; con /srv/fscons prompt: uname upas +bootes
To break out of the console, type ^\ (ctrl+\) then q to quit
prompt: >>> (b)reak, (q)uit, (i)nterrupt, toggle printing (r)eturns, (.)continue, (!cmd) >>> q
Edit /mail/lib/smtpd.conf. In particular, you need to edit defaultdomain.
# # sample smtpd configuration options for inside connections # # # replace YOURDOM with the name of your domain # replace 10.0.0.0 with the IP address range of your networks defaultdomain YOURDOM.com norelay on #allow relaying verifysenderdom off #disable dns verification of sender domain saveblockedmsg on #save blocked messages # # if norelay is on, you need to set the # networks allowed to relay through # as well as the domains to accept mail for # ournets 192.168.0.0/16 #ourdomains *.fakedom.dom, *.fakedom.rog
ournets should specify a list of IP addresses you trust to relay mail.
Note: By default, /bin/service/tcp25 is set to executable. It must remain executable or the mail server won't be able to start
; cat /bin/service/tcp25
#!/bin/rc
#smtp serv net incalldir user
user=`{cat /dev/user}
exec upas/smtpd -f -r -s -n $3
If you have a certificate you have generated using acmed, you can enable StartTLS with -c:
exec upas/smtpd -c /sys/lib/tls/acmed/example.com.crt -f -r -s -n $3
Note: the -c argument currently has a bug where it does not send the full chain of the TLS certificate, so email clients that connect to it may report a certificate validation error.
Copy /mail/lib/rewrite.direct to /mail/lib/rewrite, while replacing YOURDOMAIN.DOM with your actual domain name.
You will also want to edit /mail/lib/names.local for the users you want to handle mail for.
Edit /mail/lib/remotemail to add the -C -s flags to turn on TLS encryption when sending. -C is needed in case some certificates don't validate properly:
#!/bin/rc
shift
sender=$1
shift
addr=$1
shift
fd=`{/bin/upas/aliasmail -f $sender}
switch($fd){
case *.*
;
case *
fd=yourdomain.dom
}
exec /bin/upas/smtp -s -h $fd $addr $sender $*
Make sure to replace yourdomain.dom
with your actual domain name.Edit /rc/bin/cpurc.local to replace DOM.EXAMPLE.COM
with your actual domain name.If you are logged in as a user other than the default hostowner (glenda), make sure to add the user to upas group:
; echo 'newuser $username +upas' >> /srv/fscons
Then create the user's mailbox:
; upas/nedmail -c
See dkim.ms guide for enabling dkim. Make sure to add spf and dmarc records as indicated in ndb.ms guide.
To test sending an email:
; upasname=sender@example.com upas/marshal -s 'Alpha Bravo Charlie' recipient@example.org
Type a message, then a newline, then EOF.
If your email address is simply $user, you may be able to omit the upasname variable provided the domain is correctly configured elsewhere.
To offer SMTP over TLS (submission port), we can no longer use /bin/service files, since by default, it starts the process as user none.
Instead, we will start upas/smtpd from cpustart, and call aux/listen with -t.
cpu% mkdir /cfg/$sysname/service.upas cpu% cp /bin/service/!tcp25 /cfg/$sysname/service.upas/tcp587
Then, we edit tcp587:
cpu% cat /cfg/$sysname/service.upas/tcp587 #!/bin/rc
user=`{cat /dev/user}
exec upas/smtpd -a -d -c /sys/lib/tls/acmed/example.com.crt -e -s -n $3
A line such as below must be added to /cfg/$sysname/cpustart to call service.upas:
auth/as upas aux/listen -p 128 -t /cfg/$sysname/service.upas
Warning: Calling auth/as may corrupt the namespace, and may require you later to call mntgen /mnt.
Make sure to set the file as executable:
cpu% chmod +x /cfg/$sysname/service.upas/tcp587
; con /srv/fscons prompt: uname upas +bootes
To break out of the console, type ^\ (ctrl+\) then q
to quitprompt: >>> (b)reak, (q)uit, (i)nterrupt, toggle printing (r)eturns, (.)continue, (!cmd) >>> q
Edit /mail/lib/smtpd.conf. In particular, you need to edit defaultdomain.
# # sample smtpd configuration options for inside connections # # # replace YOURDOM with the name of your domain # replace 10.0.0.0 with the IP address range of your networks defaultdomain YOURDOM.com norelay on #allow relaying verifysenderdom off #disable dns verification of sender domain saveblockedmsg on #save blocked messages # # if norelay is on, you need to set the # networks allowed to relay through # as well as the domains to accept mail for # ournets 192.168.0.0/16 #ourdomains *.fakedom.dom, *.fakedom.rog
Note: By default,
/bin/service/tcp25 is set to executable. It must remain executable or the mail server won't be able to start; cat /bin/service/tcp25#!/bin/rc #smtp serv net incalldir user user=`{cat /dev/user} exec upas/smtpd -f -r -s -n $3
If you have a certificate you have generated using acmed, you can enable StartTLS with -c:
exec upas/smtpd -c /sys/lib/tls/acmed/example.com.crt -f -r -s -n $3
Note: the -c argument currently has a bug where it does not send the full chain of the TLS certificate, so email clients that connect to it may report a certificate validation error.
Copy /mail/lib/rewrite.direct to /mail/lib/rewrite, while replacing YOURDOMAIN.DOM with your actual domain name.
You will also want to edit /mail/lib/names.local for the users you want to handle mail for.
Edit /mail/lib/remotemail to add the -C -s flags to turn on TLS encryption when sending. -C is needed in case some certificates don't validate properly:
#!/bin/rc shift sender=$1 shift addr=$1 shift fd=`{/bin/upas/aliasmail -f $sender} switch($fd){ case *.* ; case * fd=yourdomain.dom } exec /bin/upas/smtp -s -h $fd $addr $sender $*
Make sure to replace
yourdomain.dom with your actual domain name.If you are logged in as a user other than the default hostowner (glenda), make sure to add the
user to upas group:; echo 'newuser $username +upas' >> /srv/fscons
Then create the user's mailbox:
; upas/nedmail -c
See dkim.ms guide for enabling dkim. Make sure to add spf and dmarc records as indicated in ndb.ms guide.
To test sending an email:
; upasname=sender@example.com upas/marshal -s 'Alpha Bravo Charlie' recipient@example.org
Type a message, then a newline, then EOF.
If your email address is simply $user, you may be able to omit the upasname variable provided the domain is correctly configured elsewhere.
To offer SMTP over TLS (submission port), we can no longer use /bin/service files, since by default, it starts the process as user none.
Instead, we will start upas/smtpd from cpustart, and call aux/listen with -t.
cpu% mkdir /cfg/$sysname/service.upas cpu% cp /bin/service/!tcp25 /cfg/$sysname/service.upas/tcp587
Then, we edit tcp587:
cpu% cat /cfg/$sysname/service.upas/tcp587 #!/bin/rc
user=`{cat /dev/user}
exec upas/smtpd -a -d -c /sys/lib/tls/acmed/example.com.crt -e -s -n $3
A line such as below must be added to /cfg/$sysname/cpustart to call service.upas:
auth/as upas aux/listen -p 128 -t /cfg/$sysname/service.upas
Warning: Calling auth/as may corrupt the namespace, and may require you later to call mntgen /mnt.
Make sure to set the file as executable:
cpu% chmod +x /cfg/$sysname/service.upas/tcp587
Make sure to chmod +x /bin/service/tcp25 or else the mail server won't be able to start
; cat /bin/service/tcp25 #!/bin/rc #smtp serv net incalldir user
user=`{cat /dev/user} exec upas/smtpd -e -f -r -s -n $3
If you have a certificate you have generated using acmed, you can enable StartTLS with -c:
exec upas/smtpd -c /sys/lib/tls/acmed/example.com.crt -e -f -r -s -n $3
Note: the -c argument currently has a bug where it does not send the full chain of the TLS certificate, so email clients that connect to it may report a certificate validation error.
Make sure to edit /mail/lib/smtpd.conf:
# # sample smtpd configuration options for inside connections #
# # replace example.com with the name of your domain # replace 198.51.100.0 with the IP address range of your networks
defaultdomain example.com norelay on verifysenderdom off #disable dns verification of sender domain saveblockedmsg off #save blocked messages
# # if norelay is on, you need to set the # networks allowed to relay through # as well as the domains to accept mail for #
ournets 198.51.100.0/24
ourdomains *.example.com
Copy /mail/lib/rewrite.direct to /mail/lib/rewrite, while replacing YOURDOMAIN.DOM with your actual domain name.
You will also want to edit /mail/lib/names.local for the users you want to handle mail for.
Edit /mail/lib/remotemail to add the -C -s flags to turn on TLS encryption when sending. -C is needed in case some certificates don't validate properly:
#!/bin/rc shift sender=$1 shift addr=$1 shift fd=`{/bin/upas/aliasmail -f $sender} switch($fd){ case *.* ; case * fd=example.com } exec /bin/upas/smtp -C -s -h $fd $addr $sender $*
Make sure to replace example.com with your actual domain name.
If you are logged in as a user other than the default hostowner (glenda), make sure to add the users to upas group:
; echo 'newuser upas +$username' >> /srv/cwfs.cmd
Then create the user's mailbox:
; upas/nedmail -c
See dkim.ms guide for enabling dkim. Make sure to add spf and dmarc records as indicated in ndb.ms guide. To test sending an email:
; upasname=sender@example.com upas/marshal -s 'Alpha Bravo Charlie' recipient@example.org
Type a message, then a newline, then EOF.
If your email address is simply $user, you may be able to omit the upasname variable provided the domain is correctly configured elsewhere.
To offer SMTP over TLS (submission port), we can no longer use /bin/service files, since by default, it starts the process as user none.
Instead, we will start upas/smtpd from cpustart, and call aux/listen with -t.
cpu% mkdir /cfg/$sysname/service.upas cpu% cp /bin/service/!tcp25 /cfg/$sysname/service.upas/tcp587
Then, we edit tcp587:
cpu% cat /cfg/$sysname/service.upas/tcp587 #!/bin/rc
user=`{cat /dev/user}
exec upas/smtpd -a -d -c /sys/lib/tls/acmed/example.com.crt -e -s -n $3
A line such as below must be added to /cfg/$sysname/cpustart to call service.upas:
auth/as upas aux/listen -p 128 -t /cfg/$sysname/service.upas
Warning: Calling auth/as may corrupt the namespace, and may require you later to call mntgen /mnt.
Make sure to set the file as executable:
cpu% chmod +x /cfg/$sysname/service.upas/tcp587
| Last modified Thu Feb 19 17:34:07 PST 2026 | [ Current version | History | Create a new page ] |
About the server
|
|