Howdy all,
I suppose I ought to stop lurking and at least attempt to contribute
something. So, in the spirit of cooperation, I'm including my
smtpd.conf.
All of the certificates are defined so there's minimal confusion when a
client tries to connect using a different hostname. Those lines are all
repetitive because there's 3 domains, each with a single certificate
from Let's Encrypt being used for 3 hosts each.
The credentials table is a SQL query to use the user table from the
host's NextCloud installation, so that the users can manage their own
passwords or change them at will.
The MDA delivery line looks quite gnarly because I'm using rspamd for
spam flagging, and it doesn't implement LMTP. (I could probably shunt
it all into a script, but that idea only now just occured to me.)
-- Robert Cameron
#/etc/mail/smtpd.conf
#
# Options
expire 5d
max-message-size 50M
queue compression
queue encryption key <string of hex>
# Certificates
pki mx1.domain1.com certificate "/etc/ssl/domain1.com.fullchain.pem"
pki mx1.domain1.com key "/etc/ssl/private/domain1.com.key"
pki smtp.domain1.com certificate "/etc/ssl/domain1.com.fullchain.pem"
pki smtp.domain1.com key "/etc/ssl/private/domain1.com.key"
pki mail.domain1.com certificate "/etc/ssl/domain1.com.fullchain.pem"
pki mail.domain1.com key "/etc/ssl/private/domain1.com.key"
pki mx1.domain2.com certificate "/etc/ssl/domain2.com.fullchain.pem"
pki mx1.domain2.com key "/etc/ssl/private/domain2.com.key"
pki smtp.domain2.com certificate "/etc/ssl/domain2.com.fullchain.pem"
pki smtp.domain2.com key "/etc/ssl/private/domain2.com.key"
pki mail.domain2.com certificate "/etc/ssl/domain2.com.fullchain.pem"
pki mail.domain2.com key "/etc/ssl/private/domain2.com.key"
pki mx1.domain3.com certificate "/etc/ssl/domain3.com.fullchain.pem"
pki mx1.domain3.com key "/etc/ssl/private/domain3.com.key"
pki smtp.domain3.com certificate "/etc/ssl/domain3.com.fullchain.pem"
pki smtp.domain3.com key "/etc/ssl/private/domain3.com.key"
pki mail.domain3.com certificate "/etc/ssl/domain3.com.fullchain.pem"
pki mail.domain3.com key "/etc/ssl/private/domain3.com.key"
# Tables
table aliases file:/etc/mail/aliases
table domains file:/etc/mail/domains
table virtuals file:/etc/mail/virtuals
table credentials mysql:/etc/mail/nextcloud.conf
listen on lo0
listen on lo0 port 10026 tag CLAM_IN # incoming mail clam -> rcpt
listen on lo0 port 10028 tag CLAM_OUT # outgoing mail clam -> dkim
listen on lo0 port 10030 tag DKIM_OUT # outgoing mail dkim -> rcpt
listen on egress port 25 tls auth-optional <credentials> hostname
mx1.domain1.com
listen on egress port 587 tls-require auth <credentials> hostname
smtp.domain1.com
accept for local alias <aliases> deliver to mbox
accept tagged CLAM_IN for domain <domains> virtual <virtuals> \
deliver to mda "/usr/local/bin/rspamc --mime --json --exec
\"/usr/local/libexec/dovecot/dovecot-lda -a %{rcpt} -r %{dest} -f
%{sender} -d %{dest}\"" as vmail
accept from any for domain <domains> relay via
smtp://127.0.0.1:10025 # incoming mail -> clam
accept tagged DKIM_OUT for any relay #
outgoing dkim -> rcpt
accept tagged CLAM_OUT for any relay via smtp://127.0.0.1:10029 #
outgoing clam -> dkim
accept from local for any relay via smtp://127.0.0.1:10027 #
outgoing mail -> clam
--
You received this mail because you are subscribed to [email protected]
To unsubscribe, send a mail to: [email protected]
