~franz/docs.pluto.pme.im

OpenBSD Mail Server Docs

refs

master
browse  log 

clone

read-only
https://git.sr.ht/~franz/docs.pluto.pme.im
read/write
git@git.sr.ht:~franz/docs.pluto.pme.im

You can also use your local clone with git send-email.

The pme.im email server runs on OpenBSD, powered by caesonia. This set-up wouldn't have been possible without @horia

User

Generate encrypted password

First, install smtpctl.

Set-Up your Device

IMAP

  • Security TLS
  • Port 993
  • Username yourname@pme.im
  • Password ******
  • Server: pluto.pme.im

SMTP

  • Security STARTTLS
  • Port 587
  • Username yourname@pme.im
  • Password ******
  • Server: pluto.pme.im

Administration

Server

ipv4: 142.93.174.103
ipv6: 2a03:b0c0:3:e0::86:c001

Overview

Files

  • Users: /etc/mail/virtual
  • Passwords: /etc/mail/passwd

Logs

/var/log/messages
/var/log/daemon
/var/log/maillog
/var/log/rspamd/rspamd.log
/var/www/logs/access.log
/var/www/logs/error.log

Services

Reload individual stuff:

rcctl restart dkimproxy_out
rcctl reload dovecot
smtpctl update table virtuals
smtpctl update table vdomains
smtpctl update table passwd
smtpctl update table whitelist

Reload everything:

rcctl restart dkimproxy_out; rcctl reload dovecot; smtpctl update table virtuals; smtpctl update table vdomains; smtpctl update table passwd; smtpctl update table whitelist

Actions

Add new user

  • Generate password smtpctl encrypt

Blacklist emails, domains or IP's

Blacklist individual email:

echo "name@domain.com" >> /etc/mail/blacklist
smtpctl update table blacklist

Blacklist domain:

echo "@domain.com" >> /etc/mail/blacklist
smtpctl update table blacklist

Versioning config files

cd /etc/

add the following content to .gitignore

# ignore everything
*
# whitelist
!*/
!.gitignore
!/mail/**

and create a new git repository, with an initial commit:

git init
git add .
git status
git commit -m "initial commit"

Now, clone the repository to your local computer:

git clone franz@142.93.174.103:/etc/ pluto.pme.im
cd pluto.pme.im

Set-up a Backup

inspired by Tarsnap on OpenBSD

pkg_add wget
cd /usr
wget https://ftp.eu.openbsd.org/pub/OpenBSD/6.4/ports.tar.gz
tar xzf ports.tar.gz
cd ports/sysutils/tarsnap
make install

allow tarsnap trough the firewall; open /etc/pf.conf and add:

# TARSNAP
  pass log (user) proto tcp \
   to port { 9279 } \
   group { wheel } \
   tag SELF_INET

load the new pf config:

pfctl -f  /etc/pf.conf

Now you can generate a new key:

tarsnap-keygen --keyfile /root/tarsnap.key --user "m@f-a.nz" --machine `pluto.pme.im`

You can go ahead, and create a new backup now:

tarsnap -cf var-vmail-`date +%Y%m%d%H%M` /var/rspamd
tarsnap -cf var-vmail-`date +%Y%m%d%H%M` /var/vmail
# tarsnap -cf etc-`date +%Y%m%d%H%M` /etc/

after the backup has completed, you can list, and review the backup:

tarsnap --list-archives
tarsnap -tvf var-vmail-201902011908