summaryrefslogtreecommitdiff
path: root/share/smtpd/README
blob: aeaa9402a4c58b8c7ee5512fa12b8f10ba302c92 (plain)
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74

		OpenBSD smtpd/smtpfwdd README

WHAT IS IT?:

	smtpd and smtpfwdd are an implementation of a store and forward
smtp proxy. Smtpd is a daemon witch runs in a chrooted environment and
talks smtp in order to receive mail. It spools received mail to it's 
chroot. Smtpfwdd is a daemon which periodically scans the smtpd chroot
directory and invokes sendmail to deliver the mail, either locally or
by forwarding it to its eventual destination. 

INSTALLATION:

	To use the smtpd and smtpfwdd distributed with OpenBSD you will
need to perform a couple of steps. 

1) edit /etc/rc.conf
   change smtpfwdd_flags from NO to "". 
   change sendmail_flags to "-q30m".

sendmail_flags="-q30m"       # for 'normal' use: sendmail_flags="-bd -q30m"
smtpfwdd_flags=""       # for 'normal' use: smtpfwdd_flags="", no -bd above.


2) edit /etc/inetd.conf
   add a line :	

smtp		stream	tcp	nowait	root	/usr/libexec/smtpd	smtpd

3) make the chroot needed by smtpd to run in:
  
   mkdir /var/spool/smtpd
   chmod 700 /var/spool/smtpd
   chown uucp.daemon /var/spool/smtpd
   mkdir /var/spool/smtpd/etc
   chmod 755 /var/spool/smtpd/etc
   cp /etc/resolv.conf /var/spool/smtpd/etc/resolv.conf
   chmod 644 /var/spool/smtpd/etc/resolv.conf
   cp /etc/localtime /var/spool/smtpd/etc/localtime
   chmod 644 /var/spool/smtpd/etc/localtime
   touch /var/spool/smtpd/etc/smtpd_check_rules
   chmod 644 /var/spool/smtpd/etc/smtpd_check_rules

4) edit /var/spool/smtpd/etc/smtpd_check_rules appropriately for your
   domain. A good starting point is the example.norelay in this directory, 
   although you will need to edit this file to use it.
   
5) Now reboot, and you should be set up running smtpd. 

NOTES:

	If you intend to run smtpd on a dual homed bastion host type
firewall system as a store and forward smtp proxy, you will need to
play some minor DNS games. This is necessary to ensure that while
externally your mail is MXed to your firewall host, internally, your
mail is MX'ed to your real internal mailhost. Briefly, this is done as
follows:

	1) Your internal DNS knows about everything in your domain,
(including extrenally visible hosts) and MX'es mail to the internal
mailhost. It uses your external DNS as a forwarder. (Note this means
that the external DNS must be accessible by the internal DNS

	2) Your external DNS knows about only your externally visible
hosts, and MX's mail to your firewall bastion host.

	3) Your firewall bastion host uses the internal DNS in it's
etc resolv.conf.

	You should refer to either the O'reilly "DNS and BIND" book by
Paul Ablitz and Cricket Liu, or "Building Internet Firewalls" by Brent
Chapman and Elizabeth Zwickery for details on this type of split DNS
setup.