Morena Space

    +      _  _ ____ ____ ____ _  _ ____
    |      |\/| |  | |__/ |___ |\ | |__|    Web:  https://morena.rest
 +--+--+   |  | |__| |  \ |___ | \| |  |    Mail: morena@morena.rest
    |                                       IRC:  morena.rest
    +      The internet is full. Fuck Off 
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++

2024-02-19

Simple mail server with SMTPD and Mail util on OpenBSD
------------------------------------------------------

This is easy-peasy task if your IP address and whole range is not
blacklisted. If that is the case, probably no any setup will help
you. You have to fix that issue by changing your server/IP provider.
I don't recommend to run a mail server on these well known big VPS
providers. Their IP ranges are often blocked, blacklisted and treated
badly.

----------------------------------------------------------------------
# cat /etc/mail/smtpd.conf

table aliases file:/etc/mail/aliases
pki morena.rest cert "/etc/ssl/morena.rest.fullchain.pem"
pki morena.rest key "/etc/ssl/private/morena.rest.key"

filter dkimsign proc-exec "filter-dkimsign -d morena.rest -s mail \
-k /etc/mail/dkim/private.rsa.key" user _dkimsign group _dkimsign

listen on socket filter "dkimsign" mask-src
listen on lo0 filter "dkimsign" mask-src
listen on vio0 tls pki morena.rest

action "local_mail" mbox alias 
action "outbound" relay helo rat.morena.rest

match from any for domain "morena.rest" action "local_mail"
match from local for local action "local_mail"
match from local for any action "outbound"

----------------------------------------------------------------------

I somehow managed to create self-signed certificate, I already have no
idea how ;/ You have to figure it out youself. Most people will
probably use some certificate from a fake authority, I don't like that
idea.

This certificate is not really necessary, it is there for other mail
servers, that they can upgrade a connection from plain text to TLS
using STARTTLS over port 25. I may this evaluate and remove later.

I had to create another key for dkimsign. Another pointless crap, but
without it, big monopoly corporations will probably put my emails
to junk. It's pretty easy using package opensmtpd-filter-dkimsign.
It has copy/paste readme in default OpenBSD location for that purpose.
You will be informed about that after the installation of the package.
It is just a filter for smtpd that will sign your outgoing emails.
Receiving mail server will check the key you added in your DNS.
All is well documented in pkg-readme.

While you are in DNS at your domain registrar or other provider,
gently add also MX and TXT - SPF records. You can also add DMARC
nonsense, maybe it helps you look more cool in the eyes of big
corporations like Google, Microsoft and Apple.

This setup does not connect and allow IMAP. I use mail util for mail
handling.

----------------------------------------------------------------------
$ cat /home/morena/.mailrc

set record=/home/morena/mail/sent
set from=morena@morena.rest
set folder=mail
set MBOX=mail/mbox
set Replyall
set ask
retain Subject
----------------------------------------------------------------------

This .mailrc is not necessary. It just make mail utility more
friendly to my taste.

That's all ladies. I can read, send and reply emails to any mail
server in the world. I already got some greetings from SEO experts
from India ;/

This is not a step by step guide. Maybe just some "showcase" that
running your own mail server is not that hard.  This setup does
not allow external IMAP and SMTP access. Just from this server.
The only port needed for this setup is port 25. This port is used for
communication between mail servers either you send or receive emails.

Other ports related to mail like 465, 587, 143, 993 are used just
for email clients to communicate with your SMTP or IMAP server,
not with other mail servers. In a case I would like to use this server
from another machine I would connect to the server (SMTPS) using
465 TLS. While checking IMAP with 993 TLS. This would require some
tiny change to the setup above and installing something horrible as
Dovecot for IMAP handling.

++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++

Creativity is the greatest rebellion in existence.