💾 Archived View for paritybit.ca › arboretum › sysadmin › relaying-service-mail-with-opensmtpd.gmi captured on 2023-01-29 at 03:02:03. Gemini links have been rewritten to link to archived content
-=-=-=-=-=-=-
This configuration is very useful for allowing services to send email, especially when on a residential connection or when port 25 is blocked for a different reason. It also eliminates the need to maintain individual local mail servers and instead route all mail through a domain's central mail server.
This requires an email server which is already set up to accept submissions from remote hosts. I use SMTPS (port 465) but this also works with SMTP+STARTTLS (port 587).
First, create one or more accounts on the central mail server to handle the email (could be servicename@example.com or no-reply@example.com, etc). Creating multiple accounts is convenient in the case that a machine gets compromised and therefore the password used to authenticate with the mailserver gets compromised. In such a case, only one account will need to be changed. If only one account is used for all services, however, when you need to change the password for the service account you will need to update the configuration on all machines. On the other hand, one account for all service emails is easier to manage up front.
On the machine which will be sending email, add an alias for the relevant users to `/etc/mail/aliases`. For example: `root: jbauer@paritybit.ca` which will send all emails that would normally be sent to the root user (for output of cron jobs, etc.) to my personal email.
Modify the `/etc/mail/smtpd.conf` file as follows (this configuration uses the account service@example.com and SMTP AUTH PLAIN to send mail for the machine 'host'):
table aliases file:/etc/mail/aliases table credentials { service = service:thisisarandomandsecurepassword } listen on socket listen on lo0 action "local_mail" mbox alias <aliases> action "outbound" relay host smtps://service@mail.example.com tls auth <credentials> mail-from host@example.com match from local for local action "local_mail" match from local for any action "outbound"
Finally, reload OpenSMTPD so it loads the new configuration.