Re: Simple virtual user setup with multiple domains
On 26 Sep 15:03, Unicorn wrote:
> > No, it means that unless there is a more specific alias before, all
> > those 4 aliases, whatever is the domain part amongst the domains you
> > receive for, will be delivered to mainu...@maindomain.tld
>
> > No, you need to deliver to vmail for all users, Dovecot will be
> > responsible for placing emails into the right folders.
>
> Now I got it to work and I understood the way it works finally!
> Thank you Archange and Uwe for helping along the way, please let me
> know if there is anything else you would change since I intend to make
> a proper guide for this entire setup as it is pretty basic and
> versatile. I don't want to recommend bad practices so please let me
> know if there is something I should change.
>
> For anybody else who may look at this in the future, here are the
> relevant config files that I ended up with:
>
> /etc/mail/smtpd.conf ##
> pki mail.domain.tld cert "/etc/ssl/mail.domain.org.fullchain.pem"
> pki mail.domain.tld key "/etc/ssl/private/mail.domain.tld.key"
>
> # Junk filters, rspamd also for DKIM signing
> filter check_dyndns phase connect match rdns regex { '.*\.dyn\..*',
> '.*\.dsl\..*' } junk
> filter check_rdns phase connect match !rdns junk
> filter check_fcrdns phase connect match !fcrdns junk
> filter rspamd proc-exec "filter-rspamd"
>
> # Tables
> table usermap file:/etc/mail/usermap
> table credentials file:/etc/mail/credentials
> table domains { domain.tld, second.tld, third.tld }
>
> # Listen for incoming mail and send through filters
> listen on all tls pki mail.domain.tld \
> filter { check_dyndns, check_rdns, check_fcrdns, rspamd }
>
> # Listen for, authenticate and DKIM-sign outgoing mail requests
> listen on all port submission tls-require pki mail.domain.tld \
> auth filter rspamd
>
> action "inbound" lmtp "/var/dovecot/lmtp" rcpt-to virtual
> action "outbound" relay helo mail.domain.tld
>
> # Match incoming mail
> match from any for domain action "inbound"
> match for local action "inbound"
>
> # Match outgoing mail
> match from any auth for any action "outbound"
> match for any action "outbound"
>
>
> /etc/mail/usermap #
> abuseadmin
> hostmaster admin
> postmaster admin
> webmasteradmin
> www admin
> operator admin
> security admin
> root admin
> contact admin
>
> cl...@domain.tld admin
>
> adminad...@domain.tld
>
> ad...@domain.tld vmail
> unic...@third.tldvmail
>
> (This makes practically everything go to the inbox of ad...@domain.tld
> with the exception of unic...@third.tld which also gets its own
> inbox)
>
> /etc/mail/credentials #
> ad...@domain.tld:$2b$09$blahblahhashgoeshereblahblahhashgoeshere
> cl...@domain.tld:$2b$09$blahblahhashgoeshereblahblahhashgoeshere
> ad...@second.tld:$2b$09$blahblahhashgoeshereblahblahhashgoeshere
> cont...@second.tld:$2b$09$blahblahhashgoeshereblahblahhashgoeshere
> ad...@third.tld:$2b$09$blahblahhashgoeshereblahblahhashgoeshere
> unic...@third.tld:$2b$09$blahblahhashgoeshereblahblahhashgoeshere
>
> (Credentials are needed for every inbox and for every sender. In my
> case only ad...@domain.tld and unic...@third.tld have inboxes, so the
> others are just other identities that I can use to send emails from.)
>
> /etc/rsmapd/local.d/dkim-signing.conf #
> allow_username_mismatch = true;
> domain {
> domain.tld {
> path = "/etc/mail/dkim/domain.tld.key";
> selector = "selectorone";
> }
> second.tld {
> path = "/etc/mail/dkim/second.tld.key";
> selector = "selectortwo";
> }
> third.tld {
> path = "/etc/mail/dkim/third.tld.key";
> selector = "selectorthree";
> }
> }
>
> (The allow_username_mismatch can probably be left out for this setup,
> haven't tried yet though)
>
> /etc/dovecot/dovecot.conf #
> protocols = imap lmtp
>
>
> /etc/dovecot/conf.d/10-auth.conf ##
> passdb {
> driver = passwd-file
> args = scheme=CRYPT /etc/mail/credentials
> }
> userdb {
> driver = static
> args = uid=vmail gid=vmail home=/var/maildirs/%d/%n
> }
>
Re: Simple virtual user setup with multiple domains
> No, it means that unless there is a more specific alias before, all
> those 4 aliases, whatever is the domain part amongst the domains you
> receive for, will be delivered to mainu...@maindomain.tld
> No, you need to deliver to vmail for all users, Dovecot will be
> responsible for placing emails into the right folders.
Now I got it to work and I understood the way it works finally!
Thank you Archange and Uwe for helping along the way, please let me
know if there is anything else you would change since I intend to make
a proper guide for this entire setup as it is pretty basic and
versatile. I don't want to recommend bad practices so please let me
know if there is something I should change.
For anybody else who may look at this in the future, here are the
relevant config files that I ended up with:
/etc/mail/smtpd.conf ##
pki mail.domain.tld cert "/etc/ssl/mail.domain.org.fullchain.pem"
pki mail.domain.tld key "/etc/ssl/private/mail.domain.tld.key"
# Junk filters, rspamd also for DKIM signing
filter check_dyndns phase connect match rdns regex { '.*\.dyn\..*',
'.*\.dsl\..*' } junk
filter check_rdns phase connect match !rdns junk
filter check_fcrdns phase connect match !fcrdns junk
filter rspamd proc-exec "filter-rspamd"
# Tables
table usermap file:/etc/mail/usermap
table credentials file:/etc/mail/credentials
table domains { domain.tld, second.tld, third.tld }
# Listen for incoming mail and send through filters
listen on all tls pki mail.domain.tld \
filter { check_dyndns, check_rdns, check_fcrdns, rspamd }
# Listen for, authenticate and DKIM-sign outgoing mail requests
listen on all port submission tls-require pki mail.domain.tld \
auth filter rspamd
action "inbound" lmtp "/var/dovecot/lmtp" rcpt-to virtual
action "outbound" relay helo mail.domain.tld
# Match incoming mail
match from any for domain action "inbound"
match for local action "inbound"
# Match outgoing mail
match from any auth for any action "outbound"
match for any action "outbound"
/etc/mail/usermap #
abuseadmin
hostmaster admin
postmaster admin
webmasteradmin
www admin
operator admin
security admin
root admin
contact admin
cl...@domain.tld admin
adminad...@domain.tld
ad...@domain.tld vmail
unic...@third.tldvmail
(This makes practically everything go to the inbox of ad...@domain.tld
with the exception of unic...@third.tld which also gets its own
inbox)
/etc/mail/credentials #
ad...@domain.tld:$2b$09$blahblahhashgoeshereblahblahhashgoeshere
cl...@domain.tld:$2b$09$blahblahhashgoeshereblahblahhashgoeshere
ad...@second.tld:$2b$09$blahblahhashgoeshereblahblahhashgoeshere
cont...@second.tld:$2b$09$blahblahhashgoeshereblahblahhashgoeshere
ad...@third.tld:$2b$09$blahblahhashgoeshereblahblahhashgoeshere
unic...@third.tld:$2b$09$blahblahhashgoeshereblahblahhashgoeshere
(Credentials are needed for every inbox and for every sender. In my
case only ad...@domain.tld and unic...@third.tld have inboxes, so the
others are just other identities that I can use to send emails from.)
/etc/rsmapd/local.d/dkim-signing.conf #
allow_username_mismatch = true;
domain {
domain.tld {
path = "/etc/mail/dkim/domain.tld.key";
selector = "selectorone";
}
second.tld {
path = "/etc/mail/dkim/second.tld.key";
selector = "selectortwo";
}
third.tld {
path = "/etc/mail/dkim/third.tld.key";
selector = "selectorthree";
}
}
(The allow_username_mismatch can probably be left out for this setup,
haven't tried yet though)
/etc/dovecot/dovecot.conf #
protocols = imap lmtp
/etc/dovecot/conf.d/10-auth.conf ##
passdb {
driver = passwd-file
args = scheme=CRYPT /etc/mail/credentials
}
userdb {
driver = static
args = uid=vmail gid=vmail home=/var/maildirs/%d/%n
}
/etc/dovecot/conf.d/10-mail.conf ##
mail_location = maildir:~/Maildir
/etc/dovecot/conf.d/10-ssl.conf
Re: Simple virtual user setup with multiple domains
Le 24/09/2020 à 17:03, Unicorn a écrit :
>> You can use a virtual user table, but you will have to split your
>> "deliver_local" table. As Uwe suggested, I would use lmtp for that:
>>
>> action "inbox" lmtp "/var/run/dovecot/lmtp" rcpt-to virtual
>>
>> In that case, vusers is defined here:
>>
>> table vusersfile:/etc/smtpd/vusers
>>
>> And its content:
>>
>> postmaster mainu...@maindomain.tld
>> abuse mainu...@maindomain.tld
>> rootmainu...@maindomain.tld
>> contact mainu...@maindomain.tld
>> mainu...@maindomain.tld vmail
>> someotheru...@somedomain.tldvmail
>> someal...@somedomain.tldmainu...@maindomain.tld
>>
>> And so on…
> Thank you both Uwe and Archange for the pointer to lmtp, I was not
> familiar with that!
>
> I enabled lmtp according to what I read online by adding lmtp to the
> protocols
>
> Regarding the example contents of the vusers table you suggested
> Archange, the first 4 lines would only ever be active for local mail,
> correct? Would this eg. send the daily output and insecurity output to
> mainu...@maindomain.tld?
No, it means that unless there is a more specific alias before, all
those 4 aliases, whatever is the domain part amongst the domains you
receive for, will be delivered to mainu...@maindomain.tld
> Regarding the 5th and 6th line of your example table, wouldn't that
> just deliver to the Maildir of the user vmail? Would there ever be a
> case where I would want this? Just asking to confirm in case I do not
> understand. :)
No, you need to deliver to vmail for all users, Dovecot will be
responsible for placing emails into the right folders.
> Lastly, if I map someal...@somedomain.tld to
> mainuser+spec...@maindomain.tld, would it end up in the Maildir of
> mainu...@maindomain.tld in the folder "special"? Or do I need to do
> any extra configuration on the side of dovecot to make this happen?
Yes, you will need Sieve rules in Dovecot (using Pigeon). By default,
smtpd will deliver mainuser+special to mainuser, and Dovecot will handle
it like this. You must add a Sieve rule matching the To: to make it
deliver to a specific folder.
>>> ##
>>> allow_username_mismatch = true;
>>>
>>> domain {
>>> firstdomain.tld {
>>> path = "/etc/mail/dkim/firstdomain.tld.key";
>>> selector = "blah";
>>> }
>>> }
>>> ##
>>>
>>> Will it work automatically by simply entering eg.
>>> 'seconddomain.tld
>>> {...}' with its respective keyfile and selector?
>> Yes. And if you use sensible file names like me, you can even do
>> this:
>>
>> path = "/etc/mail/dkim/$domain.$selector.key";
>>
>> Regards,
>> Archange
> I am glad to hear that this will work!
>
> Since I assume that the users will now have to authenticate with their
> full u...@domain.tld, can I remove 'allow_username_mismatch = true;'
> from the config? Iirc it was necessary before because users would just
> authenticate with their username.
Not necessarily, your users can still authenticate with their username,
it depends on your configuration. That’s what I do, of course it means I
cannot allow the same username for two different domains (but that’s not
an issue in my case). But if you move to usern...@domain.tld, yes,
`allow_username_mismatch = true;` will likely not be required anymore
(but you should test, since I did not run such a setup myself).
Regards,
Archange
Re: Simple virtual user setup with multiple domains
> You can use a virtual user table, but you will have to split your
> "deliver_local" table. As Uwe suggested, I would use lmtp for that:
>
> action "inbox" lmtp "/var/run/dovecot/lmtp" rcpt-to virtual
>
> In that case, vusers is defined here:
>
> table vusersfile:/etc/smtpd/vusers
>
> And its content:
>
> postmaster mainu...@maindomain.tld
> abuse mainu...@maindomain.tld
> rootmainu...@maindomain.tld
> contact mainu...@maindomain.tld
> mainu...@maindomain.tld vmail
> someotheru...@somedomain.tldvmail
> someal...@somedomain.tldmainu...@maindomain.tld
>
> And so on…
Thank you both Uwe and Archange for the pointer to lmtp, I was not
familiar with that!
I enabled lmtp according to what I read online by adding lmtp to the
protocols
Regarding the example contents of the vusers table you suggested
Archange, the first 4 lines would only ever be active for local mail,
correct? Would this eg. send the daily output and insecurity output to
mainu...@maindomain.tld?
Regarding the 5th and 6th line of your example table, wouldn't that
just deliver to the Maildir of the user vmail? Would there ever be a
case where I would want this? Just asking to confirm in case I do not
understand. :)
Lastly, if I map someal...@somedomain.tld to
mainuser+spec...@maindomain.tld, would it end up in the Maildir of
mainu...@maindomain.tld in the folder "special"? Or do I need to do
any extra configuration on the side of dovecot to make this happen?
> > ##
> > allow_username_mismatch = true;
> >
> > domain {
> > firstdomain.tld {
> > path = "/etc/mail/dkim/firstdomain.tld.key";
> > selector = "blah";
> > }
> > }
> > ##
> >
> > Will it work automatically by simply entering eg.
> > 'seconddomain.tld
> > {...}' with its respective keyfile and selector?
>
> Yes. And if you use sensible file names like me, you can even do
> this:
>
> path = "/etc/mail/dkim/$domain.$selector.key";
>
> Regards,
> Archange
I am glad to hear that this will work!
Since I assume that the users will now have to authenticate with their
full u...@domain.tld, can I remove 'allow_username_mismatch = true;'
from the config? Iirc it was necessary before because users would just
authenticate with their username.
Thank you for your patience with my many questions!
Best,
Unicorn
Re: Simple virtual user setup with multiple domains
Le 24/09/2020 à 14:42, Uwe Werler a écrit :
> On 24 Sep 11:33, Unicorn wrote:
>> Also, how does dkim signing with rspamd work for multiple domains?
>> Right now my /etc/rspamd/local.d/dkim-signing.conf looks like this:
>>
>> ##
>> allow_username_mismatch = true;
>>
>> domain {
>> firstdomain.tld {
>> path = "/etc/mail/dkim/firstdomain.tld.key";
>> selector = "blah";
>> }
>> }
>> ##
>>
>> Will it work automatically by simply entering eg. 'seconddomain.tld
>> {...}' with its respective keyfile and selector?
> You need a current filter for that. I have:
>
> filter "dkimsign" proc-exec "filter-dkimsign -d domain1.tld -d domain2.tld \
> -d domain3.tld -s dkim_selector -k /etc/mail/dkim/dkim.key" \
> user _dkimsign group _dkimsign
>
> Note that you can specify the selector only once.
>
> See: https://undeadly.org/cgi?action=article;sid=20200920073933
Or you can just keep rspamd and do as you intended. See in my post for
another rspamd option.
Re: Simple virtual user setup with multiple domains
Hi there,
Le 24/09/2020 à 13:33, Unicorn a écrit :
> Hello everyone,
>
> I apologize in advance if these seem like a trivial question, I am
> quite new to this and the amount of config files and options is a
> little overwhelming. :)
>
> I am currently running three mailservers that each serve one domain
> with real user accounts, which is quite a pain to manage. I would like
> to instead have one server be the MX for all of my domains, with
> virtual users and their maildirs in a strucure like
> /home/vmail/domain/user/Maildir.
>
> In the process of writing my email I have written all my
> configurations to the best of my ability, but I would appreciate your
> feedback on any errors or suggestions for improvements, especially
> since I intend to eventually make this into a guide:
>
>
> /etc/mail/smtpd.conf ###
> pki mx.maildomain.tld cert "/etc/ssl/mx.maildomain.tld.fullchain.pem"
> pki mx.maildomain.tld key "/etc/ssl/private/mx.maildomain.tld.key"
>
> # Junk filters, rspamd also for DKIM signing
> filter check_dyndns phase connect match rdns regex { '.*\.dyn\..*',
> '.*\.dsl\..*' } junk
> filter check_rdns phase connect match !rdns junk
> filter check_fcrdns phase connect match !fcrdns junk
> filter rspamd proc-exec "filter-rspamd"
>
> # Tables
> table aliases file:/etc/mail/custom_aliases
> table accounts file:/etc/mail/accounts
> table domains {firstdomain.tld, seconddomain.tld, maildomain.tld}
>
> # Listen for incoming mail and send through filters
> listen on all tls pki mail.regrow.earth filter { check_dyndns,
> check_rdns, check_fcrdns, rspamd }
>
> # Listen for, authenticate and DKIM-sign outgoing mail requests
> listen on all port submission tls-require pki mx.maildomain.tld auth
> filter rspamd
>
> action "deliver_local" maildir
> /home/vmail/{%dest.domain}/{%dest.user}/Maildir junk alias
> user vmail
> action "outbound" relay helo mx.maildomain.tld
>
> # Match incoming mail
> match from any for domain action "deliver_local"
> match for local action "deliver_local"
>
> # Match outgoing mail
> match from any auth for any action "outbound"
> match for any action "outbound"
> #
>
>
> /etc/dovecot/conf.d/10-auth.conf ###
> passdb {
> driver = passwd-file
> args = scheme=BLF-CRYPT /etc/mail/accounts
> }
> userdb {
> driver = static
> args = uid=vmail gid=vmail home=/home/vmail/%d/%u
> }
> #
>
>
> /etc/mail/accounts #
> ad...@fistdomain.tld:passwordhashfromsmtpctl
> ad...@seconddomain.tld:passwordhashfromsmtpctl
> unic...@seconddomain.tld:passwordhashfromsmtpctl
> #
>
> Is it possible to combine virtual users with an alias table as I have
> in action "deliver_local"?
>
> Example entry in alias table:
> cont...@firstdomain.tld: admin+cont...@firstdomain.tld
>
> Will this deliver to the folder "contact" of ad...@firstdomain.tld?
> In 'action "deliver_local"', is it correct to use {%dest.user} for
> this purpose?
You can use a virtual user table, but you will have to split your
"deliver_local" table. As Uwe suggested, I would use lmtp for that:
action "inbox" lmtp "/var/run/dovecot/lmtp" rcpt-to virtual
In that case, vusers is defined here:
table vusers file:/etc/smtpd/vusers
And its content:
postmaster mainu...@maindomain.tld
abuse mainu...@maindomain.tld
root mainu...@maindomain.tld
contact mainu...@maindomain.tld
mainu...@maindomain.tld vmail
someotheru...@somedomain.tld vmail
someal...@somedomain.tld mainu...@maindomain.tld
And so on…
> Also, how does dkim signing with rspamd work for multiple domains?
> Right now my /etc/rspamd/local.d/dkim-signing.conf looks like this:
>
> ##
> allow_username_mismatch = true;
>
> domain {
> firstdomain.tld {
> path = "/etc/mail/dkim/firstdomain.tld.key";
> selector = "blah";
> }
> }
> ##
>
> Will it work automatically by simply entering eg. 'seconddomain.tld
> {...}' with its respective keyfile and selector?
Yes. And if you use sensible file names like me, you can even do this:
path = "/etc/mail/dkim/$domain.$selector.key";
Regards,
Archange
Re: Simple virtual user setup with multiple domains
On 24 Sep 11:33, Unicorn wrote:
> Hello everyone,
>
> I apologize in advance if these seem like a trivial question, I am
> quite new to this and the amount of config files and options is a
> little overwhelming. :)
>
> I am currently running three mailservers that each serve one domain
> with real user accounts, which is quite a pain to manage. I would like
> to instead have one server be the MX for all of my domains, with
> virtual users and their maildirs in a strucure like
> /home/vmail/domain/user/Maildir.
>
> In the process of writing my email I have written all my
> configurations to the best of my ability, but I would appreciate your
> feedback on any errors or suggestions for improvements, especially
> since I intend to eventually make this into a guide:
>
>
> /etc/mail/smtpd.conf ###
> pki mx.maildomain.tld cert "/etc/ssl/mx.maildomain.tld.fullchain.pem"
> pki mx.maildomain.tld key "/etc/ssl/private/mx.maildomain.tld.key"
>
> # Junk filters, rspamd also for DKIM signing
> filter check_dyndns phase connect match rdns regex { '.*\.dyn\..*',
> '.*\.dsl\..*' } junk
> filter check_rdns phase connect match !rdns junk
> filter check_fcrdns phase connect match !fcrdns junk
> filter rspamd proc-exec "filter-rspamd"
>
> # Tables
> table aliases file:/etc/mail/custom_aliases
> table accounts file:/etc/mail/accounts
> table domains {firstdomain.tld, seconddomain.tld, maildomain.tld}
>
> # Listen for incoming mail and send through filters
> listen on all tls pki mail.regrow.earth filter { check_dyndns,
> check_rdns, check_fcrdns, rspamd }
>
> # Listen for, authenticate and DKIM-sign outgoing mail requests
> listen on all port submission tls-require pki mx.maildomain.tld auth
> filter rspamd
>
> action "deliver_local" maildir
> /home/vmail/{%dest.domain}/{%dest.user}/Maildir junk alias
> user vmail
> action "outbound" relay helo mx.maildomain.tld
>
I would suggest that you use lmtp for that - so one can use ham/spam with
dovecot to train rspamd.
action "domain1.tld" lmtp "/var/dovecot/lmtp" rcpt-to alias
action "domain2.tld" lmtp "/var/dovecot/lmtp" rcpt-to alias
> # Match incoming mail
> match from any for domain action "deliver_local"
> match for local action "deliver_local"
>
> # Match outgoing mail
> match from any auth for any action "outbound"
> match for any action "outbound"
> #
>
>
> /etc/dovecot/conf.d/10-auth.conf ###
> passdb {
> driver = passwd-file
> args = scheme=BLF-CRYPT /etc/mail/accounts
> }
> userdb {
> driver = static
> args = uid=vmail gid=vmail home=/home/vmail/%d/%u
> }
> #
>
>
> /etc/mail/accounts #
> ad...@fistdomain.tld:passwordhashfromsmtpctl
> ad...@seconddomain.tld:passwordhashfromsmtpctl
> unic...@seconddomain.tld:passwordhashfromsmtpctl
> #
>
> Is it possible to combine virtual users with an alias table as I have
> in action "deliver_local"?
>
> Example entry in alias table:
> cont...@firstdomain.tld: admin+cont...@firstdomain.tld
I guess you can't use an alias table but a table. That's why I have:
table domain1.tld file:/etc/mail/domain1.tld
table domain2.tld file:/etc/mail/domain2.tld
table domain3.tld file:/etc/mail/domain3.tld
and then e.g. in /etc/mail/domain1.tld:
user admin+cont...@domain1.tld
hostmaster hostmas...@domain2.tld
>
> Will this deliver to the folder "contact" of ad...@firstdomain.tld?
> In 'action "deliver_local"', is it correct to use {%dest.user} for
> this purpose?
>
>
> Also, how does dkim signing with rspamd work for multiple domains?
> Right now my /etc/rspamd/local.d/dkim-signing.conf looks like this:
>
> ##
> allow_username_mismatch = true;
>
> domain {
> firstdomain.tld {
> path = "/etc/mail/dkim/firstdomain.tld.key";
> selector = "blah";
> }
> }
> ##
>
> Will it work automatically by simply entering eg. 'seconddomain.tld
> {...}' with its respective keyfile and selector?
You need a current filter for that. I have:
filter "dkimsign" proc-exec "filter-dkimsign -d domain1.tld -d domain2.tld \
-d domain3.tld -s dkim_selector -k /etc/mail/dkim/dkim.key" \
user _dkimsign group _dkimsign
Note that you can specify the selector only once.
See: https://undeadly.org/cgi?action=article;sid=20200920073933
>
> Thanks a lot in advance, I appreciate any answers, even if incomplete!
> :)
>
> Best,
> Unicorn
>
>
>
>
>
--
wq: ~uw
Simple virtual user setup with multiple domains
Hello everyone,
I apologize in advance if these seem like a trivial question, I am
quite new to this and the amount of config files and options is a
little overwhelming. :)
I am currently running three mailservers that each serve one domain
with real user accounts, which is quite a pain to manage. I would like
to instead have one server be the MX for all of my domains, with
virtual users and their maildirs in a strucure like
/home/vmail/domain/user/Maildir.
In the process of writing my email I have written all my
configurations to the best of my ability, but I would appreciate your
feedback on any errors or suggestions for improvements, especially
since I intend to eventually make this into a guide:
/etc/mail/smtpd.conf ###
pki mx.maildomain.tld cert "/etc/ssl/mx.maildomain.tld.fullchain.pem"
pki mx.maildomain.tld key "/etc/ssl/private/mx.maildomain.tld.key"
# Junk filters, rspamd also for DKIM signing
filter check_dyndns phase connect match rdns regex { '.*\.dyn\..*',
'.*\.dsl\..*' } junk
filter check_rdns phase connect match !rdns junk
filter check_fcrdns phase connect match !fcrdns junk
filter rspamd proc-exec "filter-rspamd"
# Tables
table aliases file:/etc/mail/custom_aliases
table accounts file:/etc/mail/accounts
table domains {firstdomain.tld, seconddomain.tld, maildomain.tld}
# Listen for incoming mail and send through filters
listen on all tls pki mail.regrow.earth filter { check_dyndns,
check_rdns, check_fcrdns, rspamd }
# Listen for, authenticate and DKIM-sign outgoing mail requests
listen on all port submission tls-require pki mx.maildomain.tld auth
filter rspamd
action "deliver_local" maildir
/home/vmail/{%dest.domain}/{%dest.user}/Maildir junk alias
user vmail
action "outbound" relay helo mx.maildomain.tld
# Match incoming mail
match from any for domain action "deliver_local"
match for local action "deliver_local"
# Match outgoing mail
match from any auth for any action "outbound"
match for any action "outbound"
#
/etc/dovecot/conf.d/10-auth.conf ###
passdb {
driver = passwd-file
args = scheme=BLF-CRYPT /etc/mail/accounts
}
userdb {
driver = static
args = uid=vmail gid=vmail home=/home/vmail/%d/%u
}
#
/etc/mail/accounts #
ad...@fistdomain.tld:passwordhashfromsmtpctl
ad...@seconddomain.tld:passwordhashfromsmtpctl
unic...@seconddomain.tld:passwordhashfromsmtpctl
#
Is it possible to combine virtual users with an alias table as I have
in action "deliver_local"?
Example entry in alias table:
cont...@firstdomain.tld: admin+cont...@firstdomain.tld
Will this deliver to the folder "contact" of ad...@firstdomain.tld?
In 'action "deliver_local"', is it correct to use {%dest.user} for
this purpose?
Also, how does dkim signing with rspamd work for multiple domains?
Right now my /etc/rspamd/local.d/dkim-signing.conf looks like this:
##
allow_username_mismatch = true;
domain {
firstdomain.tld {
path = "/etc/mail/dkim/firstdomain.tld.key";
selector = "blah";
}
}
##
Will it work automatically by simply entering eg. 'seconddomain.tld
{...}' with its respective keyfile and selector?
Thanks a lot in advance, I appreciate any answers, even if incomplete!
:)
Best,
Unicorn
