OpenSMTPD + UW IMAP as an alternative to heavy mail systems

Almost everyone who has servers with domains associated with them has to deal with the mail one way or another, at least with the availability of webmaster / postmaster / abuse @ domain addresses.
Someone teaches M4 and configures built-in sendmail, someone uses third-party services (for example, from Google), someone - raises the standard postfix + courier-imap + mysql bundle (or equivalent).

I was lazy to do the first, the second — I didn’t want for ideological reasons, and the third was too redundant. Therefore, I found my “middle way”, which I want to talk about in this article.

Prerequirements

When writing this guide, I assumed that the user is able to interact with * nix-systems through the console, can install the packages of his distribution and owns at least one text editor for editing configs. As an example, I will install packages on Arch Linux, since this is my home distribution.

Formulation of the problem

Before you do something you need to understand why to do it. The described configuration makes sense if:

• The number of local users is small and it is permissible for them to create entries in / etc / passwd
• The number of accepted domains is> 1, otherwise “default sendmail” rescues us OR
• Some extra things are needed, such as SSL / TLS or authentication OR
• Server configuration is insufficient to run heavy MTAs there.

In my case, all the points coincided: a small virtual, on which I park a dozen domains for friends and acquaintances.
')
Installing UW IMAP is an optional part. I did not install it until I had additional users in the system, because I myself went to ssh without any problems and made a mutt.

Installation and initial configuration of OpenSMTPD

In Arch Linux installation takes 5 seconds :-)


The configuration consists of a single smtpd.conf file and optional files with tables. My initial config looks like this:

As you can see - nothing complicated, any mail passes through all the chains of reject / accept until it falls under any rule.


Mutt confirms - mail delivered!

This minimal configuration is quite enough for receiving technical mail for a dozen or so domains.

SMTPS / TLS and Authentication

In opensmtpd, the authenticated user becomes local. Authentication is enabled with the auth (or auth-optional ) keyword in the listen string, but you must first configure smtps / tls. A trusted certificate can be obtained in different places, for example from StartSSL. In any case, we assume that you have 3 PEM files:

1. server.crt - server certificate
2. server.key - private key from the certificate
3. cachain.crt - chain of supporting certificates

Now we can enable smtps / tls and authentication:


Now clients can send mail outside with ssl and authentication.

Mutt (note the Received header):

Antispam and stuff

For example, you can add antispam via spampd .

And again, nothing complicated, easily configured by analogy with a firewall or other in-line filter.

Install and configure UW IMAP

As I already wrote, this part is optional, if on the server one user is a sysadmin, then most likely imap is not needed there.

Installation:


Setup:

First, from the key, server certificate, and CA certificates, we create a PEM file for imapd (its name is fixed), then we create xinetd-unit for xinetd and start xinetd, respectively. Everything, hooray :-)

Total

We received a full-fledged mail system, with SSL / TLS and authentication, capable of working even on a microwave and without requiring hours of thoughtful reading of mana. Optionally, you can expand it further by adding for example DKIM, backup MX, Greylisting and more. As a bonus: OpenSMTPD is made by the OpenBSD team, which means there is very little chance of a critical vulnerability there.

Thanks for attention.