You are here: Home > OpenBSD mail server: Prerequisites

No Hair Github Pages

Setting up a mailserver on OpenBSD 6.9: Prerequisites

The goal is to have a hosted mail server for my domain accessible to hosts both inside and outside the local network which use MacOS, Linux, and OpenBSD. Although mail is in the base install and can suffice to read local system mail on an OpenBSD workstation, it cannot access mail from a remote mail server. For this, use Thunderbird. Mutt, lynx, getmail/fetchmail, etc.

Prior to doing this you need:

  • A static IP is (almost) mandatory as is 24/7 uptime. I recommend you spin up a cheap VPS. I use Vultr. Some ISPs use dynamic addresses which do not change often, sort of s pseudo-static IP. If your mail server is not your primary one and you are just testing, you're welcome to try at home and good luck: for production, no way.
  • Check that port 25 is not blocked by your ISP or hosting provider. ATT and Comcast do. You can file a ticket to get that opened on ATT if you have a business account or static IP. It costs $49. If you're on a consumer connection with a dynamic IP, they won't. You can check from a remote host with https://www.yougetsignal.com/tools/open-ports/. So, yet another reason to have a remote host.
  • Most relays to your mailserver will still come over smtp port 25 with or without TLS/SSL. Some relays are still unencrypted so you shouldn't require TLS for all incoming connections. Some may use "smtps" (port 465). Other ports needed are submission (587), imap (143), imap3 (220), and imaps (993). pop/pop3 is deprecated, so we will use only imap.
  • Check that your IP address has not been blacklisted because of prior activity. You can use online services like https://whatismyipaddress.com/blacklist-check. You can also check the reputation of the IP address at sites like https://www.ipqualityscore.com/ip-reputation-check.
  • Check that you can edit the reverse DNS records or that your ISP will. If your rDNS record does not point to your server name, e.g. mail.example.com, you need to fix this. Check with https://mxtoolbox.com/ReverseLookup.aspx, for example.

If you don't want to wade through these html chapters, a complete text file of the instructions can de viewed or downloaded here.

With all these criteria met, let's move on to DNS.

Next: DNS

Previous: Sources


Posted by Gordon, No Hair Github Pages, Aug 11, 2021

© nohair.net and the author

For comments, corrections, and addenda, email: gordon[AT]nohair.net

Github Pages index | nohair.net | Links | Surfcams