summaryrefslogtreecommitdiffstats
path: root/opensmtpd/theos.sls
blob: 8e8ec2e0d1a60afc35c0353220d4031b2168de83 (plain)
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
opensmtpd:
  pki:
    theos.kyriasis.com:
      certificate: /etc/smtpd/certs/fullchain.pem
      key: /etc/smtpd/certs/privkey.pem


  tables:
    users:
      type: file
      path: /etc/smtpd/users
      contents:
        - 'erik: sysbunny@lucifer.kyriasis.com'
        - 'sysbunny: sysbunny@lucifer.kyriasis.com'
        - 'dellsama: sysbunny@lucifer.kyriasis.com'

        - 'tomasz.kramkowski: kyriasis-redirect@the-tk.com'
        - 'tk: kyriasis-redirect@the-tk.com'

        - 'grawity: grawity@theos.kyriasis.com'

        - 'halosghost: halosghost@theos.kyriasis.com'

        - 'kyrias: kyrias@theos.kyriasis.com'
        - 'johannes: kyrias@theos.kyriasis.com'

        - 'xan: xanadu@theos.kyriasis.com'
        - 'xanadu: xanadu@theos.kyriasis.com'
        - 'maus: xanadu@theos.kyriasis.com'

        - '@kyriasis.com: kyrias@theos.kyriasis.com'
        - '@lists.kyriasis.com: lists@theos.kyriasis.com'
        - '@remmy.foo: kyrias@theos.kyriasis.com'

    sendertable:
      type: file
      path: /etc/smtpd/senders
      contents:
        - 'sysbunny: @lucifer.kyriasis.com,sysbunny@kyriasis.com,erik@kyriasis.com'
        - 'grawity: grawity@theos.kyriasis.com,grawity@kyriasis.com'
        - 'halosghost: halosghost@theos.kyriasis.com,halosghost@kyriasis.com'
        - 'kyrias: @theos.kyriasis.com,@kyriasis.com,@remmy.foo'
        - 'xanadu: xan@kyriasis.com,xanadu@kyriasis.com'

  listeners:
    - interface: enp0s3
      port: 25
      tls: True
      pki: theos.kyriasis.com
      auth-optional: True
      senders: <sendertable> masquerade

    - interface: enp0s3
      port: 587
      tls-require: True
      pki: theos.kyriasis.com
      auth: True
      senders: <sendertable> masquerade

    - interface: enp0s3
      port: 465
      smtps: True
      pki: theos.kyriasis.com
      auth: True
      senders: <sendertable> masquerade

    - interface: lo
      port: 10029
      tag: DKIM-OUT

    - interface: lo
      port: 10031
      tag: SpamAssassin

    - interface: localhost
      senders: <sendertable> masquerade


  rules:
    - backup for lucifer:
        type: accept
        from: any
        for: domain "lucifer.kyriasis.com"
        relay: backup theos.kyriasis.com

    - incoming to local host:
        type: accept
        tagged: SpamAssassin
        for: domain "theos.kyriasis.com" alias { root = kyrias }
        deliver_to: lmtp "/var/run/dovecot/lmtp"

    - incoming mailinglists:
        type: accept
        tagged: SpamAssassin
        for: domain "lists.kyriasis.com" virtual { "@lists.kyriasis.com" = lists }
        deliver_to: mda "/usr/local/bin/mlmmj-receive -L /home/lists/spool/%{dest.user:strip}/"

    - incoming to top-level domains:
        type: accept
        tagged: SpamAssassin
        for: 'domain { kyriasis.com, remmy.foo } virtual <users>'
        deliver_to: lmtp "/var/run/dovecot/lmtp"

    - relay incoming through dkimproxy:
        type: accept
        from: any
        for: domain { kyriasis.com, theos.kyriasis.com, lists.kyriasis.com, remmy.foo }
        relay: via smtp://127.0.0.1:10025

    - outgoing from dkimproxy:
        type: accept
        tagged: DKIM-OUT
        for: any
        relay: True

    - outgoing to dkimproxy:
        type: accept
        for: any
        relay: via smtp://127.0.0.1:10028