mirrors/maddy
1
0
Fork 0
mirror of https://github.com/foxcpp/maddy.git synced 2025-04-06 22:47:37 +03:00
Code Issues Projects Releases Packages Wiki Activity

docs: Explain how to configure maddy with multiple domains

Browse source 
Closes #198.
This commit is contained in:
fox.cpp 2020-02-16 02:29:59 +03:00
parent 5bf8cb9f03
commit fee43f7971
No known key found for this signature in database
GPG key ID: E76D97CCEDE90B6C
2 changed files with 99 additions and 0 deletions
Download patch file Download diff file Expand all files Collapse all files

1
.mkdocs.yml
View file

@ -14,6 +14,7 @@ nav:
- tutorials/setting-up.md
- tutorials/manual-installation.md
- tutorials/alias-to-remote.md
- tutorials/multiple-domains.md
- seclevels.md
- unicode.md
- specifications.md

98
docs/tutorials/multiple-domains.md Normal file
View file

@ -0,0 +1,98 @@
# Multiple domains configuration
## Separate account namespaces
Given two domains, example.org and example.com. foo@example.org and
foo@example.com are different and completely independent accounts.
All changes needed to make it work is to make sure all domains are specified in
the `$(local_domains)` macro in the main configuration file. Note that you need
to pick one domain as a "primary" for use in auto-generated messages.
```
$(primary_domain) = example.org
$(local_domains) = $(primary_domain) example.com
```
The base configuration is done. You can create accounts using maddyctl using
both domains in the name, send and receive messages and so on. Do not forget
to configure corresponding SPF, DMARC and MTA-STS records as was
recommended in the [introduction tutorial](setting-up.md).
### DKIM
However, one thing needs special attention since at the moment maddy lacks the
ability to automatically select the corresponding DKIM key. Without additional
changes with the above configuration it will sign all messages using the key
for the primary domain. So you should configure corresponding mappings to make
it use the proper key depending on the sender domain.
To do so, open your configuration and look for the `submission` endpoint block.
Then take a look at `default_destination` directive that is responsible for
handling deliveries to non-local addresses there.
You will notice it referes to the `local_modifiers` block which uses `sign_dkim
$(primary_domain) default`. It is kinda obvious what is happening here.
First, remove the `deliver_to &remote_queue` line from here and replace it with
the following:
```
reroute {
source example.com {
modify { sign_dkim example.com default }
deliver_to &remote_queue
}
source example.org {
modify { sign_dkim example.org default }
deliver_to &remote_queue
}
default_source {
reject 501 5.1.8 "Non-local sender domain"
}
}
```
Replace example.com and example.org with your domains. Add more `source`
blocks if you need to handle more domains.
This whole block tells maddy to take a look at the sender domain after deciding
that the message should be sent to the Internet and apply the corresponding set
of modifiers. Each set of modifiers consequently contains the `sign_dkim`
module reference that is responsible for DKIM signature creation using
domain-specific key. After that the message ends up in the outbound queue as
usual.
## Single account namespace
Lets say you want to handle messages for domains example.org and example.com
and make that foo@example.org and foo@example.com are the same accounts.
Sadly, this case is not very well-supported by maddy, but it still can be
implemented.
You already should have the primary domain set for autogenerated messages and
so on. The idea is to redirect all messages from non-primary domains to the
primary one.
For each handled domain, the following line should be added to the
`local_modifiers` block:
```
replace_rcpt /(.+)@example.com/ $1@$(primary_domain)
```
It does regexp replacement, turning anything@example.com into
anything@$(primary_domain) where $(primary_domain) in our case is example.org.
E.g.
```
$(primary_domain) = example.org
modifiers local_modifiers {
replace_rcpt /(.+)@example.net/ $1@$(primary_domain)
replace_rcpt /(.+)@example.com/ $1@$(primary_domain)
}
```
With that configuration, all messages for foo@example.net and foo@example.com
will end up in the foo@example.org mailbox.
Note, however, no account credentials aliasing is done. Users should always use
the account name with the primary domain to access IMAP mailboxes.
**Note 1**: All domains should still be listed in the `$(local_domains)` macro.
**Note 2**: Section about DKIM key selection still applies.