This text should not be displayed if everything goes well: use left/right arrow keys to browse the presentation.
Éric Faurot
AsiaBSDCon 2013 - March 17, Tokyo, Japan
Plan
SMTP
OpenSMTPD
Configuration, Queue
Internals
Design, Workflow, Backends
General remarks
SMTP
SMTP
Venerable protocol
Exchange Internet messages
as defined by RFC5322 (used to be 822)
between mailboxes
Everybody has heard of it
Not going away anytime soon
outlived Google Wave
outlived Google Reader
probably more to come
SMTP
SMTP
Next relay is found using:
Specific route
DNS lookup for domain MXs
$ dig -t mx poolp.org
... some stuff...
;; ANSWER SECTION:
poolp.org. 3589 IN MX 200 poolp.no-ip.org.
poolp.org. 3589 IN MX 0 mx1.poolp.org.
poolp.org. 3589 IN MX 50 mx2.poolp.org.
poolp.org. 3589 IN MX 100 mx3.poolp.org.
... more stuff...
SMTP Protocol
Simple Client/Server protocol
Line-oriented protocol
RFCs 5321 + some extensions
Command / Response
Three phases
Initial handshake (connection and banner)
Session parameters negociation (tls, auth)
Mail transfer: SMTP Transaction
SMTP Protocol
Transaction: foo@bar.com mails gilles@poolp.org
C: MAIL FROM: <foo@bar.com>
S: 250 Ok
C: RCPT TO: <gilles@poolp.org>
S: 250 Ok
C: DATA
S: 354 Go ahead
C: message content
C: .
S: 250 OK
SMTP server
Role of a SMTP server : route mails
Receive incoming mail
Deliver to local mailbox
Transfer to next relay
Sounds easy
Seen as a difficult thing to setup, why?
OpenSMTPD
OpenSMTPD
Part of the OpenBSD project
Started a long time ago by gilles@
3 main developers
Very active in the last 12 months
Philosophy:
Make simple things simple
Routing logic easy to describe
Clean flexible design
Nice license (ISC)
Configuration
Minimalist setup
listen on lo0
table aliases db:/etc/mail/aliases.db
accept for local alias <aliases> deliver to mbox
accept for any relay
Configuration
Primary domain
listen on egress
table aliases db:/etc/mail/aliases.db
accept from any for domain "example.org" \
alias <aliases> deliver to mbox
accept for local alias <aliases> deliver to mbox
accept for any relay
Configuration
Simple ruleset
Syntax inspired by pf.conf
First match wins
Describe the routing logic
Listeners
Routing rules: conditions + action
Configuration
Using a smarthost
listen on lo0
# format: "label login:password"
table secrets file:/etc/mail/secrets
table aliases db:/etc/mail/aliases.db
accept for local alias <aliases> deliver to mbox
accept for any relay \
via smtps+auth://label@smtps.my.isp \
auth <secrets>
Configuration
Backup server
listen on egress
table poolp { poolp.org, opensmtpd.org }
accept for local deliver to mbox
accept from any for domain example.org relay \
backup mx4.example.org
accept from any for domain <poolp> relay \
backup mx2.poolp.org
Configuration
Signing outgoing mail with DKIM proxy
listen on lo0
listen on lo0 port 10029 tag DKIM
accept for local deliver to mbox
accept tagged DKIM for any relay
accept for any relay via smtp://127.0.0.1:10028
Configuration
Authenticating relay
listen on egress port submission tls \
certificate my.cert auth
accept from any for domain "opensmtpd.org" \
deliver to maildir
accept for any relay
Configuration
Deliver to virtual users
listen on egress
table usr { "alice" = "100:100:/var/vusers/alice",
"bob" = "100:100:/var/vusers/bob" }
accept from any for domain "wonderland.org" \
userbase <usr> deliver to maildir
accept for any relay
Configuration
Very easy to read
Can express complex routing strategies efficiently
Beware of the rule order though
Quite a lot of features
authentication in and out, backup server, virtual domains, virtual users, selectable binding address, ...