OpenBSD Mail Server Docs
added tarsnap backup
initial commit


browse  log 



You can also use your local clone with git send-email.

The pme.im email server runs on OpenBSD, powered by caesonia. This set-up wouldn't have been possible without @horia


#Generate encrypted password

First, install smtpctl.

#Set-Up your Device


  • Security TLS
  • Port 993
  • Username yourname@pme.im
  • Password ******
  • Server: pluto.pme.im


  • Security STARTTLS
  • Port 587
  • Username yourname@pme.im
  • Password ******
  • Server: pluto.pme.im



ipv6: 2a03:b0c0:3:e0::86:c001



  • Users: /etc/mail/virtual
  • Passwords: /etc/mail/passwd




Reload individual stuff:

rcctl restart dkimproxy_out
rcctl reload dovecot
smtpctl update table virtuals
smtpctl update table vdomains
smtpctl update table passwd
smtpctl update table whitelist

Reload everything:

rcctl restart dkimproxy_out; rcctl reload dovecot; smtpctl update table virtuals; smtpctl update table vdomains; smtpctl update table passwd; smtpctl update table whitelist


#Add new user

  • Generate password smtpctl encrypt

#Blacklist emails, domains or IP's

Blacklist individual email:

echo "name@domain.com" >> /etc/mail/blacklist
smtpctl update table blacklist

Blacklist domain:

echo "@domain.com" >> /etc/mail/blacklist
smtpctl update table blacklist

#Versioning config files

cd /etc/

add the following content to .gitignore

# ignore everything
# whitelist

and create a new git repository, with an initial commit:

git init
git add .
git status
git commit -m "initial commit"

Now, clone the repository to your local computer:

git clone franz@ pluto.pme.im
cd pluto.pme.im

#Set-up a Backup

inspired by Tarsnap on OpenBSD

pkg_add wget
cd /usr
wget https://ftp.eu.openbsd.org/pub/OpenBSD/6.4/ports.tar.gz
tar xzf ports.tar.gz
cd ports/sysutils/tarsnap
make install

allow tarsnap trough the firewall; open /etc/pf.conf and add:

  pass log (user) proto tcp \
   to port { 9279 } \
   group { wheel } \
   tag SELF_INET

load the new pf config:

pfctl -f  /etc/pf.conf

Now you can generate a new key:

tarsnap-keygen --keyfile /root/tarsnap.key --user "m@f-a.nz" --machine `pluto.pme.im`

You can go ahead, and create a new backup now:

tarsnap -cf var-vmail-`date +%Y%m%d%H%M` /var/rspamd
tarsnap -cf var-vmail-`date +%Y%m%d%H%M` /var/vmail
# tarsnap -cf etc-`date +%Y%m%d%H%M` /etc/

after the backup has completed, you can list, and review the backup:

tarsnap --list-archives
tarsnap -tvf var-vmail-201902011908