/etc/mail/smtpd.conf

Example for multiple domains

Example 1 (rspamd)

# install :
#   opensmtpd-filter-rspamd
#   opensmtpd-filter-senderscore
table aliases "/etc/mail/aliases"
table domains "/etc/mail/domains"
table passwd "/etc/mail/passwd"
table virtuals "/etc/mail/virtuals"
pki athome.tld key "/etc/ssl/private/athome.tld.key"
pki athome.tld cert "/etc/ssl/athome.tld.crt"
pki domaine2.net key "/etc/ssl/private/domaine2.net.key"
pki domaine2.net cert "/etc/ssl/domaine2.net.crt"
pki autredomaine.xyz key "/etc/ssl/private/autredomaine.xyz.key"
pki autredomaine.xyz cert "/etc/ssl/autredomaine.xyz.crt"
# certificat par defaut
pki "*" key "/etc/ssl/private/athome.tld.key"
pki "*" cert "/etc/ssl/athome.tld.crt"
filter senderscore \
         proc-exec "filter-senderscore -junkBelow 70 -slowFactor 2000"
filter rspamd proc-exec "filter-rspamd"
listen on all tls pki athome.tld \
    filter { senderscore, rspamd }
listen on all port submission tls-require pki athome.tld auth <passwd> \
    filter rspamd
action "relay" relay
action relaybackup relay backup tls helo "si3t.ch"
action "local_mail" maildir alias <aliases>
action virtual_maildir maildir "/home/_vmail/%{dest.domain:lowercase}/%{dest.user:lowercase}/Maildir" junk virtual <virtuals>
match from any for domain <domains> action virtual_maildir
match from any for local action local_mail
match from any for domain friend.eu action relaybackup
match auth from any for any action "relay"
match for any action "relay"

Example 2 (spamassassin + dkimproxy)

Only one certificate matching all domains is used here.

We add some options on queue, because.

table aliases "/etc/mail/aliases"
table passwd "/etc/mail/passwd"
table virtuals "/etc/mail/virtuals"
table domains "/etc/mail/domains"
pki athome.tld key "/etc/ssl/private/athome.tld.key"
pki athome.tld cert "/etc/ssl/athome.tld.crt"
queue compression # less disk space
queue encryption 7dbecabecabeca45bce4aebc # encrypt all o/
filter senderscore \
         proc-exec "filter-senderscore -junkBelow 70 -slowFactor 2000"
listen on lo0 port 10028 tag DKIM   
listen on lo0 port 10026 tag SPAMASSASSIN
listen on all tls pki athome.tld filter { senderscore }
listen on all port submission tls-require pki athome.tld auth <passwd> 
action "envoi" relay 
action dkimproxy relay host smtp://127.0.0.1:10027 
action spamassassin relay host smtp://127.0.0.1:10025 
action local_mail maildir alias <aliases>
action relaybackup relay backup mx "athome.tld" helo "athome.tld"
action virtual_maildir maildir "/var/vmail/%{dest.domain:lowercase}/%{dest.user:lowercase}/Maildir" junk virtual <virtuals>
match for local action local_mail
match tag SPAMASSASSIN from any for domain <domains> action virtual_maildir
match from any for domain <domains> action spamassassin
match tag DKIM for any action "envoi"
match auth tag DKIM from any for any action "envoi"
match from any for domain copain.eu action relaybackup
match auth from any for any action dkimproxy
match for any action dkimproxy

/etc/mail/domains

All MX records

athome.tld 
domaine2.net 
other.xyz