From f49defb57c32a929801ab56d877d631340ca3284 Mon Sep 17 00:00:00 2001
From: Tomasz Kramkowski <tk@the-tk.com>
Date: Fri, 31 Jan 2020 12:15:26 +0000
Subject: init

---
 domains    |  2 ++
 senders    |  2 ++
 smtpd.conf | 38 ++++++++++++++++++++++++++++++++++++++
 srcban     |  2 ++
 users      |  4 ++++
 5 files changed, 48 insertions(+)
 create mode 100644 domains
 create mode 100644 senders
 create mode 100644 smtpd.conf
 create mode 100644 srcban
 create mode 100644 users

diff --git a/domains b/domains
new file mode 100644
index 0000000..4b79140
--- /dev/null
+++ b/domains
@@ -0,0 +1,2 @@
+example.org
+broken.com
diff --git a/senders b/senders
new file mode 100644
index 0000000..77dfe92
--- /dev/null
+++ b/senders
@@ -0,0 +1,2 @@
+me @example.org
+other @broken.com
diff --git a/smtpd.conf b/smtpd.conf
new file mode 100644
index 0000000..4321572
--- /dev/null
+++ b/smtpd.conf
@@ -0,0 +1,38 @@
+pki smtp.example.org cert ".../fullchain.pem"
+pki smtp.example.org key ".../privkey.pem"
+
+table domainst "/etc/smtpd/domains"
+table senderst "/etc/smtpd/senders"
+table srcban "/etc/smtpd/srcban"
+table userst "/etc/smtpd/users"
+table redsrcdom { smtp.foo.org }
+table redrcpt { redirect@example.org }
+
+listen on enp0s4 tls pki smtp.example.org auth-optional senders <senderst>
+listen on enp0s4 smtps pki smtp.example.org auth-optional senders <senderst>
+listen on enp0s4 port 587 tls-require pki smtp.example.org auth-optional senders <senderst>
+
+listen on lo port 10026 tag PASS-IN mask-src
+listen on lo port 10029 tag PASS-OUT mask-src
+
+listen on localhost
+
+action md mda "/usr/bin/maildrop -d %{user.username}"
+action md_virt mda "/usr/bin/maildrop -d %{user.username}" virtual <userst>
+action sa relay host smtp://localhost:10026
+action no_sa relay host smtp://localhost:10024
+action "relay" relay
+action dkim relay host smtp://localhost:10028
+
+match ! from local ! auth for any mail-from <srcban> reject
+
+match tag PASS-IN for domain <domainst> action md_virt
+
+match from src <redsrcdom> rcpt-to <redrcpt> action no_sa
+
+match from any for domain <domainst> action sa
+
+match for any tag PASS-OUT action "relay"
+
+match from any auth for any action dkim
+match for any action dkim
diff --git a/srcban b/srcban
new file mode 100644
index 0000000..5745e7e
--- /dev/null
+++ b/srcban
@@ -0,0 +1,2 @@
+@example.org
+@broken.com
diff --git a/users b/users
new file mode 100644
index 0000000..8162530
--- /dev/null
+++ b/users
@@ -0,0 +1,4 @@
+mailing-list mlmmj
+postmaster@broken.com me
+@broken.com other
+@ me
-- 
cgit v1.2.3-54-g00ecf