Hello all. I just upgraded to OpenBSD 6.4 with OpenSMTPD 6.4.
The previous configuration file was built according to : http://technoquarter.blogspot.com/ https://frozen-geek.net/openbsd-email-server-1/ It works and seems to respect the objectives : Incoming mail: pf -> relay to spamd -> send to opensmtpd on lo0 -> relay untagged mail to clamsmtpd on port 10025 -> relay to clamd on port 3310 -> return to clamsmtpd -> return to opensmtpd on lo0 port 10026 and tag it CLAM_IN -> -relay tagged CLAM_IN mail to spampd on port 10035 -> run it through SpamAssassin -> return to opensmtpd on lo0 port 10036 and tag it SPAM_IN -> deliver to dovecot/lmtp Outoing mail: opensmtpd on lo0 -> relay untagged mail to clamsmtpd on port 10027 -> relay to clamd on port 3310 -> return to clamsmtpd -> return to opensmtpd on lo0 port 10028 and tag it CLAM_OUT -> relay to dkimproxy on port 10029 -> add DKIM headers -> return to opensmtpd on lo0 port 10030 and tag it DKIM_OUT -> relay out However, maybe the rules are too permissive. Please could you provide feedback in this way ? Thanks. Olivier. Prerequisities : opensmtpd-extras-201703132115p1 opensmtpd-extras-pgsql-201703132115p1 ################################################### # # ## See smtpd.conf(5) for more information. # # # ################################################### # ## Queue compression queue compression queue encryption encryptedkey ################################################### # ## Define PKI # pki mailsrv.domain.tld key "/some/where/private/srv.domain.tld.key" pki mailsrv.domain.tld cert "/some/where/srv.domain.tld.crt" ################################################### # ## Define Table # table aliases db:/etc/mail/aliases.db table vdomains postgres:/etc/mail/pgsql.conf table passwd postgres:/etc/mail/pgsql.conf table valiases postgres:/etc/mail/pgsql.conf ## Options # smtp max-message-size 50M ################################################### # ## Declare interface : treatment depends from the flow (&port) # # Manage flow listen on lo0 listen on lo0 port 10026 tag CLAM_IN # incoming email to deliver(from spampd) listen on lo0 port 10028 tag CLAM_OUT # outgoing email to DKIM listen on lo0 port 10036 tag SPAM_IN # incoming email to deliver listen on lo0 port 10030 tag DKIM_OUT # outgoing email to another MTA # # Inbound listen on egress tls pki srv.domain.tld auth-optional <passwd> listen on egress smtps srv.domain.tld auth <passwd> listen on egress port submission tls-require pki srv.domain.tld auth <passwd> ############################################## # ## Define actions # action "local" mbox alias <aliases> action "relay" relay action deliver lmtp "/var/dovecot/lmtp" rcpt-to virtual <valiases> #deliver via lmtp action to-spampd relay host smtp://127.0.0.1:10035 # to spampd action to-dkim_out relay host smtp://127.0.0.1:10029 # send to dkimproxy_out action to-clamd_out relay host smtp://127.0.0.1:10027 # send to clamd via clamsmtpd_out action to-clamd_in relay host smtp://127.0.0.1:10025 # send to clamd via clamsmtpd_in # ## Manage flows (match and) # # Allow to deliver match for local action "local" # Tagged mail returned from DKIM match tag DKIM_OUT for any action "relay" match auth from any for any action to-dkim_out # tagged mail returned from spampd deliver to maildir match tag SPAM_IN for domain <vdomains> action deliver match for any action to-spampd # tagged mail returned from clamsmtp either send to spampd or dkimproxy_out match tag CLAM_IN for any action to-spampd match tag CLAM_OUT for any action to-dkim_out # Start here (inbound) match from any for domain <vdomains> action to-clamd_in match from local for any action to-clamd_out -- You received this mail because you are subscribed to misc@opensmtpd.org To unsubscribe, send a mail to: misc+unsubscr...@opensmtpd.org