##
# PKI information
#

pki theos.kyriasis.com certificate "/etc/ssl/kyriasis-wosign/kyriasis-wosign-chain.crt"
pki theos.kyriasis.com key "/etc/ssl/kyriasis-wosign/private.key"


##
# Tables
#

# If you edit the file, you have to run "smtpctl update table users"
table users file:/etc/smtpd/users
table sendertable file:/etc/smtpd/senders


##
# Listen directives
#

listen on ens4 port 25  tls         pki theos.kyriasis.com auth-optional senders <sendertable> masquerade
listen on ens4 port 587 tls-require pki theos.kyriasis.com auth          senders <sendertable> masquerade
listen on ens4 port 465 smtps       pki theos.kyriasis.com auth          senders <sendertable> masquerade

listen on cjdns port 25  tls         pki theos.kyriasis.com auth-optional senders <sendertable> masquerade
listen on cjdns port 587 tls-require pki theos.kyriasis.com auth          senders <sendertable> masquerade

listen on lo port 10026 tag DKIM-IN
listen on lo port 10029 tag DKIM-OUT

listen on localhost senders <sendertable> masquerade


##
# Relay for hosts we act as a backup for
#

accept from any                          \
       for domain "lucifer.kyriasis.com" \
       relay backup theos.kyriasis.com


accept from any                        \
       for domain "the-tk.com"         \
       relay backup theos.kyriasis.com


##
# Incoming
#

# Handle incoming to mailing-lists
accept tagged DKIM-IN                                                            \
       from any                                                                  \
       for domain "lists.kyriasis.com" virtual { "@lists.kyriasis.com" = lists } \
       deliver to mda "/usr/local/bin/mlmmj-receive -L /home/lists/spool/%{dest.user:strip}/"

# Handle emails directly to local domain
accept tagged DKIM-IN                  \
       from any                        \
       for domain "theos.kyriasis.com" \
           alias  { root = kyrias }    \
       deliver to mda "/usr/bin/maildrop -d %{user.username}"

# Handle incoming to top-level domains
accept tagged DKIM-IN                           \
       from any                                 \
       for domain  { kyriasis.com, the-tk.com, hyperboria.se, h.hyperboria.se } \
           virtual <users>                      \
       deliver to mda "/usr/bin/maildrop -d %{user.username}"

# Handle local mail
accept from local \
       for local  \
       deliver to mda "/usr/bin/maildrop -d %{user.username}"

# Relay everything not already accepted through dkimproxy
accept from any                                                    \
       for domain { kyriasis.com, theos.kyriasis.com, the-tk.com, hyperboria.se, h.hyperboria.se } \
       relay via smtp://127.0.0.1:10025


##
# Outgoing
#

accept tagged DKIM-OUT \
       for any         \
       relay

accept for any \
       relay via smtp://127.0.0.1:10028