Re: Simple virtual user setup with multiple domains
On 26 Sep 15:03, Unicorn wrote:
> > No, it means that unless there is a more specific alias before, all
> > those 4 aliases, whatever is the domain part amongst the domains you
> > receive for, will be delivered to mainu...@maindomain.tld
>
> > No, you need to deliver to vmail for all users, Dovecot will be
> > responsible for placing emails into the right folders.
>
> Now I got it to work and I understood the way it works finally!
> Thank you Archange and Uwe for helping along the way, please let me
> know if there is anything else you would change since I intend to make
> a proper guide for this entire setup as it is pretty basic and
> versatile. I don't want to recommend bad practices so please let me
> know if there is something I should change.
>
> For anybody else who may look at this in the future, here are the
> relevant config files that I ended up with:
>
> /etc/mail/smtpd.conf ##
> pki mail.domain.tld cert "/etc/ssl/mail.domain.org.fullchain.pem"
> pki mail.domain.tld key "/etc/ssl/private/mail.domain.tld.key"
>
> # Junk filters, rspamd also for DKIM signing
> filter check_dyndns phase connect match rdns regex { '.*\.dyn\..*',
> '.*\.dsl\..*' } junk
> filter check_rdns phase connect match !rdns junk
> filter check_fcrdns phase connect match !fcrdns junk
> filter rspamd proc-exec "filter-rspamd"
>
> # Tables
> table usermap file:/etc/mail/usermap
> table credentials file:/etc/mail/credentials
> table domains { domain.tld, second.tld, third.tld }
>
> # Listen for incoming mail and send through filters
> listen on all tls pki mail.domain.tld \
> filter { check_dyndns, check_rdns, check_fcrdns, rspamd }
>
> # Listen for, authenticate and DKIM-sign outgoing mail requests
> listen on all port submission tls-require pki mail.domain.tld \
> auth filter rspamd
>
> action "inbound" lmtp "/var/dovecot/lmtp" rcpt-to virtual
> action "outbound" relay helo mail.domain.tld
>
> # Match incoming mail
> match from any for domain action "inbound"
> match for local action "inbound"
>
> # Match outgoing mail
> match from any auth for any action "outbound"
> match for any action "outbound"
>
>
> /etc/mail/usermap #
> abuseadmin
> hostmaster admin
> postmaster admin
> webmasteradmin
> www admin
> operator admin
> security admin
> root admin
> contact admin
>
> cl...@domain.tld admin
>
> adminad...@domain.tld
>
> ad...@domain.tld vmail
> unic...@third.tldvmail
>
> (This makes practically everything go to the inbox of ad...@domain.tld
> with the exception of unic...@third.tld which also gets its own
> inbox)
>
> /etc/mail/credentials #
> ad...@domain.tld:$2b$09$blahblahhashgoeshereblahblahhashgoeshere
> cl...@domain.tld:$2b$09$blahblahhashgoeshereblahblahhashgoeshere
> ad...@second.tld:$2b$09$blahblahhashgoeshereblahblahhashgoeshere
> cont...@second.tld:$2b$09$blahblahhashgoeshereblahblahhashgoeshere
> ad...@third.tld:$2b$09$blahblahhashgoeshereblahblahhashgoeshere
> unic...@third.tld:$2b$09$blahblahhashgoeshereblahblahhashgoeshere
>
> (Credentials are needed for every inbox and for every sender. In my
> case only ad...@domain.tld and unic...@third.tld have inboxes, so the
> others are just other identities that I can use to send emails from.)
>
> /etc/rsmapd/local.d/dkim-signing.conf #
> allow_username_mismatch = true;
> domain {
> domain.tld {
> path = "/etc/mail/dkim/domain.tld.key";
> selector = "selectorone";
> }
> second.tld {
> path = "/etc/mail/dkim/second.tld.key";
> selector = "selectortwo";
> }
> third.tld {
> path = "/etc/mail/dkim/third.tld.key";
> selector = "selectorthree";
> }
> }
>
> (The allow_username_mismatch can probably be left out for this setup,
> haven't tried yet though)
>
> /etc/dovecot/dovecot.conf #
> protocols = imap lmtp
>
>
> /etc/dovecot/conf.d/10-auth.conf ##
> passdb {
> driver = passwd-file
> args = scheme=CRYPT /etc/mail/credentials
> }
> userdb {
> driver = static
> args = uid=vmail gid=vmail home=/var/maildirs/%d/%n
> }
>
Re: Simple virtual user setup with multiple domains
> No, it means that unless there is a more specific alias before, all
> those 4 aliases, whatever is the domain part amongst the domains you
> receive for, will be delivered to mainu...@maindomain.tld
> No, you need to deliver to vmail for all users, Dovecot will be
> responsible for placing emails into the right folders.
Now I got it to work and I understood the way it works finally!
Thank you Archange and Uwe for helping along the way, please let me
know if there is anything else you would change since I intend to make
a proper guide for this entire setup as it is pretty basic and
versatile. I don't want to recommend bad practices so please let me
know if there is something I should change.
For anybody else who may look at this in the future, here are the
relevant config files that I ended up with:
/etc/mail/smtpd.conf ##
pki mail.domain.tld cert "/etc/ssl/mail.domain.org.fullchain.pem"
pki mail.domain.tld key "/etc/ssl/private/mail.domain.tld.key"
# Junk filters, rspamd also for DKIM signing
filter check_dyndns phase connect match rdns regex { '.*\.dyn\..*',
'.*\.dsl\..*' } junk
filter check_rdns phase connect match !rdns junk
filter check_fcrdns phase connect match !fcrdns junk
filter rspamd proc-exec "filter-rspamd"
# Tables
table usermap file:/etc/mail/usermap
table credentials file:/etc/mail/credentials
table domains { domain.tld, second.tld, third.tld }
# Listen for incoming mail and send through filters
listen on all tls pki mail.domain.tld \
filter { check_dyndns, check_rdns, check_fcrdns, rspamd }
# Listen for, authenticate and DKIM-sign outgoing mail requests
listen on all port submission tls-require pki mail.domain.tld \
auth filter rspamd
action "inbound" lmtp "/var/dovecot/lmtp" rcpt-to virtual
action "outbound" relay helo mail.domain.tld
# Match incoming mail
match from any for domain action "inbound"
match for local action "inbound"
# Match outgoing mail
match from any auth for any action "outbound"
match for any action "outbound"
/etc/mail/usermap #
abuseadmin
hostmaster admin
postmaster admin
webmasteradmin
www admin
operator admin
security admin
root admin
contact admin
cl...@domain.tld admin
adminad...@domain.tld
ad...@domain.tld vmail
unic...@third.tldvmail
(This makes practically everything go to the inbox of ad...@domain.tld
with the exception of unic...@third.tld which also gets its own
inbox)
/etc/mail/credentials #
ad...@domain.tld:$2b$09$blahblahhashgoeshereblahblahhashgoeshere
cl...@domain.tld:$2b$09$blahblahhashgoeshereblahblahhashgoeshere
ad...@second.tld:$2b$09$blahblahhashgoeshereblahblahhashgoeshere
cont...@second.tld:$2b$09$blahblahhashgoeshereblahblahhashgoeshere
ad...@third.tld:$2b$09$blahblahhashgoeshereblahblahhashgoeshere
unic...@third.tld:$2b$09$blahblahhashgoeshereblahblahhashgoeshere
(Credentials are needed for every inbox and for every sender. In my
case only ad...@domain.tld and unic...@third.tld have inboxes, so the
others are just other identities that I can use to send emails from.)
/etc/rsmapd/local.d/dkim-signing.conf #
allow_username_mismatch = true;
domain {
domain.tld {
path = "/etc/mail/dkim/domain.tld.key";
selector = "selectorone";
}
second.tld {
path = "/etc/mail/dkim/second.tld.key";
selector = "selectortwo";
}
third.tld {
path = "/etc/mail/dkim/third.tld.key";
selector = "selectorthree";
}
}
(The allow_username_mismatch can probably be left out for this setup,
haven't tried yet though)
/etc/dovecot/dovecot.conf #
protocols = imap lmtp
/etc/dovecot/conf.d/10-auth.conf ##
passdb {
driver = passwd-file
args = scheme=CRYPT /etc/mail/credentials
}
userdb {
driver = static
args = uid=vmail gid=vmail home=/var/maildirs/%d/%n
}
/etc/dovecot/conf.d/10-mail.conf ##
mail_location = maildir:~/Maildir
/etc/dovecot/conf.d/10-ssl.conf
