Hi there,
Le 24/09/2020 à 13:33, Unicorn a écrit :
> Hello everyone,
>
> I apologize in advance if these seem like a trivial question, I am
> quite new to this and the amount of config files and options is a
> little overwhelming. :)
>
> I am currently running three mailservers that each serve one domain
> with real user accounts, which is quite a pain to manage. I would like
> to instead have one server be the MX for all of my domains, with
> virtual users and their maildirs in a strucure like
> /home/vmail/domain/user/Maildir.
>
> In the process of writing my email I have written all my
> configurations to the best of my ability, but I would appreciate your
> feedback on any errors or suggestions for improvements, especially
> since I intend to eventually make this into a guide:
>
>
> ######## /etc/mail/smtpd.conf #######################################
> pki mx.maildomain.tld cert "/etc/ssl/mx.maildomain.tld.fullchain.pem"
> pki mx.maildomain.tld key "/etc/ssl/private/mx.maildomain.tld.key"
>
> # Junk filters, rspamd also for DKIM signing
> filter check_dyndns phase connect match rdns regex { '.*\.dyn\..*',
> '.*\.dsl\..*' } junk
> filter check_rdns phase connect match !rdns junk
> filter check_fcrdns phase connect match !fcrdns junk
> filter rspamd proc-exec "filter-rspamd"
>
> # Tables
> table aliases file:/etc/mail/custom_aliases
> table accounts file:/etc/mail/accounts
> table domains {firstdomain.tld, seconddomain.tld, maildomain.tld}
>
> # Listen for incoming mail and send through filters
> listen on all tls pki mail.regrow.earth filter { check_dyndns,
> check_rdns, check_fcrdns, rspamd }
>
> # Listen for, authenticate and DKIM-sign outgoing mail requests
> listen on all port submission tls-require pki mx.maildomain.tld auth
> <accounts> filter rspamd
>
> action "deliver_local" maildir
> /home/vmail/{%dest.domain}/{%dest.user}/Maildir junk alias <aliases>
> user vmail
> action "outbound" relay helo mx.maildomain.tld
>
> # Match incoming mail
> match from any for domain <domains> action "deliver_local"
> match for local action "deliver_local"
>
> # Match outgoing mail
> match from any auth for any action "outbound"
> match for any action "outbound"
> #####################################################################
>
>
> ######## /etc/dovecot/conf.d/10-auth.conf ###########################
> passdb {
> driver = passwd-file
> args = scheme=BLF-CRYPT /etc/mail/accounts
> }
> userdb {
> driver = static
> args = uid=vmail gid=vmail home=/home/vmail/%d/%u
> }
> #####################################################################
>
>
> ######## /etc/mail/accounts #########################################
> ad...@fistdomain.tld:passwordhashfromsmtpctl
> ad...@seconddomain.tld:passwordhashfromsmtpctl
> unic...@seconddomain.tld:passwordhashfromsmtpctl
> #####################################################################
>
> Is it possible to combine virtual users with an alias table as I have
> in action "deliver_local"?
>
> Example entry in alias table:
> cont...@firstdomain.tld: admin+cont...@firstdomain.tld
>
> Will this deliver to the folder "contact" of ad...@firstdomain.tld?
> In 'action "deliver_local"', is it correct to use {%dest.user} for
> this purpose?
You can use a virtual user table, but you will have to split your
"deliver_local" table. As Uwe suggested, I would use lmtp for that:
action "inbox" lmtp "/var/run/dovecot/lmtp" rcpt-to virtual <vusers>
In that case, vusers is defined here:
table vusers file:/etc/smtpd/vusers
And its content:
postmaster mainu...@maindomain.tld
abuse mainu...@maindomain.tld
root mainu...@maindomain.tld
contact mainu...@maindomain.tld
mainu...@maindomain.tld vmail
someotheru...@somedomain.tld vmail
someal...@somedomain.tld mainu...@maindomain.tld
And so on…
> Also, how does dkim signing with rspamd work for multiple domains?
> Right now my /etc/rspamd/local.d/dkim-signing.conf looks like this:
>
> ##############################################################
> allow_username_mismatch = true;
>
> domain {
> firstdomain.tld {
> path = "/etc/mail/dkim/firstdomain.tld.key";
> selector = "blah";
> }
> }
> ##############################################################
>
> Will it work automatically by simply entering eg. 'seconddomain.tld
> {...}' with its respective keyfile and selector?
Yes. And if you use sensible file names like me, you can even do this:
path = "/etc/mail/dkim/$domain.$selector.key";
Regards,
Archange
