Email server with OpenSMTPd in FreeBSD

Any mail server that is exposed either on the Internet or locally in an organization needs an MTA. Among the most widespread are Postfix and Sendmail. In fact, the former is used by default on Linux, while Sendmail is the standard for BSD systems. On the other hand many, many deployments are done with systems that integrate the complete email stack, MailCow, iRedMail, etc. In this guide we will use OpenSMTPd, part of the OpenBSD project and therefore with implicit reliability and simplicity.

Requirements

A fundamental part of email is DNS. It is necessary to have properly configured, at least, the MX record, in this way, other MTAs will be able to find the MTA of the domain to which they want to send the mail. In this case, ours. For this step, we can review the entry of this blog that details how to set up a DNS server with Bind9. From this entry we will be able to resolve the necessary records. If we do not have our own DNS server, we can create these records in our provider’s control panel.

Installation

Disable SendMail

As we have seen, we need to replace the system default MTA so that it does not disrupt the operation of the MTA we are installing.

sysrc sendmail_enable="NO"
sysrc sendmail_submit_enable="NO"
sysrc sendmail_msp_queue_enable="NO"
sysrc sendmail_outbound_enable="NO"

Install OpenSMTPd

pkg install -y opensmtpd

Configuration

We edit the /usr/local/etc/mail/smtpd.conf file to make it work in our environment. At the moment we only use local users, so the configuration will look like the following:

# Files containing the accepted domains and e-mails
table aliases file:/etc/mail/aliases
table domains file:/etc/mail/domains

# Configurar los certificados
pki mail.correo.com key "/usr/local/etc/mail/ssl/private/mail.correo.com.key.pem"
pki mail.correo.com cert "/usr/local/etc/mail/ssl/certs/mail.correo.com.cert.pem"

# Addresses that will listen to the service
listen on vtnet0 tls pki mail.correo.com auth-optional
listen on vtnet0 smtps pki mail.correo.com auth
listen on vtnet0 port submission tls-require pki mail.correo.com auth

# Delivery to the local maildir
action "local" maildir alias <aliases>
# Forwarding to external MTA
action "relay" relay helo mail.correo.com

# Delivery rules
match from local for local action "local"
match from any for domain <domains> action "local"
match from any auth for any action "relay"

We need to have the file /etc/mail/domains prepared with our domain:

correo.com

Change mailer

We need to tell the system that any program that needs or is going to send mail uses the agent we just installed. This is done by modifying the /etc/mail/mailer.conf.

#sendmail   /usr/libexec/sendmail/sendmail
#mailq      /usr/libexec/sendmail/sendmail
#newaliases /usr/libexec/sendmail/sendmail
#hoststat   /usr/libexec/sendmail/sendmail
#purgestat  /usr/libexec/sendmail/sendmail
sendmail    /usr/local/sbin/smtpctl
send-mail   /usr/local/sbin/smtpctl
mailq       /usr/local/sbin/smtpctl
makemap     /usr/local/libexec/opensmtpd/makemap
newaliases  /usr/local/libexec/opensmtpd/makemap

Start the daemon

sysrc smtpd_enable="YES"
service smtpd start

Tests

First we can check if the service is listening:

sockstat -4l

USER     COMMAND    PID   FD PROTO  LOCAL ADDRESS         FOREIGN ADDRESS
_smtpd   smtpd      804   10 tcp4   172.16.249.20:25      *:*
_smtpd   smtpd      804   11 tcp4   172.16.249.20:465     *:*
_smtpd   smtpd      804   12 tcp4   172.16.249.20:587     *:*

And we can send a test email and verify in the logs that it really is being processed correctly.

echo "Test" | mail -s "Test" root

<22>1 2022-12-18T13:44:51.353133+02:00 mail.correo.com smtpd 804 - - 8de9183d3d571e35 smtp connected address=local host=mail.correo.com
<22>1 2022-12-18T13:44:51.355793+02:00 mail.correo.com smtpd 804 - - 8de9183d3d571e35 smtp message msgid=258c7c3a size=418 nrcpt=1 proto=ESMTP
<22>1 2022-12-18T13:44:51.356010+02:00 mail.correo.com smtpd 804 - - 8de9183d3d571e35 smtp envelope evpid=258c7c3a9728af75 from=<i686@mail.correo.com> to=<root@mail.correo.com>
<22>1 2022-12-18T13:44:51.356828+02:00 mail.correo.com smtpd 804 - - 8de9183d3d571e35 smtp disconnected reason=quit
<22>1 2022-12-18T13:44:51.371083+02:00 mail.correo.com smtpd 804 - - 8de9183ff2261c4c mta delivery evpid=258c7c3a9728af75 from=<i686@mail.correo.com> to=<root@mail.correo.com> rcpt=<root@mail.correo.com> delay=0s result=Ok stat=Delivered