Hi,
at the moment I have 4 servers. 3 of them are rented VPSes and 1 is in
my basement.
On the rented ones I run opensmtpd. 1 of them (mx1) is a full fledged
setuo with opensmtpd, rspamd and dovecot. The other ones (mx2 and mx3)
act as backup MXes.
I want to move the full fledged server to the machine in my basement and
want to use mx1, mx2 and mx3 as smart hosts that accept mail for my
domains and forward it to the server in my basement. They also should
relay mail sent from this server. Perfect would be a setup where they'll
be used round robin.
At the moment my config looks like this
On mx1:
ext_if=vtnet0
pki mail.dblx.io cert "/usr/local/etc/ssl/mail.dblx.io/fullchain.pem"
pki mail.dblx.io key "/usr/local/etc/ssl/mail.dblx.io/privkey.pem"
pki mx1.dblx.io cert "/usr/local/etc/ssl/mx1.dblx.io/fullchain.pem"
pki mx1.dblx.io key "/usr/local/etc/ssl/mx1.dblx.io/privkey.pem"
smtp ciphers
"EDH+CAMELLIA:EDH+aRSA:EECDH+aRSA+AESGCM:EECDH+aRSA+SHA256:EECDH:+CAMELLIA128:+AES128:+SSLv3:!aNULL:!eNULL:!LOW:!3DES:!MD5:!EXP:!PSK:!DSS:!RC4:!SEED:!IDEA:!ECDSA:kEDH:CAMELLIA128-SHA:AES128-SHA"
srs key "<secret>"
# srs key backup "<secret2>"
filter "rdns" phase connect match !rdns junk
filter "fcrdns" phase connect match !fcrdns junk
filter "rspamd" proc-exec
"/usr/local/libexec/opensmtpd/opensmtpd-filter-rspamd"
table aliases file:/usr/local/mail/aliases
table domains file:/usr/local/mail/domains
table passwd passwd:/usr/local/mail/passwd
table virtuals file:/usr/local/mail/virtuals
# Inbound
listen on $ext_if port 25 tls pki "mx1.dblx.io" hostname mx1.dblx.io
filter { "rdns", "fcrdns", "rspamd" }
action "RECV" lmtp "/var/run/dovecot/lmtp" rcpt-to virtual <virtuals>
#action "RECV" lmtp "10.0.0.20:24" rcpt-to virtual <virtuals>
match from any for domain <domains> action "RECV"
# Outbound
listen on $ext_if port 465 smtps pki "mail.dblx.io" auth <passwd>
hostname mx1.dblx.io filter "rspamd"
listen on $ext_if port 587 tls-require pki "mail.dblx.io" auth
<passwd> hostname mx1.dblx.io filter "rspamd"
action "SEND" relay srs
match from any auth for any action "SEND"
On mx2:
ext_if=vtnet0
pki mx2.dblx.io cert "/usr/local/etc/ssl/mx2.dblx.io/fullchain.pem"
pki mx2.dblx.io key "/usr/local/etc/ssl/mx2.dblx.io/privkey.pem"
smtp ciphers
"EDH+CAMELLIA:EDH+aRSA:EECDH+aRSA+AESGCM:EECDH+aRSA+SHA256:EECDH:+CAMELLIA128:+AES128:+SS
Lv3:!aNULL:!eNULL:!LOW:!3DES:!MD5:!EXP:!PSK:!DSS:!RC4:!SEED:!IDEA:!ECDSA:kEDH:CAMELLIA128-SHA:AES128-S
HA"
srs key "<secret>"
# srs key backup "<secret2>"
table domains file:/usr/local/mail/domains
filter "rdns" phase connect match !rdns junk
filter "fcrdns" phase connect match !fcrdns junk
listen on $ext_if port 25 tls pki "mx2.dblx.io" hostname mx2.dblx.io
filter { "rdns", "fcrdns" }
action "forward" relay backup ttl 4d
match from any for domain <domains> action "forward"
The config for mx3 is the same as for mx2.
What are the nessessary bits to get my plan working? Must I run DKIM
signing at the sending host at home or at the mx that is used for sending?
Best regards
Chris
--
Christian Baer
E-Mail: [email protected]
Mobil: +49 160 969 769 37
Naheweinstr. 44, D-55450 Langenlonsheim
