A standard OpenBSD installation as well as a recent installation of OpenSMTPD-extras including: table-passwd and tool-stats is assumed.
The following is not a copy and paste guide. You should know what you are doing and read the man pages.
Afterwards, the /etc/passwd file will contain an entry like this:# useradd -m -g =uid -c "Virtual Mail" -d /var/vmail -s /sbin/nologin vmail
The home directory /var/vmail is used to store virtual users maildir folders, and is entirely managed by the IMAP server (Dovecot). Mail is delivered to Dovecot via LMTP, using the rcpt-to keyword.vmail:*:1000:1000:Virtual Mail:/var/vmail:/sbin/nologin
The configuration below assumes that virtual users submit mails via the submission port. Virtual users sending mail are authenticated via the /etc/mail/passwd file, which is shared with Dovecot for the IMAP authentication.
The full content of the /etc/mail/smtpd.conf file is shown below:
Several table(5) directives are specified in the configuration shown above. The aliases table is set up from the /etc/mail/aliases file and contains aliases for local system users. Below the system user john has an alias to the virtual user john@example.com:# pki setup pki mail.example.com certificate "/etc/ssl/mail.example.com.crt" pki mail.example.com key "/etc/ssl/private/mail.example.com.key" # tables setup table aliases file:/etc/mail/aliases table domains file:/etc/mail/domains table passwd passwd:/etc/mail/passwd table virtuals file:/etc/mail/virtuals # listen ports setup listen on lo0 listen on egress port 25 tls pki mail.example.com listen on egress port 587 tls-require pki mail.example.com auth <passwd> # special case for gmail to avoid ipv6 here #limit mta for domain gmail.com inet4 # allow local messages accept from local for local alias <aliases> deliver to lmtp "/var/dovecot/lmtp" rcpt-to # allow virtual domains accept from any for domain <domains> virtual <virtuals> deliver to lmtp "/var/dovecot/lmtp" rcpt-to # allow outgoing mails accept from local for any relay
The domains table is set up from the /etc/mail/domains and contains a list of accepted virtual domains:vmail: /dev/null root: john john: john@example.com
In addition, table-passwd is used to set up shared authentication for the virtual users between smtpd(8) and Dovecot. The /etc/mail/passwd file contains (at least) the virtual user names and the encrypted passwords:example.com example.net example.org
Finally, the actual virtual users setup is in the /etc/mail/virtuals file as shown below:john@example.com:$2b$...encrypted...password...:::::: user@example.net:$2b$...encrypted...password...::::::userdb_quota_rule=*:storage=1G
Note that all virtual users which are supposed to receive mail into a maildir folder are mapped to the single system user vmail.abuse@example.com john@example.com postmaster@example.com john@example.com webmaster@example.com john@example.com john@example.com vmail abuse@example.net user@example.net postmaster@example.net user@example.net webmaster@example.net user@example.net user@example.net vmail
Virtual users access and read their mails via IMAP. Dovecot listens on a LMTP socket in /var/dovecot/lmtp for mail delivery from smtpd(8). Passwords are shared with smtpd(8) in the /etc/mail/passwd file and mails are delivered to /var/vmail subfolders. Thus the Dovecot configuration should contain something like the lines below:# export PKG_PATH=http://your.local.mirror/pub/OpenBSD/%c/packages/%a # pkg_add dovecot # rcctl enable dovecot
passdb {
args = scheme=blf-crypt /etc/mail/passwd
driver = passwd-file
}
userdb {
args = uid=vmail gid=vmail home=/var/vmail/%d/%n
driver = static
}
/usr/bin/zcat /var/log/maillog.*.gz \
| /usr/local/bin/tool-stats \
| /usr/bin/mail -s "mail.example.com smtpd log report" root