• View
• Edit
• History
• Print

Shell

This sample configuration provides Maildir support for local users where the local users are prevented from spoofing the sender.

# PKI for TLS
pki example.com cert "/etc/ssl/example.com.crt"
pki example.com key "/etc/ssl/private/example.com.key"

# tables setup
table domains file:/etc/mail/domains
table aliases file:/etc/mail/aliases
table hosts file:/etc/mail/hosts
table users file:/etc/mail/users

# Blocks junk mail
filter check_rdns phase connect match !rdns junk
filter check_fcrdns phase connect match !fcrdns junk
filter "dkimsign" proc-exec "filter-dkimsign -d example.com -s mail -k /etc/mail/dkim/private.key" user _dkimsign group _dkimsign

# macros
ipv4 = "198.51.100.2"
ipv6 = "2001:db8::2"
optional = "pki example.com auth-optional mask-src senders <users> filter { check_rdns check_fcrdns } hostname example.com"
required = "pki example.com auth mask-src senders <users> filter { dkimsign } hostname example.com"

# listeners
listen on socket filter "dkimsign"
listen on lo0 filter "dkimsign"
listen on $ipv4 port 25 tls $optional
listen on $ipv6 port 25 tls $optional
listen on $ipv4 port 465 smtps $required
listen on $ipv6 port 465 smtps $required
listen on $ipv4 port 587 tls-require $required
listen on $ipv6 port 587 tls-require $required

# rules
action "maildir" maildir "%{user.directory}/Maildir" junk alias <aliases>
action "outbound" relay src <hosts>

match !from local for domain <domains> action "maildir"
match auth !from local for any action "outbound"
match for rcpt-to regex "admin@example.com" action "outbound"
match for rcpt-to regex "admin" action "maildir"

Replace the username admin with the admin's actual username., and replace admin@example.com with the actual email address.

In /etc/mail/aliases:

root:   admin
admin:   admin@example.com

In /etc/mail/domains:

example.com

In /etc/mail/users:

username: username@example.com

See the dovecot maildir guide for IMAP/POP support.