This document describes the process of configuring the OpenSMTPD service as part of the server mail system. The mail system includes the following services: OpenSMTPD, DKIMproxy and Dovecot. But only OpenSMTPD will be considered here.

====== Creation of additional service files ======

First, let's create additional service files for the server, which will contain users, a list of hosts, and so on. And also we will restrict access to them for other users of the system.

<code>
doas touch /etc/mail/domains
doas touch /etc/mail/vusers
doas touch /etc/mail/hosts
doas touch /etc/mail/passwd
</code>

<code>
doas chmod 640 /etc/mail/domains
doas chmod 640 /etc/mail/vusers
doas chmod 640 /etc/mail/hosts
doas chmod 640 /etc/mail/passwd
doas chmod 640 /etc/mail/smtpd.conf
</code>

====== Creating a configuration file ======

The next step is to replace the contents of the standard configuration file as here:

<code>
pki example.com cert "/etc/ssl/example/example.pem"
pki example.com key "/etc/ssl/example/private/example.key"

smtp max-message-size 5M

table aliases file:/etc/mail/aliases
table domains file:/etc/mail/domains
table hosts file:/etc/mail/hosts
table vusers file:/etc/mail/vusers
table passwd file:/etc/mail/passwd

filter check_rdns phase connect match !rdns junk
filter check_fcrdns phase connect match !fcrdns junk

listen on lo0 mask-src
listen on lo0 port 10028 tag DKIM mask-src
listen on egress port 25 tls pki example.com mask-src filter { check_rdns check_fcrdns }
listen on egress port 587 tls-require pki grape.ircnow.org auth <passwd> mask-src filter { check_rdns check_fcrdns }

action "local_mail" mbox alias <aliases>
action "relay_dkim" relay host smtp://127.0.0.1:10027
action "relay" relay
action "lmtp" lmtp "/var/dovecot/lmtp" rcpt-to virtual <vusers>

match from local for rcpt-to regex "^root@|^abuse@|^security@" action "local_mail"
match from local for domain <domains> action "lmtp"
match tag DKIM for any action "relay"
match from local for any action "relay_dkim"
match from src <hosts> for any action "relay_dkim"
match from auth for any action "relay_dkim"
match from any for domain <domains> action "lmtp"
</code>

====== Additional files ======

In the first step, we created additional files, now we need to fill them with data.

The domains file is used to receive mail. Therefore, it must contain a list of domains from which the server is an endpoint. In our case, this is so:
<code>
example.com
</code>

The hosts file is used for relay operation. It contains a list of remote hosts for which you are allowed to relay mail without authorization. In our case, this is so:
<code>
10.10.10.10
</code>

The vusers file is used to receive mail. It contains a list of mailboxes. This is an example:
<code>
admin@example.com		mailman
hostmaster@example.com		mailman
ircnowguy@example.com		mailman
</code>

The passwd file contains a list of accounts for authorization. This is a possible option:
<code>
ircnowguy@example.com:$2b$09$hD17XLkUb4doE3bjvn4v1uYVF3/tldQBKvDTcCbDta1a6NZNA1zue
</code>

====== Service start ======

<code>
doas rcctl stop smtpd
doas rm -r /var/spool/smtpd
doas rcctl -d start smtpd
</code>

<code>
doas rcctl -d start smtpd
doing _rc_parse_conf
doing _rc_quirks
smtpd_flags empty, using default ><
doing rc_check
smtpd
doing rc_start
doing _rc_wait start
doing rc_check
doing _rc_write_runfile
(ok)
</code>