blob: aeaa9402a4c58b8c7ee5512fa12b8f10ba302c92 (
plain)
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
|
OpenBSD smtpd/smtpfwdd README
WHAT IS IT?:
smtpd and smtpfwdd are an implementation of a store and forward
smtp proxy. Smtpd is a daemon witch runs in a chrooted environment and
talks smtp in order to receive mail. It spools received mail to it's
chroot. Smtpfwdd is a daemon which periodically scans the smtpd chroot
directory and invokes sendmail to deliver the mail, either locally or
by forwarding it to its eventual destination.
INSTALLATION:
To use the smtpd and smtpfwdd distributed with OpenBSD you will
need to perform a couple of steps.
1) edit /etc/rc.conf
change smtpfwdd_flags from NO to "".
change sendmail_flags to "-q30m".
sendmail_flags="-q30m" # for 'normal' use: sendmail_flags="-bd -q30m"
smtpfwdd_flags="" # for 'normal' use: smtpfwdd_flags="", no -bd above.
2) edit /etc/inetd.conf
add a line :
smtp stream tcp nowait root /usr/libexec/smtpd smtpd
3) make the chroot needed by smtpd to run in:
mkdir /var/spool/smtpd
chmod 700 /var/spool/smtpd
chown uucp.daemon /var/spool/smtpd
mkdir /var/spool/smtpd/etc
chmod 755 /var/spool/smtpd/etc
cp /etc/resolv.conf /var/spool/smtpd/etc/resolv.conf
chmod 644 /var/spool/smtpd/etc/resolv.conf
cp /etc/localtime /var/spool/smtpd/etc/localtime
chmod 644 /var/spool/smtpd/etc/localtime
touch /var/spool/smtpd/etc/smtpd_check_rules
chmod 644 /var/spool/smtpd/etc/smtpd_check_rules
4) edit /var/spool/smtpd/etc/smtpd_check_rules appropriately for your
domain. A good starting point is the example.norelay in this directory,
although you will need to edit this file to use it.
5) Now reboot, and you should be set up running smtpd.
NOTES:
If you intend to run smtpd on a dual homed bastion host type
firewall system as a store and forward smtp proxy, you will need to
play some minor DNS games. This is necessary to ensure that while
externally your mail is MXed to your firewall host, internally, your
mail is MX'ed to your real internal mailhost. Briefly, this is done as
follows:
1) Your internal DNS knows about everything in your domain,
(including extrenally visible hosts) and MX'es mail to the internal
mailhost. It uses your external DNS as a forwarder. (Note this means
that the external DNS must be accessible by the internal DNS
2) Your external DNS knows about only your externally visible
hosts, and MX's mail to your firewall bastion host.
3) Your firewall bastion host uses the internal DNS in it's
etc resolv.conf.
You should refer to either the O'reilly "DNS and BIND" book by
Paul Ablitz and Cricket Liu, or "Building Internet Firewalls" by Brent
Chapman and Elizabeth Zwickery for details on this type of split DNS
setup.
|