So, you’ve got at least one server and you’ve installed and configured opensmtpd so you can send emails. But, you’re still using a third party email provider from your home computer. That didn’t seem right to me, so I’ve eventually figured out how to use one of my servers to route mail from home (or laptop) to its destination.
Benefits
1. Using what you already have. You’ve got an email server. Might as well use it as a relay!
2. Speed. Routing mail through your own server will be far quicker than using someone elses.
Below should be self explanatory. You need to edit four files, two on your server, two on your local machine.
Swap out example.com for your server domain, obviously.
###########################
# Server: /etc/smtpd.conf
###########################
# $OpenBSD: smtpd.conf,v 1.10 2018/05/24 11:40:17 gilles Exp $
# This is the smtpd server system-wide configuration file.
# See smtpd.conf(5) for more information.
table aliases file:/etc/mail/aliases
table secrets file:/etc/mail/secrets
pki example.com key "/etc/letsencrypt/live/example.com/privkey.pem"
pki example.com cert "/etc/letsencrypt/live/example.com/fullchain.pem"
# Filters taken from prefetch.eu
filter "rdns" phase connect match !rdns disconnect "550 DNS error"
filter "fcrdns" phase connect match !fcrdns disconnect "550 DNS error"
filter check_dyndns phase connect match rdns regex { '.*\.dyn\..*',
'.*\.dsl\..*' } \ disconnect "550 no residential connections"
action "local" maildir alias <aliases>
action "relay" relay
listen on localhost
listen on eth0 tls pki example.com \
filter { "rdns", "fcrdns", "check_dyndns" } \
listen on eth0 port 465 smtps pki example.com auth <secrets>
listen on eth0 port 587 tls-require pki example.com auth <secrets>
match for local action "local"
match from local for any action "relay"
match from any for domain "example.com" action "local"
match from auth for any action "relay"
############################
# Server: /etc/mail/secrets
############################
simon@server:~$ cat /etc/mail/secrets
home@example.com <password hash created using 'smtpctl encrypt' command>
#########################
# Local: /etc/smtpd.conf
#########################
# $OpenBSD: smtpd.conf,v 1.10 2018/05/24 11:40:17 gilles Exp $
# This is the smtpd server system-wide configuration file.
# See smtpd.conf(5) for more information.
table aliases file:/etc/mail/aliases
table secrets file:/etc/mail/secrets
listen on localhost
action "local" maildir alias <aliases>
action "simonh" relay host smtp+tls://simonh@example.com:587 \
auth <secrets> mail-from "home@example.com"
match for local action "local"
match for any action "simonh"
###########################
# Local: /etc/mail/secrets
###########################
root@computer:/etc# cat mail/secrets
simonh home@example.com:plain_password_hereThe key things to pay attention to are (on the server):
table secrets file:/etc/mail/secretslisten on eth0 port 587 tls-require pki example.com auth <secrets>match from auth for any action "relay"And on your local machine:
action "simonh" relay host smtp+tls://simonh@example.com:587 \match for any action "simonh"/etc/mail/secrets
simonh home@example.com:plain_password_hereThe password needs to be plain text as it is sent over TLS to be checked by the remote mail server.
From what I can gather, the simonh label in /etc/mail/secrets will send the username and password matching that label from your secrets file to the action block. That had me stumped for a while…
As a side note, you can avoid the auth stuff entirely if you’ve got a static ip address. This is what I’d been using for the last few weeks until I got the authenticated method sorted out:
match from src your.home.ip.address for any action "relay"