knowledgebase

Paritybit.ca Gemini-based Wiki
git clone https://git.sr.ht/~jbauer/knowledgebase
Log | Files | Refs | README

commit 9fa37cd451c3bc2e51badb8e5e552b3764eff18b
parent a44587564a88eb8a4ff5d8882f6ccb1907788089
Author: Jake Bauer <jbauer@paritybit.ca>
Date:   Fri, 28 Jan 2022 12:17:08 -0500

Add relaying mail information

Diffstat:
Mindex.gmi | 1+
Asysadmin/relaying-service-mail-with-opensmtpd.gmi | 27+++++++++++++++++++++++++++
2 files changed, 28 insertions(+), 0 deletions(-)

diff --git a/index.gmi b/index.gmi @@ -40,6 +40,7 @@ => /sysadmin/tarsnap-backups-with-acts.gmi Tarsnap Backups With Acts => /sysadmin/goaccess-with-openbsd-httpd.gmi Using Goaccess with OpenBSD's httpd => /sysadmin/uw-imap.gmi UW IMAP Server Documentation +=> /sysadmin/relaying-service-mail-with-opensmtpd.gmi Relaying Service Mail With OpenSMTPD ## Recipes diff --git a/sysadmin/relaying-service-mail-with-opensmtpd.gmi b/sysadmin/relaying-service-mail-with-opensmtpd.gmi @@ -0,0 +1,27 @@ +# Relaying Service Mail With OpenSMTPD + +This configuration is very useful for allowing services to send email, especially when on a residential connection or when port 25 is blocked for a different reason. It also eliminates the need to maintain individual local mail servers and instead route all mail through a domain's central mail server. + +This requires an email server which is already set up to accept submissions from remote hosts. I use SMTPS (port 465) but this also works with SMTP+STARTTLS (port 587). + +First,create one or more accounts on the central mail server to handle the email (could be servicename@example.com or no-reply@example.com, etc). Creating multiple accounts when using SMTP AUTH is convenient in the case that a machine gets compromised and therefore the password used to authenticate with the mailserver gets compromised. If only one account is used, when you need to change the password for the service account, you need to update the configuration on all machines. On the other hand, one account for all service emails is easier to manage up front. + +On the machine which will be sending email, add an alias for the relevant users to `/etc/mail/aliases`. For example: `root: jbauer@paritybit.ca` which will send all emails that would normally be sent to the root user (for output of cron jobs, etc.) to my personal email. + +Modify the `/etc/mail/smtpd.conf` file as follows (this configuration uses the account service@example.com and SMTP AUTH PLAIN): + +```/etc/mail/smtpd.conf +table aliases file:/etc/mail/aliases +table credentials { service = service:thisisarandomandsecurepassword } + +listen on socket +listen on lo0 + +action "local_mail" mbox alias <aliases> +action "outbound" relay host smtps://service@mail.example.com tls auth <credentials> mail-from host@example.com + +match from local for local action "local_mail" +match from local for any action "outbound" +``` + +Finally, reload OpenSMTPD so it loads the new configuration.