Hi,

at the moment I have 4 servers. 3 of them are rented VPSes and 1 is in my basement.

On the rented ones I run opensmtpd. 1 of them (mx1) is a full fledged setuo with opensmtpd, rspamd and dovecot. The other ones (mx2 and mx3) act as backup MXes.

I want to move the full fledged server to the machine in my basement and want to use mx1, mx2 and mx3 as smart hosts that accept mail for my domains and forward it to the server in my basement. They also should relay mail sent from this server. Perfect would be a setup where they'll be used round robin.

At the moment my config looks like this


On mx1:

   ext_if=vtnet0

   pki mail.dblx.io cert "/usr/local/etc/ssl/mail.dblx.io/fullchain.pem"
   pki mail.dblx.io key "/usr/local/etc/ssl/mail.dblx.io/privkey.pem"

   pki mx1.dblx.io cert "/usr/local/etc/ssl/mx1.dblx.io/fullchain.pem"
   pki mx1.dblx.io key "/usr/local/etc/ssl/mx1.dblx.io/privkey.pem"

   smtp ciphers
   
"EDH+CAMELLIA:EDH+aRSA:EECDH+aRSA+AESGCM:EECDH+aRSA+SHA256:EECDH:+CAMELLIA128:+AES128:+SSLv3:!aNULL:!eNULL:!LOW:!3DES:!MD5:!EXP:!PSK:!DSS:!RC4:!SEED:!IDEA:!ECDSA:kEDH:CAMELLIA128-SHA:AES128-SHA"

   srs key "<secret>"
   # srs key backup "<secret2>"

   filter "rdns" phase connect match !rdns junk
   filter "fcrdns" phase connect match !fcrdns junk
   filter "rspamd" proc-exec
   "/usr/local/libexec/opensmtpd/opensmtpd-filter-rspamd"

   table aliases file:/usr/local/mail/aliases
   table domains file:/usr/local/mail/domains
   table passwd passwd:/usr/local/mail/passwd
   table virtuals file:/usr/local/mail/virtuals

   # Inbound
   listen on $ext_if port 25 tls pki "mx1.dblx.io" hostname mx1.dblx.io
   filter { "rdns", "fcrdns", "rspamd" }

   action "RECV" lmtp "/var/run/dovecot/lmtp" rcpt-to virtual <virtuals>
   #action "RECV" lmtp "10.0.0.20:24" rcpt-to virtual <virtuals>
   match from any for domain <domains> action "RECV"

   # Outbound
   listen on $ext_if port 465 smtps pki "mail.dblx.io" auth <passwd>
   hostname mx1.dblx.io filter "rspamd"
   listen on $ext_if port 587 tls-require pki "mail.dblx.io" auth
   <passwd> hostname mx1.dblx.io filter "rspamd"
   action "SEND" relay srs
   match from any auth for any action "SEND"


On mx2:

   ext_if=vtnet0

   pki mx2.dblx.io cert "/usr/local/etc/ssl/mx2.dblx.io/fullchain.pem"
   pki mx2.dblx.io key "/usr/local/etc/ssl/mx2.dblx.io/privkey.pem"

   smtp ciphers
   
"EDH+CAMELLIA:EDH+aRSA:EECDH+aRSA+AESGCM:EECDH+aRSA+SHA256:EECDH:+CAMELLIA128:+AES128:+SS
   
Lv3:!aNULL:!eNULL:!LOW:!3DES:!MD5:!EXP:!PSK:!DSS:!RC4:!SEED:!IDEA:!ECDSA:kEDH:CAMELLIA128-SHA:AES128-S
   HA"

   srs key "<secret>"
   # srs key backup "<secret2>"

   table domains file:/usr/local/mail/domains

   filter "rdns" phase connect match !rdns junk
   filter "fcrdns" phase connect match !fcrdns junk

   listen on $ext_if port 25 tls pki "mx2.dblx.io" hostname mx2.dblx.io
   filter { "rdns", "fcrdns" }

   action "forward" relay backup ttl 4d
   match from any for domain <domains> action "forward"


The config for mx3 is the same as for mx2.


What are the nessessary bits to get my plan working? Must I run DKIM signing at the sending host at home or at the mx that is used for sending?


Best regards

Chris

--
Christian Baer

E-Mail: ch...@debilux.org
Mobil: +49 160 969 769 37

Naheweinstr. 44, D-55450 Langenlonsheim

Reply via email to