Re: Hello everybody
On Sat Dec 17, 2022 at 11:16 AM CET, Chris Brannon wrote: > I suppose I should give my own introduction. I've been lurking here > for about two years now. In 2020, I replaced my postfix+spamassassin > setup with opensmtpd+rspamd. I got tired of feeling dread every time I > went to make changes to postfix config, which while not as inscrutable > as sendmail, is still pretty complicated. I've been a lot happier with > the new setup. Not quite the topic of the ML, but it's awesome that you founded the BLVUUG! I have also been lurking for two or three years, I will introduce myself too. I originally started using OpenSMTPD with the great guide on poolp.org from 2019, which was also pretty much the start of my server journey, starting with Debian, continuing to OpenBSD and finally settling on Alpine Linux. What has stayed the same is that I am using OpenSMTPD with Dovecot and Rspamd, and it has been a wonderfully stable and reliable setup with a tiny footprint. Thanks to Gilles for his fantastic guide and thanks to everybody else here for this great piece of software! :) Best, Edin PS - I also started a little blog to hopefully create similarly good guides for others who are starting out: https://regrow.earth gemini://regrow.earth
Re: Hello everybody
On Thu Dec 8, 2022 at 10:54 PM CET, Souji Thenria wrote: > Hey everybody, > > I just joined this mailing list, and want to use this opportunity to > introduce myself, as noted on the website :). > > I started to use OpenSMTPD (and with that OpenBSD) as mail server just > recently, and hope for some good discussions on this mailing list. > > Have a great day, evening or night, whatever time it is at your side of > the world now ;). > > -- > Souji Thenria Hello Souji, always happy to read introductions, and since nobody else replied, I will! Welcome to the list, and a good day/evening/night to you too! :) Best, Edin
Re: Simple virtual user setup with multiple domains
> No, it means that unless there is a more specific alias before, all
> those 4 aliases, whatever is the domain part amongst the domains you
> receive for, will be delivered to mainu...@maindomain.tld
> No, you need to deliver to vmail for all users, Dovecot will be
> responsible for placing emails into the right folders.
Now I got it to work and I understood the way it works finally!
Thank you Archange and Uwe for helping along the way, please let me
know if there is anything else you would change since I intend to make
a proper guide for this entire setup as it is pretty basic and
versatile. I don't want to recommend bad practices so please let me
know if there is something I should change.
For anybody else who may look at this in the future, here are the
relevant config files that I ended up with:
/etc/mail/smtpd.conf ##
pki mail.domain.tld cert "/etc/ssl/mail.domain.org.fullchain.pem"
pki mail.domain.tld key "/etc/ssl/private/mail.domain.tld.key"
# Junk filters, rspamd also for DKIM signing
filter check_dyndns phase connect match rdns regex { '.*\.dyn\..*',
'.*\.dsl\..*' } junk
filter check_rdns phase connect match !rdns junk
filter check_fcrdns phase connect match !fcrdns junk
filter rspamd proc-exec "filter-rspamd"
# Tables
table usermap file:/etc/mail/usermap
table credentials file:/etc/mail/credentials
table domains { domain.tld, second.tld, third.tld }
# Listen for incoming mail and send through filters
listen on all tls pki mail.domain.tld \
filter { check_dyndns, check_rdns, check_fcrdns, rspamd }
# Listen for, authenticate and DKIM-sign outgoing mail requests
listen on all port submission tls-require pki mail.domain.tld \
auth filter rspamd
action "inbound" lmtp "/var/dovecot/lmtp" rcpt-to virtual
action "outbound" relay helo mail.domain.tld
# Match incoming mail
match from any for domain action "inbound"
match for local action "inbound"
# Match outgoing mail
match from any auth for any action "outbound"
match for any action "outbound"
/etc/mail/usermap #
abuseadmin
hostmaster admin
postmaster admin
webmasteradmin
www admin
operator admin
security admin
root admin
contact admin
cl...@domain.tld admin
adminad...@domain.tld
ad...@domain.tld vmail
unic...@third.tldvmail
(This makes practically everything go to the inbox of ad...@domain.tld
with the exception of unic...@third.tld which also gets its own
inbox)
/etc/mail/credentials #
ad...@domain.tld:$2b$09$blahblahhashgoeshereblahblahhashgoeshere
cl...@domain.tld:$2b$09$blahblahhashgoeshereblahblahhashgoeshere
ad...@second.tld:$2b$09$blahblahhashgoeshereblahblahhashgoeshere
cont...@second.tld:$2b$09$blahblahhashgoeshereblahblahhashgoeshere
ad...@third.tld:$2b$09$blahblahhashgoeshereblahblahhashgoeshere
unic...@third.tld:$2b$09$blahblahhashgoeshereblahblahhashgoeshere
(Credentials are needed for every inbox and for every sender. In my
case only ad...@domain.tld and unic...@third.tld have inboxes, so the
others are just other identities that I can use to send emails from.)
/etc/rsmapd/local.d/dkim-signing.conf #
allow_username_mismatch = true;
domain {
domain.tld {
path = "/etc/mail/dkim/domain.tld.key";
selector = "selectorone";
}
second.tld {
path = "/etc/mail/dkim/second.tld.key";
selector = "selectortwo";
}
third.tld {
path = "/etc/mail/dkim/third.tld.key";
selector = "selectorthree";
}
}
(The allow_username_mismatch can probably be left out for this setup,
haven't tried yet though)
/etc/dovecot/dovecot.conf #
protocols = imap lmtp
/etc/dovecot/conf.d/10-auth.conf ##
passdb {
driver = passwd-file
args = scheme=CRYPT /etc/mail/credentials
}
userdb {
driver = static
args = uid=vmail gid=vmail home=/var/maildirs/%d/%n
}
/etc/dovecot/conf.d/10-mail.conf ##
mail_location = maildir:~/Maildir
/etc/dovecot/conf.d/10-ssl.conf #
Re: Simple virtual user setup with multiple domains
> You can use a virtual user table, but you will have to split your
> "deliver_local" table. As Uwe suggested, I would use lmtp for that:
>
> action "inbox" lmtp "/var/run/dovecot/lmtp" rcpt-to virtual
>
> In that case, vusers is defined here:
>
> table vusersfile:/etc/smtpd/vusers
>
> And its content:
>
> postmaster mainu...@maindomain.tld
> abuse mainu...@maindomain.tld
> rootmainu...@maindomain.tld
> contact mainu...@maindomain.tld
> mainu...@maindomain.tld vmail
> someotheru...@somedomain.tldvmail
> someal...@somedomain.tldmainu...@maindomain.tld
>
> And so on…
Thank you both Uwe and Archange for the pointer to lmtp, I was not
familiar with that!
I enabled lmtp according to what I read online by adding lmtp to the
protocols
Regarding the example contents of the vusers table you suggested
Archange, the first 4 lines would only ever be active for local mail,
correct? Would this eg. send the daily output and insecurity output to
mainu...@maindomain.tld?
Regarding the 5th and 6th line of your example table, wouldn't that
just deliver to the Maildir of the user vmail? Would there ever be a
case where I would want this? Just asking to confirm in case I do not
understand. :)
Lastly, if I map someal...@somedomain.tld to
mainuser+spec...@maindomain.tld, would it end up in the Maildir of
mainu...@maindomain.tld in the folder "special"? Or do I need to do
any extra configuration on the side of dovecot to make this happen?
> > ##
> > allow_username_mismatch = true;
> >
> > domain {
> > firstdomain.tld {
> > path = "/etc/mail/dkim/firstdomain.tld.key";
> > selector = "blah";
> > }
> > }
> > ##
> >
> > Will it work automatically by simply entering eg.
> > 'seconddomain.tld
> > {...}' with its respective keyfile and selector?
>
> Yes. And if you use sensible file names like me, you can even do
> this:
>
> path = "/etc/mail/dkim/$domain.$selector.key";
>
> Regards,
> Archange
I am glad to hear that this will work!
Since I assume that the users will now have to authenticate with their
full u...@domain.tld, can I remove 'allow_username_mismatch = true;'
from the config? Iirc it was necessary before because users would just
authenticate with their username.
Thank you for your patience with my many questions!
Best,
Unicorn
Simple virtual user setup with multiple domains
Hello everyone,
I apologize in advance if these seem like a trivial question, I am
quite new to this and the amount of config files and options is a
little overwhelming. :)
I am currently running three mailservers that each serve one domain
with real user accounts, which is quite a pain to manage. I would like
to instead have one server be the MX for all of my domains, with
virtual users and their maildirs in a strucure like
/home/vmail/domain/user/Maildir.
In the process of writing my email I have written all my
configurations to the best of my ability, but I would appreciate your
feedback on any errors or suggestions for improvements, especially
since I intend to eventually make this into a guide:
/etc/mail/smtpd.conf ###
pki mx.maildomain.tld cert "/etc/ssl/mx.maildomain.tld.fullchain.pem"
pki mx.maildomain.tld key "/etc/ssl/private/mx.maildomain.tld.key"
# Junk filters, rspamd also for DKIM signing
filter check_dyndns phase connect match rdns regex { '.*\.dyn\..*',
'.*\.dsl\..*' } junk
filter check_rdns phase connect match !rdns junk
filter check_fcrdns phase connect match !fcrdns junk
filter rspamd proc-exec "filter-rspamd"
# Tables
table aliases file:/etc/mail/custom_aliases
table accounts file:/etc/mail/accounts
table domains {firstdomain.tld, seconddomain.tld, maildomain.tld}
# Listen for incoming mail and send through filters
listen on all tls pki mail.regrow.earth filter { check_dyndns,
check_rdns, check_fcrdns, rspamd }
# Listen for, authenticate and DKIM-sign outgoing mail requests
listen on all port submission tls-require pki mx.maildomain.tld auth
filter rspamd
action "deliver_local" maildir
/home/vmail/{%dest.domain}/{%dest.user}/Maildir junk alias
user vmail
action "outbound" relay helo mx.maildomain.tld
# Match incoming mail
match from any for domain action "deliver_local"
match for local action "deliver_local"
# Match outgoing mail
match from any auth for any action "outbound"
match for any action "outbound"
#
/etc/dovecot/conf.d/10-auth.conf ###
passdb {
driver = passwd-file
args = scheme=BLF-CRYPT /etc/mail/accounts
}
userdb {
driver = static
args = uid=vmail gid=vmail home=/home/vmail/%d/%u
}
#
/etc/mail/accounts #
ad...@fistdomain.tld:passwordhashfromsmtpctl
ad...@seconddomain.tld:passwordhashfromsmtpctl
unic...@seconddomain.tld:passwordhashfromsmtpctl
#
Is it possible to combine virtual users with an alias table as I have
in action "deliver_local"?
Example entry in alias table:
cont...@firstdomain.tld: admin+cont...@firstdomain.tld
Will this deliver to the folder "contact" of ad...@firstdomain.tld?
In 'action "deliver_local"', is it correct to use {%dest.user} for
this purpose?
Also, how does dkim signing with rspamd work for multiple domains?
Right now my /etc/rspamd/local.d/dkim-signing.conf looks like this:
##
allow_username_mismatch = true;
domain {
firstdomain.tld {
path = "/etc/mail/dkim/firstdomain.tld.key";
selector = "blah";
}
}
##
Will it work automatically by simply entering eg. 'seconddomain.tld
{...}' with its respective keyfile and selector?
Thanks a lot in advance, I appreciate any answers, even if incomplete!
:)
Best,
Unicorn
Re: Sort to different maildir subdirs based on recipient address?
> You have two methods to achieve what you want: > > 1- use a smarter mda, such as `fdm`, which allows you to specify > where mails are supposed to be delivrered based on rules. in this > case, you would simply have a rule that recipient address blog@ > should land in .Blog I would like to try to stick to just smtpd, don't want to get in over my head with too many moving parts that I don't understand :) > 2- alias blog to admin+blog instead of admin, this way when smtpd > extracts email extension, it will check if a .blog folder exists and > deliver there if exists but this is more limited that a real > classification. I did not know that was possible, thank you! I tested it and it does exactly what I need it to, so I will go with this solution for now. Have a great day, Unicorn PS: I also wanted to say thanks for your awesome guide on setting up smtpd with rspamd and dovecot, it has helped me immensely and I actually massively appreciate the details that others may find trivial. It really helps as a beginner, I wish more people with your knowledge made such excellent guides to make these topics more accessible and understandable. :)
Sort to different maildir subdirs based on recipient address?
Hello everyone, I am a newbie to mail in general and opensmtpd in particular and I am currently trying to figure out how to sort mail to various subdirs of the maildir based on the address that an email was sent to. So basically, this is my intended setup: 1. Somebody sends email to b...@mydomain.org 2. "blog" is an alias that forwards to a real "admin" account 3. In the maildir of "admin", the email goes to a subdir called "blog" I looked through the the smtpd.conf(5) manpage and found the "match action" directive, my thought was something like this: action "sort_to_folder" maildir "~/Maildir/.Blog" alias match for rcpt-to "b...@mydomain.org" action "sort_to_folder" But I found that with this setup, junk will not get removed, and if I add "junk" after the custom directory, I believe it will end up in "~/Maildir/.Blog/.Junk" instead of "~/Maildir/.Junk". Is there a more elegant/smart solution that I am missing? I would be happy to learn from you. :) Best, Unicorn
