In the last couple of weeks it's trendy to blog about OpenSMTPD:
We need a MDA for which I've chosen Dovecot. As it's not installed by default on OpenBSD (whereas OpenSMTPD is) let's install it:
# pkg_add dovecot
Dovecot has the problem that it needs more open file descriptors than a normal daemon on OpenBSD is allowed to. When you don't change the limits its startup will fail. Therefore configure an explicit login class 'dovecot' in /etc/login.conf:
dovecot:\ :ignorenologin:\ :openfiles-cur=1024:\ :openfiles-max=2048:\ :tc=default:
To make sure that the database is in sync with the plain file, run cap_mkdb /etc/login.conf after you've changed the file. (Thanks to the original article I figured out how to start Dovecot).
/etc/dovecot/dovecot.conf Allow imap and lmtp for local mail transports (put mails into user's maildir):
protocols = imap lmtp listen = *
/etc/dovecot/conf.d/10-auth.conf Disable plaintext authentication, but OK via SSL:
disable_plaintext_auth = yes auth_mechanism = plain
/etc/dovecot/conf.d/10-mail.conf We want maildir to store our mails instead of that nasty, old mbox format:
mail_location = maildir:/home/%u/Maildir
For more possibilities have a look at the config file - it's well commented.
/etc/dovecot/conf.d/10-ssl.conf Configure the SSL certs. If you have created your own certs change the location here:
ssl = yes ssl_cert = </etc/ssl/certs/dovecot.pem ssl_key = </etc/ssl/private/dovecot.pem ssl_protocols = !SSLv3 !SSLv2 ssl_cipher_list = EDH+CAMELLIA:EDH+aRSA:EECDH+aRSA+AESGCM:EECDH+aRSA+SHA384:EECDH+aRSA+SHA256:EECDH:+CAMELLIA256:+AES256:+CAMELLIA128:+AES128:+SSLv3:!aNULL:!eNULL:!LOW:!3DES:!MD5:!EXP:!PSK:!DSS:!RC4:!SEED:!ECDSA:CAMELLIA256-SHA:AES256-SHA:CAMELLIA128-SHA:AES128-SHA ssl_prefer_server_ciphers = yes
I've changed the SSL cipher settings according to the tips from the BetterCrypto project.
To get OpenSMTPD and Dovecot starting automatically at boot add the following lines to your /etc/rc.conf.local:
As Dovecot isn't part of base, you have to add it via pkg_scripts (see 'man 8 rc.conf' for details).
/etc/mail/smtpd.conf looks like this:
pki mail.pascalschmid.de certificate '/etc/ssl/dovecot/mail.pascalschmid.de.crt' pki mail.pascalschmid.de key '/etc/ssl/dovecot/mail.pascalschmid.de.key' table aliases file:/etc/mail/aliases table domains file:/etc/mail/domains table vusers file:/etc/mail/virtusertable table secrets passwd:/etc/mail/secrets listen on lo0 listen on re0 port 25 tls pki mail.pascalschmid.de listen on re0 port 587 tls-require pki mail.pascalschmid.de auth <secrets> hostname mail.pascalschmid.de accept from any for domain <domains> virtual <vusers> deliver to maildir accept for local alias <aliases> deliver to maildir accept from local for any relay
What does it do? First we name the SSL key and cert file, then we tell OpenSMTPD which files include the users, domains and passwords it should accept. The third block configures the network interfaces and ports the daemon should listen on. We'll change the last block, so I don't explain it... For more information on the possible values for your smtpd.conf see the official man page or the mentioned articles above.
To see which accept rule will be applied see OpenSMTPD's Github wiki.
To start the services run:
# /etc/rc.d/smtpd start # /etc/rc.d/dovecot start
When you want to filter your mails into (sub-)folders before they hit your mailclient, install Sieve:
You get some more config files in /etc/dovecot/conf.d. To enable Sieve update your dovecot.conf:
protocols: imap lmtp sieve
mail_plugins = $mail_plugins sieve
To this point your Sieve config is correct, but still isn't working. That is because OpenSMTPD handles the mail files - not Dovecot. You have to set Dovecot as your local MTA - see: Your MTA is not using Dovecot LDA or LMTP.
To do this:
accept from local for local alias <aliases> deliver to lmtp "/var/dovecot/lmtp" accept from local for local deliver to lmtp "/var/dovecot/lmtp" accept from any for domain <domains> virtual <vusers> deliver to lmtp "/var/run/dovecot/lmtp"
We've changed the line from "to maildir" to "to lmtp /var/dovecot/lmtp", so Dovecot takes care of our fresh mails.
I noticed these error lines in my log:
Jan 6 19:13:44 server dovecot: lmtp(21421, guybrush): Error: User guybrush doesn't have home dir set, disabling duplicate database Jan 6 19:13:44 server dovecot: lmtp(21421, guybrush): Error: b7v0BdglrFStUwAAFfhiyA: sieve: sieve script file path ~/.dovecot.sieve is relative to home directory, but home directory is not available.
Set the correct value in /etc/dovecot/conf.d/10-mail.conf:
mail_home = /var/vmail/%d/%n