Last active
August 31, 2022 10:53
-
-
Save gretel/cfebc1ac2ad7f3631f8a364ce98d5465 to your computer and use it in GitHub Desktop.
low bs openbsd mail server configuration
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
# $OpenBSD: smtpd.conf,v 1.9 2016/05/03 18:43:45 jung Exp $ | |
# tables | |
table aliases file:/etc/mail/aliases | |
table domains file:/etc/mail/domains | |
table passwd file:/etc/mail/passwd | |
table secrets file:/etc/mail/secrets | |
table deny db:/etc/mail/deny.db | |
table receip db:/etc/mail/receip.db | |
table sender db:/etc/mail/sender.db | |
# tls | |
pki mail.biatch.host cert "/etc/letsencrypt/live/crapass.biatch.host/fullchain.pem" | |
pki mail.biatch.host key "/etc/letsencrypt/live/crapass.biatch.host/privkey.pem" | |
pki mail.biatch.host dhe auto | |
# options | |
smtp max-message-size 50M | |
queue encryption "HYO41yg7gVFUQOFFLig3tQEPwNvln0OY" | |
queue compression | |
filter "no_rdns" phase mail-from match !rdns reject "550 go away" | |
filter "no_fcrdns" phase mail-from match !fcrdns reject "550 go away" | |
filter "dnsbl" proc-exec "filter-dnsbl" | |
filter nazi_mode chain { no_rdns, no_fcrdns, dnsbl } | |
# listeners | |
listen on lo0 hostname "mail.biatch.host" filter "nazi_mode" tls tag IN_SMTP | |
listen on lo0 hostname "mail.biatch.host" smtps auth <passwd> received-auth tag IN_SMTPS | |
listen on lo0 hostname "mail.biatch.host" port submission tls-require auth <passwd> mask-src received-auth tag IN_SBMSSN | |
# inbound | |
action "lmtp-local" maildir alias <aliases> | |
action "lmtp-virtual" maildir virtual <receip> | |
# outbound | |
action "relay" relay host "smtp+tls://mail-spoofer@email-smtp.eu-west-1.amazonaws.com" auth <secrets> helo "mail.biatch.host" | |
# blacklist | |
match for any from any mail-from <deny> reject | |
# local-local | |
match from local for local action "lmtp-local" | |
# internet-auth-local | |
match auth from any for domain <domains> action "lmtp-virtual" | |
# internet-receip-local | |
match from any for any rcpt-to <receip> action "lmtp-virtual" | |
# local-auth-internet | |
match auth from any ! for domain <domains> action "relay" |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment