Differences

This shows you the differences between two versions of the page.

--- openbsd:mail:opensmtpd2 [2020/04/27 01:22]
jrmu created
+++ openbsd:mail:opensmtpd2 [2020/08/12 13:53] (current)
baytuch [Creating a configuration file]
@@ Line 1: / Line 1: @@
-First, make sure you have a [[openbsd:acme-client|signed SSL certificate]].
+This document describes the process of configuring the OpenSMTPD service as part of the server mail system. The mail system includes the following services: OpenSMTPD, DKIMproxy and Dovecot. But only OpenSMTPD will be considered here.
+====== Creation of additional service files ======
+First, let's create additional service files for the server, which will contain users, a list of hosts, and so on. And also we will restrict access to them for other users of the system.
+<code>
+doas touch /etc/mail/domains
+doas touch /etc/mail/vusers
+doas touch /etc/mail/hosts
+doas touch /etc/mail/passwd
+</code>
+<code>
+doas chmod 640 /etc/mail/domains
+doas chmod 640 /etc/mail/vusers
+doas chmod 640 /etc/mail/hosts
+doas chmod 640 /etc/mail/passwd
+doas chmod 640 /etc/mail/smtpd.conf
+</code>
+====== Creating a configuration file ======
+The next step is to replace the contents of the standard configuration file as here:
+<code>
+pki example.com cert "/etc/ssl/example/example.pem"
+pki example.com key "/etc/ssl/example/private/example.key"
+smtp max-message-size 5M
+table aliases file:/etc/mail/aliases
+table domains file:/etc/mail/domains
+table hosts file:/etc/mail/hosts
+table vusers file:/etc/mail/vusers
+table passwd file:/etc/mail/passwd
+filter check_rdns phase connect match !rdns junk
+filter check_fcrdns phase connect match !fcrdns junk
+listen on lo0 mask-src
+listen on lo0 port 10028 tag DKIM mask-src
+listen on egress port 25 tls pki example.com mask-src filter { check_rdns check_fcrdns }
+listen on egress port 587 tls-require pki grape.ircnow.org auth <passwd> mask-src filter { check_rdns check_fcrdns }
+action "local_mail" mbox alias <aliases>
+action "relay_dkim" relay host smtp://127.0.0.1:10027
+action "relay" relay
+action "lmtp" lmtp "/var/dovecot/lmtp" rcpt-to virtual <vusers>
+match from local for rcpt-to regex "^root@|^abuse@|^security@" action "local_mail"
+match from local for domain <domains> action "lmtp"
+match tag DKIM for any action "relay"
+match from local for any action "relay_dkim"
+match from src <hosts> for any action "relay_dkim"
+match from auth for any action "relay_dkim"
+match from any for domain <domains> action "lmtp"
+</code>
+====== Additional files ======
+In the first step, we created additional files, now we need to fill them with data.
+The domains file is used to receive mail. Therefore, it must contain a list of domains from which the server is an endpoint. In our case, this is so:
+<code>
+example.com
+</code>
+The hosts file is used for relay operation. It contains a list of remote hosts for which you are allowed to relay mail without authorization. In our case, this is so:
+<code>
+.10.10.10
+</code>
+The vusers file is used to receive mail. It contains a list of mailboxes. This is an example:
+<code>
+admin@example.com		mailman
+hostmaster@example.com		mailman
+ircnowguy@example.com		mailman
+</code>
+The passwd file contains a list of accounts for authorization. This is a possible option:
+<code>
+ircnowguy@example.com:$2b$09$hD17XLkUb4doE3bjvn4v1uYVF3/tldQBKvDTcCbDta1a6NZNA1zue
+</code>
+====== Service start ======
+<code>
+doas rcctl stop smtpd
+doas rm -r /var/spool/smtpd
+doas rcctl -d start smtpd
+</code>
+<code>
+doas rcctl -d start smtpd
+doing _rc_parse_conf
+doing _rc_quirks
+smtpd_flags empty, using default ><
+doing rc_check
+smtpd
+doing rc_start
+doing _rc_wait start
+doing rc_check
+doing _rc_write_runfile
+(ok)
+</code>

IRCNow

Page Tools

Site Tools

User Tools

Differences