summaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
-rw-r--r--theos/init.sls1
-rw-r--r--theos/opensmtpd.sls147
2 files changed, 148 insertions, 0 deletions
diff --git a/theos/init.sls b/theos/init.sls
index a25d4b1..3303580 100644
--- a/theos/init.sls
+++ b/theos/init.sls
@@ -2,5 +2,6 @@ include:
- theos.nginx.theos_kyriasis_com
- theos.nginx.xan_kyriasis_com
- theos.nginx.git_kyriasis_com
+ - theos.opensmtpd
# vim: set ft=yaml et:
diff --git a/theos/opensmtpd.sls b/theos/opensmtpd.sls
new file mode 100644
index 0000000..99bad72
--- /dev/null
+++ b/theos/opensmtpd.sls
@@ -0,0 +1,147 @@
+opensmtpd:
+ pki:
+ theos.kyriasis.com:
+ certificate: /etc/letsencrypt/live/theos.kyriasis.com/fullchain.pem
+ key: /etc/letsencrypt/live/theos.kyriasis.com/privkey.pem
+
+
+ tables:
+ users:
+ type: file
+ path: /etc/smtpd/users
+ contents:
+ - 'erik: sysbunny@lucifer.kyriasis.com'
+ - 'sysbunny: sysbunny@lucifer.kyriasis.com'
+ - 'dellsama: sysbunny@lucifer.kyriasis.com'
+
+ - 'tomasz.kramkowski: kyriasis-redirect@the-tk.com'
+ - 'tk: kyriasis-redirect@the-tk.com'
+
+ - 'grawity: grawity@theos.kyriasis.com'
+
+ - 'halosghost: halosghost@theos.kyriasis.com'
+
+ - 'kyrias: kyrias@theos.kyriasis.com'
+ - 'johannes: kyrias@theos.kyriasis.com'
+
+ - 'xan: xanadu@theos.kyriasis.com'
+ - 'xanadu: xanadu@theos.kyriasis.com'
+ - 'maus: xanadu@theos.kyriasis.com'
+
+ - '@kyriasis.com: kyrias@theos.kyriasis.com'
+ - '@lists.kyriasis.com: lists@theos.kyriasis.com'
+
+ sendertable:
+ type: file
+ path: /etc/smtpd/senders
+ contents:
+ - 'sysbunny: @lucifer.kyriasis.com,sysbunny@kyriasis.com,erik@kyriasis.com'
+ - 'grawity: grawity@theos.kyriasis.com,grawity@kyriasis.com'
+ - 'halosghost: halosghost@theos.kyriasis.com,halosghost@kyriasis.com'
+ - 'kyrias: @theos.kyriasis.com,@kyriasis.com'
+ - 'xanadu: xan@kyriasis.com,xanadu@kyriasis.com'
+
+
+ listeners:
+ - interface: ens4
+ port: 25
+ tls: True
+ pki: theos.kyriasis.com
+ auth-optional: True
+ senders: <sendertable> masquerade
+
+ - interface: ens4
+ port: 587
+ tls-require: True
+ pki: theos.kyriasis.com
+ auth: True
+ senders: <sendertable> masquerade
+
+ - interface: ens4
+ port: 465
+ smtps: True
+ pki: theos.kyriasis.com
+ auth: True
+ senders: <sendertable> masquerade
+
+ - interface: cjdns
+ port: 25
+ tls: True
+ pki: theos.kyriasis.com
+ auth-optional: True
+ senders: <sendertable> masquerade
+
+ - interface: cjdns
+ port: 587
+ tls-require: True
+ pki: theos.kyriasis.com
+ auth: True
+ senders: <sendertable> masquerade
+
+ - interface: lo
+ port: 10026
+ tag: DKIM-IN
+
+ - interface: lo
+ port: 10029
+ tag: DKIM-OUT
+
+ - interface: localhost
+ senders: <sendertable> masquerade
+
+
+ rules:
+ - backup for lucifer:
+ type: accept
+ from: any
+ for: domain "lucifer.kyriasis.com"
+ relay: backup theos.kyriasis.com
+
+ - backup for the-tk.com:
+ type: accept
+ from: any
+ for: domain "the-tk.com"
+ relay: backup
+
+ - incoming mailinglists:
+ type: accept
+ tagged: DKIM-IN
+ from: any
+ for: domain "lists.kyriasis.com" virtual { "@lists.kyriasis.com" = list }
+ deliver_to: mda "/usr/local/bin/mlmmj-receive -L /home/lists/spool/%{dest.user:strip}/"
+
+ - incoming to local host:
+ type: accept
+ tagged: DKIM-IN
+ for: domain "theos.kyriasis.com" alias { root = kyrias }
+ deliver_to: lmtp "/var/run/dovecot/lmtp"
+
+ - incoming to top-level domains:
+ type: accept
+ tagged: DKIM-IN
+ from: any
+ for: 'domain { kyriasis.com, the-tk.com } virtual <users>'
+ deliver_to: lmtp "/var/run/dovecot/lmtp"
+
+ - local email:
+ type: accept
+ from: local
+ for: local
+ deliver_to: lmtp "/var/run/dovecot/lmtp"
+
+ - relay incoming through dkimproxy:
+ type: accept
+ from: any
+ for: domain { kyriasis.com, theos.kyriasis.com, the-tk.com }
+ relay: via smtp://127.0.0.1:10025
+
+ - outgoing from dkimproxy:
+ type: accept
+ tagged: DKIM-OUT
+ for: any
+ relay: True
+
+ - outgoing to dkimproxy:
+ type: accept
+ for: any
+ relay: via smtp://127.0.0.1:10028