aerogramme.deuxfleurs.fr/content/documentation/cookbook/smtp-server.md

144 lines
4.8 KiB
Markdown
Raw Normal View History

2024-01-22 10:01:47 +00:00
+++
title = "SMTP servers"
weight = 50
+++
2024-01-25 08:06:36 +00:00
SMTP servers that are recommended for Aerogramme are the ones that support:
- TCP delivery over the LMTP protocol
- TCP authentication over the [Dovecot SASL Auth protocol](https://doc.dovecot.org/developer_manual/design/auth_protocol/)
Postfix supports these 2 features and is the only recommended choice *for now*.
2024-01-23 19:21:03 +00:00
## Postfix
2024-01-25 08:06:36 +00:00
Configuring [Postfix](https://www.postfix.org/) requires to add these 4 lines to `main.cf`:
2024-01-23 19:21:03 +00:00
```ini
2024-01-25 08:06:36 +00:00
smtpd_sasl_type = dovecot
smtpd_sasl_path = inet:localhost:12345
2024-01-23 19:21:03 +00:00
virtual_mailbox_domains = your-domain.tld
virtual_transport = lmtp:[::1]:1025
```
2024-01-25 08:06:36 +00:00
Aerogramme implements Dovecot SASL protocol. By configuring Postfix
with it,
Make sure that `your-domain.tld` is not already configured in the `mydomain` variable,
2024-01-23 19:21:03 +00:00
or it might conflict with Postfix local delivery logic.
*Indeed, Postfix internally has its default configuration for "local" mail delivery,
that maps to the old way of managing emails. LMTP delivery is a more recent, and maps
to the "virtual" mail delivery mechanisms of Postfix. Your goal is thus to deactivate
as much as possible the "local" delivery capabilities of Postfix and only allow
the "virtual" ones.*
You can learn more about Postfix LMTP capabilities on this page: [lmtp(8)](https://www.postfix.org/lmtp.8.html).
2024-01-25 08:06:36 +00:00
## Maddy
[Maddy](https://maddy.email/) is a more recent email server written in Go.
However it does not support LMTP delivery over TCP, only over UNIX socket: without a specific adapter, it's not yet compatible with Aerogramme.
For LMTP delivery, read [SMTP & LMTP transparent forwarding](https://maddy.email/reference/targets/smtp/#smtp-lmtp-transparent-forwarding).
For the Dovecot Auth Protocol, read [Dovecot SASL](https://maddy.email/reference/auth/dovecot_sasl/).
2024-01-23 19:21:03 +00:00
## OpenSMTPD
Something like below might work (untested):
```bash
action "remote_mail" lmtp "/var/run/dovecot/lmtp" rcpt-to virtual <virtuals>
match from any for domain "your-domain.tld" action "remote_mail"
```
The syntax is described in their manpage [smtpd.conf(5)](https://man.openbsd.org/smtpd.conf#lmtp).
2024-01-25 08:06:36 +00:00
opensmtpd does not support Dovecot's SASL protocol, you can signal your interest [in their dedicated issue](https://github.com/OpenSMTPD/OpenSMTPD/issues/1085).
2024-01-23 19:21:03 +00:00
2024-01-25 08:06:36 +00:00
## Chasquid
2024-01-23 19:21:03 +00:00
2024-01-25 08:06:36 +00:00
[chasquid](https://blitiri.com.ar/p/chasquid/) supports [LMTP delivery](https://blitiri.com.ar/p/chasquid/howto/#configure-chasquid)
and the [Dovecot Auth Protocol](https://blitiri.com.ar/p/chasquid/docs/dovecot/) but only over UNIX sockets. Thus, it's not yet compatible with Aerogramme.
## Other servers
2024-01-23 19:21:03 +00:00
[Exim](https://www.exim.org/) has some support [for LMTP](https://www.exim.org/exim-html-current/doc/html/spec_html/ch-the_lmtp_transport.html) too.
2024-01-25 08:06:36 +00:00
[sendmail](https://www.proofpoint.com/us/products/email-protection/open-source-email-solution) might deliver to LMTP through a dedicated binary named [smtpc](https://www.sympa.community/manual/customize/lmtp-delivery.html).
2024-01-23 19:21:03 +00:00
<!--
Let start by creating a folder for Postfix, for example `/opt/aerogramme-postfix`:
```bash
mkdir /tmp/aerogramme-postfix
cd /opt/aerogramme-postfix
mkdir queue
```
To run Postfix, you need some users / groups setup (do it in a container if you don't want to mess up your system):
```bash
sudo useradd postfix
sudo groupadd postdrop
```
The considered `main.cf`:
```
2024-01-25 08:06:36 +00:00
# postfix files
2024-01-23 19:21:03 +00:00
queue_directory=/tmp/postfix-test/queue
data_directory=/tmp/postfix-test/data
maillog_file=/dev/stdout
2024-01-25 08:06:36 +00:00
# nuke postfix legacy as much as possible (an era of UNIX account and open relay on local networks...)
mynetworks=127.0.0.0/8
compatibility_level=3.6
2024-01-23 19:21:03 +00:00
alias_database=
alias_maps=
2024-01-25 08:06:36 +00:00
# add support for authentication
smtpd_sasl_auth_enable=yes
smtpd_tls_auth_only = yes
smtpd_relay_restrictions =
permit_sasl_authenticated
reject_unauth_destination
# add support for TLS (RSA only for now)
smtpd_tls_cert_file=/home/quentin/.lego/certificates/saint-ex.deuxfleurs.org.crt
smtpd_tls_key_file=/home/quentin/.lego/certificates/saint-ex.deuxfleurs.org.key
# aerogramme specific configuration
smtpd_sasl_type = dovecot
smtpd_sasl_path = inet:localhost:12345
2024-01-23 19:21:03 +00:00
virtual_mailbox_domains=saint-ex.deuxfleurs.org
virtual_transport=lmtp:[::1]:1025
```
The considered `master.cf`:
```
smtp inet n - n - - smtpd
smtp unix - - n - - smtp
2024-01-25 08:06:36 +00:00
smtps inet n - n - - smtpd
-o smtpd_tls_wrappermode=yes
-o smtpd_sasl_auth_enable=yes
-o smtpd_client_restrictions=permit_sasl_authenticated,reject
-o milter_macro_daemon_name=ORIGINATING
2024-01-23 19:21:03 +00:00
lmtp unix - - n - - lmtp
anvil unix - - n - 1 anvil
rewrite unix - - n - - trivial-rewrite
cleanup unix n - n - 0 cleanup
qmgr fifo n - n 300 1 qmgr
tlsmgr unix - - n 1000? 1 tlsmgr
bounce unix - - n - 0 bounce
defer unix - - n - 0 bounce
trace unix - - n - 0 bounce
error unix - - n - - error
retry unix - - n - - error
discard unix - - n - - discard
virtual unix - n n - - virtual
proxymap unix - - n - - proxymap
postlog unix-dgram n - n - 1 postlogd
```
-->