wm: doc

ref: d0a14a1a9a3eba92bc143f3d6bec3bc4d2a3cd84
dir: /smtpd.ms/

View raw version
Copy /bin/service/!tcp25 to /bin/service/tcp25. You may need to make some changes.
.LP
Make sure to chmod +x /bin/service/tcp25 or else the mail server won't be able to start

.P1
; cat /bin/service/tcp25
#!/bin/rc
#smtp serv net incalldir user

user=`{cat /dev/user}
exec upas/smtpd -e -f -r -s -n $3
.P2

If you have a certificate you have generated using acmed, you can enable StartTLS
with -c:

.P1
exec upas/smtpd -c /sys/lib/tls/acmed/example.com.crt -e -f -r -s -n $3
.P2

.LP
Note: the -c argument currently has a bug where it does not send the full chain of
the TLS certificate, so email clients that connect to it may report a certificate
validation error.

.LP
Make sure to edit /mail/lib/smtpd.conf:
.P1
#
#	sample smtpd configuration options for inside connections
#

#
#	replace example.com with the name of your domain
#	replace 198.51.100.0 with the IP address range of your networks

defaultdomain		example.com
norelay			on	
verifysenderdom		off	#disable dns verification of sender domain
saveblockedmsg		off	#save blocked messages

#
# if norelay is on, you need to set the
# networks allowed to relay through 
# as well as the domains to accept mail for
#

ournets 198.51.100.0/24

ourdomains *.example.com

Copy /mail/lib/rewrite.direct to /mail/lib/rewrite, while replacing YOURDOMAIN.DOM with your actual domain name.

You will also want to edit /mail/lib/names.local for the users you want to handle mail for.

Edit /mail/lib/remotemail to add the -C -s flags to turn on TLS encryption when sending.
-C is needed in case some certificates don't validate properly:

#!/bin/rc
shift
sender=$1
shift
addr=$1
shift
fd=`{/bin/upas/aliasmail -f $sender}
switch($fd){
case *.*
	;
case *
	fd=example.com
}
exec /bin/upas/smtp -C -s -h $fd $addr $sender $*

Make sure to replace example.com with your actual domain name.

If you are logged in as a user other than the default hostowner (glenda), you will need to create the user's mailbox:

; upas/nedmail -c

.P2
.LP
See dkim.ms guide for enabling dkim. Make sure to add spf and dmarc records as indicated in ndb.ms guide.
To test sending an email:

.P1
; upasname=sender@example.com upas/marshal -s 'Alpha Bravo Charlie' recipient@example.org
.P2

Type a message, then a newline, then EOF.

If your email address is simply $user, you may be able to omit the upasname variable provided the domain is correctly configured elsewhere.

To offer SMTP over TLS (submission port):

First, create a file /rc/bin/service/tcp587:

#!/bin/rc

user=`{cat /dev/user}

exec upas/smtpd -a -c /sys/lib/tls/acmed/example.com.crt -e -f -s -n $3

Next, set the file to executable:

cpu% chmod +x tcp587