Hacker News new | ask | show | jobs
by mrothe 5159 days ago
I don't think configuring e.g. postfix is that difficult:

    #
    # /etc/postfix/main.cf
    #
    # disable diff service
    biff = no

    # TLS parameters
    smtpd_tls_cert_file=/etc/ssl/certs/ssl-cert-snakeoil.pem
    smtpd_tls_key_file=/etc/ssl/private/ssl-cert-snakeoil.key
    smtpd_use_tls=yes
    smtpd_tls_session_cache_database = btree:${data_directory}/smtpd_scache
    smtp_tls_session_cache_database = btree:${data_directory}/smtp_scache

    # disable warnings about NIS on mail delivery (default adds nis:mail.aliases)
    alias_maps = hash:/etc/aliases

    # do not grant special privileges to hosts except localhost
    mynetworks_style = host

    #set the mailbox size to limit to `unlimited'
    mailbox_size_limit = 0

    myhostname = fulla.mrothe.de
    mydestination = $myhostname, localhost.$mydomain, localhost,
                    mrothe.de

    mailbox_command = procmail -a "$EXTENSION"
And on a backup MX instead of adding your domains to `mydestination` you just set:

    [...]
    
    myhostname = blei.mrothe.de
    #don't touch mydestination, which defaults to "$myhostname, localhost.$mydomain, localhost"

    # accept mail for these domains to be relayed
    relay_domains = $mydestination, mrothe.de
2 comments
poolpOrg 5159 days ago
I agree it's not that difficult and prior to OpenSMTPD I've been a user of Postfix for 10 years, so I know the software is good and far easier to setup than the big S. ;-)

However, here's a better example of a configuration that is simple with OpenSMTPD and slightly more complex on others:

    listen on em0 tls cert "mycert" enable auth
    map "vmap" { source plain "/etc/mail/virtual" }
    accept from all for virtual "vmap" deliver to maildir
    accept for all relay
This will have the daemon listen on all addresses of interface em0 (both IPv4 and IPv6), it will enable STARTTLS using certificate "mycert" and activating authentication for system users (no pop-before-smtp, no cyrus-sasl and whatnot). It will accept mail from anywhere for all virtual domains in the mapping "vmap" and deliver to maildirs, while relaying mails from local users to the world.

That is a fairly basic setup that quite a lot of people use, yet the effort required to achieve similar setup on other software can range from just "slightly irritating" to "extremely painful". Here it's done with 4 lines that are almost readable by someone who has never used the software.

Some other features like relaying through remote MX that require auth; tagging; forcing secure channels; allow more complex setups while retaining the same simple syntax.

/!\ warning: as a major contributor to OpenSMTPD, I'm biased ;-) /!\

link
mrothe 5158 days ago
Thank you. That is indeed easier to set up on OpenSMTPD than on Postfix.
link
JoachimSchipper 5159 days ago
Two nitpicks: you don't need to set myhostname; many mailservers will think you less spammy if your hostname is mail.$mydomain.
link
mrothe 5158 days ago
Thank you, but I set it, because myhostname is "fulla.localdomain" if I don't set it.

http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=214741

link
JoachimSchipper 5158 days ago
Which goes to show that you can still get it wrong after verifying locally (hostname typically does return a FQDN on OpenBSD)...
link