I've reviewed this article and decided to rewrite parts of it an generally clean it up a tad. For starters I don't use OpenBSD anymore but have switched my externally visible servers to FreeBSD instead. I did this mostly to have a consistent infrastructure again as my "internal" servers had been running FreeBSD all the time.
With the proliferation of DSL lines, a lot of people now try to run their own mail servers at home. That is, of course, if their ISP lets them - not all ISPs here in the UK allow traffic to port 25 on residential users' connections. Given that a lot of domestic DSL lines have become a haven for spammers, this is only too understandable. However a lot of ISPs are willing to remove the filter on port 25 once the customer demonstrated that they're not running an open relay and generally know what they're doing. Personally I use Andrews & Arnold who are both UNIX and Mac friendly, plus they do allow you to run your own servers.
So there comes the time when the proper geek decided that s/he has to run their own mail server from home. As I've built several of them by now, I figured it may be of help to some people if I provide a blueprint of how to set up one of these for home use.
On the hardware side, the requirements are pretty basic. You don't need a lot of horsepower to run a personal mail server (I get 500-1000 mails a day due to some of the mailing lists I subscribe to), but my additional requirements are that the system is robust, compact and above all, quiet. I don't have a broom cupboard to hide my servers in, they live under the stairs in a fairly open space, so the last thing I need are machines that are so loud that they keep me awake at night. Fortunately, there are systems about that fulfill these requirements perfectly - if you're after something brand new, you could build yourself a mini-itx based system. Or, my preferred solution as I like to build these systems as cheap as possible :-) is to use an older Compaq SFF (Small Form Factor) system.
I've got a few of them ranging from a Pentium 133 to a P3/600 and all of them are very quiet. Plus, the all come from a time when Compaq built systems for eternity. One caveat - a lot of these systems here in the UK do come without a optical drive as they tend to be ex-large corporate. As they don't take standard CDROM drives, but use a laptop-type CDROM, the drives and associated cables tend to be rather expensive. If you think you need one with a CDROM, buy one that already has it fitted. Also, keep in mind that they don't like to be booted without a keyboard connected - I run mine of a console switch, so that's not a problem for me. That said, if you're buying the slightly later spec but still beige boxes, they do come with standard-size 5 1/4" drives instead, which removed the need for hunting down a CDROM drive that's more expensive than the machine itself and still can't read CD-RWs.
Anyway, the system I'm currently using to build another mail server is a P2/400 with 64MB RAM and fitted with a 10GB harddisk. Plenty for what I need, some would say it's a bit overspecced.
As you could've guessed from the title, I'll be using OpenBSD as the OS of choice for the server. For server applications I prefer *BSD over Linux (no flamewars please, that's just my personal preference) and the track record of the OpenBSD team makes it a good choice IMHO for any kind of server that's connected to the big bad Internet. Scalability isn't an issue when you're dealing with an average of 30 mails/hour, but robustness is, at least to me. Another advantage of OpenBSD over say, FreeBSD is that OpenBSD still retains a single-floppy boot. Call me a lazy sod, but I can usually find one working floppy here, two is pushing it. I opted for the single-floppy, network install, then downloaded both the ports and the two source tars (kernel source code and code for the rest of the system from my "local" UK mirror. After the usual "extract everything" routine and a CVS update of the source code and the ports, followed by the creation of a scaled-down kernel configuration with all unnecessary drivers removed, the OS is rebuilt to get the latest security and other updates. Unless you're really stuck for RAM, I would also recommend that you use gcc's "-pipe" switch to speed up compilation. To set this as a system wide default, edit or create /etc/mk.conf and insert the following line:
PIPE=-pipe
Now that we've got the latest OpenBSD (3.4-stable in this case) up and running, it's time to dig through the ports collection and install those ports that I find useful. In the case of a mail server, the basic set of ports I install are:
With the exception of Postfix itself, installing the above software is a case of going to the correct directory in the ports collection and type 'make' followed by 'make install' and 'make clean'.
Due to the options involved, building postfix is slightly more complicated than just typing 'make, make install'. This is mainly due to the set of options the OpenBSD port supports. For the purposes of this article, I want to build the official release version with support for TLS and PCRE regular expressions. The latter is extremely useful for for advanced spam processing, plus they are often faster than the OS-supplied regex libraries.
Given these parameters, building Postfix is a matter of executing:
cd /usr/ports/mail/postfix/stable
env FLAVOR="pcre tls" make
env FLAVOR="pcre tls" make install
'make install' also produces the necessary instructions to activate postfix as a sendmail replacement, reproduced here for the above configuration.
-> Creating '_postdrop' group
-> Creating '_postfix' user & group
useradd: Warning: home directory `/nonexistent' doesn't exist, and -m was not specified
-> Creating /etc/mailer.conf.postfix
-> Creating Postfix spool directory and chroot area under /var/spool/postfix
Warning: you still need to edit myorigin/mydestination/mynetworks
parameter settings in /etc/postfix/main.cf.
See also http://www.postfix.org/faq.html for information about
dialup sites or about sites inside a firewalled network.
BTW: Check your /etc/aliases file and be sure to set up aliases
that send mail for root and postmaster to a real person, then
run /usr/bin/newaliases.
+---------------
| Configuration files has been installed in /etc/postfix.
| Please update these files to meet your needs.
+---------------
+---------------
| Don't forget to add "-a /var/spool/postfix/dev/log" to syslogd_flags
| in /etc/rc.conf.local (or /etc/rc.conf) and restart syslogd.
+---------------
+---------------
| Postfix can be set up to replace sendmail entirely. Please read the
| documentation at file:/usr/local/share/doc/postfix/html/index.html or
| http://www.postfix.org/ carefully before you decide to do this!
|
| To replace sendmail with postfix you have to install a new mailer.conf
| using the following command:
|
| /usr/local/sbin/postfix-enable
|
| If you want to restore sendmail, this is done using the following command:
|
| /usr/local/sbin/postfix-disable
+---------------
| WARNING!
|
| This port has changed its user/groups from 'postfix' to '_postfix'
| and 'postdrop' to '_postdrop'. If you installed this port before,
| ensure all permissions are set correctly and then
| rmuser postfix
| groupdel postdrop
+---------------
The first thing you'd want to do before you even expose the newly built mail server to the big, bad Internet is to set up at least a basic firewall on it. I used to use ipfw on FreeBSD but when I was running the publically visible systems on OpenBSD I've switch to pf and staid with pf since then. I've got a small separate article on a basic pf setup here.
Spam filtering is an unfortunate requirement these days as the few servers I administer get about 85%-90% spam. I dislike spam as much as the next email recipient so I usually try to filter out as much as possible. For this I use the followiing software:
All of the above are available in the FreeBSD ports collection.