3.2 KiB
title | description | tags | |
---|---|---|---|
smtpd.conf | OpenSMTPD templates |
|
Simple relay
Here is my template for a simple smtp relay. The host names in the outbound action are to be customized obviously, and in my setups yen
the relay destination is only reachable via wireguard. If not in such setup, smtps with authentication is to be configured :
{{< highlight conf >}} table aliases file:/etc/mail/aliases
listen on socket listen on lo0
action "local_mail" mbox alias action "outbound" relay host "smtp://yen" mail-from "root+phoenix@adyxax.org"
match from local for local action "local_mail" match from local for any action "outbound" {{< /highlight >}}
Primary mx
Here is my primary mx configuration as a sample :
{{< highlight conf >}} pki adyxax.org cert "/etc/ssl/yen.adyxax.org.crt" pki adyxax.org key "/etc/ssl/private/yen.adyxax.org.key"
filter "dkimsign" proc-exec "filter-dkimsign -d adyxax.eu -d adyxax.org -s 2020111301 -k /etc/mail/dkim/private.key" user _dkimsign group _dkimsign filter check_dyndns phase connect match rdns regex { '..dyn..', '..dsl..' } disconnect "550 no residential connections" filter check_rdns phase connect match !rdns disconnect "550 no rDNS is so 80s" filter check_fcrdns phase connect match !fcrdns disconnect "550 no FCrDNS is so 80s"
table aliases file:/etc/mail/aliases table domains file:/etc/mail/domains table virtuals file:/etc/mail/virtuals
listen on egress tls pki adyxax.org filter { check_dyndns, check_rdns, check_fcrdns } listen on egress port submission tls-require pki adyxax.org auth filter dkimsign listen on socket listen on lo0 listen on wg0 filter dkimsign # if you need to relay emails from your wireguard to the internet like I do
action "local_mail" mbox alias action "cyrus" lmtp "/var/run/cyrus/socket/lmtp" virtual action "outbound" relay
match from any for domain action "cyrus" match from local for local action "local_mail"
match from any auth for any action "outbound" match from mail-from "root+phoenix@adyxax.org" for any action "outbound" # if you need to relay emails from another machine to the internet like I do {{< /highlight >}}
Secondary mx
Here is my secondary mx configuration as a sample :
pki adyxax.org cert "/etc/ssl/myth.adyxax.org.crt"
pki adyxax.org key "/etc/ssl/private/myth.adyxax.org.key"
filter "dkimsign" proc-exec "filter-dkimsign -d adyxax.eu -d adyxax.org -s 2020111301 -k /etc/mail/dkim/private.key" user _dkimsign group _dkimsign
filter check_dyndns phase connect match rdns regex { '.*\.dyn\..*', '.*\.dsl\..*' } disconnect "550 no residential connections"
filter check_rdns phase connect match !rdns disconnect "550 no rDNS is so 80s"
filter check_fcrdns phase connect match !fcrdns disconnect "550 no FCrDNS is so 80s"
table aliases file:/etc/mail/aliases
table domains file:/etc/mail/domains
listen on egress tls pki adyxax.org filter { check_dyndns, check_rdns, check_fcrdns }
listen on socket filter dkimsign
listen on lo0 filter dkimsign
action "local_mail" mbox alias <aliases>
action "relay_to_yen" relay backup tls
match from any for domain <domains> action "relay_to_yen"
match from local for local action "local_mail"