Simple mail server with Openbsd and opensmtpd

OpenSMTPD is a mail daemon currently developed by Gilles Chehade (gilles@), Pierre-Yves Ritschard (pyr@), Jacek Masiulaniec (jacekm@) and many others for the OpenBSD operating system.  OpenSMTPD  is still in development and it’s not ready for production use. It’s work fine on my private mail server, for over a 10 months.

Parts of this how to are taken from

This tutorial assumes that you already have working Openbsd 4.9 server. If you don’t follow guides in

Download sources from closest openbsd mirrors.

#cd /usr/src/




#tar zxvf src.tar.gz

#tar zxvf sys.tar.gz



We’ll need latest development release of Opensmtpd.



#cd /usr/src

#/usr/bin/cvs up usr.sbin/smtpd


Build opensmtpd

#cd /usr/src/usr.sbin/smtpd
#make clean
#make && make install

Edit /etc/mailer.conf

#cp /etc/mailer.conf /etc/mailer.conf.backup
#vi /etc/mailer.conf

Delete everything in file
Now paste following lines

sendmail        /usr/sbin/smtpctl
send-mail       /usr/sbin/smtpctl
mailq           /usr/sbin/smtpctl
makemap         /usr/libexec/smtpd/makemap
newaliases      /usr/libexec/smtpd/makemap

Clear the mail queue
#rm -rf /var/spool/smtpd/*

Now lets edit smptd.conf
This example will setup mail server for one domain. It’s very simple, you will have to change and add few lines.

#cd /etc/mail
#vi smtpd.conf

# $OpenBSD: smtpd.conf,v 1.2 2009/11/03 22:32:10 gilles Exp $

# This is the smtpd server system-wide configuration file.

# See smtpd.conf(5) for more information.

#Lines beginning with an “#” are comments!

#Local users can send mail

listen on lo0

#Every other user will have to authenticate before sending mails.

#Replace rl0 with your interface

listen on  rl0 tls certificate “” enable auth

#Replace with your domain

hostname ” ”

#Use plain text files, not sendmail db files. If you want to build sendmail db files, will have to make #few sym link. Check

map “aliases” { source plain “/etc/mail/aliases” }

#Accept for local users

accept for local alias aliases deliver to maildir

#Accept mails for our domain and deliver to users home dirs in maildir format. You will need to make #in users home, directory called Maildir.

accept from all for domain  deliver to maildir

#Relay mails for authenticated users.

accept for all relay

How lets generate certificates to encrypt users connection.  This is necessary step, because opensmtpd do not accept unencrypted connections.


# openssl genrsa -out /etc/mail/certs/ 4096

# openssl req -new -x509 -key /etc/mail/certs/ \

-out /etc/mail/certs/ -days 365

# chmod 600 /etc/mail/certs/*


As root

#crontab –e

Find following line

# sendmail clientmqueue runner

*/30   *       *       *       *       /usr/sbin/sendmail -L sm-msp-queue -Ac –q

And comment it

# sendmail clientmqueue runner

#*/30   *       *       *       *       /usr/sbin/sendmail -L sm-msp-queue -Ac –q


Create rc.conf.local  in /etc if you don’t  have one

#touch /etc/rc.conf.local

#vi /etc/rc.conf.local

Put following lines to start OpenSMTPD on boot.




Stop sendmail   process

#pkill sendmail

Check opensmtpd config files.

#smtpd  –n

Shoud see:
configuration OK


Opensmtpd is now ready to replace old sendmail. Check man pages for other options in smtpd.conf file.


Start smtpd. Just type:



Now add your mail users. For now opensmtpd support only local password db as backend. You can use adduser command. For example add user called mailtest without shell.



Enter username []: mailtest

Enter full name []: Test User

Enter shell csh ksh nologin sh [ksh]: nologin

Uid [1002]:

Login group mailtest [mailtest]:

Login group is “mailtest”. Invite mailtest into other groups: guest no


Login class authpf daemon default dovecot mysql staff


Enter password []:

Enter password again []:


Name:        mailtest

Password:    ****

Fullname:    mailtest

Uid:         ****

Gid:        **** (mailtest)

Groups:      mailtest

Login Class: default

HOME:        /home/mailtest

Shell:       /sbin/nologin

OK? (y/n) [y]: y


#cd /home/mailtest

#mkdir Maildir

#chmod 700 Maildir

#chown mailtest.mailtest Maildir

Now if opensmtpd receive mail for user mailtest (, will  store it in /home/mailtest/Maildir in maildir format.



Lets put spamd in front of a real mail server to keep spamers out.

Check man pages for spamd and a great tutorial at

Put following lines in /etc/rc.conf.local

spamd_flags="-4 –G5:4:864 -h -l127.0.0.1 -n \"Sendmail 8.11.4/8.11.1\" -S10 -s1 -v -w1"

spamlogd_flags=”-I -i lo0″

-G : adjust the three time parameters for grey listing to pass time of 5 minutes, grey expire to 4 hours, and white expire time to 864 hours, approximately 36 days. (-G passtime:greyexp:whiteexp)

Edit your /etc/pf.conf

Put following lines:

table <spamd-white> persist

#Mail server

pass in log quick on $ext_if inet proto tcp from <spamd-white> to any port 25 synproxy state

pass in log  quick on $ext_if inet proto tcp from any to any port 25 rdr-to lo0 port spamd



To be written:

How to setup dovecot for imap access.

Comment are closed.