On 24 Sep 11:33, Unicorn wrote:
> Hello everyone,
>
> I apologize in advance if these seem like a trivial question, I am
> quite new to this and the amount of config files and options is a
> little overwhelming. :)
>
> I am currently running three mailservers that each serve one domain
> with real user accounts, which is quite a pain to manage. I would like
> to instead have one server be the MX for all of my domains, with
> virtual users and their maildirs in a strucure like
> /home/vmail/domain/user/Maildir.
>
> In the process of writing my email I have written all my
> configurations to the best of my ability, but I would appreciate your
> feedback on any errors or suggestions for improvements, especially
> since I intend to eventually make this into a guide:
>
>
> ######## /etc/mail/smtpd.conf #######################################
> pki mx.maildomain.tld cert "/etc/ssl/mx.maildomain.tld.fullchain.pem"
> pki mx.maildomain.tld key "/etc/ssl/private/mx.maildomain.tld.key"
>
> # Junk filters, rspamd also for DKIM signing
> filter check_dyndns phase connect match rdns regex { '.*\.dyn\..*',
> '.*\.dsl\..*' } junk
> filter check_rdns phase connect match !rdns junk
> filter check_fcrdns phase connect match !fcrdns junk
> filter rspamd proc-exec "filter-rspamd"
>
> # Tables
> table aliases file:/etc/mail/custom_aliases
> table accounts file:/etc/mail/accounts
> table domains {firstdomain.tld, seconddomain.tld, maildomain.tld}
>
> # Listen for incoming mail and send through filters
> listen on all tls pki mail.regrow.earth filter { check_dyndns,
> check_rdns, check_fcrdns, rspamd }
>
> # Listen for, authenticate and DKIM-sign outgoing mail requests
> listen on all port submission tls-require pki mx.maildomain.tld auth
> <accounts> filter rspamd
>
> action "deliver_local" maildir
> /home/vmail/{%dest.domain}/{%dest.user}/Maildir junk alias <aliases>
> user vmail
> action "outbound" relay helo mx.maildomain.tld
>
I would suggest that you use lmtp for that - so one can use ham/spam with
dovecot to train rspamd.
action "domain1.tld" lmtp "/var/dovecot/lmtp" rcpt-to alias <domain1.tld>
action "domain2.tld" lmtp "/var/dovecot/lmtp" rcpt-to alias <domain2.tld>
> # Match incoming mail
> match from any for domain <domains> action "deliver_local"
> match for local action "deliver_local"
>
> # Match outgoing mail
> match from any auth for any action "outbound"
> match for any action "outbound"
> #####################################################################
>
>
> ######## /etc/dovecot/conf.d/10-auth.conf ###########################
> passdb {
> driver = passwd-file
> args = scheme=BLF-CRYPT /etc/mail/accounts
> }
> userdb {
> driver = static
> args = uid=vmail gid=vmail home=/home/vmail/%d/%u
> }
> #####################################################################
>
>
> ######## /etc/mail/accounts #########################################
> [email protected]:passwordhashfromsmtpctl
> [email protected]:passwordhashfromsmtpctl
> [email protected]:passwordhashfromsmtpctl
> #####################################################################
>
> Is it possible to combine virtual users with an alias table as I have
> in action "deliver_local"?
>
> Example entry in alias table:
> [email protected]: [email protected]
I guess you can't use an alias table but a table. That's why I have:
table domain1.tld file:/etc/mail/domain1.tld
table domain2.tld file:/etc/mail/domain2.tld
table domain3.tld file:/etc/mail/domain3.tld
and then e.g. in /etc/mail/domain1.tld:
user [email protected]
hostmaster [email protected]
>
> Will this deliver to the folder "contact" of [email protected]?
> In 'action "deliver_local"', is it correct to use {%dest.user} for
> this purpose?
>
>
> Also, how does dkim signing with rspamd work for multiple domains?
> Right now my /etc/rspamd/local.d/dkim-signing.conf looks like this:
>
> ##############################################################
> allow_username_mismatch = true;
>
> domain {
> firstdomain.tld {
> path = "/etc/mail/dkim/firstdomain.tld.key";
> selector = "blah";
> }
> }
> ##############################################################
>
> Will it work automatically by simply entering eg. 'seconddomain.tld
> {...}' with its respective keyfile and selector?
You need a current filter for that. I have:
filter "dkimsign" proc-exec "filter-dkimsign -d domain1.tld -d domain2.tld \
-d domain3.tld -s dkim_selector -k /etc/mail/dkim/dkim.key" \
user _dkimsign group _dkimsign
Note that you can specify the selector only once.
See: https://undeadly.org/cgi?action=article;sid=20200920073933
>
> Thanks a lot in advance, I appreciate any answers, even if incomplete!
> :)
>
> Best,
> Unicorn
>
>
>
>
>
--
wq: ~uw
