ref: aaeb28aa8e5cf5a9fb58b4525d724ad4661f5abd
dir: /smtpd.ms/
Copy /bin/service/!tcp25 to /bin/service/tcp25. You may need to make some changes. .LP Make sure to chmod +x /bin/service/tcp25 or else the mail server won't be able to start .P1 ; cat /bin/service/tcp25 #!/bin/rc #smtp serv net incalldir user user=`{cat /dev/user} exec upas/smtpd -e -f -r -s -n $3 .P2 If you have a certificate you have generated using acmed, you can enable StartTLS with -c: .P1 exec upas/smtpd -c /sys/lib/tls/acmed/example.com.crt -e -f -r -s -n $3 .P2 .LP Note: the -c argument currently has a bug where it does not send the full chain of the TLS certificate, so email clients that connect to it may report a certificate validation error. .LP Make sure to edit /mail/lib/smtpd.conf: .P1 # # sample smtpd configuration options for inside connections # # # replace example.com with the name of your domain # replace 198.51.100.0 with the IP address range of your networks defaultdomain example.com norelay on verifysenderdom off #disable dns verification of sender domain saveblockedmsg off #save blocked messages # # if norelay is on, you need to set the # networks allowed to relay through # as well as the domains to accept mail for # ournets 198.51.100.0/24 ourdomains *.example.com Copy /mail/lib/rewrite.direct to /mail/lib/rewrite, while replacing YOURDOMAIN.DOM with your actual domain name. You will also want to edit /mail/lib/names.local for the users you want to handle mail for. Edit /mail/lib/remotemail to add the -C -s flags to turn on TLS encryption when sending. -C is needed in case some certificates don't validate properly: #!/bin/rc shift sender=$1 shift addr=$1 shift fd=`{/bin/upas/aliasmail -f $sender} switch($fd){ case *.* ; case * fd=example.com } exec /bin/upas/smtp -C -s -h $fd $addr $sender $* Make sure to replace example.com with your actual domain name. If you are logged in as a user other than the default hostowner (glenda), make sure to add the users to upas group: ; echo 'newuser upas +$username' >> /srv/cwfs.cmd Then create the user's mailbox: ; upas/nedmail -c .P2 .LP See dkim.ms guide for enabling dkim. Make sure to add spf and dmarc records as indicated in ndb.ms guide. To test sending an email: .P1 ; upasname=sender@example.com upas/marshal -s 'Alpha Bravo Charlie' recipient@example.org .P2 Type a message, then a newline, then EOF. If your email address is simply $user, you may be able to omit the upasname variable provided the domain is correctly configured elsewhere. To offer SMTP over TLS (submission port), we can no longer use /bin/service files, since by default, it starts the process as user none. Instead, we will start upas/smtpd from cpustart, and call aux/listen with -t. cpu% mkdir /cfg/$sysname/service.upas cpu% cp /bin/service/!tcp25 /cfg/$sysname/service.upas/tcp587 Then, we edit tcp587: cpu% cat /cfg/$sysname/service.upas/tcp587 #!/bin/rc user=`{cat /dev/user} exec upas/smtpd -a -d -c /sys/lib/tls/acmed/example.com.crt -e -s -n $3 A line such as below must be added to /cfg/$sysname/cpustart to call service.upas: auth/as upas aux/listen -p 128 -t /cfg/$sysname/service.upas Warning: Calling auth/as may corrupt the namespace, and may require you later to call mntgen /mnt. Make sure to set the file as executable: cpu% chmod +x /cfg/$sysname/service.upas/tcp587