La configuration présentée n’utilise pas de domaine virtuel.
DKIM et Spamassassin sont utilisés, ainsi qu’une liste de bannissement.
Editer le fichier /etc/mail/smtpd.conf :
table blacklist { "xx@yy" }
table aliases file:/etc/mail/aliases
table sources { 145.148.129.91 }
table helonames { 145.148.129.91 = crikcrak.org }
queue compression
smtp max-message-size 20M
pki crikcrak.org key "/etc/ssl/private/crikcrakletsencrypt.key"
pki crikcrak.org cert "/etc/ssl/crikcrakletsencrypt.crt"
ca crikcrak.org cert "/etc/ssl/crikcrakletsencrypt.fullchain.pem"
listen on lo0
listen on lo0 port 10026 tag SPAMASSASSIN
listen on lo0 port 10028 tag DKIM
listen on egress tls-require pki crikcrak.org hostname crikcrak.org
listen on egress smtps hostname crikcrak.org pki crikcrak.org auth
listen on egress port submission hostname crikcrak.org tls-require pki crikcrak.org auth
action "send" relay src <sources> helo-src <helonames>
action "sendtomaildir" maildir "~/Maildir" junk alias <aliases>
action "sendtospamproxy" relay host smtp://127.0.0.1:10025
action "sendtodkimproxy" relay host smtp://127.0.0.1:10027
match from any mail-from <blacklist> for any reject
match for local action "sendtomaildir"
match tag SPAMASSASSIN from any for domain "crikcrak.org" action "sendtomaildir"
match from any for domain "crikcrak.org" action "sendtospamproxy"
match tag DKIM for any action "send"
match auth tag DKIM from any for any action "send"
match auth from any for any action "sendtodkimproxy"
match for any action "sendtodkimproxy"
Attention à la dernière directive match, ne pas y ajouter from any au risque de transformer
votre serveur en relai ouvert.
Vous pouvez tester votre configuration en vous rendant sur le site MX Tool Box.
Switching to OpenSMTPD new config