The goal:
Create a reasonably secure email server on OpenBSD 5.6 using base plus a few packages. The base components will be OpenSMTPD, spamd, pf, and httpd. The primary packages will be ClamAV, ClamSMTP, SpamAssassin, SpamPD, DKIMproxy, Dovecot, Dovecot-Pigeonhole, and Roundcube. This will be a multi-post guide (7 or 8 posts) on the steps taken to accomplish this goal.
The final setup:
Incoming mail:
pf -> spamd -> opensmtpd -> clamsmtpd -> clamd -> clamsmtpd -> opensmtpd -> spampd -> SpamAssassin -> spampd -> opensmtpd -> deliver to dovecot/lmtp
Outoing mail:
opensmtpd -> clamsmtpd -> clamd -> clamsmtpd -> opensmtpd -> dkimproxy -> opensmtpd -> relay out
Other:
SSL IMAP access: Dovecot
SSL webmail access: httpd and Roundcube
Why OpenBSD?
Because I think it's a great operating system created and maintained by a lot of very smart people. Plus, I like how there are so many excellent bits of software included in the base system. If you find anything helpful in this guide, or discover how great OpenBSD is, please consider supporting the project, either by purchasing a CD set or making a financial donation. The OpenBSD team does amazing work that benefits the whole community in a wide variety of ways and they can always use the support.
Why SpamAssassin in addition to spamd?
Spamd works wonderfully well and it has a very light footprint. It trapped the bulk of my spam (more than 95%) so I almost just let it go instead of bothering with SpamAssassin. But I thought it would be interesting to try and integrate the two.
Why not <insert name of favorite operating system/software/tool>?
Never heard of it. ;-)
Why bother with setting up your own email server to begin with? Why not just keep using Gmail?
I used to run my own email server back when I hosted the Linux Reality podcast and decided it would be a fun exercise to try it again. The email server I set up using the steps in this guide might become my primary email server. Or, I might take the server down tomorrow and go back to using AOL and working on my Geocities page. Who knows?
Assumptions:
This guide assumes an understanding of how to install and configure OpenBSD and an understanding of networking and email, both in general and in regards to OpenBSD in particular. Additionally, this guide assumes an understanding of how to install packages with a properly configured $PKG_PATH, how to work from the command line and edit configuration files, how to change DNS records and MX records, and other general nuts and bolts. These kinds of basic topics will not be covered in this guide.
Disclaimer:
I am an ordinary OpenBSD user. I am not a sysadmin, developer, programmer, kung-fu master, or expert in any of these areas. This guide is mainly a writeup for myself so I can replicate these steps in the future. If someone finds it helpful, fine, but it is by no means the only way or even the best way to configure an email server. There are most likely mistakes in this guide, so take it for what it's worth and YMMV. If your email breaks because of this guide, then don't run your own email server. Feedback and corrections are welcome.
Updates:
- Updated the last line of example smtpd.conf from "for any" to "for domain <vdomains>". Thanks to Christoph on the opensmtpd-misc mailing list.
- Removed bit about enabling pf since it's enabled by default. Duh. Also changed notations of port 587 to 'submission' which is the name of that port in /etc/services. Thanks to rjc.
Resources:
- OpenBSD FAQ (required)
- OpenBSD man pages (required)
- OpenSMTPD wiki
- Helpful thread on OpenSMTPD mailing list re: tagging and proxying
- http://www.kernel-panic.it/openbsd/mail/ (the bits about ClamAV and SpamAssassing are helpful)
- https://coderwall.com/p/eejzja/simple-smtp-server-with-opensmtpd
- http://blog.ehouse.io/mail-server-basic-smtp.html
- http://blog.admiral0.it/computing/mail-server-with-opensmtpd-dovecot-and-amavisdspamassassin/
I'm trying to take ride my server for days, now you are being detained, the emails, I was always the guide:
http://www.kernel-panic.it/openbsd/mail/
But now I have decided to move to OpenSMTPD.
I hope with the guidance of your Blog to run my server again
You sure have a thing for overengineering your solutions, but thanks for sharing your setup.
ReplyDelete