From 8cbe9093d6e3362529d005f62c756785ab52aa6a Mon Sep 17 00:00:00 2001 From: Julien Dessaux Date: Mon, 19 Apr 2021 17:19:13 +0200 Subject: Added opensmtpd article --- content/docs/openbsd/smtpd.md | 60 +++++++++++++++++++++++++++++++++++++++++++ 1 file changed, 60 insertions(+) create mode 100644 content/docs/openbsd/smtpd.md (limited to 'content/docs/openbsd') diff --git a/content/docs/openbsd/smtpd.md b/content/docs/openbsd/smtpd.md new file mode 100644 index 0000000..a92382e --- /dev/null +++ b/content/docs/openbsd/smtpd.md @@ -0,0 +1,60 @@ +--- +title: smtpd.conf +description: OpenSMTPD templates +--- + +## Simple relay + +Here is my template for a simple smtp relay. The host names in the outbound action are to be customized obviously, and in my setups `yen` the relay destination is only reachable via wireguard. If not in such setup, smtps with authentication is to be configured : + +{{< highlight conf >}} +table aliases file:/etc/mail/aliases + +listen on socket +listen on lo0 + +action "local_mail" mbox alias +action "outbound" relay host "smtp://yen" mail-from "root+phoenix@adyxax.org" + +match from local for local action "local_mail" +match from local for any action "outbound" +{{< /highlight >}} + +## Primary mx + +Here is my primary mx configuration as a sample : + +{{< highlight conf >}} +pki adyxax.org cert "/etc/ssl/yen.adyxax.org.crt" +pki adyxax.org key "/etc/ssl/private/yen.adyxax.org.key" + + +filter "dkimsign" proc-exec "filter-dkimsign -d adyxax.eu -d adyxax.org -s 2020111301 -k /etc/mail/dkim/private.key" user _dkimsign group _dkimsign +filter check_dyndns phase connect match rdns regex { '.*\.dyn\..*', '.*\.dsl\..*' } disconnect "550 no residential connections" +filter check_rdns phase connect match !rdns disconnect "550 no rDNS is so 80s" +filter check_fcrdns phase connect match !fcrdns disconnect "550 no FCrDNS is so 80s" + + +table aliases file:/etc/mail/aliases +table domains file:/etc/mail/domains +table virtuals file:/etc/mail/virtuals + + +listen on egress tls pki adyxax.org filter { check_dyndns, check_rdns, check_fcrdns } +listen on egress port submission tls-require pki adyxax.org auth filter dkimsign +listen on socket +listen on lo0 +listen on wg0 filter dkimsign # if you need to relay emails from your wireguard to the internet like I do + + +action "local_mail" mbox alias +action "cyrus" lmtp "/var/run/cyrus/socket/lmtp" virtual +action "outbound" relay + + +match from any for domain action "cyrus" +match from local for local action "local_mail" + +match from any auth for any action "outbound" +match from mail-from "root+phoenix@adyxax.org" for any action "outbound" # if you need to relay emails from another machine to the internet like I do +{{< /highlight >}} -- cgit v1.2.3