Simple SMTP server with OpenSMTPD

The great folks of OpenBSD have come out with yet another fabulous piece of software: OpenSMTPD. It's easier to safely configure than any other open source mail server.

So what are we going to set up today? We're going to set up a simple mail server that accepts mail for a domain to a local machine, as well as allows local users to send mail.

Download and install opensmtpd:

$ wget http://www.opensmtpd.org/archives/opensmtpd-portable-latest.tar.gz
$ tar xzvf opensmtpd-portable-latest.tar.gz
$ cd opensmtpd-*
$ ./configure && make && sudo make install
$ sudo adduser --system --home /var/empty --no-create-home --shell /bin/false _smtpd

OpenSMTPD doesn't come with a systemd unit file, or an init script. I'll leave writing one as an exercise for the reader.

Let's get configuring. Open up /usr/local/etc/smtpd.conf in your favorite text editor (I'm assuming you followed my example and didn't specify a prefix).

listen on eth0
table aliases file:/etc/aliases
accept from any for domain "spamd.worrbase.com" alias <aliases> deliver to mbox
accept for local alias <aliases> deliver to mbox
accept for any relay

Here's the basics of a config file for smtpd. Let's walk through the lines one-by-one.

listen on eth0

This line is pretty self-explanatory - it instructs OpenSMTPD to listen on the eth0 interface.

Aliases

table aliases file:/etc/aliases

This line specifies which file holds the aliases table. If you want to have email addresses that don't map to usernames, this is one way to create them. An aliases file has the following format:

root: ubuntu
postmaster: root
hostmaster: root
webmaster: root

The name before the colon is the name of the alias, and the name (or comma-separated names) after the colon is the user account that it goes to. Some basic mailing lists are set up through mail aliases.

After modifying aliases, you must run newaliases if smtpd is running

accept from any for domain "spamd.worrbase.com" alias <aliases> deliver to mbox

This line tells smtpd to accept mail from any host for the specified domain and to deliver it to the recipient in mbox format. It also specifies the alias table we're using.

accept for local alias <aliases> deliver to mbox

This line enables local delivery. For example cron(8) will send messages to users that never touch the internet. This line is for that. Again, we tell it to use mbox and as well as giving it our aliases table.

mbox vs Maildir

Two of the more popular mail box formats are mbox and Maildir. mbox stores each user's mail concatenated into a single file, usually /var/mail/username.

Maildir separates each mail into a single file, usually under ~username/Maildir. Maildir will contain folders called cur, new and tmp that hold the individual mails. If there are subfolders, they'll be in ~username/Maildir/.folder, also with cur, new and tmp files.

mbox is suitable for small sites. On larger sites, the mail files can get quite large, especially if there are messages with large attachments. Also keep in mind, that if you do backups, that your mbox files will almost always be backed up, as they'll change often.

Maildir is pretty choice for larger sites (not necessarily enterprise), as you don't end up with huge files that may take a significant amount of time to open. However, inode exhaustion is often a problem with Maildir deployments given the large number of files.

OpenSMTPD supports both of these formats.

External delivery

accept for any relay

So now we come to the last line of our config, and it's the one that looks the most dangerous. This line tells us that for mail destined for any destination, we'll relay it. OpenSMTPD figures out the mail server to relay to by doing a DNS lookup of the MX record.

This would be dangerous, but it's not in this case. Why? OpenSMTPD defaults to only accepting mail from the local machine if nothing is specified. They want you to be explicit if you're accepting mail from other locations. So all this rule effectively does is allows users to send mail out to the internet.

Let's talk about why relaying any message would be dangerous real quick.

The dangers of an open relay

An open relay is a mail server that will accept mail for any destination and relay it to any remote destination. Spammers love to use these to route mail without exposing their mail servers to blacklisting or greylisting.

Part of my motivation for writing this protip is that many basic mail server HOWTOs instruct you to build an open mail relay. This one does not.

Running OpenSMTPD

Now that we have our config built, let's run it!

$ sudo smtpd

Now it's running. If you want to send commands to smtpd(8), use smtpctl(8). For example, to view the outgoing queue, (mailq(8) in postfix-lang), you can use

$ sudo smtpctl show queue

Another way to run newaliases(8) is

$ sudo smtpctl update table aliases

You can stop, pause or resume smtpd(8) with

$ sudo smtpctl (stop|pause|resume)

There are loads more commands for doing debugging, getting statistics, etc. Check out man 8 smtpctl for more information.

This is only the tip of the iceberg. This doesn't cover setting up POP3/IMAP or spam filtering. Those might come in another protip.