This shows you the differences between two versions of the page.
Next revision | Previous revision | ||
openbsd:mail:opensmtpd3 [2020/07/28 05:37] jrmu created |
openbsd:mail:opensmtpd3 [2020/07/29 11:32] (current) jrmu |
||
---|---|---|---|
Line 1: | Line 1: | ||
- | Here is how I set up my independent mail server. | + | Here is how I set up my independent mail server. It is based on the old (now deleted) [[https://cvsweb.openbsd.org/cgi-bin/cvsweb/~checkout~/www/opensmtpd/faq/Attic/example1.html?rev=1.14|OpenSMTPd FAQ]]. |
- | In my /etc/smtpd.conf: | + | Make sure to install opensmtpd-extras: |
+ | |||
+ | <code> | ||
+ | $ doas pkg_add opensmtpd-extras | ||
+ | </code> | ||
+ | |||
+ | In my /etc/mail/smtpd.conf: | ||
<code> | <code> | ||
Line 14: | Line 20: | ||
table virtuals file:/etc/mail/virtuals | table virtuals file:/etc/mail/virtuals | ||
table hosts file:/etc/mail/hosts | table hosts file:/etc/mail/hosts | ||
- | table spammers file:/etc/mail/spammers | ||
# Blocks junk mail | # Blocks junk mail | ||
Line 26: | Line 31: | ||
listen on egress port 25 tls pki mail.ircnow.org mask-src filter { check_rdns check_fcrdns check_spammers } hostname ircnow.org | listen on egress port 25 tls pki mail.ircnow.org mask-src filter { check_rdns check_fcrdns check_spammers } hostname ircnow.org | ||
listen on egress port 587 tls-require pki mail.ircnow.org auth <passwd> mask-src filter { check_rdns check_fcrdns } hostname ircnow.org | listen on egress port 587 tls-require pki mail.ircnow.org auth <passwd> mask-src filter { check_rdns check_fcrdns } hostname ircnow.org | ||
+ | |||
+ | action "lmtp" lmtp "/var/dovecot/lmtp" rcpt-to virtual <virtuals> | ||
+ | action "relay" relay | ||
+ | action "relay_dkim" relay host smtp://127.0.0.1:10027 | ||
# If mail is for any of our domains, pass it to dovecot | # If mail is for any of our domains, pass it to dovecot | ||
Line 36: | Line 45: | ||
match from src <hosts> for any action "relay_dkim" | match from src <hosts> for any action "relay_dkim" | ||
match auth from any for any action "relay_dkim" | match auth from any for any action "relay_dkim" | ||
+ | </code> | ||
- | action "lmtp" lmtp "/var/dovecot/lmtp" rcpt-to virtual <virtuals> | + | A single user vmail will receive mail for all virtual users: |
- | action "relay" relay | + | |
- | action "relay_dkim" relay host smtp://127.0.0.1:10027 | + | <code> |
+ | $ doas useradd -m -g =uid -c "Virtual Mail" -d /var/vmail -s /sbin/nologin vmail | ||
+ | </code> | ||
+ | |||
+ | The /etc/passwd file will contain a line similar to this: | ||
+ | |||
+ | <code> | ||
+ | vmail:*:1000:1000:Virtual Mail:/var/vmail:/sbin/nologin | ||
+ | </code> | ||
+ | |||
+ | /var/vmail is used to store virtual users' maildir folders. It will be managed by dovecot, which receives mail via LMTP. | ||
+ | |||
+ | At the bottom of /etc/mail/aliases, add these lines: | ||
+ | |||
+ | <code> | ||
+ | vmail: /dev/null | ||
+ | root: admin@ircnow.org | ||
+ | jrmu: jrmu@ircnow.org | ||
+ | username: username@ircnow.org | ||
+ | </code> | ||
+ | |||
+ | Add one line for each user. | ||
+ | |||
+ | Create a new file /etc/mail/virtuals and add these lines: | ||
+ | |||
+ | <code> | ||
+ | admin@ircnow.org vmail | ||
+ | jrmu@ircnow.org vmail | ||
+ | username@ircnow.org vmail | ||
+ | </code> | ||
+ | |||
+ | A whitelist of known good senders goes into /etc/mail/hosts: | ||
+ | |||
+ | <code> | ||
+ | localhost | ||
+ | 192.168.1.1 | ||
+ | 2001:db8:: | ||
+ | </code> | ||
+ | |||
+ | The mail sender's hostname goes in /etc/mail/mailname: | ||
+ | |||
+ | <code> | ||
+ | mail.ircnow.org | ||
+ | </code> | ||
+ | |||
+ | The list of domains you send mail for go in /etc/mail/domains: | ||
+ | |||
+ | <code> | ||
+ | ircnow.org | ||
+ | mail.ircnow.org | ||
+ | </code> | ||
+ | |||
+ | In /etc/mail/passwd, we have a list of colon-separated user credentials: | ||
+ | |||
+ | <code> | ||
+ | admin@ircnow.org:$2b$10$h5itbhzs73T4jsHAj9YX6Tf63yRatAquGBxoCX67wyekhCH4ZqioD6lKh::::::userdb_quota_rule=*:storage=1G | ||
+ | jrmu@ircnow.org:$2b$10$h5itbhzs73T4jsHAj9YX6Tf63yRatAquGBxoCX67wyekhCH4ZqioD6lKh::::::userdb_quota_rule=*:storage=1G | ||
+ | username@ircnow.org:$2b$10$h5itbhzs73T4jsHAj9YX6Tf63yRatAquGBxoCX67wyekhCH4ZqioD6lKh::::::userdb_quota_rule=*:storage=1G | ||
</code> | </code> | ||
+ | Take a look at the sample [[openbsd:mail:dovecot|dovecot]] setup for IMAP and POP3, and the sample [[openbsd:mail:dkimproxy|dkimproxy]] setup for mail signing. |