## Maddy Mail Server - default configuration file (2021-03-07) # Suitable for small-scale deployments. Uses its own format for local users DB, # should be managed via maddyctl utility. # # See tutorials at https://maddy.email for guidance on typical # configuration changes. # # See manual pages (also available at https://maddy.email) for reference # documentation. # ---------------------------------------------------------------------------- # Base variables state_dir ${stateDir} $(hostname) = mx.mydomain.com hostname $(hostname) $(primary_domain) = mydomain.com $(local_domains) = $(primary_domain) tls file /etc/letsencrypt/live/$(hostname)/fullchain.pem /etc/letsencrypt/live/$(hostname)/privkey.pem # ---------------------------------------------------------------------------- # Local storage & authentication # pass_table provides local hashed passwords storage for authentication of # users. It can be configured to use any "table" module, in default # configuration a table in SQLite DB is used. # Table can be replaced to use e.g. a file for passwords. Or pass_table module # can be replaced altogether to use some external source of credentials (e.g. # PAM, /etc/shadow file). # # If table module supports it (sql_table does) - credentials can be managed # using 'maddyctl creds' command. # TODO replace with a static table with password hashes stored in the # config, if possible auth.pass_table local_authdb { table sql_table { driver sqlite3 dsn credentials.db table_name passwords } } # ---------------------------------------------------------------------------- # Outgoing SMTP target.remote outbound_delivery { mx_auth { dane mtasts { cache fs fs_dir mtasts_cache/ } local_policy { min_tls_level encrypted min_mx_level none } } } submission tcp://0.0.0.0:587 { auth &local_authdb insecure_auth true modify { dkim $(primary_domain) $(local_domains) default } deliver_to &outbound_delivery } # ---------------------------------------------------------------------------- # Incoming SMTP target.smtp forward_to_desktop { targets tcp://mediocre-desktop.private-domain.com:25 } smtp tcp://0.0.0.0:25 { limits { all rate 5 1s all concurrency 2 } dmarc yes check { require_mx_record dkim spf } source $(local_domains) { reject 501 5.1.8 "Use Submission for outgoing SMTP" } default_source { destination postmaster $(local_domains) { deliver_to &forward_to_desktop } default_destination { reject 550 5.1.1 "User doesn't exist" } } }