Here is how I set up my independent mail server. It is based on the old (now deleted) OpenSMTPd FAQ.

Make sure to install opensmtpd-extras:

$ doas pkg_add opensmtpd-extras

In my /etc/mail/smtpd.conf:

# PKI for TLS
pki cert "/etc/ssl/"
pki key "/etc/ssl/private/"

# tables setup
table aliases file:/etc/mail/aliases
table domains file:/etc/mail/domains
table passwd passwd:/etc/mail/passwd
table virtuals file:/etc/mail/virtuals
table hosts file:/etc/mail/hosts

# Blocks junk mail
filter check_rdns phase connect match !rdns junk
filter check_fcrdns phase connect match !fcrdns junk
filter check_spammers phase connect match src <spammers> junk

# listeners
listen on lo0 mask-src
listen on lo0 port 10028 tag DKIM mask-src
listen on egress port 25 tls pki mask-src filter { check_rdns check_fcrdns check_spammers } hostname
listen on egress port 587 tls-require pki auth <passwd> mask-src filter { check_rdns check_fcrdns } hostname

action "lmtp" lmtp "/var/dovecot/lmtp" rcpt-to virtual <virtuals>
action "relay" relay
action "relay_dkim" relay host smtp://

# If mail is for any of our domains, pass it to dovecot
match from any for domain <domains> action "lmtp"

# If mail is tagged with DKIM, relay it out
match tag DKIM for any action "relay"

# If mail comes from known good hosts or has been authenticated, relay it to dkimproxy_out
match from src <hosts> for any action "relay_dkim"
match auth from any for any action "relay_dkim"

A single user vmail will receive mail for all virtual users:

$ doas useradd -m -g =uid -c "Virtual Mail" -d /var/vmail -s /sbin/nologin vmail

The /etc/passwd file will contain a line similar to this:

vmail:*:1000:1000:Virtual Mail:/var/vmail:/sbin/nologin

/var/vmail is used to store virtual users' maildir folders. It will be managed by dovecot, which receives mail via LMTP.

At the bottom of /etc/mail/aliases, add these lines:

vmail:    /dev/null

Add one line for each user.

Create a new file /etc/mail/virtuals and add these lines:        vmail      vmail     vmail

A whitelist of known good senders goes into /etc/mail/hosts:


The mail sender's hostname goes in /etc/mail/mailname:

The list of domains you send mail for go in /etc/mail/domains:

In /etc/mail/passwd, we have a list of colon-separated user credentials:$2b$10$h5itbhzs73T4jsHAj9YX6Tf63yRatAquGBxoCX67wyekhCH4ZqioD6lKh::::::userdb_quota_rule=*:storage=1G$2b$10$h5itbhzs73T4jsHAj9YX6Tf63yRatAquGBxoCX67wyekhCH4ZqioD6lKh::::::userdb_quota_rule=*:storage=1G$2b$10$h5itbhzs73T4jsHAj9YX6Tf63yRatAquGBxoCX67wyekhCH4ZqioD6lKh::::::userdb_quota_rule=*:storage=1G

Take a look at the sample dovecot setup for IMAP and POP3, and the sample dkimproxy setup for mail signing.