Saturday, March 26, 2005

Configure OpenBSD Mail Gateway

OpenBSDA very effective way to filter viruses and SPAM for multiple email domains is to use OpenBSD, OpenBSD's spamd, ClamAV and SpamAssassin with OpenBSD's included version of sendmail.

You can also use this configuration as a mail gateway in front of Microsoft Exchange servers if you have concerns with putting Exchange's SMTP port "on the Internet."

Here's how to set it up:


  1. Buy an OpenBSD CD.

  2. Install OpenBSD 3.6.

  3. Install Clam AV 0.83.

  4. Install SpamAssassin 3.02.

  5. Configure SpamAssassin for site-wide use with SpamAssassin's spamd.

  6. Edit sendmail's access table, /etc/mail/access, and add "domain.name RELAY" for each domain you want to relay.

  7. Edit sendmail's mailertable, /etc/mail/mailertable, and add "domain.name esmtp:[ip.address]" for each domain you want to relay that is not local to your OpenBSD server.

  8. Create the database maps for access and mailertable:
    sudo makemap hash /etc/mail/access < /etc/mail/access
    sudo makemap hash /etc/mail/mailertable < /etc/mail/mailertable

  9. Add the following two lines to your /etc/rc.conf.local:
    pf=YES
    spamd_flags="-G 8:4:864"
    spamd_grey=YES

  10. Assuming this box is not a firewall (meaning that you're not contending with other rules), create a new /etc/pf.conf with the following in it:

    table <spamd> persist
    table <spamd-white> persist
    rdr pass on !lo0 proto tcp from <spamd> to !lo0 port smtp -> lo0 port spamd
    rdr pass on !lo0 proto tcp from !<spamd-white> to !lo0 port smtp -> lo0 port spamd

  11. Configure your DNS MX record to point to this server for the domains in /etc/mail/access.
  12. Reboot to test your startup scripts and make sure everything works.