commit - /dev/null
commit + 1aed0ca236c714c890e8e0d6d3585840949bc6e2
blob - /dev/null
blob + 67f23bd2b7a7908dd3368f0854e12eef4254a7e5 (mode 644)
--- /dev/null
+++ README
+First, run install.sh as a privileged user (root).
+
+ doas sh install.sh
+
+It is safe to run more than once.
+install.sh does the following:
+
+- installs packages
+- enables daemons
+- creates directories
+- creates an unprivileged mail delivery system user
+- installs configuration files
+- initialises the accounts database if not present already
+- restarts daemons
+
+Extra steps that need to be run manually follow.
+
+TLS certificate
+------
+
+Renew the certificate every night with an entry in root's crontab:
+
+ 0 4 * * * acme-client mail.srcbeat.com && rcctl restart smtpd dovecot
+
+The required httpd and acme-client configuration are installed by install.sh.
+
+Dovecot
+------
+
+Add the user and password database configuration to /etc/dovecot/conf.d/10-auth.conf:
+
+ userdb {
+ driver = static
+ args = uid=vmail gid=vmail home=/mail/box/%d/%n
+ }
+ passdb {
+ driver = sql
+ args = /etc/dovecot/dovecot-sql.conf.ext
+ }
+
+dovecot-sql.conf.ext is already installed by install.sh.
+
+Add the mail location to /etc/dovecot/conf.d/10-mail.conf:
+
+ mail_location = maildir:/mail/box/%d/%n/Maildir:LAYOUT=fs
+
+With this configuration mail for the account with the username "test@example.com"
+is stored at /mail/box/example.com/test/Maildir.
+
+Configure dovecot to load the TLS keys by adding the following to /etc/dovecot/conf.d/10-ssl.conf:
+
+ ssl = required
+ ssl_cert = </etc/ssl/mail.srcbeat.com.crt
+ ssl_key = </etc/ssl/private/mail.srcbeat.com.key
blob - /dev/null
blob + 68d707dcb9a1b960396164937f6416eb77a2c5a8 (mode 644)
--- /dev/null
+++ accounts.conf
+dbpath /mail/lib/accounts.db
+query_alias SELECT destination FROM aliases WHERE recipient=?;
+query_credentials SELECT username, password FROM users WHERE username=?;
+query_domain SELECT domain FROM domains WHERE domain=?;
blob - /dev/null
blob + ca72d619c10304ac0ddf5928d5a7cd6466630fc1 (mode 644)
--- /dev/null
+++ acme-client.conf
+authority letsencrypt {
+ api url "https://acme-v02.api.letsencrypt.org/directory"
+ account key "/etc/ssl/private/my-acme.key"
+}
+
+domain mail.srcbeat.com {
+ alternative names { imap.srcbeat.com smtp.srcbeat.com }
+ domain key "/etc/ssl/private/mail.srcbeat.com.key"
+ domain certificate "/etc/ssl/mail.srcbeat.com.crt"
+ domain full chain certificate "mail.srcbeat.com.fullchain.pem"
+ sign with letsencrypt
+}
blob - /dev/null
blob + 41066eef9490b51e7974d4ca7208c571f9022fe5 (mode 644)
--- /dev/null
+++ dovecot-sql.conf.ext
+driver = sqlite
+connect = /mail/lib/accounts.db
+default_pass_scheme = BLF-CRYPT
+password_query = SELECT username AS user, password FROM users WHERE username = '%u'
+
+#iterate_query = SELECT username AS user FROM users
blob - /dev/null
blob + 9eaa7143dbfd11ce2710062abdcf81c7bf319987 (mode 644)
--- /dev/null
+++ httpd.conf
+server "mail.srcbeat.com" {
+ alias "imap.srcbeat.com"
+ alias "smtp.srcbeat.com"
+ listen on egress port http
+ location "/.well-known/acme-challenge/*" {
+ root "/acme"
+ request strip 2
+ }
+}
blob - /dev/null
blob + 5b2fd74c54ac1ee9f3160916521c10fdee29d982 (mode 644)
--- /dev/null
+++ init.sql
+CREATE TABLE aliases (
+ id INTEGER PRIMARY KEY AUTOINCREMENT,
+ recipient VARCHAR(255) NOT NULL,
+ destination VARCHAR(255) NOT NULL
+);
+
+CREATE TABLE users (
+ id INTEGER PRIMARY KEY AUTOINCREMENT,
+ username VARCHAR(255) NOT NULL,
+ password VARCHAR(255) NOT NULL
+);
+
+CREATE TABLE domains (
+ id INTEGER PRIMARY KEY AUTOINCREMENT,
+ domain VARCHAR(255) NOT NULL
+);
blob - /dev/null
blob + 8178784184d962e19b8f7bb47d7e1990f8526e20 (mode 644)
--- /dev/null
+++ install.sh
+#!/bin/sh
+
+pkg_add opensmtpd-extras dovecot
+
+rcctl enable httpd smtpd dovecot
+
+mkdir -p /mail/box /mail/lib
+
+useradd -g =uid -c "Virtual Mail" -d /mail/box -s /sbin/nologin vmail
+chown -R vmail:vmail /mail/box
+
+cp smtpd.conf /etc/mail/smtpd.conf
+cp httpd.conf /etc
+cp acme-client.conf /etc
+cp accounts.conf /mail/lib
+cp dovecot-sql.conf.ext /etc/dovecot
+
+if ! test -f /mail/lib/accounts.db
+then
+ sqlite3 /mail/lib/accounts.db < init.sql
+fi
+
+rcctl restart httpd smtpd dovecot
blob - /dev/null
blob + 9ae16c94d3e946d8815b9be4777d8ba98257852b (mode 644)
--- /dev/null
+++ smtpd.conf
+table domains sqlite:/mail/lib/accounts.conf
+table accounts sqlite:/mail/lib/accounts.conf
+table aliases sqlite:/mail/lib/accounts.conf
+table localaliases file:/etc/mail/aliases
+
+listen on socket
+listen on lo0
+
+# pki mail.example.com cert "/etc/ssl/mail.example.com.fullchain.pem"
+# pki mail.example.com key "/etc/ssl/private/mail.example.com.key"
+# listen on egress tls pki mail.example.com
+# listen on egress smtps pki mail.example.com auth <accounts>
+
+action "local_mail" mbox alias <localaliases>
+action "deliver" maildir "/mail/box/%{dest.domain}/%{dest.user}/Maildir" virtual <aliases>
+
+match from any for domain <domains> action deliver
+# match auth from any for any action { relay }
+
+match from local for local action "local_mail"
