Add your user to group upas: ! ; con /srv/fscons ! prompt: uname upas +bootes To break out of the console, type ^\ (ctrl+\) then q to quit ! prompt: >>> ! (b)reak, (q)uit, (i)nterrupt, toggle printing (r)eturns, (.)continue, (!cmd) ! >>> q Edit /mail/lib/smtpd.conf. In particular, you need to edit defaultdomain. ! # ! # sample smtpd configuration options for inside connections ! # ! ! # ! # replace YOURDOM with the name of your domain ! # replace 10.0.0.0 with the IP address range of your networks ! ! defaultdomain YOURDOM.com ! norelay on #allow relaying ! verifysenderdom off #disable dns verification of sender domain ! saveblockedmsg on #save blocked messages ! ! # ! # if norelay is on, you need to set the ! # networks allowed to relay through ! # as well as the domains to accept mail for ! # ! ! ournets 192.168.0.0/16 ! ! #ourdomains *.fakedom.dom, *.fakedom.rog ournets should specify a list of IP addresses you trust to relay mail. Note: By default, /bin/service/tcp25 is set to executable. It must remain executable or the mail server won't be able to start ! ; cat /bin/service/tcp25 ! #!/bin/rc ! #smtp serv net incalldir user ! ! user=`{cat /dev/user} ! exec upas/smtpd -f -r -s -n $3 If you have a certificate you have generated using acmed, you can enable StartTLS with -c: ! exec upas/smtpd -c /sys/lib/tls/acmed/example.com.crt -f -r -s -n $3 Note: the -c argument currently has a bug where it does not send the full chain of the TLS certificate, so email clients that connect to it may report a certificate validation error. Copy /mail/lib/rewrite.direct to /mail/lib/rewrite, while replacing YOURDOMAIN.DOM with your actual domain name. You will also want to edit /mail/lib/names.local for the users you want to handle mail for. Edit /mail/lib/remotemail to add the -C -s flags to turn on TLS encryption when sending. -C is needed in case some certificates don't validate properly: ! #!/bin/rc ! shift ! sender=$1 ! shift ! addr=$1 ! shift ! fd=`{/bin/upas/aliasmail -f $sender} ! switch($fd){ ! case *.* ! ; ! case * ! fd=yourdomain.dom ! } ! exec /bin/upas/smtp -s -h $fd $addr $sender $* Make sure to replace yourdomain.dom with your actual domain name. Edit /rc/bin/cpurc.local to replace DOM.EXAMPLE.COM with your actual domain name. If you are logged in as a user other than the default hostowner (glenda), make sure to add the user to upas group: ! ; echo 'newuser $username +upas' >> /srv/fscons Then create the user's mailbox: ! ; upas/nedmail -c See dkim.ms guide for enabling dkim. Make sure to add spf and dmarc records as indicated in ndb.ms guide. To test sending an email: ! ; upasname=sender@example.com upas/marshal -s 'Alpha Bravo Charlie' recipient@example.org Type a message, then a newline, then EOF. If your email address is simply $user, you may be able to omit the upasname variable provided the domain is correctly configured elsewhere. To offer SMTP over TLS (submission port), we can no longer use /bin/service files, since by default, it starts the process as user none. Instead, we will start upas/smtpd from cpustart, and call aux/listen with -t. cpu% mkdir /cfg/$sysname/service.upas cpu% cp /bin/service/!tcp25 /cfg/$sysname/service.upas/tcp587 Then, we edit tcp587: cpu% cat /cfg/$sysname/service.upas/tcp587 #!/bin/rc user=`{cat /dev/user} exec upas/smtpd -a -d -c /sys/lib/tls/acmed/example.com.crt -e -s -n $3 A line such as below must be added to /cfg/$sysname/cpustart to call service.upas: auth/as upas aux/listen -p 128 -t /cfg/$sysname/service.upas Warning: Calling auth/as may corrupt the namespace, and may require you later to call mntgen /mnt. Make sure to set the file as executable: cpu% chmod +x /cfg/$sysname/service.upas/tcp587