Now that we have our basic mail infrastructure working, we will add support for rspamd and enable DKIM signing of our messages.
In this series we will set up a fully-featured mail server in a FreeBSD jail using OpenSMTPd, Dovecot and rspamd. In contrast to many other guides, this one is split into multiple posts that can either be read and followed individually, or as a whole. After each post, you end up with a fully working system (that might lack some features ;)).
In this part of the FreeBSD mail server, we build on the recent two posts where we set up the IMAP and SMTP and extend our configuration to support virtual users, which means that we don’t autenticate with system users anymore and, alongside, hand over the incoming email management to Dovecot by providing email from OpenSMTPd to Dovecot using LMTP. Since both daemons will not work together more closely, we will also unify the login credentials in a single passwd-style file that can be read from both OpenSMTPd and Dovecot.
This is a follow-up post to the initial FreeBSD mail server article that I posted a few weeks ago. In this step, we will build upon what we set up in the first part and add the possibility to fetch email from a mail client using IMAP. We will still use system users for authentication, before we switch to virtual users in the next step.
In this series we will set up a fully-featured mail server in a FreeBSD jail using OpenSMTPd, Dovecot and rspamd.
I run mail servers for many years now, but I was never brave enough to set up one from scratch for my daily mail. So I always fell back to pre-configured solutions like docker-mailserver, Mailcow, or in case of FreeBSD to iRedMail. My biggest pain point was the secure configuration of Postfix. When I discovered OpenSMTPd, I decided that it’s the right time now to finally build a fully-featured mail server setup from scratch including virtual users, spam filter etc.
For some reasons I needed a Linux installation on my NAS. byhve is a lightweight virtualization solution for FreeBSD that makes that easy and efficient. However, the CLI of bhyve is somewhat bulky and bare making it hard to use, especially for the first time. This is what vm-bhyve solves - it provides a simple CLI for working with virtual machines.
The only requirement seems to be VT-x CPU support or whatever it may be called on AMD CPUs and ZFS as a file system.
While building my new NAS, I came across the question how to install a fileserver based on Samba on FreeBSD.
I have so many accounts for various web-based solutions, I barely can remember a few. And they send emails. So many that it’s sometimes hard to not loose the overview in my mailbox.
When you run your own mail server, it’s easy to set up a dynamic aliases for your mailserver based on a regular expression pattern that allows to e.g. have a own email address for each service you register.
I wanted to expose a single jail of my FreeBSD NAS to a network of a client via OpenVPN while it’s reachable both from my network and from the clients’ network. It should send all of its traffic through that VPN tunnel so that it appears like it is just another computer on that foreign network.
Luckily FreeBSD offers a great way to solve this by creating a separate routing table apart from my main routing table that is used when starting OpenVPN (so that it can populate it’s routes there) and when starting the jail (the jail in fact will consider that routing table as the only routing table available and therefore use it for anything).
Setting up a NodeJS application on a FreeBSD 10 system was impossible when using ZFS as a file system. This was a real pain for me because when I tried out various stuff in jails rendered the whole system unusable, forcing me to reboot and this is not something one would do in a production environment.
Here’s the bug report: https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=209158
Although I couldn’t read it from the bug it seems to be resolved now with FreeBSD 11-RELEASE because I’m running two Node applications on FreeBSD without any of the issues that were reproducible each time.
In Part 1 of this series I already explained my goals building a new NAS.
In this post I show how I assembled the hardware in order to ensure reliance and redundancy.
FreeBSD is the ideal system to use when building a server. It’s reliable and rock-solid and it’s file system ZFS not
only offers anything you would expect from a file system but is also easy to set up and to maintain. This is why I chose
it to power my NAS. In Part 1 and Part 2
of this series I already described my intentions and the hardware assembly. Now it’s time to bring it to life.
In Part 3 of this series I described how to install FreeBSD and set it up properly. Now that the base system setup is
complete, we can start providing services…
forked-daapd allows you to set up an iTunes Media server that hosts all music, podcasts and audiobooks and shows
up in iTunes like a shared library. While other
daapd implementations don’t work anymore with the current iTunes
While building my new NAS, I came across the question how to provide a Time Machine backup solution for my OS X clients.
As I run OS X on all my machines I want to back up all data to my NAS.
netatalk allows to create file shares for OS X
to provide a simple solution for system backups.
After a long while I finally decided to build a new NAS / home server for my various needs. Though there are many
solutions available, I chose to build one on my own as I want as much flexibility as possible. So I set out to buy
all components needed for the system with upgradability and budget in mind.
FreeBSD is shipped with sendmail as the default MTA, which is configured to local delivery on a vanilla installation.
Therefore many people don’t even recognize one of FreeBSDs great features for system administrators: FreeBSD sends
system status emails through periodic(8)…
Jails in FreeBSD provide a simple yet flexible way to set up a proper server layout. In the most setups the actual server only acts as the host system for the jails while the applications themselves run within those independent containers. Traditionally every jail has it’s own IP for the user to be able to address the individual services. But if you’re still using IPv4 this might get you in trouble as the most hosters don’t offer more than one single public IP address per server.
I have used Caddy for a while now on FreeBSD. But though it lacks a working init script, I decided to write one on my own.
Here’s the result, description below:
It’s more than likely that your email provider of choice, especially the ones
that offer mail services free of charge, will not support receiving email to
custom domain names like, in my case, davd.net. Running your own mail server would
solve this problem but running a fully featured mail stack including POP, IMAP,
Sieve filters et cetera requires a fairly powerful machine.
Additionally, if not configured properly, there’s big potential for abuse,
As an alternative, it’s possible to just run a MTA which redirects all incoming email
to an external mail server.
This can be ran on almost any machine, even on a low-budget computer like the
Raspberry Pi or a cheap virtual server.
During the last few months I managed to automate many recurring tasks on my NAS.
One good example for those task is updating my podcast archive. I tried to accomplish
this using a lightweight shell script which, running as a cronjob, would hold my
podcast archive up to date and notify me about new episodes via push notifications.
Often the question arises why one should prefer FreeBSD over any arbitrary GNU/Linux distribution, that is more widely spread and additionally offers commercial support. Though I have mostly positive experiences using Linux, there are many reasons why I would always choose FreeBSD for setting up a server.