This shows you the differences between two versions of the page.
Next revision | Previous revision | ||
openbsd:mail:opensmtpd2 [2020/04/27 01:22] jrmu created |
openbsd:mail:opensmtpd2 [2020/08/12 13:53] (current) baytuch [Creating a configuration file] |
||
---|---|---|---|
Line 1: | Line 1: | ||
- | First, make sure you have a [[openbsd:acme-client|signed SSL certificate]]. | + | This document describes the process of configuring the OpenSMTPD service as part of the server mail system. The mail system includes the following services: OpenSMTPD, DKIMproxy and Dovecot. But only OpenSMTPD will be considered here. |
+ | ====== Creation of additional service files ====== | ||
+ | First, let's create additional service files for the server, which will contain users, a list of hosts, and so on. And also we will restrict access to them for other users of the system. | ||
+ | |||
+ | <code> | ||
+ | doas touch /etc/mail/domains | ||
+ | doas touch /etc/mail/vusers | ||
+ | doas touch /etc/mail/hosts | ||
+ | doas touch /etc/mail/passwd | ||
+ | </code> | ||
+ | |||
+ | <code> | ||
+ | doas chmod 640 /etc/mail/domains | ||
+ | doas chmod 640 /etc/mail/vusers | ||
+ | doas chmod 640 /etc/mail/hosts | ||
+ | doas chmod 640 /etc/mail/passwd | ||
+ | doas chmod 640 /etc/mail/smtpd.conf | ||
+ | </code> | ||
+ | |||
+ | ====== Creating a configuration file ====== | ||
+ | |||
+ | The next step is to replace the contents of the standard configuration file as here: | ||
+ | |||
+ | <code> | ||
+ | pki example.com cert "/etc/ssl/example/example.pem" | ||
+ | pki example.com key "/etc/ssl/example/private/example.key" | ||
+ | |||
+ | smtp max-message-size 5M | ||
+ | |||
+ | table aliases file:/etc/mail/aliases | ||
+ | table domains file:/etc/mail/domains | ||
+ | table hosts file:/etc/mail/hosts | ||
+ | table vusers file:/etc/mail/vusers | ||
+ | table passwd file:/etc/mail/passwd | ||
+ | |||
+ | filter check_rdns phase connect match !rdns junk | ||
+ | filter check_fcrdns phase connect match !fcrdns junk | ||
+ | |||
+ | listen on lo0 mask-src | ||
+ | listen on lo0 port 10028 tag DKIM mask-src | ||
+ | listen on egress port 25 tls pki example.com mask-src filter { check_rdns check_fcrdns } | ||
+ | listen on egress port 587 tls-require pki grape.ircnow.org auth <passwd> mask-src filter { check_rdns check_fcrdns } | ||
+ | |||
+ | action "local_mail" mbox alias <aliases> | ||
+ | action "relay_dkim" relay host smtp://127.0.0.1:10027 | ||
+ | action "relay" relay | ||
+ | action "lmtp" lmtp "/var/dovecot/lmtp" rcpt-to virtual <vusers> | ||
+ | |||
+ | match from local for rcpt-to regex "^root@|^abuse@|^security@" action "local_mail" | ||
+ | match from local for domain <domains> action "lmtp" | ||
+ | match tag DKIM for any action "relay" | ||
+ | match from local for any action "relay_dkim" | ||
+ | match from src <hosts> for any action "relay_dkim" | ||
+ | match from auth for any action "relay_dkim" | ||
+ | match from any for domain <domains> action "lmtp" | ||
+ | </code> | ||
+ | |||
+ | ====== Additional files ====== | ||
+ | |||
+ | In the first step, we created additional files, now we need to fill them with data. | ||
+ | |||
+ | The domains file is used to receive mail. Therefore, it must contain a list of domains from which the server is an endpoint. In our case, this is so: | ||
+ | <code> | ||
+ | example.com | ||
+ | </code> | ||
+ | |||
+ | The hosts file is used for relay operation. It contains a list of remote hosts for which you are allowed to relay mail without authorization. In our case, this is so: | ||
+ | <code> | ||
+ | 10.10.10.10 | ||
+ | </code> | ||
+ | |||
+ | The vusers file is used to receive mail. It contains a list of mailboxes. This is an example: | ||
+ | <code> | ||
+ | admin@example.com mailman | ||
+ | hostmaster@example.com mailman | ||
+ | ircnowguy@example.com mailman | ||
+ | </code> | ||
+ | |||
+ | The passwd file contains a list of accounts for authorization. This is a possible option: | ||
+ | <code> | ||
+ | ircnowguy@example.com:$2b$09$hD17XLkUb4doE3bjvn4v1uYVF3/tldQBKvDTcCbDta1a6NZNA1zue | ||
+ | </code> | ||
+ | |||
+ | ====== Service start ====== | ||
+ | |||
+ | <code> | ||
+ | doas rcctl stop smtpd | ||
+ | doas rm -r /var/spool/smtpd | ||
+ | doas rcctl -d start smtpd | ||
+ | </code> | ||
+ | |||
+ | <code> | ||
+ | doas rcctl -d start smtpd | ||
+ | doing _rc_parse_conf | ||
+ | doing _rc_quirks | ||
+ | smtpd_flags empty, using default >< | ||
+ | doing rc_check | ||
+ | smtpd | ||
+ | doing rc_start | ||
+ | doing _rc_wait start | ||
+ | doing rc_check | ||
+ | doing _rc_write_runfile | ||
+ | (ok) | ||
+ | </code> |