💾 Archived View for thrig.me › blog › 2023 › 10 › 19 › local-smtp-server.gmi captured on 2023-11-14 at 07:43:57. Gemini links have been rewritten to link to archived content
⬅️ Previous capture (2023-11-04)
-=-=-=-=-=-=-
Someone was asking about a mail server where clients would be able to send mail, local only, and obtain mails via IMAP. This will involve some work and annoyance. You'll need a mail server (Postfix or OpenSMTPD are not terrible choices) and an IMAP server (Dovecot is typical, though I haven't run IMAP in years). The mail server would probably offer SMTP AUTH via SASL on the submission port (TCP/587) over SSL for clients to send email with. So you'll need certificates and authentication setup. Probably custom authentication that does not use system accounts. "Only local" requires configuration so that clients cannot send mail to the internet. I forget how to make Postfix do that offhand (Postfix configuration isn't always easier than Sendmail was); for smtpd.conf on OpenBSD 7.4 maybe something like
match for domain "example.org" action "get_it_to_dovecot" match for local action "get_it_to_dovecot" match for any reject
plus various tests with various suitable messages from various clients and programs. Or maybe the system mail needs to not go to Dovecot? This is how email setups get complicated.
Using a VPN would help, as SMTP servers on the internet get attacked, a lot. Custom ports for IMAP and Submission would eventually be found, and may complicate the mail client configuration. Probably not a good idea. If not a VPN:
Even with a VPN you may need some of the above measures. Rate limiting and detection when limits are breached might be good to have: a legitimate mail client of a legitimate user could go nuts and send thousands of messages. Some of the above issues are rare, but I'm sensitive to them as I've had to cleanup from spammers and other problems too many times. For example, an intern once did not consult with IT at all, and somehow managed to start sending a test message to everyone on a huge external mailing list lots of times.
Other folks have simply given up on mail servers: running one is not too difficult, but there are a lot of little fiddly details that must be gotten right, various ongoing maintenance tasks, and huge downsides for potentially lots of people if you screw something up. Do you have the time and the tuits? Or how much would it cost to outsource? Is there some other way the problem could be solved, maybe with some other protocol or service?
There can be a lot to learn if you're new to running a mail server, as opposed to following the changes over the last 25 years or so. This is probably similar to a computer game where the barrier to entry is too high as the game caters to folks who have been playing it for decades, and the only ones left playing it have been grandfathered into the complexity.
tags #opensmtpd #smtp #emailhatestheliving