With some help from Andrew off-list, he provided a config that works for what
I'm trying to do. It's attached below. Hopefully all you'd need to do to
duplicate my success is search-and-replace example.com for your own primary
(FQDN) mail server domain name (as long as it's called mail.youdomain.com).
The secret is that there needs to be two tables -- one with a list of eMail
addresses to accept, and one that maps the accepted eMail addresses to a local
user mailbox.
I'd prefer if this was more streamlined, so I didn't need to maintain two
separate lists, but I'm sure I can script around it. Any refinements would be
greatly appreciated. :D
Thanks again Andrew!
# **********************************
# $OpenBSD: smtpd.conf,v 1.11 2018/06/04 21:10:58 jmc Exp $
# This is the smtpd server system-wide configuration file.
# See smtpd.conf(5) for more information.
table aliases file:/etc/mail/aliases
table domains db:/etc/mail/domains.db
table vusers_list file:/etc/mail/vusers_list
table vusers_map file:/etc/mail/vusers_map
action "local_mail" maildir junk alias <aliases>
action "vusers_deliver" maildir junk virtual <vusers_map>
action "outbound" relay helo mail.example.com
pki mail.example.com cert "/etc/ssl/mail.example.comfullchain.pem"
pki mail.example.com key "/etc/ssl/private/mail.example.com.key"
filter check_dyndns phase connect match rdns regex {
'.*\.dyn\..*','.*\.dsl\..*' } \
disconnect "550 you look like a spammer"
filter check_rdns phase connect match !rdns \
disconnect "550 you look like a spammer"
filter check_fcrdns phase connect match !fcrdns \
disconnect "550 you look like a spammer"
filter senderscore \
proc-exec "filter-senderscore -blockBelow 10 -junkBelow 70 -slowFactor 5000"
filter rspamd proc-exec "filter-rspamd"
listen on all tls pki mail.example.com \
filter { check_dyndns, check_rdns, check_fcrdns, senderscore, rspamd }
listen on all port submission tls-require pki mail.example.com auth filter
rspamd
match from any for domain "mail.example.com" action "local_mail"
match from any for domain <domains> rcpt-to <vusers_list> action
"vusers_deliver"
match for local action "local_mail"
match from any auth for any action "outbound"
match for any action "outbound"
