An OpenBSD E-Mail Server Using OpenSMTPD, Dovecot, Rspamd, and RainLoop

Started by Administrator, Jan 02, 2023, 07:50 AM

Previous topic - Next topic
Print
Go Down Pages1
User actions

Administrator

Jan 02, 2023, 07:50 AM
Introduction

This tutorial demonstrates a full-featured email server running on OpenBSD using OpenSMTPD, Dovecot, Rspamd, and RainLoop. OpenSMTPD is the default mail server for OpenBSD. Choose a Vultr Compute Cloud instance with plenty of storage for the expected number of users.


Preliminary Steps

Verify the server's outbound port status.

Set up your user account to perform tasks as root.


Code Select
su -

usermod -G wheel <username>

echo "permit nopass keepenv :wheel" > /etc/doas.conf

exit
Set up the package repository for OpenBSD.


Code Select
doas su

echo "https://cdn.openbsd.org/pub/OpenBSD" > /etc/installurl

exit
Add the required packages.


Quotedoas pkg_add opensmtpd-extras opensmtpd-filter-rspamd dovecot dovecot-pigeonhole rspamd redis
Configure OpenSMTPD

By default, OpenSMTPD only listens on localhost. It must be explicitly configured to listen on external interfaces. It should be configured to use virtual users instead of system users for security.


Code Select
Backup the default smtpd.conf file and create a new one from scratch.

cd /etc/mail

mv smtpd.conf smtpd.conf.default
Create a new smtpd.conf as shown below. Replace example.com with your domain. This initial configuration does not activate the rspamd filter while testing OpenSMTP. The spam filter will be activated later.

pki "mail" cert "/etc/ssl/mail.crt"

pki "mail" key "/etc/ssl/private/mail.key"



table aliases file:/etc/mail/aliases

table credentials passwd:/etc/mail/credentials

table virtuals file:/etc/mail/virtuals



filter "rspamd" proc-exec "/usr/local/libexec/smtpd/filter-rspamd"



# To accept external mail, replace with: listen on all



# listen on all tls pki "mail" hostname "mail.example.com"

listen on egress port submission tls-require pki "mail" hostname "mail.example.com" auth <credentials>



action "local_mail" mbox alias <aliases>

action "domain_mail" maildir "/var/vmail/example.com/%{dest.user:lowercase}" virtual <virtuals>

action "outbound" relay



# Uncomment the following to accept external mail for domain "example.org"



# match from any for domain "example.com" action "domain_mail"

match from local for local action "local_mail"



match from local for any action "outbound"

match auth from any for any action "outbound"
Print
Go Up Pages1
User actions