Here is how I set up my independent mail server. It is based on the old (now deleted) [[https://cvsweb.openbsd.org/cgi-bin/cvsweb/~checkout~/www/opensmtpd/faq/Attic/example1.html?rev=1.14|OpenSMTPd FAQ]].

Make sure to install opensmtpd-extras:

<code>
$ doas pkg_add opensmtpd-extras
</code>

In my /etc/mail/smtpd.conf:

<code>
# PKI for TLS
pki mail.ircnow.org cert "/etc/ssl/ircnow.org.fullchain.pem"
pki mail.ircnow.org key "/etc/ssl/private/ircnow.org.key"

# tables setup
table aliases file:/etc/mail/aliases
table domains file:/etc/mail/domains
table passwd passwd:/etc/mail/passwd
table virtuals file:/etc/mail/virtuals
table hosts file:/etc/mail/hosts

# Blocks junk mail
filter check_rdns phase connect match !rdns junk
filter check_fcrdns phase connect match !fcrdns junk
filter check_spammers phase connect match src <spammers> junk

# listeners
listen on lo0 mask-src
listen on lo0 port 10028 tag DKIM mask-src
listen on egress port 25 tls pki mail.ircnow.org mask-src filter { check_rdns check_fcrdns check_spammers } hostname ircnow.org
listen on egress port 587 tls-require pki mail.ircnow.org auth <passwd> mask-src filter { check_rdns check_fcrdns } hostname ircnow.org

action "lmtp" lmtp "/var/dovecot/lmtp" rcpt-to virtual <virtuals>
action "relay" relay
action "relay_dkim" relay host smtp://127.0.0.1:10027

# If mail is for any of our domains, pass it to dovecot
match from any for domain <domains> action "lmtp"

# If mail is tagged with DKIM, relay it out
match tag DKIM for any action "relay"

# If mail comes from known good hosts or has been authenticated, relay it to dkimproxy_out
match from src <hosts> for any action "relay_dkim"
match auth from any for any action "relay_dkim"
</code>

A single user vmail will receive mail for all virtual users:

<code>
$ doas useradd -m -g =uid -c "Virtual Mail" -d /var/vmail -s /sbin/nologin vmail
</code>

The /etc/passwd file will contain a line similar to this:

<code>
vmail:*:1000:1000:Virtual Mail:/var/vmail:/sbin/nologin
</code>

/var/vmail is used to store virtual users' maildir folders. It will be managed by dovecot, which receives mail via LMTP.

At the bottom of /etc/mail/aliases, add these lines:

<code>
vmail:    /dev/null
root:   admin@ircnow.org
jrmu:   jrmu@ircnow.org
username:   username@ircnow.org
</code>

Add one line for each user.

Create a new file /etc/mail/virtuals and add these lines:

<code>
admin@ircnow.org        vmail
jrmu@ircnow.org      vmail
username@ircnow.org     vmail
</code>

A whitelist of known good senders goes into /etc/mail/hosts:

<code>
localhost
192.168.1.1
2001:db8::
</code>

The mail sender's hostname goes in /etc/mail/mailname:

<code>
mail.ircnow.org
</code>

The list of domains you send mail for go in /etc/mail/domains:

<code>
ircnow.org
mail.ircnow.org
</code>

In /etc/mail/passwd, we have a list of colon-separated user credentials:

<code>
admin@ircnow.org:$2b$10$h5itbhzs73T4jsHAj9YX6Tf63yRatAquGBxoCX67wyekhCH4ZqioD6lKh::::::userdb_quota_rule=*:storage=1G
jrmu@ircnow.org:$2b$10$h5itbhzs73T4jsHAj9YX6Tf63yRatAquGBxoCX67wyekhCH4ZqioD6lKh::::::userdb_quota_rule=*:storage=1G
username@ircnow.org:$2b$10$h5itbhzs73T4jsHAj9YX6Tf63yRatAquGBxoCX67wyekhCH4ZqioD6lKh::::::userdb_quota_rule=*:storage=1G
</code>

Take a look at the sample [[openbsd:mail:dovecot|dovecot]] setup for IMAP and POP3, and the sample [[openbsd:mail:dkimproxy|dkimproxy]] setup for mail signing.