This document describes the process of configuring the OpenSMTPD service as part of the server mail system. The mail system includes the following services: OpenSMTPD, DKIMproxy and Dovecot. But only OpenSMTPD will be considered here.
Creation of additional service files
First, let's create additional service files for the server, which will contain users, a list of hosts, and so on. And also we will restrict access to them for other users of the system.
doas touch /etc/mail/domains
doas touch /etc/mail/vusers
doas touch /etc/mail/hosts
doas touch /etc/mail/passwd
doas chmod 640 /etc/mail/domains
doas chmod 640 /etc/mail/vusers
doas chmod 640 /etc/mail/hosts
doas chmod 640 /etc/mail/passwd
doas chmod 640 /etc/mail/smtpd.conf
Creating a configuration file
The next step is to replace the contents of the standard configuration file as here:
pki example.com cert "/etc/ssl/example/example.pem"
pki example.com key "/etc/ssl/example/private/example.key"
smtp max-message-size 5M
table aliases file:/etc/mail/aliases
table domains file:/etc/mail/domains
table hosts file:/etc/mail/hosts
table vusers file:/etc/mail/vusers
table passwd file:/etc/mail/passwd
filter check_rdns phase connect match !rdns junk
filter check_fcrdns phase connect match !fcrdns junk
listen on lo0 mask-src
listen on lo0 port 10028 tag DKIM mask-src
listen on egress port 25 tls pki example.com mask-src filter { check_rdns check_fcrdns }
listen on egress port 587 tls-require pki grape.ircnow.org auth <passwd> mask-src filter { check_rdns check_fcrdns }
action "local_mail" mbox alias <aliases>
action "relay_dkim" relay host smtp://127.0.0.1:10027
action "relay" relay
action "lmtp" lmtp "/var/dovecot/lmtp" rcpt-to virtual <vusers>
match from local for rcpt-to regex "^root@|^abuse@|^security@" action "local_mail"
match from local for domain <domains> action "lmtp"
match tag DKIM for any action "relay"
match from local for any action "relay_dkim"
match from src <hosts> for any action "relay_dkim"
match from auth for any action "relay_dkim"
match from any for domain <domains> action "lmtp"
Additional files
In the first step, we created additional files, now we need to fill them with data.
The domains file is used to receive mail. Therefore, it must contain a list of domains from which the server is an endpoint. In our case, this is so:
example.com
The hosts file is used for relay operation. It contains a list of remote hosts for which you are allowed to relay mail without authorization. In our case, this is so:
10.10.10.10
The vusers file is used to receive mail. It contains a list of mailboxes. This is an example:
admin@example.com mailman
hostmaster@example.com mailman
ircnowguy@example.com mailman
The passwd file contains a list of accounts for authorization. This is a possible option:
ircnowguy@example.com:$2b$09$hD17XLkUb4doE3bjvn4v1uYVF3/tldQBKvDTcCbDta1a6NZNA1zue
Service start
doas rcctl stop smtpd
doas rm -r /var/spool/smtpd
doas rcctl -d start smtpd
doas rcctl -d start smtpd
doing _rc_parse_conf
doing _rc_quirks
smtpd_flags empty, using default ><
doing rc_check
smtpd
doing rc_start
doing _rc_wait start
doing rc_check
doing _rc_write_runfile
(ok)