diff options
-rw-r--r-- | theos/init.sls | 1 | ||||
-rw-r--r-- | theos/opensmtpd.sls | 147 |
2 files changed, 148 insertions, 0 deletions
diff --git a/theos/init.sls b/theos/init.sls index a25d4b1..3303580 100644 --- a/theos/init.sls +++ b/theos/init.sls @@ -2,5 +2,6 @@ include: - theos.nginx.theos_kyriasis_com - theos.nginx.xan_kyriasis_com - theos.nginx.git_kyriasis_com + - theos.opensmtpd # vim: set ft=yaml et: diff --git a/theos/opensmtpd.sls b/theos/opensmtpd.sls new file mode 100644 index 0000000..99bad72 --- /dev/null +++ b/theos/opensmtpd.sls @@ -0,0 +1,147 @@ +opensmtpd: + pki: + theos.kyriasis.com: + certificate: /etc/letsencrypt/live/theos.kyriasis.com/fullchain.pem + key: /etc/letsencrypt/live/theos.kyriasis.com/privkey.pem + + + tables: + users: + type: file + path: /etc/smtpd/users + contents: + - 'erik: sysbunny@lucifer.kyriasis.com' + - 'sysbunny: sysbunny@lucifer.kyriasis.com' + - 'dellsama: sysbunny@lucifer.kyriasis.com' + + - 'tomasz.kramkowski: kyriasis-redirect@the-tk.com' + - 'tk: kyriasis-redirect@the-tk.com' + + - 'grawity: grawity@theos.kyriasis.com' + + - 'halosghost: halosghost@theos.kyriasis.com' + + - 'kyrias: kyrias@theos.kyriasis.com' + - 'johannes: kyrias@theos.kyriasis.com' + + - 'xan: xanadu@theos.kyriasis.com' + - 'xanadu: xanadu@theos.kyriasis.com' + - 'maus: xanadu@theos.kyriasis.com' + + - '@kyriasis.com: kyrias@theos.kyriasis.com' + - '@lists.kyriasis.com: lists@theos.kyriasis.com' + + sendertable: + type: file + path: /etc/smtpd/senders + contents: + - 'sysbunny: @lucifer.kyriasis.com,sysbunny@kyriasis.com,erik@kyriasis.com' + - 'grawity: grawity@theos.kyriasis.com,grawity@kyriasis.com' + - 'halosghost: halosghost@theos.kyriasis.com,halosghost@kyriasis.com' + - 'kyrias: @theos.kyriasis.com,@kyriasis.com' + - 'xanadu: xan@kyriasis.com,xanadu@kyriasis.com' + + + listeners: + - interface: ens4 + port: 25 + tls: True + pki: theos.kyriasis.com + auth-optional: True + senders: <sendertable> masquerade + + - interface: ens4 + port: 587 + tls-require: True + pki: theos.kyriasis.com + auth: True + senders: <sendertable> masquerade + + - interface: ens4 + port: 465 + smtps: True + pki: theos.kyriasis.com + auth: True + senders: <sendertable> masquerade + + - interface: cjdns + port: 25 + tls: True + pki: theos.kyriasis.com + auth-optional: True + senders: <sendertable> masquerade + + - interface: cjdns + port: 587 + tls-require: True + pki: theos.kyriasis.com + auth: True + senders: <sendertable> masquerade + + - interface: lo + port: 10026 + tag: DKIM-IN + + - interface: lo + port: 10029 + tag: DKIM-OUT + + - interface: localhost + senders: <sendertable> masquerade + + + rules: + - backup for lucifer: + type: accept + from: any + for: domain "lucifer.kyriasis.com" + relay: backup theos.kyriasis.com + + - backup for the-tk.com: + type: accept + from: any + for: domain "the-tk.com" + relay: backup + + - incoming mailinglists: + type: accept + tagged: DKIM-IN + from: any + for: domain "lists.kyriasis.com" virtual { "@lists.kyriasis.com" = list } + deliver_to: mda "/usr/local/bin/mlmmj-receive -L /home/lists/spool/%{dest.user:strip}/" + + - incoming to local host: + type: accept + tagged: DKIM-IN + for: domain "theos.kyriasis.com" alias { root = kyrias } + deliver_to: lmtp "/var/run/dovecot/lmtp" + + - incoming to top-level domains: + type: accept + tagged: DKIM-IN + from: any + for: 'domain { kyriasis.com, the-tk.com } virtual <users>' + deliver_to: lmtp "/var/run/dovecot/lmtp" + + - local email: + type: accept + from: local + for: local + deliver_to: lmtp "/var/run/dovecot/lmtp" + + - relay incoming through dkimproxy: + type: accept + from: any + for: domain { kyriasis.com, theos.kyriasis.com, the-tk.com } + relay: via smtp://127.0.0.1:10025 + + - outgoing from dkimproxy: + type: accept + tagged: DKIM-OUT + for: any + relay: True + + - outgoing to dkimproxy: + type: accept + for: any + relay: via smtp://127.0.0.1:10028 |