OpenBSD smtpd/smtpfwdd README WHAT IS IT?: smtpd and smtpfwdd are an implementation of a store and forward smtp proxy. Smtpd is a daemon witch runs in a chrooted environment and talks smtp in order to receive mail. It spools received mail to it's chroot. Smtpfwdd is a daemon which periodically scans the smtpd chroot directory and invokes sendmail to deliver the mail, either locally or by forwarding it to its eventual destination. INSTALLATION: To use the smtpd and smtpfwdd distributed with OpenBSD you will need to perform a couple of steps. 1) edit /etc/rc.conf change smtpfwdd_flags from NO to "". change sendmail_flags to "-q30m". sendmail_flags="-q30m" # for 'normal' use: sendmail_flags="-bd -q30m" smtpfwdd_flags="" # for 'normal' use: smtpfwdd_flags="", no -bd above. 2) edit /etc/inetd.conf add a line : smtp stream tcp nowait root /usr/libexec/smtpd smtpd 3) make the chroot needed by smtpd to run in: mkdir /var/spool/smtpd chmod 700 /var/spool/smtpd chown uucp.daemon /var/spool/smtpd mkdir /var/spool/smtpd/etc chmod 755 /var/spool/smtpd/etc cp /etc/resolv.conf /var/spool/smtpd/etc/resolv.conf chmod 644 /var/spool/smtpd/etc/resolv.conf cp /etc/localtime /var/spool/smtpd/etc/localtime chmod 644 /var/spool/smtpd/etc/localtime touch /var/spool/smtpd/etc/smtpd_check_rules chmod 644 /var/spool/smtpd/etc/smtpd_check_rules 4) edit /var/spool/smtpd/etc/smtpd_check_rules appropriately for your domain. A good starting point is the example.norelay in this directory, although you will need to edit this file to use it. 5) Now reboot, and you should be set up running smtpd. NOTES: If you intend to run smtpd on a dual homed bastion host type firewall system as a store and forward smtp proxy, you will need to play some minor DNS games. This is necessary to ensure that while externally your mail is MXed to your firewall host, internally, your mail is MX'ed to your real internal mailhost. Briefly, this is done as follows: 1) Your internal DNS knows about everything in your domain, (including extrenally visible hosts) and MX'es mail to the internal mailhost. It uses your external DNS as a forwarder. (Note this means that the external DNS must be accessible by the internal DNS 2) Your external DNS knows about only your externally visible hosts, and MX's mail to your firewall bastion host. 3) Your firewall bastion host uses the internal DNS in it's etc resolv.conf. You should refer to either the O'reilly "DNS and BIND" book by Paul Ablitz and Cricket Liu, or "Building Internet Firewalls" by Brent Chapman and Elizabeth Zwickery for details on this type of split DNS setup.