IRCNow

You are here: start » openbsd » mail » opensmtpd3

Here is how I set up my independent mail server. It is based on the old (now deleted) OpenSMTPd FAQ.

Make sure to install opensmtpd-extras: 

$ doas pkg_add opensmtpd-extras

In my /etc/mail/smtpd.conf: 

# PKI for TLS
pki mail.ircnow.org cert "/etc/ssl/ircnow.org.fullchain.pem"
pki mail.ircnow.org key "/etc/ssl/private/ircnow.org.key"

# tables setup
table aliases file:/etc/mail/aliases
table domains file:/etc/mail/domains
table passwd passwd:/etc/mail/passwd
table virtuals file:/etc/mail/virtuals
table hosts file:/etc/mail/hosts

# Blocks junk mail
filter check_rdns phase connect match !rdns junk
filter check_fcrdns phase connect match !fcrdns junk
filter check_spammers phase connect match src <spammers> junk

# listeners
listen on lo0 mask-src
listen on lo0 port 10028 tag DKIM mask-src
listen on egress port 25 tls pki mail.ircnow.org mask-src filter { check_rdns check_fcrdns check_spammers } hostname ircnow.org
listen on egress port 587 tls-require pki mail.ircnow.org auth <passwd> mask-src filter { check_rdns check_fcrdns } hostname ircnow.org

action "lmtp" lmtp "/var/dovecot/lmtp" rcpt-to virtual <virtuals>
action "relay" relay
action "relay_dkim" relay host smtp://127.0.0.1:10027

# If mail is for any of our domains, pass it to dovecot
match from any for domain <domains> action "lmtp"

# If mail is tagged with DKIM, relay it out
match tag DKIM for any action "relay"

# If mail comes from known good hosts or has been authenticated, relay it to dkimproxy_out
match from src <hosts> for any action "relay_dkim"
match auth from any for any action "relay_dkim"

A single user vmail will receive mail for all virtual users: 

$ doas useradd -m -g =uid -c "Virtual Mail" -d /var/vmail -s /sbin/nologin vmail

The /etc/passwd file will contain a line similar to this: 

vmail:*:1000:1000:Virtual Mail:/var/vmail:/sbin/nologin

/var/vmail is used to store virtual users' maildir folders. It will be managed by dovecot, which receives mail via LMTP.

At the bottom of /etc/mail/aliases, add these lines: 

vmail:    /dev/null
root:   admin@ircnow.org
jrmu:   jrmu@ircnow.org
username:   username@ircnow.org

Add one line for each user.

Create a new file /etc/mail/virtuals and add these lines: 

admin@ircnow.org        vmail
jrmu@ircnow.org      vmail
username@ircnow.org     vmail

A whitelist of known good senders goes into /etc/mail/hosts: 

localhost
192.168.1.1
2001:db8::

The mail sender's hostname goes in /etc/mail/mailname: 

mail.ircnow.org

The list of domains you send mail for go in /etc/mail/domains: 

ircnow.org
mail.ircnow.org

In /etc/mail/passwd, we have a list of colon-separated user credentials: 

admin@ircnow.org:$2b$10$h5itbhzs73T4jsHAj9YX6Tf63yRatAquGBxoCX67wyekhCH4ZqioD6lKh::::::userdb_quota_rule=*:storage=1G
jrmu@ircnow.org:$2b$10$h5itbhzs73T4jsHAj9YX6Tf63yRatAquGBxoCX67wyekhCH4ZqioD6lKh::::::userdb_quota_rule=*:storage=1G
username@ircnow.org:$2b$10$h5itbhzs73T4jsHAj9YX6Tf63yRatAquGBxoCX67wyekhCH4ZqioD6lKh::::::userdb_quota_rule=*:storage=1G

Take a look at the sample dovecot setup for IMAP and POP3, and the sample dkimproxy setup for mail signing.

Last modified: 2020/07/29 11:32
Except where otherwise noted, content on this wiki is licensed under the following license: IRCNow
Translations of this page: