Script that installs/configures a OpenSMTPD, Dovecot, Rspamd OpenBSD mail server
Go to file
Chang, Chu-Kuan aea6c56e27 avoid using auto_expunge with mbsync 2021-01-19 16:16:44 +08:00
README.md minor syntax modification 2020-09-12 23:28:25 +08:00
emailwiz avoid using auto_expunge with mbsync 2021-01-19 16:16:44 +08:00
mailrestart fmt 2021-01-18 03:38:48 +08:00

README.md

Email server setup script

This is a heavily modified version of LukeSmith's emailwiz. Basically everything (except comments) in the original script is rewrited to suit OpenBSD.

I wrote this script during the gruelling process of installing and setting up an email server. It perfectly reproduces my successful steps to ensure the same setup time and time again.

Read this readme and peruse the script's comments before running it. Expect it to fail and you have to do bug testing and you will be very happy when it actually works perfectly.

This script installs

  • OpenSMTPD to send and receive mail.
  • Dovecot to get mail to your email client (mutt, Thunderbird, etc).
  • Config files that unique the two above securely with native log-ins.
  • Rspamd to prevent spam and allow you to make custom filters.
  • opensmtpd-filter-dkimsign to validate you so you can send to Gmail and other big sites.

This script does not

  • use a SQL database or anything like that.
  • set up a graphical interface for mail like Roundcube or Squirrel Mail. If you want that, you'll have to install it yourself. I just use isync/msmtp/mutt-wizard to have an offline mirror of my email setup and I recommend the same. There are other ways of doing it though, like Thunderbird, etc.

Requirements

  1. A OpenBSD server. I've tested this on a Vultr OpenBSD server and their setup works, but I suspect other VPS hosts will have similar/possibly identical default settings which will let you run this on them. Note that the affiliate link there to Vultr gives you a $100 credit for the first month to play around.
  2. A Let's Encrypt SSL certificate for your site's mx subdomain. Create a httpd(1) site at mx.domain.tld and get a certificate for it with acme-client(1).
  3. You need two little DNS records set on your domain registrar's site/DNS server: (1) an MX record pointing to your own main domain/IP and (2) a CNAME record for your mx. subdomain.
  4. A Reverse DNS entry for your site. Go to your VPS settings and add an entry for your IPV4 Reverse DNS that goes from your IP address to mx.domain.tld. If you would like IPV6, you can do the same for that. This has been tested on Vultr, and all decent VPS hosts will have a section on their instance settings page to add a reverse DNS PTR entry. You can use the 'Test Email Server' or ':smtp' tool on mxtoolbox to test if you set up a reverse DNS correctly. This step is not required for everyone, but some big email services like gmail will stop emails coming from mail servers with no/invalid rDNS lookups. This means your email will fail to even make it to the receipients spam folder; it will never make it to them.
  5. Some VPS providers block port 25 (used to send mail). You may need to request that this port be opened to send mail successfully. Although I have never had to do this on a Vultr VPS, others have had this issue so if you cannot send, contact your VPS provider.
  6. Edit parameter section in emailwiz script. For example, change ${domain} to changchukuan.name and ${subdom} to mail.

Post-install requirement!

  • After the script runs, you'll have to add additional DNS TXT records which are displayed at the end when the script is complete. They will help ensure your mail is validated and secure.
  • Modify rspamd whitelists/blacklists in /etc/rspamd/local.d to yout need.

Making new users/mail accounts

Let's say we want to add a user Billy and let him receive mail, run this:

useradd -m billy
passwd billy

A user's mail will appear in ~/Maildir/. If you want to see your mail while ssh'd in the server, you could just install mutt, add set spoolfile="+Inbox" to your ~/.muttrc and use mutt to view and reply to mail. You'll probably want to log in remotely though:

Logging in from Thunderbird or mutt (and others) remotely

Let's say you want to access your mail with Thunderbird or mutt or another email program. For my domain, the server information will be as follows:

  • SMTP server: mx.domain.tld
  • SMTP port: 465
  • IMAP server: mx.domain.tld
  • IMAP port: 993
  • Username user (I.e. not user@domain.tld)

The last point is important. Many email systems use a full email address on login. Since we just simply use local PAM logins, only the user's name is used (this makes a difference if you're using luke's mutt-wizard, etc.).

Tweaking things

You're a big boy now if you have your own mail server!

You can tweak smtpd (sending mail

Furthur reading

Troubleshooting -- Can't send mail?

  • Always check /var/log/maillog and /var/log/rspamd to see the specific problem.
  • Go to this site to test your TXT records. If your DKIM, SPF or DMARC tests fail you probably copied in the TXT records incorrectly.
  • If everything looks good and you can send mail, but it still goes to Gmail or another big provider's spam directory, your domain (especially if it's a new one) might be on a public spam list. Check this site to see if it is. Don't worry if you are: sometimes especially new domains are automatically assumed to be spam temporaily. If you are blacklisted by one of these, look into it and it will explain why and how to remove yourself.