Simple mail server with Openbsd and opensmtpd

OpenSMTPD is a mail daemon currently developed by Gilles Chehade (gilles@), Pierre-Yves Ritschard (pyr@), Jacek Masiulaniec (jacekm@) and many others for the OpenBSD operating system.  OpenSMTPD  is still in development and it’s not ready for production use. It’s work fine on my private mail server, for over a 10 months.

Parts of this how to are taken from calomel.org

This tutorial assumes that you already have working Openbsd 4.9 server. If you don’t follow guides in http://www.openbsd.org/faq/faq4.html

Download sources from closest openbsd mirrors.

#cd /usr/src/

#wget ftp://ftp.openbsd.org/pub/OpenBSD/4.9/src.tar.gz

#wget ftp://ftp.openbsd.org/pub/OpenBSD/4.9/sys.tar.gz

 

#tar zxvf src.tar.gz

#tar zxvf sys.tar.gz

 

 

We’ll need latest development release of Opensmtpd.

 

#export CVSROOT=anoncvs@mirror.osn.de:/cvs

#cd /usr/src

#/usr/bin/cvs up usr.sbin/smtpd

 

Build opensmtpd

#cd /usr/src/usr.sbin/smtpd
#make clean
#make && make install

Edit /etc/mailer.conf

#cp /etc/mailer.conf /etc/mailer.conf.backup
#vi /etc/mailer.conf

Delete everything in file
Now paste following lines

sendmail        /usr/sbin/smtpctl
send-mail       /usr/sbin/smtpctl
mailq           /usr/sbin/smtpctl
makemap         /usr/libexec/smtpd/makemap
newaliases      /usr/libexec/smtpd/makemap

Clear the mail queue
#rm -rf /var/spool/smtpd/*

Now lets edit smptd.conf
This example will setup mail server for one domain. It’s very simple, you will have to change and add few lines.

#cd /etc/mail
#vi smtpd.conf

# $OpenBSD: smtpd.conf,v 1.2 2009/11/03 22:32:10 gilles Exp $

# This is the smtpd server system-wide configuration file.

# See smtpd.conf(5) for more information.

#Lines beginning with an “#” are comments!

#Local users can send mail

listen on lo0

#Every other user will have to authenticate before sending mails.

#Replace rl0 with your interface

listen on  rl0 tls certificate “mail.yourdomain.com.crt” enable auth

#Replace sec-net.net with your domain

hostname ” mail.yourdomain.com ”

#Use plain text files, not sendmail db files. If you want to build sendmail db files, will have to make #few sym link. Check  https://calomel.org/opensmtpd.html

map “aliases” { source plain “/etc/mail/aliases” }

#Accept for local users

accept for local alias aliases deliver to maildir

#Accept mails for our domain and deliver to users home dirs in maildir format. You will need to make #in users home, directory called Maildir.

accept from all for domain sec-net.net  deliver to maildir

#Relay mails for authenticated users.

accept for all relay

How lets generate certificates to encrypt users connection.  This is necessary step, because opensmtpd do not accept unencrypted connections.

 

# openssl genrsa -out /etc/mail/certs/ mail.yourdomain.com.key 4096

# openssl req -new -x509 -key /etc/mail/certs/ mail.yourdomain.com.key \

-out /etc/mail/certs/ mail.yourdomain.com.crt -days 365

# chmod 600 /etc/mail/certs/ mail.yourdomain.com.*

 

As root

#crontab –e

Find following line

# sendmail clientmqueue runner

*/30   *       *       *       *       /usr/sbin/sendmail -L sm-msp-queue -Ac –q

And comment it

# sendmail clientmqueue runner

#*/30   *       *       *       *       /usr/sbin/sendmail -L sm-msp-queue -Ac –q

 

Create rc.conf.local  in /etc if you don’t  have one

#touch /etc/rc.conf.local

#vi /etc/rc.conf.local

Put following lines to start OpenSMTPD on boot.

sendmail_flags=NO

smtpd_flags=”"

 

Stop sendmail   process

#pkill sendmail

Check opensmtpd config files.

#smtpd  –n

Shoud see:
configuration OK

 

Opensmtpd is now ready to replace old sendmail. Check man pages for other options in smtpd.conf file.

 

Start smtpd. Just type:

#smtpd

 

Now add your mail users. For now opensmtpd support only local password db as backend. You can use adduser command. For example add user called mailtest without shell.

 

#adduser

Enter username []: mailtest

Enter full name []: Test User

Enter shell csh ksh nologin sh [ksh]: nologin

Uid [1002]:

Login group mailtest [mailtest]:

Login group is “mailtest”. Invite mailtest into other groups: guest no

[no]:

Login class authpf daemon default dovecot mysql staff

[default]:

Enter password []:

Enter password again []:

 

Name:        mailtest

Password:    ****

Fullname:    mailtest

Uid:         ****

Gid:        **** (mailtest)

Groups:      mailtest

Login Class: default

HOME:        /home/mailtest

Shell:       /sbin/nologin

OK? (y/n) [y]: y

 

#cd /home/mailtest

#mkdir Maildir

#chmod 700 Maildir

#chown mailtest.mailtest Maildir

Now if opensmtpd receive mail for user mailtest (mailtest@yourdomain.com), will  store it in /home/mailtest/Maildir in maildir format.

 

 

Lets put spamd in front of a real mail server to keep spamers out.

Check man pages for spamd and a great tutorial at https://calomel.org/spamd_config.html

Put following lines in /etc/rc.conf.local

spamd_flags="-4 –G5:4:864 -h your_hostname.org -l127.0.0.1 -n \"Sendmail 8.11.4/8.11.1\" -S10 -s1 -v -w1"

spamd_black=NO
spamlogd_flags=”-I -i lo0″

-G : adjust the three time parameters for grey listing to pass time of 5 minutes, grey expire to 4 hours, and white expire time to 864 hours, approximately 36 days. (-G passtime:greyexp:whiteexp)

Edit your /etc/pf.conf

Put following lines:

table <spamd-white> persist

#Mail server

pass in log quick on $ext_if inet proto tcp from <spamd-white> to any port 25 synproxy state

pass in log  quick on $ext_if inet proto tcp from any to any port 25 rdr-to lo0 port spamd

 

 

To be written:

How to setup dovecot for imap access.

Comment are closed.