mirrors/maddy
1
0
Fork 0
mirror of https://github.com/foxcpp/maddy.git synced 2025-04-04 05:37:34 +03:00
Code Issues Projects Releases Packages Wiki Activity
maddy/maddy.conf
fox.cpp 3217b872fa
Remove global versions of the _perdomain directives 
See #172.
2019-12-02 19:49:48 +03:00

132 lines
3.8 KiB
Text
Raw Blame History

# hostname is the identifier of this mail server.
# It is recommended to set it to the domain that resolves to the IP of this
# server.
$(hostname) = example.org
# Primary domain is used as a sender of autogenerated messages and
# ADMD for DKIM signatures.
# For simple configurations, it is usually equal to $(hostname).
$(primary_domain) = example.org
# All domains we want to receive messages for.
$(local_domains) = $(primary_domain)
# Location of TLS certificate and private key. Global directive is used for all
# endpoints.
tls /etc/maddy/certs/$(hostname)/fullchain.pem \
/etc/maddy/certs/$(hostname)/privkey.pem
# -------------
# Below are all remaining details you probably don't have to care
# about if you just want a working mail server.
# -------------
hostname $(hostname)
# Domain that will be used in From field in auto-generated messages.
# (notably, notifications about failed deliveries)
autogenerated_msg_domain $(primary_domain)
# Create and initialize sql module, it provides simple authentication and
# storage backend using one database for everything.
sql local_mailboxes local_authdb {
driver sqlite3
dsn all.db
}
smtp tcp://0.0.0.0:25 {
check {
# Verify that hostname in EHLO/HELO resolves to the source IP. Fail if it is not.
require_matching_ehlo
# Verify that domain in MAIL FROM does have a MX record.
require_mx_record
# Verify DKIM signatures in incoming messages.
verify_dkim
# Enforce sender's SPF policy.
apply_spf
}
# Enforce sender's DMARC policy.
# Report generation is not implemented yet.
dmarc yes
modify {
# Implement plus-address notation.
replace_rcpt /(.+)\+(.+)@(.+)/ $1@$3
# <postmaster> address without domain is the standard (RFC 5321) way
# to contact the server owner so redirect it to a real address we
# can handle.
replace_rcpt postmaster postmaster@$(primary_domain)
# Resolve aliases using text map file. See alias_file section
# in maddy-filter(5) for details.
alias_file /etc/maddy/aliases
}
# All messages for the recipients at $(local_domains) should be
# delivered to local mailboxes.
destination $(local_domains) {
deliver_to &local_mailboxes
}
# Other recipients are rejected because we are not an open relay.
default_destination {
reject 550 5.1.1 "User not local"
}
}
submission tls://0.0.0.0:465 {
# Use sql module for authentication.
auth &local_authdb
modify {
sign_dkim $(primary_domain) default
}
# All messages for the recipients at $(local_domains) should be
# delivered to local mailboxes directly.
destination $(local_domains) {
deliver_to &local_mailboxes
}
# Remaining recipients are enqueued for remote delivery.
default_destination {
deliver_to &remote_queue
}
}
queue remote_queue {
# Try to deliver message up to 8 tries. Note that this counter is not per
# recipient, but for entire message.
max_tries 8
# Try to deliver up to 16 messages concurrently.
max_parallelism 16
# Send messages to remote MTA discovered using DNS MX records.
target remote {
# Use MTA-STS policies and DNSSEC-signed zones to authenticate MX
# records before use. This is important to keep TLS secure.
authenticate_mx mtasts dnssec
}
# This is how bounce messages (aka DSNs) will be routed.
# The syntax is same as smtp/submission directives.
bounce {
destination $(local_domains) {
deliver_to &local_mailboxes
}
default_destination {
reject 550 5.0.0 "Refusing to send DSNs to non-local addresses"
}
}
}
imap tls://0.0.0.0:993 {
auth &local_authdb
storage &local_mailboxes
}
Reference in a new issue View git blame Copy permalink