version=pmwiki-2.2.130 ordered=1 urlencoded=1 agent=Mozilla/5.0 (X11; OpenBSD amd64; rv:76.0) Gecko/20100101 Firefox/76.0 author=jrmu charset=UTF-8 csum= ctime=1597744791 host=38.81.163.143 name=Openbsd.Opensmtpd-2 rev=1 targets= text=This document describes the process of configuring the OpenSMTPD service as part of the server mail system. The mail system includes the following services: OpenSMTPD, DKIMproxy and Dovecot. But only OpenSMTPD will be considered here.%0a%0a!! Creation of additional service files%0a%0aFirst, let's create additional service files for the server, which will contain users, a list of hosts, and so on. And also we will restrict access to them for other users of the system.%0a%0a[@%0adoas touch /etc/mail/domains%0adoas touch /etc/mail/vusers%0adoas touch /etc/mail/hosts%0adoas touch /etc/mail/passwd%0a@]%0a%0a[@%0adoas chmod 640 /etc/mail/domains%0adoas chmod 640 /etc/mail/vusers%0adoas chmod 640 /etc/mail/hosts%0adoas chmod 640 /etc/mail/passwd%0adoas chmod 640 /etc/mail/smtpd.conf%0a@]%0a%0a!! Creating a configuration file%0a%0aThe next step is to replace the contents of the standard configuration file as here:%0a%0a[@%0apki example.com cert "/etc/ssl/example/example.pem"%0apki example.com key "/etc/ssl/example/private/example.key"%0a%0asmtp max-message-size 5M%0a%0atable aliases file:/etc/mail/aliases%0atable domains file:/etc/mail/domains%0atable hosts file:/etc/mail/hosts%0atable vusers file:/etc/mail/vusers%0atable passwd file:/etc/mail/passwd%0a%0afilter check_rdns phase connect match !rdns junk%0afilter check_fcrdns phase connect match !fcrdns junk%0a%0alisten on lo0 mask-src%0alisten on lo0 port 10028 tag DKIM mask-src%0alisten on egress port 25 tls pki example.com mask-src filter { check_rdns check_fcrdns }%0alisten on egress port 587 tls-require pki grape.ircnow.org auth %3cpasswd> mask-src filter { check_rdns check_fcrdns }%0a%0aaction "local_mail" mbox alias %3caliases>%0aaction "relay_dkim" relay host smtp://127.0.0.1:10027%0aaction "relay" relay%0aaction "lmtp" lmtp "/var/dovecot/lmtp" rcpt-to virtual %3cvusers>%0a%0amatch from local for rcpt-to regex "^root@|^abuse@|^security@" action "local_mail"%0amatch from local for domain %3cdomains> action "lmtp"%0amatch tag DKIM for any action "relay"%0amatch from local for any action "relay_dkim"%0amatch from src %3chosts> for any action "relay_dkim"%0amatch from auth for any action "relay_dkim"%0amatch from any for domain %3cdomains> action "lmtp"%0a@]%0a%0a!! Additional files%0a%0aIn the first step, we created additional files, now we need to fill them with data.%0a%0aThe domains file is used to receive mail. Therefore, it must contain a list of domains from which the server is an endpoint. In our case, this is so:%0a[@%0aexample.com%0a@]%0a%0aThe hosts file is used for relay operation. It contains a list of remote hosts for which you are allowed to relay mail without authorization. In our case, this is so:%0a[@%0a10.10.10.10%0a@]%0a%0aThe vusers file is used to receive mail. It contains a list of mailboxes. This is an example:%0a[@%0aadmin@example.com mailman%0ahostmaster@example.com mailman%0aircnowguy@example.com mailman%0a@]%0a%0aThe passwd file contains a list of accounts for authorization. This is a possible option:%0a[@%0aircnowguy@example.com:$2b$09$hD17XLkUb4doE3bjvn4v1uYVF3/tldQBKvDTcCbDta1a6NZNA1zue%0a@]%0a%0a!! Service start%0a%0a[@%0adoas rcctl stop smtpd%0adoas rm -r /var/spool/smtpd%0adoas rcctl -d start smtpd%0a@]%0a%0a[@%0adoas rcctl -d start smtpd%0adoing _rc_parse_conf%0adoing _rc_quirks%0asmtpd_flags empty, using default >%3c%0adoing rc_check%0asmtpd%0adoing rc_start%0adoing _rc_wait start%0adoing rc_check%0adoing _rc_write_runfile%0a(ok)%0a@] time=1597744791 author:1597744791=jrmu diff:1597744791:1597744791:=1,106d0%0a%3c This document describes the process of configuring the OpenSMTPD service as part of the server mail system. The mail system includes the following services: OpenSMTPD, DKIMproxy and Dovecot. But only OpenSMTPD will be considered here.%0a%3c %0a%3c !! Creation of additional service files%0a%3c %0a%3c First, let's create additional service files for the server, which will contain users, a list of hosts, and so on. And also we will restrict access to them for other users of the system.%0a%3c %0a%3c [@%0a%3c doas touch /etc/mail/domains%0a%3c doas touch /etc/mail/vusers%0a%3c doas touch /etc/mail/hosts%0a%3c doas touch /etc/mail/passwd%0a%3c @]%0a%3c %0a%3c [@%0a%3c doas chmod 640 /etc/mail/domains%0a%3c doas chmod 640 /etc/mail/vusers%0a%3c doas chmod 640 /etc/mail/hosts%0a%3c doas chmod 640 /etc/mail/passwd%0a%3c doas chmod 640 /etc/mail/smtpd.conf%0a%3c @]%0a%3c %0a%3c !! Creating a configuration file%0a%3c %0a%3c The next step is to replace the contents of the standard configuration file as here:%0a%3c %0a%3c [@%0a%3c pki example.com cert "/etc/ssl/example/example.pem"%0a%3c pki example.com key "/etc/ssl/example/private/example.key"%0a%3c %0a%3c smtp max-message-size 5M%0a%3c %0a%3c table aliases file:/etc/mail/aliases%0a%3c table domains file:/etc/mail/domains%0a%3c table hosts file:/etc/mail/hosts%0a%3c table vusers file:/etc/mail/vusers%0a%3c table passwd file:/etc/mail/passwd%0a%3c %0a%3c filter check_rdns phase connect match !rdns junk%0a%3c filter check_fcrdns phase connect match !fcrdns junk%0a%3c %0a%3c listen on lo0 mask-src%0a%3c listen on lo0 port 10028 tag DKIM mask-src%0a%3c listen on egress port 25 tls pki example.com mask-src filter { check_rdns check_fcrdns }%0a%3c listen on egress port 587 tls-require pki grape.ircnow.org auth %3cpasswd> mask-src filter { check_rdns check_fcrdns }%0a%3c %0a%3c action "local_mail" mbox alias %3caliases>%0a%3c action "relay_dkim" relay host smtp://127.0.0.1:10027%0a%3c action "relay" relay%0a%3c action "lmtp" lmtp "/var/dovecot/lmtp" rcpt-to virtual %3cvusers>%0a%3c %0a%3c match from local for rcpt-to regex "^root@|^abuse@|^security@" action "local_mail"%0a%3c match from local for domain %3cdomains> action "lmtp"%0a%3c match tag DKIM for any action "relay"%0a%3c match from local for any action "relay_dkim"%0a%3c match from src %3chosts> for any action "relay_dkim"%0a%3c match from auth for any action "relay_dkim"%0a%3c match from any for domain %3cdomains> action "lmtp"%0a%3c @]%0a%3c %0a%3c !! Additional files%0a%3c %0a%3c In the first step, we created additional files, now we need to fill them with data.%0a%3c %0a%3c The domains file is used to receive mail. Therefore, it must contain a list of domains from which the server is an endpoint. In our case, this is so:%0a%3c [@%0a%3c example.com%0a%3c @]%0a%3c %0a%3c The hosts file is used for relay operation. It contains a list of remote hosts for which you are allowed to relay mail without authorization. In our case, this is so:%0a%3c [@%0a%3c 10.10.10.10%0a%3c @]%0a%3c %0a%3c The vusers file is used to receive mail. It contains a list of mailboxes. This is an example:%0a%3c [@%0a%3c admin@example.com mailman%0a%3c hostmaster@example.com mailman%0a%3c ircnowguy@example.com mailman%0a%3c @]%0a%3c %0a%3c The passwd file contains a list of accounts for authorization. This is a possible option:%0a%3c [@%0a%3c ircnowguy@example.com:$2b$09$hD17XLkUb4doE3bjvn4v1uYVF3/tldQBKvDTcCbDta1a6NZNA1zue%0a%3c @]%0a%3c %0a%3c !! Service start%0a%3c %0a%3c [@%0a%3c doas rcctl stop smtpd%0a%3c doas rm -r /var/spool/smtpd%0a%3c doas rcctl -d start smtpd%0a%3c @]%0a%3c %0a%3c [@%0a%3c doas rcctl -d start smtpd%0a%3c doing _rc_parse_conf%0a%3c doing _rc_quirks%0a%3c smtpd_flags empty, using default >%3c%0a%3c doing rc_check%0a%3c smtpd%0a%3c doing rc_start%0a%3c doing _rc_wait start%0a%3c doing rc_check%0a%3c doing _rc_write_runfile%0a%3c (ok)%0a%3c @]%0a\ No newline at end of file%0a host:1597744791=38.81.163.143