Hello. I have just updated to 6.4 and afraid of making mistakes on mail
server. Please look at my conf:
pki kasakoff.net cert "/etc/ssl/kasakoff.net.fullchain.pem"
pki kasakoff.net key "/etc/ssl/private/kasakoff.net.key"
listen on lo0
listen on lo port 10028 tag DKIM
listen on egress inet4 tls pki kasakoff.net auth-optional
listen on egress inet4 port submission tls pki kasakoff.net auth
table aliases file:/etc/mail/aliases
table domains { kasakoff.net, koskina.ru }
action "mbox" mbox alias <aliases>
action "mda" mda "/usr/local/bin/procmail" alias <aliases>
action "relay" relay
action "relay_dkim" relay host smtp://127.0.0.1:10027
match for local action "mbox"
match from any for domain <domains> action "mda"
match tag DKIM for any action "relay"
match auth from any for any action "relay_dkim"
smtp max-message-size 100M
This is my logic:
1) I need to put messages from local system to local user mboxes.
2) Next I want all mails to kasakoff.net and koskina.ru be delivered to
procmail.
3) Last two matches is for dkim. I want to sign unsigned mails before
they are send to external servers.
My questions are:
I noticed that "from any" in second match is required? without it smtpd
answer "invalid recipient"
Again, in 4th match, "from any" is required too, without it i can't send
mail anywhere.
But as I can see, in third match "from any" is not required, dkim signed
messages are relaying successfully.
Also "from any" is not required in first match rule?
Why is that so?
Second, how can I limit mta to use only ipv4? in 6.3 there was line
"limit mta inet4"
And third. Is my config composed correctly?
May be this is more secure to change 4th match to
"match auth from domain <domains> for any action "relay_dkim""?
For example, if user be compromised, this will prevent spammer to send
mails from random sender, am I right? Will this work?
P.S.
Thank you in advance for your response! Also thank's to all developers
for job you doing! OpenBSD is best system ever created!