# This is the smtpd server system-wide configuration file.
# See smtpd.conf(5) for more information.

# PKI setup
pki mail.anarcha.pink certificate "/etc/letsencrypt/live/mail.anarcha.pink/fullchain.pem"
pki mail.anarcha.pink key "/etc/letsencrypt/live/mail.anarcha.pink/privkey.pem"
pki mail.anarcha.pink dhe auto

queue encryption key d960c8b7a34a5b37fc6bfcd637462a4f

# To accept external mail, replace with: listen on all
listen on eth0 port 25 tls pki mail.anarcha.pink hostname mail.anarcha.pink auth-optional tag IN
listen on eth0 port 465 smtps pki mail.anarcha.pink hostname mail.anarcha.pink auth tag IN
listen on eth0 port 587 tls-require pki mail.anarcha.pink hostname mail.anarcha.pink auth tag IN
listen on lo tag IN

# Tag packets from dkimproxy
listen on lo port 10029 tag DKIM_SIGNED mask-source

# When spam is done, go here, receiveing from spamc
listen on lo port 10025 tag SPAM_CHECKED

# If you edit the file, you have to run "smtpctl update table aliases"
table aliases file:/etc/aliases

# Local delivery
accept from local for local alias <aliases> deliver to lmtp "/var/run/dovecot/lmtp"

# Uncomment the following to accept external mail for domain "anarcha.pink"
accept tagged SPAM_CHECKED from any for local deliver to lmtp "/var/run/dovecot/lmtp"

# Send from IN to spamc
accept tagged IN from any for domain "anarcha.pink" alias <aliases> deliver to mda "/usr/local/bin/rspamd.py %{sender} %{user.username}" as nobody

# DKIM_SIGNED is relayed
accept tagged DKIM_SIGNED for any relay

#Untagged DKIM ! relay first to the dkimproxy
accept tagged ! DKIM_SIGNED for any relay via smtp://127.0.0.1:10028

# Output goes to DKIMfilter
accept from local for any relay pki mail.anarcha.pink