This is an old revision of the document!
Here is how I set up my independent mail server.
In my /etc/smtpd.conf:
# PKI for TLS
pki mail.ircnow.org cert "/etc/ssl/ircnow.org.fullchain.pem"
pki mail.ircnow.org key "/etc/ssl/private/ircnow.org.key"
# tables setup
table aliases file:/etc/mail/aliases
table domains file:/etc/mail/domains
table passwd passwd:/etc/mail/passwd
table virtuals file:/etc/mail/virtuals
table hosts file:/etc/mail/hosts
table spammers file:/etc/mail/spammers
# Blocks junk mail
filter check_rdns phase connect match !rdns junk
filter check_fcrdns phase connect match !fcrdns junk
filter check_spammers phase connect match src <spammers> junk
# listeners
listen on lo0 mask-src
listen on lo0 port 10028 tag DKIM mask-src
listen on egress port 25 tls pki mail.ircnow.org mask-src filter { check_rdns check_fcrdns check_spammers } hostname ircnow.org
listen on egress port 587 tls-require pki mail.ircnow.org auth <passwd> mask-src filter { check_rdns check_fcrdns } hostname ircnow.org
# If mail is for any of our domains, pass it to dovecot
match from any for domain <domains> action "lmtp"
# If mail is tagged with DKIM, relay it out
match tag DKIM for any action "relay"
# If mail comes from known good hosts or has been authenticated, relay it to dkimproxy_out
match from src <hosts> for any action "relay_dkim"
match auth from any for any action "relay_dkim"
action "lmtp" lmtp "/var/dovecot/lmtp" rcpt-to virtual <virtuals>
action "relay" relay
action "relay_dkim" relay host smtp://127.0.0.1:10027