Using OpenBSD's OpenSMTPd for Email

October 31, 2009 at 01:52 PM | categories: Technical, UNIX | View Comments |

As many readers may be aware, the venerable Sendmail has been the default mail daemon in OpenBSD for years. This is largely because it is the only reasonable BSD-licensed mail server around. Personally, I have never trusted Sendmail enough to use it on any of my hosts - despite the fact that it has been audited by the OpenBSD team. It has a Byzantine configuration which I could never figure out, and perhaps more importantly has a terrible security record, owing at least partly to its monolithic single-process design. So I've always used either Qmail or more recently

Postfix is a free and open source mail transfer agent (MTA), a computer program for the routing and delivery of email. It is intended as...
Qmail has a very strange license which prevents it even being in the OpenBSD ports system. Postfix is not BSD-licensed, and so cannot be included in the base system. This means that running Postfix can be a little bit of extra work, since you have to deal with installing and upgrading packages. Wouldn't it be nice if there was a modern, simple, secure SMTP daemon in base? Now there is. New in OpenBSD 4.6 is the latest secure SMTP daemon on the block, OpenSMTPd. Turning on OpenSMTPd Sendmail is still the default MTA in base. You must follow these instructions to enable OpenSMTPd on your system:
smtpd is not enabled by default. In order to use it as the system mailer, ensure the mail queue is empty, then stop sendmail(8): # pkill sendmail Modify the current mailwrapper(8) settings by editing /etc/mailer.conf: sendmail /usr/sbin/smtpctl send-mail /usr/sbin/smtpctl mailq /usr/sbin/smtpctl makemap /usr/libexec/smtpd/makemap newaliases /usr/libexec/smtpd/makemap Rebuild the aliases database, and enable the daemon: # newaliases # echo "sendmail_flags=NO" >> /etc/rc.conf.local # echo "smtpd_flags=" >> /etc/rc.conf.local # smtpd
Note that while debugging your setup, you might find running smtpd in verbose foreground mode via `smtpd -dv' useful. OpenSMTPd configuration I'm very impressed at how simple and clean the OpenSMTPd configuration is. Check out the docs here. There are some more docs and example configs at It still took me a little while to figure out a few things, so I thought I'd post my configurations to help others. Using OpenSMTPd as a Backup MX I've been using Postfix as a backup MX for I decided to try OpenSMTPd in this role instead.
listen on lo0
listen on bnx0

map "aliases" { source db "/etc/mail/aliases.db" }

accept from all for local deliver to mbox
accept for all relay

accept from all for domain "" relay
The configuration is pretty straight forward once you are aware that the default 'from' is 'local' - that is why its necessary to add `accept from all' to accept mail from the outside world. Relaying mail to another SMTP server for delivery (nullmailer) with SSL I use Mutt as my MUA. Mutt assumes you have a local MTA to deliver mail. This means you need to use something like nullmailer or msmtp. Until now. My ISP ( doesn't let me use port 25, so I have to relay to their SMTP server to send mail,
listen on lo0

map aliases { source db "/etc/mail/aliases.db" }
map secrets { source db "/etc/mail/secrets.db" }

accept for local deliver to maildir
accept for all relay via ssl enable auth
The /etc/mail/secrets.db file is generated from a map, /etc/mail/secrets. This file includes your username and password - check out the smtpd.conf manual page for details.

Niall O'Higgins is an author and software developer. He wrote the O'Reilly book MongoDB and Python. He also develops Strider Open Source Continuous Deployment and offers full-stack consulting services at

blog comments powered by Disqus