content/docs/openbsd/smtpd.md @@ -58,3 +58,34 @@ match from local for local action "local_mail" match from any auth for any action "outbound" match from mail-from "root+phoenix@adyxax.org" for any action "outbound" # if you need to relay emails from another machine to the internet like I do {{< /highlight >}} + +## Secondary mx + +Here is my secondary mx configuration as a sample : +```conf +pki adyxax.org cert "/etc/ssl/myth.adyxax.org.crt" +pki adyxax.org key "/etc/ssl/private/myth.adyxax.org.key" + + +filter "dkimsign" proc-exec "filter-dkimsign -d adyxax.eu -d adyxax.org -s 2020111301 -k /etc/mail/dkim/private.key" user _dkimsign group _dkimsign +filter check_dyndns phase connect match rdns regex { '.*\.dyn\..*', '.*\.dsl\..*' } disconnect "550 no residential connections" +filter check_rdns phase connect match !rdns disconnect "550 no rDNS is so 80s" +filter check_fcrdns phase connect match !fcrdns disconnect "550 no FCrDNS is so 80s" + + +table aliases file:/etc/mail/aliases +table domains file:/etc/mail/domains + + +listen on egress tls pki adyxax.org filter { check_dyndns, check_rdns, check_fcrdns } +listen on socket filter dkimsign +listen on lo0 filter dkimsign + + +action "local_mail" mbox alias +action "relay_to_yen" relay backup tls + + +match from any for domain action "relay_to_yen" +match from local for local action "local_mail" +``` -- cgit v1.2.3