Basic OpenSMTPD relay setup on OpenBSD 7.3
My NAS sends me the system warnings via email, and i find it really useful. I host my mails at FastMail and i don’t really want to open the can of worms called ‘Host your own mailserver’, therefore i tried to realy emails through my private mailbox. Relaying means every time a mail gets sent my computer will connect a 3rdparty SMTP server and instruct it to send the mail in our behalf.
OpenBSD’s OpenSMTPD is a mailer daemon which is included in the base system, this means no 3rdparty package needed to send mails from the terminal. The setup feels a bit complicated on the first glance, so let’s check how i managed to set it up.
We need the following stuff to set up a smtp relay:
- the URL of the SMTP server which we plan to use to relay mail trough
- authentication data for te mentioned SMTP server
Fastmail and many other mail provider (gmail included) won’t accept your web-login credentials for IMAP and SMTP anymore, but lets you to create app-specific passwords to set up mail on your devices and programs. In case any of your app-password gets compromitted (stolen computer, hacked device, etc). you can simply delete that specific app-password, so you don’t have to set new credentials on every device / program. You can create a new app-specific password on Fastmail webmail “Settings” > “Privacy & Security” page “Integration” tab. Here Fastmail lets you to generate and name your app-specific passwords and limit the access to specific protocols and data (in our case only SMTP access is needed). The generated password will be shown only once therefore do not close it yet. We will also need the SMTP server connection data, i used the following settings:
|Enabled, but not STARTTLS
|Your complete fastmail address, like “email@example.com”. Even if you have an own domain, you should use the fastmail one here.
|Your app-specific password
Now we have all the required info, let’s do the setup!
Lets store our secrets:
$ doas echo "mailbox firstname.lastname@example.org:f34rfdjsoidccww" >> /etc/mail/secrets
mailbox is simply a tag, we will reference this secret later using this handle.
email@example.com is our complete fastmail username while the random string after the colon is our app-specific password we just made. This command will add our secrets to the
Then we should secure our secrets file from the prying eyes:
$ doas chmod 640 /etc/mail/secrets
$ doas chown root:_smtpd /etc/mail/secrets
Then we need to configure OpenSMTPD to relay all email through our fastmail SMTP server using the
table aliases file:/etc/mail/aliases
table secrets file:/etc/mail/secrets
listen on lo0
action "local_mail" mbox alias <aliases>
action "outbound" relay host smtps://firstname.lastname@example.org:465 auth <secrets>
match from local for local action "local_mail"
match from local for any action "outbound"
The important part is the longest line and the last line. This two line instructs OpenSMTPD to relay all outgoing emails via FastMail’s SMTP server.
Lets analyze the
We know FastMail do not require STARTTLS authentication, therefore (according to the smtpd.conf(5) manpage) we should use the
smtps SMTP session with forced TLS on connection. The default port is 465.
mailbox string is the handle from the
/etc/mail/secrets file we created previously.
smtp.fastmail.com is the URL of the FastMail’s SMTP server, while the
465 is the port number we have seen earlier.
After doing all of this, we should check the config file:
$ doas smtpd -n
Looking good! Now let’s restart smtpd:
$ doas rcctl restart smtpd
And we can test it sending an email using the following command:
$ mail -s "Test email" -r 'email@example.com' firstname.lastname@example.org
Type some text, this will be the mail body, then press an enter and press CTRL+D to send the mail, which should arrive in couple seconds.