Re: Simple virtual user setup with multiple domains
On 26 Sep 15:03, Unicorn wrote: > > No, it means that unless there is a more specific alias before, all > > those 4 aliases, whatever is the domain part amongst the domains you > > receive for, will be delivered to mainu...@maindomain.tld > > > No, you need to deliver to vmail for all users, Dovecot will be > > responsible for placing emails into the right folders. > > Now I got it to work and I understood the way it works finally! > Thank you Archange and Uwe for helping along the way, please let me > know if there is anything else you would change since I intend to make > a proper guide for this entire setup as it is pretty basic and > versatile. I don't want to recommend bad practices so please let me > know if there is something I should change. > > For anybody else who may look at this in the future, here are the > relevant config files that I ended up with: > > /etc/mail/smtpd.conf ## > pki mail.domain.tld cert "/etc/ssl/mail.domain.org.fullchain.pem" > pki mail.domain.tld key "/etc/ssl/private/mail.domain.tld.key" > > # Junk filters, rspamd also for DKIM signing > filter check_dyndns phase connect match rdns regex { '.*\.dyn\..*', > '.*\.dsl\..*' } junk > filter check_rdns phase connect match !rdns junk > filter check_fcrdns phase connect match !fcrdns junk > filter rspamd proc-exec "filter-rspamd" > > # Tables > table usermap file:/etc/mail/usermap > table credentials file:/etc/mail/credentials > table domains { domain.tld, second.tld, third.tld } > > # Listen for incoming mail and send through filters > listen on all tls pki mail.domain.tld \ > filter { check_dyndns, check_rdns, check_fcrdns, rspamd } > > # Listen for, authenticate and DKIM-sign outgoing mail requests > listen on all port submission tls-require pki mail.domain.tld \ > auth filter rspamd > > action "inbound" lmtp "/var/dovecot/lmtp" rcpt-to virtual > action "outbound" relay helo mail.domain.tld > > # Match incoming mail > match from any for domain action "inbound" > match for local action "inbound" > > # Match outgoing mail > match from any auth for any action "outbound" > match for any action "outbound" > > > /etc/mail/usermap # > abuseadmin > hostmaster admin > postmaster admin > webmasteradmin > www admin > operator admin > security admin > root admin > contact admin > > cl...@domain.tld admin > > adminad...@domain.tld > > ad...@domain.tld vmail > unic...@third.tldvmail > > (This makes practically everything go to the inbox of ad...@domain.tld > with the exception of unic...@third.tld which also gets its own > inbox) > > /etc/mail/credentials # > ad...@domain.tld:$2b$09$blahblahhashgoeshereblahblahhashgoeshere > cl...@domain.tld:$2b$09$blahblahhashgoeshereblahblahhashgoeshere > ad...@second.tld:$2b$09$blahblahhashgoeshereblahblahhashgoeshere > cont...@second.tld:$2b$09$blahblahhashgoeshereblahblahhashgoeshere > ad...@third.tld:$2b$09$blahblahhashgoeshereblahblahhashgoeshere > unic...@third.tld:$2b$09$blahblahhashgoeshereblahblahhashgoeshere > > (Credentials are needed for every inbox and for every sender. In my > case only ad...@domain.tld and unic...@third.tld have inboxes, so the > others are just other identities that I can use to send emails from.) > > /etc/rsmapd/local.d/dkim-signing.conf # > allow_username_mismatch = true; > domain { > domain.tld { > path = "/etc/mail/dkim/domain.tld.key"; > selector = "selectorone"; > } > second.tld { > path = "/etc/mail/dkim/second.tld.key"; > selector = "selectortwo"; > } > third.tld { > path = "/etc/mail/dkim/third.tld.key"; > selector = "selectorthree"; > } > } > > (The allow_username_mismatch can probably be left out for this setup, > haven't tried yet though) > > /etc/dovecot/dovecot.conf # > protocols = imap lmtp > > > /etc/dovecot/conf.d/10-auth.conf ## > passdb { > driver = passwd-file > args = scheme=CRYPT /etc/mail/credentials > } > userdb { > driver = static > args = uid=vmail gid=vmail home=/var/maildirs/%d/%n > } >
Re: Simple virtual user setup with multiple domains
> No, it means that unless there is a more specific alias before, all > those 4 aliases, whatever is the domain part amongst the domains you > receive for, will be delivered to mainu...@maindomain.tld > No, you need to deliver to vmail for all users, Dovecot will be > responsible for placing emails into the right folders. Now I got it to work and I understood the way it works finally! Thank you Archange and Uwe for helping along the way, please let me know if there is anything else you would change since I intend to make a proper guide for this entire setup as it is pretty basic and versatile. I don't want to recommend bad practices so please let me know if there is something I should change. For anybody else who may look at this in the future, here are the relevant config files that I ended up with: /etc/mail/smtpd.conf ## pki mail.domain.tld cert "/etc/ssl/mail.domain.org.fullchain.pem" pki mail.domain.tld key "/etc/ssl/private/mail.domain.tld.key" # Junk filters, rspamd also for DKIM signing filter check_dyndns phase connect match rdns regex { '.*\.dyn\..*', '.*\.dsl\..*' } junk filter check_rdns phase connect match !rdns junk filter check_fcrdns phase connect match !fcrdns junk filter rspamd proc-exec "filter-rspamd" # Tables table usermap file:/etc/mail/usermap table credentials file:/etc/mail/credentials table domains { domain.tld, second.tld, third.tld } # Listen for incoming mail and send through filters listen on all tls pki mail.domain.tld \ filter { check_dyndns, check_rdns, check_fcrdns, rspamd } # Listen for, authenticate and DKIM-sign outgoing mail requests listen on all port submission tls-require pki mail.domain.tld \ auth filter rspamd action "inbound" lmtp "/var/dovecot/lmtp" rcpt-to virtual action "outbound" relay helo mail.domain.tld # Match incoming mail match from any for domain action "inbound" match for local action "inbound" # Match outgoing mail match from any auth for any action "outbound" match for any action "outbound" /etc/mail/usermap # abuseadmin hostmaster admin postmaster admin webmasteradmin www admin operator admin security admin root admin contact admin cl...@domain.tld admin adminad...@domain.tld ad...@domain.tld vmail unic...@third.tldvmail (This makes practically everything go to the inbox of ad...@domain.tld with the exception of unic...@third.tld which also gets its own inbox) /etc/mail/credentials # ad...@domain.tld:$2b$09$blahblahhashgoeshereblahblahhashgoeshere cl...@domain.tld:$2b$09$blahblahhashgoeshereblahblahhashgoeshere ad...@second.tld:$2b$09$blahblahhashgoeshereblahblahhashgoeshere cont...@second.tld:$2b$09$blahblahhashgoeshereblahblahhashgoeshere ad...@third.tld:$2b$09$blahblahhashgoeshereblahblahhashgoeshere unic...@third.tld:$2b$09$blahblahhashgoeshereblahblahhashgoeshere (Credentials are needed for every inbox and for every sender. In my case only ad...@domain.tld and unic...@third.tld have inboxes, so the others are just other identities that I can use to send emails from.) /etc/rsmapd/local.d/dkim-signing.conf # allow_username_mismatch = true; domain { domain.tld { path = "/etc/mail/dkim/domain.tld.key"; selector = "selectorone"; } second.tld { path = "/etc/mail/dkim/second.tld.key"; selector = "selectortwo"; } third.tld { path = "/etc/mail/dkim/third.tld.key"; selector = "selectorthree"; } } (The allow_username_mismatch can probably be left out for this setup, haven't tried yet though) /etc/dovecot/dovecot.conf # protocols = imap lmtp /etc/dovecot/conf.d/10-auth.conf ## passdb { driver = passwd-file args = scheme=CRYPT /etc/mail/credentials } userdb { driver = static args = uid=vmail gid=vmail home=/var/maildirs/%d/%n } /etc/dovecot/conf.d/10-mail.conf ## mail_location = maildir:~/Maildir /etc/dovecot/conf.d/10-ssl.conf
Re: Simple virtual user setup with multiple domains
Le 24/09/2020 à 17:03, Unicorn a écrit : >> You can use a virtual user table, but you will have to split your >> "deliver_local" table. As Uwe suggested, I would use lmtp for that: >> >> action "inbox" lmtp "/var/run/dovecot/lmtp" rcpt-to virtual >> >> In that case, vusers is defined here: >> >> table vusersfile:/etc/smtpd/vusers >> >> And its content: >> >> postmaster mainu...@maindomain.tld >> abuse mainu...@maindomain.tld >> rootmainu...@maindomain.tld >> contact mainu...@maindomain.tld >> mainu...@maindomain.tld vmail >> someotheru...@somedomain.tldvmail >> someal...@somedomain.tldmainu...@maindomain.tld >> >> And so on… > Thank you both Uwe and Archange for the pointer to lmtp, I was not > familiar with that! > > I enabled lmtp according to what I read online by adding lmtp to the > protocols > > Regarding the example contents of the vusers table you suggested > Archange, the first 4 lines would only ever be active for local mail, > correct? Would this eg. send the daily output and insecurity output to > mainu...@maindomain.tld? No, it means that unless there is a more specific alias before, all those 4 aliases, whatever is the domain part amongst the domains you receive for, will be delivered to mainu...@maindomain.tld > Regarding the 5th and 6th line of your example table, wouldn't that > just deliver to the Maildir of the user vmail? Would there ever be a > case where I would want this? Just asking to confirm in case I do not > understand. :) No, you need to deliver to vmail for all users, Dovecot will be responsible for placing emails into the right folders. > Lastly, if I map someal...@somedomain.tld to > mainuser+spec...@maindomain.tld, would it end up in the Maildir of > mainu...@maindomain.tld in the folder "special"? Or do I need to do > any extra configuration on the side of dovecot to make this happen? Yes, you will need Sieve rules in Dovecot (using Pigeon). By default, smtpd will deliver mainuser+special to mainuser, and Dovecot will handle it like this. You must add a Sieve rule matching the To: to make it deliver to a specific folder. >>> ## >>> allow_username_mismatch = true; >>> >>> domain { >>> firstdomain.tld { >>> path = "/etc/mail/dkim/firstdomain.tld.key"; >>> selector = "blah"; >>> } >>> } >>> ## >>> >>> Will it work automatically by simply entering eg. >>> 'seconddomain.tld >>> {...}' with its respective keyfile and selector? >> Yes. And if you use sensible file names like me, you can even do >> this: >> >> path = "/etc/mail/dkim/$domain.$selector.key"; >> >> Regards, >> Archange > I am glad to hear that this will work! > > Since I assume that the users will now have to authenticate with their > full u...@domain.tld, can I remove 'allow_username_mismatch = true;' > from the config? Iirc it was necessary before because users would just > authenticate with their username. Not necessarily, your users can still authenticate with their username, it depends on your configuration. That’s what I do, of course it means I cannot allow the same username for two different domains (but that’s not an issue in my case). But if you move to usern...@domain.tld, yes, `allow_username_mismatch = true;` will likely not be required anymore (but you should test, since I did not run such a setup myself). Regards, Archange
Re: Simple virtual user setup with multiple domains
> You can use a virtual user table, but you will have to split your > "deliver_local" table. As Uwe suggested, I would use lmtp for that: > > action "inbox" lmtp "/var/run/dovecot/lmtp" rcpt-to virtual > > In that case, vusers is defined here: > > table vusersfile:/etc/smtpd/vusers > > And its content: > > postmaster mainu...@maindomain.tld > abuse mainu...@maindomain.tld > rootmainu...@maindomain.tld > contact mainu...@maindomain.tld > mainu...@maindomain.tld vmail > someotheru...@somedomain.tldvmail > someal...@somedomain.tldmainu...@maindomain.tld > > And so on… Thank you both Uwe and Archange for the pointer to lmtp, I was not familiar with that! I enabled lmtp according to what I read online by adding lmtp to the protocols Regarding the example contents of the vusers table you suggested Archange, the first 4 lines would only ever be active for local mail, correct? Would this eg. send the daily output and insecurity output to mainu...@maindomain.tld? Regarding the 5th and 6th line of your example table, wouldn't that just deliver to the Maildir of the user vmail? Would there ever be a case where I would want this? Just asking to confirm in case I do not understand. :) Lastly, if I map someal...@somedomain.tld to mainuser+spec...@maindomain.tld, would it end up in the Maildir of mainu...@maindomain.tld in the folder "special"? Or do I need to do any extra configuration on the side of dovecot to make this happen? > > ## > > allow_username_mismatch = true; > > > > domain { > > firstdomain.tld { > > path = "/etc/mail/dkim/firstdomain.tld.key"; > > selector = "blah"; > > } > > } > > ## > > > > Will it work automatically by simply entering eg. > > 'seconddomain.tld > > {...}' with its respective keyfile and selector? > > Yes. And if you use sensible file names like me, you can even do > this: > > path = "/etc/mail/dkim/$domain.$selector.key"; > > Regards, > Archange I am glad to hear that this will work! Since I assume that the users will now have to authenticate with their full u...@domain.tld, can I remove 'allow_username_mismatch = true;' from the config? Iirc it was necessary before because users would just authenticate with their username. Thank you for your patience with my many questions! Best, Unicorn
Re: Simple virtual user setup with multiple domains
Le 24/09/2020 à 14:42, Uwe Werler a écrit : > On 24 Sep 11:33, Unicorn wrote: >> Also, how does dkim signing with rspamd work for multiple domains? >> Right now my /etc/rspamd/local.d/dkim-signing.conf looks like this: >> >> ## >> allow_username_mismatch = true; >> >> domain { >> firstdomain.tld { >> path = "/etc/mail/dkim/firstdomain.tld.key"; >> selector = "blah"; >> } >> } >> ## >> >> Will it work automatically by simply entering eg. 'seconddomain.tld >> {...}' with its respective keyfile and selector? > You need a current filter for that. I have: > > filter "dkimsign" proc-exec "filter-dkimsign -d domain1.tld -d domain2.tld \ > -d domain3.tld -s dkim_selector -k /etc/mail/dkim/dkim.key" \ > user _dkimsign group _dkimsign > > Note that you can specify the selector only once. > > See: https://undeadly.org/cgi?action=article;sid=20200920073933 Or you can just keep rspamd and do as you intended. See in my post for another rspamd option.
Re: Simple virtual user setup with multiple domains
Hi there, Le 24/09/2020 à 13:33, Unicorn a écrit : > Hello everyone, > > I apologize in advance if these seem like a trivial question, I am > quite new to this and the amount of config files and options is a > little overwhelming. :) > > I am currently running three mailservers that each serve one domain > with real user accounts, which is quite a pain to manage. I would like > to instead have one server be the MX for all of my domains, with > virtual users and their maildirs in a strucure like > /home/vmail/domain/user/Maildir. > > In the process of writing my email I have written all my > configurations to the best of my ability, but I would appreciate your > feedback on any errors or suggestions for improvements, especially > since I intend to eventually make this into a guide: > > > /etc/mail/smtpd.conf ### > pki mx.maildomain.tld cert "/etc/ssl/mx.maildomain.tld.fullchain.pem" > pki mx.maildomain.tld key "/etc/ssl/private/mx.maildomain.tld.key" > > # Junk filters, rspamd also for DKIM signing > filter check_dyndns phase connect match rdns regex { '.*\.dyn\..*', > '.*\.dsl\..*' } junk > filter check_rdns phase connect match !rdns junk > filter check_fcrdns phase connect match !fcrdns junk > filter rspamd proc-exec "filter-rspamd" > > # Tables > table aliases file:/etc/mail/custom_aliases > table accounts file:/etc/mail/accounts > table domains {firstdomain.tld, seconddomain.tld, maildomain.tld} > > # Listen for incoming mail and send through filters > listen on all tls pki mail.regrow.earth filter { check_dyndns, > check_rdns, check_fcrdns, rspamd } > > # Listen for, authenticate and DKIM-sign outgoing mail requests > listen on all port submission tls-require pki mx.maildomain.tld auth > filter rspamd > > action "deliver_local" maildir > /home/vmail/{%dest.domain}/{%dest.user}/Maildir junk alias > user vmail > action "outbound" relay helo mx.maildomain.tld > > # Match incoming mail > match from any for domain action "deliver_local" > match for local action "deliver_local" > > # Match outgoing mail > match from any auth for any action "outbound" > match for any action "outbound" > # > > > /etc/dovecot/conf.d/10-auth.conf ### > passdb { > driver = passwd-file > args = scheme=BLF-CRYPT /etc/mail/accounts > } > userdb { > driver = static > args = uid=vmail gid=vmail home=/home/vmail/%d/%u > } > # > > > /etc/mail/accounts # > ad...@fistdomain.tld:passwordhashfromsmtpctl > ad...@seconddomain.tld:passwordhashfromsmtpctl > unic...@seconddomain.tld:passwordhashfromsmtpctl > # > > Is it possible to combine virtual users with an alias table as I have > in action "deliver_local"? > > Example entry in alias table: > cont...@firstdomain.tld: admin+cont...@firstdomain.tld > > Will this deliver to the folder "contact" of ad...@firstdomain.tld? > In 'action "deliver_local"', is it correct to use {%dest.user} for > this purpose? You can use a virtual user table, but you will have to split your "deliver_local" table. As Uwe suggested, I would use lmtp for that: action "inbox" lmtp "/var/run/dovecot/lmtp" rcpt-to virtual In that case, vusers is defined here: table vusers file:/etc/smtpd/vusers And its content: postmaster mainu...@maindomain.tld abuse mainu...@maindomain.tld root mainu...@maindomain.tld contact mainu...@maindomain.tld mainu...@maindomain.tld vmail someotheru...@somedomain.tld vmail someal...@somedomain.tld mainu...@maindomain.tld And so on… > Also, how does dkim signing with rspamd work for multiple domains? > Right now my /etc/rspamd/local.d/dkim-signing.conf looks like this: > > ## > allow_username_mismatch = true; > > domain { > firstdomain.tld { > path = "/etc/mail/dkim/firstdomain.tld.key"; > selector = "blah"; > } > } > ## > > Will it work automatically by simply entering eg. 'seconddomain.tld > {...}' with its respective keyfile and selector? Yes. And if you use sensible file names like me, you can even do this: path = "/etc/mail/dkim/$domain.$selector.key"; Regards, Archange
Re: Simple virtual user setup with multiple domains
On 24 Sep 11:33, Unicorn wrote: > Hello everyone, > > I apologize in advance if these seem like a trivial question, I am > quite new to this and the amount of config files and options is a > little overwhelming. :) > > I am currently running three mailservers that each serve one domain > with real user accounts, which is quite a pain to manage. I would like > to instead have one server be the MX for all of my domains, with > virtual users and their maildirs in a strucure like > /home/vmail/domain/user/Maildir. > > In the process of writing my email I have written all my > configurations to the best of my ability, but I would appreciate your > feedback on any errors or suggestions for improvements, especially > since I intend to eventually make this into a guide: > > > /etc/mail/smtpd.conf ### > pki mx.maildomain.tld cert "/etc/ssl/mx.maildomain.tld.fullchain.pem" > pki mx.maildomain.tld key "/etc/ssl/private/mx.maildomain.tld.key" > > # Junk filters, rspamd also for DKIM signing > filter check_dyndns phase connect match rdns regex { '.*\.dyn\..*', > '.*\.dsl\..*' } junk > filter check_rdns phase connect match !rdns junk > filter check_fcrdns phase connect match !fcrdns junk > filter rspamd proc-exec "filter-rspamd" > > # Tables > table aliases file:/etc/mail/custom_aliases > table accounts file:/etc/mail/accounts > table domains {firstdomain.tld, seconddomain.tld, maildomain.tld} > > # Listen for incoming mail and send through filters > listen on all tls pki mail.regrow.earth filter { check_dyndns, > check_rdns, check_fcrdns, rspamd } > > # Listen for, authenticate and DKIM-sign outgoing mail requests > listen on all port submission tls-require pki mx.maildomain.tld auth > filter rspamd > > action "deliver_local" maildir > /home/vmail/{%dest.domain}/{%dest.user}/Maildir junk alias > user vmail > action "outbound" relay helo mx.maildomain.tld > I would suggest that you use lmtp for that - so one can use ham/spam with dovecot to train rspamd. action "domain1.tld" lmtp "/var/dovecot/lmtp" rcpt-to alias action "domain2.tld" lmtp "/var/dovecot/lmtp" rcpt-to alias > # Match incoming mail > match from any for domain action "deliver_local" > match for local action "deliver_local" > > # Match outgoing mail > match from any auth for any action "outbound" > match for any action "outbound" > # > > > /etc/dovecot/conf.d/10-auth.conf ### > passdb { > driver = passwd-file > args = scheme=BLF-CRYPT /etc/mail/accounts > } > userdb { > driver = static > args = uid=vmail gid=vmail home=/home/vmail/%d/%u > } > # > > > /etc/mail/accounts # > ad...@fistdomain.tld:passwordhashfromsmtpctl > ad...@seconddomain.tld:passwordhashfromsmtpctl > unic...@seconddomain.tld:passwordhashfromsmtpctl > # > > Is it possible to combine virtual users with an alias table as I have > in action "deliver_local"? > > Example entry in alias table: > cont...@firstdomain.tld: admin+cont...@firstdomain.tld I guess you can't use an alias table but a table. That's why I have: table domain1.tld file:/etc/mail/domain1.tld table domain2.tld file:/etc/mail/domain2.tld table domain3.tld file:/etc/mail/domain3.tld and then e.g. in /etc/mail/domain1.tld: user admin+cont...@domain1.tld hostmaster hostmas...@domain2.tld > > Will this deliver to the folder "contact" of ad...@firstdomain.tld? > In 'action "deliver_local"', is it correct to use {%dest.user} for > this purpose? > > > Also, how does dkim signing with rspamd work for multiple domains? > Right now my /etc/rspamd/local.d/dkim-signing.conf looks like this: > > ## > allow_username_mismatch = true; > > domain { > firstdomain.tld { > path = "/etc/mail/dkim/firstdomain.tld.key"; > selector = "blah"; > } > } > ## > > Will it work automatically by simply entering eg. 'seconddomain.tld > {...}' with its respective keyfile and selector? You need a current filter for that. I have: filter "dkimsign" proc-exec "filter-dkimsign -d domain1.tld -d domain2.tld \ -d domain3.tld -s dkim_selector -k /etc/mail/dkim/dkim.key" \ user _dkimsign group _dkimsign Note that you can specify the selector only once. See: https://undeadly.org/cgi?action=article;sid=20200920073933 > > Thanks a lot in advance, I appreciate any answers, even if incomplete! > :) > > Best, > Unicorn > > > > > -- wq: ~uw
Simple virtual user setup with multiple domains
Hello everyone, I apologize in advance if these seem like a trivial question, I am quite new to this and the amount of config files and options is a little overwhelming. :) I am currently running three mailservers that each serve one domain with real user accounts, which is quite a pain to manage. I would like to instead have one server be the MX for all of my domains, with virtual users and their maildirs in a strucure like /home/vmail/domain/user/Maildir. In the process of writing my email I have written all my configurations to the best of my ability, but I would appreciate your feedback on any errors or suggestions for improvements, especially since I intend to eventually make this into a guide: /etc/mail/smtpd.conf ### pki mx.maildomain.tld cert "/etc/ssl/mx.maildomain.tld.fullchain.pem" pki mx.maildomain.tld key "/etc/ssl/private/mx.maildomain.tld.key" # Junk filters, rspamd also for DKIM signing filter check_dyndns phase connect match rdns regex { '.*\.dyn\..*', '.*\.dsl\..*' } junk filter check_rdns phase connect match !rdns junk filter check_fcrdns phase connect match !fcrdns junk filter rspamd proc-exec "filter-rspamd" # Tables table aliases file:/etc/mail/custom_aliases table accounts file:/etc/mail/accounts table domains {firstdomain.tld, seconddomain.tld, maildomain.tld} # Listen for incoming mail and send through filters listen on all tls pki mail.regrow.earth filter { check_dyndns, check_rdns, check_fcrdns, rspamd } # Listen for, authenticate and DKIM-sign outgoing mail requests listen on all port submission tls-require pki mx.maildomain.tld auth filter rspamd action "deliver_local" maildir /home/vmail/{%dest.domain}/{%dest.user}/Maildir junk alias user vmail action "outbound" relay helo mx.maildomain.tld # Match incoming mail match from any for domain action "deliver_local" match for local action "deliver_local" # Match outgoing mail match from any auth for any action "outbound" match for any action "outbound" # /etc/dovecot/conf.d/10-auth.conf ### passdb { driver = passwd-file args = scheme=BLF-CRYPT /etc/mail/accounts } userdb { driver = static args = uid=vmail gid=vmail home=/home/vmail/%d/%u } # /etc/mail/accounts # ad...@fistdomain.tld:passwordhashfromsmtpctl ad...@seconddomain.tld:passwordhashfromsmtpctl unic...@seconddomain.tld:passwordhashfromsmtpctl # Is it possible to combine virtual users with an alias table as I have in action "deliver_local"? Example entry in alias table: cont...@firstdomain.tld: admin+cont...@firstdomain.tld Will this deliver to the folder "contact" of ad...@firstdomain.tld? In 'action "deliver_local"', is it correct to use {%dest.user} for this purpose? Also, how does dkim signing with rspamd work for multiple domains? Right now my /etc/rspamd/local.d/dkim-signing.conf looks like this: ## allow_username_mismatch = true; domain { firstdomain.tld { path = "/etc/mail/dkim/firstdomain.tld.key"; selector = "blah"; } } ## Will it work automatically by simply entering eg. 'seconddomain.tld {...}' with its respective keyfile and selector? Thanks a lot in advance, I appreciate any answers, even if incomplete! :) Best, Unicorn