Le 01/11/2018 à 10:19, Antonino Sidoti a écrit :
> Hi,
>
> I am planning the changeover to the new OpenSMTPD syntax and would like a
> sanity check on the configuration below please? My current (working)
> configuration is shown using the syntax for OpenBSD 6.3 plus my version of
> new syntax;
>
> #
> # OpenSMTPD v6.04 config
> #
>
> pki mail.stonyrange.com certificate "/etc/ssl/stonyrange.com.fullchain.pem"
> pki mail.stonyrange.com key "/etc/ssl/private/stonyrange.com.key"
>
> table aliases file:/etc/mail/aliases
> table vdomains file:/etc/mail/vdomains
> table vusers file:/etc/mail/vusers
> table passwd passwd:/etc/mail/passwd
>
> table blackhole { "@tiscali.it" }
>
> listen on lo0
> listen on lo0 port 10028 tag DKIM_OUT
> listen on egress port smtp tls pki mail.stonyrange.com auth-optional
> listen on egress port submission tls-require pki mail.stonyrange.com auth
>
>
> reject from any sender for any
>
> accept from local for local alias deliver to lmtp
> "/var/dovecot/lmtp" rcpt-to
> accept from any for domain virtual deliver to lmtp
> "/var/dovecot/lmtp" rcpt-to
> accept tagged DKIM_OUT for any relay
> accept from local for any relay via smtp://127.0.0.1:10027
>
> #
> # OpenSMTPD v6.4 config - *** NEW SYNTAX ***
> #
>
> pki mail.stonyrange.com cert "/etc/ssl/stonyrange.com.fullchain.pem"
> pki mail.stonyrange.com key "/etc/ssl/private/stonyrange.com.key"
>
> table aliases file:/etc/mail/aliases
> table vdomains file:/etc/mail/vdomains
> table vusers file:/etc/mail/vusers
> table passwd file:/etc/mail/passwd
>
> table blackhole { "@tiscali.it" }
>
> listen on lo0
> listen on lo0 port 10028 tag DKIM_OUT
> listen on egress port smtp tls pki mail.stonyrange.com auth-optional
> listen on egress port submission tls-require pki mail.stonyrange.com auth
>
>
> action a01 alias lmtp "/var/dovecot/lmtp" rcpt-to
> action a02 virtual lmtp "/var/dovecot/lmtp" rcpt-to
> action a03 relay host smtp://127.0.0.1:10027
>
> match from any mail-from for any reject
>
> match from local for local action a01
> match from any for domain action a02
> match tag DKIM_OUT for any action a03
Hum, I think you are having an issue here. If I read things correctly,
you would send to DKIM proxy mails coming from… DKIM proxy. Which are
none, since you never send any other mail to DKIM, so… And this goes
with the fact you are never relaying outside. ;)
Regards,
Bruno
signature.asc
Description: OpenPGP digital signature