This document describes the process of configuring the OpenSMTPD service as part of the server mail system. The mail system includes the following services: OpenSMTPD, DKIMproxy and Dovecot. But only OpenSMTPD will be considered here.
First, let's create additional service files for the server, which will contain users, a list of hosts, and so on. And also we will restrict access to them for other users of the system.
doas touch /etc/mail/domains doas touch /etc/mail/vusers doas touch /etc/mail/hosts doas touch /etc/mail/passwd
doas chmod 640 /etc/mail/domains doas chmod 640 /etc/mail/vusers doas chmod 640 /etc/mail/hosts doas chmod 640 /etc/mail/passwd doas chmod 640 /etc/mail/smtpd.conf
The next step is to replace the contents of the standard configuration file as here:
pki example.com cert "/etc/ssl/example/example.pem"
pki example.com key "/etc/ssl/example/private/example.key"
smtp max-message-size 5M
table aliases file:/etc/mail/aliases
table domains file:/etc/mail/domains
table hosts file:/etc/mail/hosts
table vusers file:/etc/mail/vusers
table passwd file:/etc/mail/passwd
filter check_rdns phase connect match !rdns junk
filter check_fcrdns phase connect match !fcrdns junk
listen on lo0 mask-src
listen on lo0 port 10028 tag DKIM mask-src
listen on egress port 25 tls pki example.com mask-src filter { check_rdns check_fcrdns }
listen on egress port 587 tls-require pki grape.ircnow.org auth <passwd> mask-src filter { check_rdns check_fcrdns }
action "local_mail" mbox alias <aliases>
action "relay_dkim" relay host smtp://127.0.0.1:10027
action "relay" relay
action "lmtp" lmtp "/var/dovecot/lmtp" rcpt-to virtual <vusers>
match from local for rcpt-to regex "^root@|^abuse@|^security@" action "local_mail"
match from local for domain <domains> action "lmtp"
match tag DKIM for any action "relay"
match from local for any action "relay_dkim"
match from src <hosts> for any action "relay_dkim"
match from auth for any action "relay_dkim"
match from any for domain <domains> action "lmtp"
In the first step, we created additional files, now we need to fill them with data.
The domains file is used to receive mail. Therefore, it must contain a list of domains from which the server is an endpoint. In our case, this is so:
example.com
The hosts file is used for relay operation. It contains a list of remote hosts for which you are allowed to relay mail without authorization. In our case, this is so:
10.10.10.10
The vusers file is used to receive mail. It contains a list of mailboxes. This is an example:
admin@example.com mailman hostmaster@example.com mailman ircnowguy@example.com mailman
The passwd file contains a list of accounts for authorization. This is a possible option:
ircnowguy@example.com:$2b$09$hD17XLkUb4doE3bjvn4v1uYVF3/tldQBKvDTcCbDta1a6NZNA1zue
doas rcctl stop smtpd doas rm -r /var/spool/smtpd doas rcctl -d start smtpd
doas rcctl -d start smtpd doing _rc_parse_conf doing _rc_quirks smtpd_flags empty, using default >< doing rc_check smtpd doing rc_start doing _rc_wait start doing rc_check doing _rc_write_runfile (ok)