Complete Guide to Setting Up OpenSMTPD Mail Server on Linux

by

OpenSMTPD is a lightweight, secure, and easy-to-configure mail transfer agent (MTA) used for sending and receiving emails. This guide covers the full setup process of OpenSMTPD on a Linux server, including installation, configuration, and security.

Prerequisites

Ensure you have the following before proceeding:

  • A Linux server (Debian/Ubuntu, OpenBSD, or other distributions)
  • Root or sudo privileges
  • A registered domain name (e.g., yourdomain.com)
  • Updated system packages

Step 1: Update Your System

Start by updating the system to ensure all packages are current.

sudo apt update && sudo apt upgrade -y # For Debian/Ubuntu sudo yum update -y # For CentOS/RHEL

Step 2: Install OpenSMTPD

On Ubuntu/Debian

sudo apt install opensmtpd -y

On OpenBSD

OpenSMTPD is included by default on OpenBSD. You can start the service using:

doas rcctl enable smtpd doas rcctl start smtpd

Step 3: Configure OpenSMTPD

Open the main configuration file:

sudo nano /etc/smtpd/smtpd.conf

Basic Configuration

A minimal working configuration looks like this:

pki mail.yourdomain.com cert "/etc/ssl/mail.yourdomain.com.pem" listen on lo0 listen on eth0 tls pki mail.yourdomain.com action "local" maildir alias <aliases> "/var/mail/vhosts/%{rcpt.domain}/%{rcpt.user}" action "relay" relay match from any for domain "yourdomain.com" action "local" match from any for local action "local" match from local for any action "relay"

Create Mail Directory

Ensure you have the correct directory structure for mail delivery:

sudo mkdir -p /var/mail/vhosts/yourdomain.com sudo useradd -m -d /var/mail/vhosts/yourdomain.com mailuser sudo chown -R mailuser:mailuser /var/mail/vhosts/yourdomain.com

Step 4: Set Up SSL/TLS Encryption

Install Certbot for Let’s Encrypt

sudo apt install certbot -y

Obtain SSL Certificates

sudo certbot certonly --standalone -d mail.yourdomain.com

Update OpenSMTPD Configuration

Edit /etc/smtpd/smtpd.conf and add the certificate paths:

pki mail.yourdomain.com cert "/etc/letsencrypt/live/mail.yourdomain.com/fullchain.pem" pki mail.yourdomain.com key "/etc/letsencrypt/live/mail.yourdomain.com/privkey.pem"

Restart OpenSMTPD:

sudo systemctl restart opensmtpd

Step 5: Manage Aliases and Users

Set Up Aliases

Edit the alias file:

sudo nano /etc/aliases

Add your user mappings:

postmaster: root webmaster: mailuser

Apply alias changes:

sudo newaliases

Step 6: Enable and Start OpenSMTPD

Ensure the OpenSMTPD service is enabled at boot and running:

sudo systemctl enable opensmtpd sudo systemctl start opensmtpd

Check the status:

sudo systemctl status opensmtpd

Step 7: Test Email Delivery

Send a test email from the server:

echo "OpenSMTPD test email" | mail -s "Test" user@yourdomain.com

Check mail logs for delivery status:

tail -f /var/log/mail.log

Step 8: Secure OpenSMTPD

  1. Restrict relay to authenticated users.
  2. Implement DKIM, SPF, and DMARC.

To restrict relay, add this to /etc/smtpd/smtpd.conf:

match from any auth for any action "relay"

Restart OpenSMTPD:

sudo systemctl restart opensmtpd

Step 9: Open Required Ports

Ensure ports 25 (SMTP), 587 (submission), and 465 (SMTPS) are open:

sudo ufw allow 25 sudo ufw allow 587 sudo ufw allow 465 sudo ufw reload

Step 10: Monitor and Maintain OpenSMTPD

Check mail queue:

mailq

Flush mail queue (if needed):

sudo smtpctl flush

Monitor logs:

tail -f /var/log/mail.log

Final Thoughts

You have successfully set up and secured an OpenSMTPD mail server on Linux. Keep your server updated and monitor logs regularly for any unusual activity.

Keywords: OpenSMTPD setup guide, configure OpenSMTPD, OpenSMTPD mail server Linux, secure OpenSMTPD, install OpenSMTPD Ubuntu, OpenSMTPD TLS encryption, OpenSMTPD tutorial

Related Searches:

  • How to install OpenSMTPD on Linux
  • OpenSMTPD TLS configuration
  • Secure OpenSMTPD with SSL
  • OpenSMTPD relay configuration
  • OpenSMTPD vs Postfix
  • OpenSMTPD mail delivery troubleshooting

Leave a Comment