With some help from Andrew off-list, he provided a config that works for what 
I'm trying to do.  It's attached below.  Hopefully all you'd need to do to 
duplicate my success is search-and-replace example.com for your own primary 
(FQDN) mail server domain name (as long as it's called mail.youdomain.com).

The secret is that there needs to be two tables -- one with a list of eMail 
addresses to accept, and one that maps the accepted eMail addresses to a local 
user mailbox.

I'd prefer if this was more streamlined, so I didn't need to maintain two 
separate lists, but I'm sure I can script around it.  Any refinements would be 
greatly appreciated.  :D

Thanks again Andrew! 

# **********************************
#       $OpenBSD: smtpd.conf,v 1.11 2018/06/04 21:10:58 jmc Exp $

# This is the smtpd server system-wide configuration file.
# See smtpd.conf(5) for more information.

table aliases file:/etc/mail/aliases
table domains db:/etc/mail/domains.db
table vusers_list file:/etc/mail/vusers_list
table vusers_map file:/etc/mail/vusers_map

action "local_mail" maildir junk alias <aliases>
action "vusers_deliver" maildir junk virtual <vusers_map>
action "outbound" relay helo mail.example.com

pki mail.example.com cert "/etc/ssl/mail.example.comfullchain.pem"
pki mail.example.com key "/etc/ssl/private/mail.example.com.key"

filter check_dyndns phase connect match rdns regex { 
'.*\.dyn\..*','.*\.dsl\..*' } \
    disconnect "550 you look like a spammer"

filter check_rdns phase connect match !rdns \
    disconnect "550 you look like a spammer"

filter check_fcrdns phase connect match !fcrdns \
    disconnect "550 you look like a spammer"

filter senderscore \
    proc-exec "filter-senderscore -blockBelow 10 -junkBelow 70 -slowFactor 5000"

filter rspamd proc-exec "filter-rspamd"

listen on all tls pki mail.example.com \
    filter { check_dyndns, check_rdns, check_fcrdns, senderscore, rspamd }

listen on all port submission tls-require pki mail.example.com auth filter 

match from any for domain "mail.example.com" action "local_mail"
match from any for domain <domains> rcpt-to <vusers_list> action 
match for local action "local_mail"

match from any auth for any action "outbound"
match for any action "outbound"

Reply via email to