2023-02-10

Mailserver Mastery.

Hosting your own mail server with OpenBSD and smtpd is realy easy and safe.

Adding A New Domain

Add domain to /etc/mail/vdomains. Add all users to vusers file. Add users and passwords to passwd file using smtpctl encrypt <password> to create the encrypted passwords.

SSL Certificate

In /etc/acme-client.conf

Add follwing line to retrieve lentsencrypt certificate

domain mail.tas.fm {
  domain key "/etc/ssl/private/mail.tas.fm.key"
  domain certificate "/etc/ssl/mail.tas.fm.crt"
  domain full chain certificate "/etc/ssl/mail.tas.fm.pem"
  sign with letsencrypt
}




Adding crontab Entry for Letsencrypt Certificates



0 0 * 1-12 * acme-client www.tas.cloud && rcctl reload httpd



Extend smtpd.conf



Extend /etc/smtpd.conf if you want to be able to send emails from your new domain



Mail Forwarding



If you want to create an email which should act as an alias you have to forward it to an existing email adress.



Blowfish Encrypted Passwords



smtpctl encrypt is using blowfish.



An example output would look like this:



$2a$08$lT24ClsQAkEe9AB1odZRN.sJRNJGN1OFHRhMSpB7JcL7lMQFVazJ6




The explanation of the parts is as follows.



$2a                             : The hash algorithm identifier (version) for bcrypt.
10                              : Cost factor. 10 means 210 = 1,024 rounds.
lT24ClsQAkEe9AB1odZRN.          : 16-byte salt which is encoded to 22 characters using base64.
sJRNJGN1OFHRhMSpB7JcL7lMQFVazJ6 : 24-byte hash which is encoded to 31 characters using base64..




When using OpenBSD change the identifier to $2b.



Roundcube



To increase the maximum file upload size edit php.ini and set post_max_size and  upload_max_filesize accordingly.



Upgrading PHP e.g from version 8.1 to 8.2



rcctl stop php81_fpm
rcctl disable php81_fpm
rcctl enable php82_fpm
rcctl start php82_fpm




Ensure the latest sqlite driver is installed



pkg_add php-pdo_sqlite-8.2.xx




Enable driver in config file /etc/php-8.2.ini



extension=pdo_sqlite




Make sure that the required PHP extensions are enabled. The easiest way to this is the following:



$ cd /etc/php-8.1.sample/
$ for i in * ; do
> doas ln -sf ../php-8.1.sample/$i ../php-8.1/
> done




SPF record



An SPF (Sender Policy Framework) record is a DNS entry that specifies which servers are authorized to send emails on behalf of a particular domain. The SPF record contains a list of IP addresses and hostnames that are authorized to send emails on behalf of the domain. If an email is sent from an unauthorized server that is not listed in the SPF record, it may be marked as spam or fraudulent. The SPF record is commonly used to prevent email spoofing and improve email deliverability.



Create a TXT entry on your DNS server like this



@    IN TXT    "v=spf1 a mx ~all"