OpenSMTPD with sender dependent smart hosts


aptitude install opensmtpd


The main config resides in /etc/smtpd.conf. In this case it enables authenticated users to relay to several smart hosts depending on the sender of the email. Thus, users can send from with their non-local adresses and OpenSMTPD knows where to forward it:

# This is the smtpd server system-wide configuration file.
# See smtpd.conf(5) for more information.

# Certificates for SSL and TLS
pki domain.example certificate "/etc/letsencrypt/live/domain.example/cert.pem"
pki domain.example key "/etc/letsencrypt/live/domain.example/privkey.pem"

# Accept local mail
listen on localhost
listen on

# Accept external mail when authenticated over a secure channel, authenticated user are considered local!
listen on smtps pki domain.example auth

listen on smtps pki domain.example auth

#listen on port 465 tls pki domain.example auth

# If you edit the file, you have to run "smtpctl update table aliases"
table aliases file:/etc/aliases

# Forward mail for local accounts to their inbox
accept for local alias  deliver to mda "/usr/lib/dovecot/dovecot-lda -k"
accept from source for local alias  deliver to mda "/usr/lib/dovecot/dovecot-lda -k"

# Table for smtp-auth credentials, has to be created with "makemap /etc/smtpd_auth"
table smtp_auth_db db:/etc/smtpd_auth.db

# Accept mail from known mail accounts and forward them to their respective smarthosts using smtp-auth
accept from local sender some_user@mailprovider.example for any relay via tls+auth://some_user_mailprovider@mailprovider.example auth

accept for any relay

Authorization data is located in /etc/smtpd_auth:

some_user_mailprovider username:password

After changing it the database has to be updated via makemap /etc/smtpd_auth. Authorization databases need to be readable by the user opensmtpd and should be protected from other users:

chmod 600 /etc/smtpd.conf /etc/smtpd_auth*
chown root.root /etc/smtpd.conf /etc/smtpd_auth
chown opensmtpd.opensmtpd /etc/smtpd_auth.db

/etc/aliases had to be updated to redirect root mails to an actual user.