This is an old revision of the document!
This document describes the process of configuring the OpenSMTPD service as part of the server mail system. The mail system includes the following services: OpenSMTPD, DKIMproxy and Dovecot. But only OpenSMTPD will be considered here.
First, let's create additional service files for the server, which will contain users, a list of hosts, and so on. And also we will restrict access to them for other users of the system.
doas touch /etc/mail/domains doas touch /etc/mail/vusers doas touch /etc/mail/hosts doas touch /etc/mail/passwd
doas chmod 640 /etc/mail/domains doas chmod 640 /etc/mail/vusers doas chmod 640 /etc/mail/hosts doas chmod 640 /etc/mail/passwd doas chmod 640 /etc/mail/smtpd.conf
The next step is to replace the contents of the standard configuration file as here:
pki example.com cert "/etc/ssl/example/example.pem" pki example.com key "/etc/ssl/example/private/example.key" table aliases file:/etc/mail/aliases table domains file:/etc/mail/domains table hosts file:/etc/mail/hosts #table vusers file:/etc/mail/vusers #table passwd file:/etc/mail/passwd listen on lo0 mask-src listen on lo0 port 10028 tag DKIM mask-src listen on egress port 25 tls pki example.com mask-src #listen on egress port 587 tls-require pki example.com auth <passwd> mask-src action "local_mail" mbox alias <aliases> action "relay_dkim" relay host smtp://127.0.0.1:10027 action "relay" relay #action "lmtp" lmtp "/var/dovecot/lmtp" rcpt-to virtual <vusers> match from local for local action "local_mail" #match from local for domain <domains> action "lmtp" match tag DKIM for any action "relay" match from local for any action "relay_dkim" match from src <hosts> for any action "relay_dkim" #match from any for domain <domains> action "lmtp"
In the first step, we created additional files, now we need to fill them with data.
The domains file is used to receive mail. Therefore, it must contain a list of domains from which the server is an endpoint. In our case, this is so:
example.com
The hosts file is used for relay operation. It contains a list of remote hosts for which you are allowed to relay mail without authorization. In our case, this is so:
10.10.10.10
The vusers file is used to receive mail. It contains a list of mailboxes. This is an example: admin@example.com mailman hostmaster@example.com mailman ircnowguy@example.com mailman
The passwd file contains a list of accounts for authorization. This is a possible option:
ircnowguy@example.com:$2b$09$hD17XLkUb4doE3bjvn4v1uYVF3/tldQBKvDTcCbDta1a6NZNA1zue
doas rcctl stop smtpd doas rm -r /var/spool/smtpd doas rcctl -d start smtpd
doas rcctl -d start smtpd doing _rc_parse_conf doing _rc_quirks smtpd_flags empty, using default >< doing rc_check smtpd doing rc_start doing _rc_wait start doing rc_check doing _rc_write_runfile (ok)