💾 Archived View for paritybit.ca › sysadmin › relaying-service-mail-with-opensmtpd.gmi captured on 2022-07-16 at 13:42:35. Gemini links have been rewritten to link to archived content

View Raw

More Information

⬅️ Previous capture (2022-03-01)

-=-=-=-=-=-=-

Relaying Service Mail With OpenSMTPD

This configuration is very useful for allowing services to send email, especially when on a residential connection or when port 25 is blocked for a different reason. It also eliminates the need to maintain individual local mail servers and instead route all mail through a domain's central mail server.

This requires an email server which is already set up to accept submissions from remote hosts. I use SMTPS (port 465) but this also works with SMTP+STARTTLS (port 587).

First, create one or more accounts on the central mail server to handle the email (could be servicename@example.com or no-reply@example.com, etc). Creating multiple accounts when using SMTP AUTH is convenient in the case that a machine gets compromised and therefore the password used to authenticate with the mailserver gets compromised. If only one account is used, when you need to change the password for the service account, you need to update the configuration on all machines. On the other hand, one account for all service emails is easier to manage up front.

On the machine which will be sending email, add an alias for the relevant users to `/etc/mail/aliases`. For example: `root: jbauer@paritybit.ca` which will send all emails that would normally be sent to the root user (for output of cron jobs, etc.) to my personal email.

Modify the `/etc/mail/smtpd.conf` file as follows (this configuration uses the account service@example.com and SMTP AUTH PLAIN):

table aliases file:/etc/mail/aliases
table credentials { service = service:thisisarandomandsecurepassword }

listen on socket
listen on lo0

action "local_mail" mbox alias <aliases>
action "outbound" relay host smtps://service@mail.example.com tls auth <credentials> mail-from host@example.com

match from local for local action "local_mail"
match from local for any action "outbound"

Finally, reload OpenSMTPD so it loads the new configuration.