OpenSMTPD is a lightweight, secure, and easy-to-configure mail transfer agent (MTA) used for sending and receiving emails. This guide covers the full setup process of OpenSMTPD on a Linux server, including installation, configuration, and security.
Prerequisites
Ensure you have the following before proceeding:
- A Linux server (Debian/Ubuntu, OpenBSD, or other distributions)
- Root or sudo privileges
- A registered domain name (e.g.,
yourdomain.com
) - Updated system packages
Step 1: Update Your System
Start by updating the system to ensure all packages are current.
sudo apt update && sudo apt upgrade -y # For Debian/Ubuntu sudo yum update -y # For CentOS/RHEL
Step 2: Install OpenSMTPD
On Ubuntu/Debian
sudo apt install opensmtpd -y
On OpenBSD
OpenSMTPD is included by default on OpenBSD. You can start the service using:
doas rcctl enable smtpd doas rcctl start smtpd
Step 3: Configure OpenSMTPD
Open the main configuration file:
sudo nano /etc/smtpd/smtpd.conf
Basic Configuration
A minimal working configuration looks like this:
pki mail.yourdomain.com cert "/etc/ssl/mail.yourdomain.com.pem" listen on lo0 listen on eth0 tls pki mail.yourdomain.com action "local" maildir alias <aliases> "/var/mail/vhosts/%{rcpt.domain}/%{rcpt.user}" action "relay" relay match from any for domain "yourdomain.com" action "local" match from any for local action "local" match from local for any action "relay"
Create Mail Directory
Ensure you have the correct directory structure for mail delivery:
sudo mkdir -p /var/mail/vhosts/yourdomain.com sudo useradd -m -d /var/mail/vhosts/yourdomain.com mailuser sudo chown -R mailuser:mailuser /var/mail/vhosts/yourdomain.com
Step 4: Set Up SSL/TLS Encryption
Install Certbot for Let’s Encrypt
sudo apt install certbot -y
Obtain SSL Certificates
sudo certbot certonly --standalone -d mail.yourdomain.com
Update OpenSMTPD Configuration
Edit /etc/smtpd/smtpd.conf
and add the certificate paths:
pki mail.yourdomain.com cert "/etc/letsencrypt/live/mail.yourdomain.com/fullchain.pem" pki mail.yourdomain.com key "/etc/letsencrypt/live/mail.yourdomain.com/privkey.pem"
Restart OpenSMTPD:
sudo systemctl restart opensmtpd
Step 5: Manage Aliases and Users
Set Up Aliases
Edit the alias file:
sudo nano /etc/aliases
Add your user mappings:
postmaster: root webmaster: mailuser
Apply alias changes:
sudo newaliases
Step 6: Enable and Start OpenSMTPD
Ensure the OpenSMTPD service is enabled at boot and running:
sudo systemctl enable opensmtpd sudo systemctl start opensmtpd
Check the status:
sudo systemctl status opensmtpd
Step 7: Test Email Delivery
Send a test email from the server:
echo "OpenSMTPD test email" | mail -s "Test" user@yourdomain.com
Check mail logs for delivery status:
tail -f /var/log/mail.log
Step 8: Secure OpenSMTPD
- Restrict relay to authenticated users.
- Implement DKIM, SPF, and DMARC.
To restrict relay, add this to /etc/smtpd/smtpd.conf
:
match from any auth for any action "relay"
Restart OpenSMTPD:
sudo systemctl restart opensmtpd
Step 9: Open Required Ports
Ensure ports 25 (SMTP), 587 (submission), and 465 (SMTPS) are open:
sudo ufw allow 25 sudo ufw allow 587 sudo ufw allow 465 sudo ufw reload
Step 10: Monitor and Maintain OpenSMTPD
Check mail queue:
mailq
Flush mail queue (if needed):
sudo smtpctl flush
Monitor logs:
tail -f /var/log/mail.log
Final Thoughts
You have successfully set up and secured an OpenSMTPD mail server on Linux. Keep your server updated and monitor logs regularly for any unusual activity.
Keywords: OpenSMTPD setup guide, configure OpenSMTPD, OpenSMTPD mail server Linux, secure OpenSMTPD, install OpenSMTPD Ubuntu, OpenSMTPD TLS encryption, OpenSMTPD tutorial
Related Searches:
- How to install OpenSMTPD on Linux
- OpenSMTPD TLS configuration
- Secure OpenSMTPD with SSL
- OpenSMTPD relay configuration
- OpenSMTPD vs Postfix
- OpenSMTPD mail delivery troubleshooting