smtpd configuration

[Stephane Guedon]

Hello. Just read the request about sharing our smtpd.conf. Here is mine, on 
openbsd stable (yes, I must admit, it is far the best, and should be more 
efficient) :

#filter filter-pause pause
#filter filter-regex regex
#filter filter-dnsbl-sorbs dnsbl
#filter filter-dnsbl-spamcop dnsbl "-h bl.spamcop.net"
#filter filter-dnsbl-spamhaus dnsbl "-h sbl-xbl.spamhaus.org"
#filter all chain filter-dnsbl-sorbs filter-dnsbl-spamcop filter-dnsbl-spamhaus
#filter all chain filter-pause filter-regex filter-dnsbl-sorbs 
filter-dnsbl-spamcop 
filter-dnsbl-spamhaus

eth = "re0"

table relays  { id-libre.org, milhit.ch, yeuxdelibad.net, 3hg.fr }
table domains { 22decembre.eu, 22december.dk }

pki mail.22decembre.eu key              "/etc/ssl/acme/private/mail-
privkey.pem"
pki mail.22decembre.eu certificate      "/etc/ssl/acme/mail-fullchain.pem"

limit mta inet4
listen on lo0

table localnet { 10.0.0.0/8, 127.0.0.1, fe80::/64, 2a06:4000:1576::/48, 
fd00:2016:22::/48}

table aliases file:/etc/mail/aliases

# écoute pour les courriers en entree
listen on $eth  inet4   port smtp               tls     pki mail.22decembre.eu
listen on $eth          port submission         tls     pki mail.22decembre.eu 
auth

accept tagged !AFTER_SPAMPD from any for domain <domains> relay via smtp://
localhost4:10035 # send to spamassassin

listen on lo0  port 10036 tag AFTER_SPAMPD

accept from any   for domain <domains>    alias <aliases> deliver to lmtp "/
var/dovecot/lmtp"

accept tagged AFTER_SPAMPD       for domain <domains>                    alias 
<aliases> deliver to lmtp "/var/dovecot/lmtp"
accept from source <localnet>           for domain "*.22decembre.eu"            
alias <aliases> deliver to lmtp "/var/dovecot/lmtp"
accept for local                                                                
alias <aliases> deliver to lmtp "/var/dovecot/lmtp"

accept from any for domain <relays> relay backup

# tout le courrier qui part d'ici (from local, qui n'est pas encore taggé) 
doit aller à la signature dkim
accept tagged !DKIM_OUT from local for any relay via smtp://127.0.0.1:10022 # 
send to dkimproxy

# le courrier signé par dki
listen on lo0  port 10023 tag DKIM_OUT

accept tagged DKIM_OUT for any relay

-- 
The file signature.asc is not attached to be read by you. It's a digital 
signature by GPG.
If you want to know why I use it, and why you should as well, you can read my 
article there:
http://www.22decembre.eu/2015/03/21/introduction-en

signature.asc
Description: This is a digitally signed message part.