On 26 Sep 15:03, Unicorn wrote: > > No, it means that unless there is a more specific alias before, all > > those 4 aliases, whatever is the domain part amongst the domains you > > receive for, will be delivered to [email protected] > > > No, you need to deliver to vmail for all users, Dovecot will be > > responsible for placing emails into the right folders. > > Now I got it to work and I understood the way it works finally! > Thank you Archange and Uwe for helping along the way, please let me > know if there is anything else you would change since I intend to make > a proper guide for this entire setup as it is pretty basic and > versatile. I don't want to recommend bad practices so please let me > know if there is something I should change. > > For anybody else who may look at this in the future, here are the > relevant config files that I ended up with: > > #### /etc/mail/smtpd.conf ########################################## > pki mail.domain.tld cert "/etc/ssl/mail.domain.org.fullchain.pem" > pki mail.domain.tld key "/etc/ssl/private/mail.domain.tld.key" > > # Junk filters, rspamd also for DKIM signing > filter check_dyndns phase connect match rdns regex { '.*\.dyn\..*', > '.*\.dsl\..*' } junk > filter check_rdns phase connect match !rdns junk > filter check_fcrdns phase connect match !fcrdns junk > filter rspamd proc-exec "filter-rspamd" > > # Tables > table usermap file:/etc/mail/usermap > table credentials file:/etc/mail/credentials > table domains { domain.tld, second.tld, third.tld } > > # Listen for incoming mail and send through filters > listen on all tls pki mail.domain.tld \ > filter { check_dyndns, check_rdns, check_fcrdns, rspamd } > > # Listen for, authenticate and DKIM-sign outgoing mail requests > listen on all port submission tls-require pki mail.domain.tld \ > auth <credentials> filter rspamd > > action "inbound" lmtp "/var/dovecot/lmtp" rcpt-to virtual <usermap> > action "outbound" relay helo mail.domain.tld > > # Match incoming mail > match from any for domain <domains> action "inbound" > match for local action "inbound" > > # Match outgoing mail > match from any auth for any action "outbound" > match for any action "outbound" > #################################################################### > > #### /etc/mail/usermap ############################################# > abuse admin > hostmaster admin > postmaster admin > webmaster admin > www admin > operator admin > security admin > root admin > contact admin > > [email protected] admin > > admin [email protected] > > [email protected] vmail > [email protected] vmail > #################################################################### > (This makes practically everything go to the inbox of [email protected] > with the exception of [email protected] which also gets its own > inbox) > > #### /etc/mail/credentials ######################################### > [email protected]:$2b$09$blahblahhashgoeshereblahblahhashgoeshere > [email protected]:$2b$09$blahblahhashgoeshereblahblahhashgoeshere > [email protected]:$2b$09$blahblahhashgoeshereblahblahhashgoeshere > [email protected]:$2b$09$blahblahhashgoeshereblahblahhashgoeshere > [email protected]:$2b$09$blahblahhashgoeshereblahblahhashgoeshere > [email protected]:$2b$09$blahblahhashgoeshereblahblahhashgoeshere > #################################################################### > (Credentials are needed for every inbox and for every sender. In my > case only [email protected] and [email protected] have inboxes, so the > others are just other identities that I can use to send emails from.) > > #### /etc/rsmapd/local.d/dkim-signing.conf ######################### > allow_username_mismatch = true; > domain { > domain.tld { > path = "/etc/mail/dkim/domain.tld.key"; > selector = "selectorone"; > } > second.tld { > path = "/etc/mail/dkim/second.tld.key"; > selector = "selectortwo"; > } > third.tld { > path = "/etc/mail/dkim/third.tld.key"; > selector = "selectorthree"; > } > } > #################################################################### > (The allow_username_mismatch can probably be left out for this setup, > haven't tried yet though) > > #### /etc/dovecot/dovecot.conf ##################################### > protocols = imap lmtp > #################################################################### > > #### /etc/dovecot/conf.d/10-auth.conf ############################## > passdb { > driver = passwd-file > args = scheme=CRYPT /etc/mail/credentials > } > userdb { > driver = static > args = uid=vmail gid=vmail home=/var/maildirs/%d/%n > } > #################################################################### > > #### /etc/dovecot/conf.d/10-mail.conf ############################## > mail_location = maildir:~/Maildir > #################################################################### > > #### /etc/dovecot/conf.d/10-ssl.conf ############################### > ssl_cert = </etc/ssl/mail.domain.tld.fullchain.pem > ssl_key = </etc/ssl/private/mail.domain.tld.key > #################################################################### > > #### /etc/dovecot/conf.d/15-mailboxes.conf ######################### > namespace inbox { > mailbox Drafts { > auto = subscribe > special_use = \Drafts > } > mailbox Archive { > auto = subscribe > special_use = \Archive > } > mailbox Junk { > auto = subscribe > special_use = \Junk > } > mailbox Trash { > auto = subscribe > special_use = \Trash > } > mailbox Sent { > auto = subscribe > special_use = \Sent > } > mailbox "Sent Messages" { > special_use = \Sent > } > } > #################################################################### > > And that is it as far as mail-related config files go. :) > I will also look into sieve rules further, thanks for the pointer > Archange. > > Best, > Unicorn > >
Hi, looks ok for me after the first view. I suggest reading https://doc.dovecot.org/configuration_manual/howto/antispam_with_sieve/. pkg_add dovecot-pigeonhole The files for OpenBSD are then located here: ls -la /usr/local/lib/dovecot/sieve/ total 168 drwxr-xr-x 2 root wheel 512 Aug 27 13:17 . drwxr-xr-x 8 root wheel 3072 Sep 26 02:03 .. -rw-r--r-- 1 root bin 53896 Aug 26 13:05 lib90_sieve_extprograms_plugin.so -rw-r--r-- 1 root bin 11344 Aug 26 13:05 lib90_sieve_imapsieve_plugin.so -rw-r--r-- 1 root wheel 314 Jul 25 20:56 report-ham.sieve -rw-r--r-- 1 root wheel 456 Jul 25 20:59 report-ham.svbin -rw-r--r-- 1 root wheel 199 Jul 25 20:57 report-spam.sieve -rw-r--r-- 1 root wheel 358 Jul 25 20:59 report-spam.svbin -rwxr-xr-x 1 root wheel 88 Jul 31 14:46 sa-learn-ham.sh -rwxr-xr-x 1 root wheel 89 Jul 31 14:10 sa-learn-spam.sh You usually only have to adopt the sh scripts like described in the docu: cat /usr/local/lib/dovecot/sieve/sa-learn-ham.sh #!/bin/sh exec /usr/local/bin/rspamc -h /var/run/rspamd/rspamd.sock -d "${1}" learn_ham cat /usr/local/lib/dovecot/sieve/sa-learn-spam.sh #!/bin/sh exec /usr/local/bin/rspamc -h /var/run/rspamd/rspamd.sock -d "${1}" learn_spam Works for me like a charm. If your rspamd is not at the same machine you have to change it to use http instead of the local socket and adjust rspamd to accept the calls. I have the RoundCube plugin as mailapp in NextCloud running. There's a simple and nice sieve editor for users included. -- wq: ~uw
