Debian: How to build & install a recent OpenSMTPd release on Buster with LibreSSL
NB: The information in this post is outdated and dates back to Debian Buster when a recent OpenSMTPD version with proper feature support wasn’t included in the distribution. Nowadays, this has changed and installing is as simple as sudo apt install opensmtpd -y.
Build & Install LibreSSL
apt update
apt install git nano wget
nano /etc/apt/sources.list
Make sure deb-src is enabled
deb-src http://deb.debian.org/debian buster main
apt update
apt build-dep openssl
git clone https://github.com/libressl-portable/portable.git libressl
cd libressl
git tag
git checkout v3.4.1
sh autogen.sh
./configure --prefix="/opt/libressl"
make -j4
make install
echo '/opt/libressl/lib' | tee /etc/ld.so.conf.d/libressl.conf
ldconfig
cd ~
Build & Install OpenSMTPD
apt build-dep opensmtpd
wget https://www.opensmtpd.org/archives/opensmtpd-6.8.0p2.tar.gz
tar xf opensmtpd-*.tar.gz
cd opensmtpd-6.8.0p2
LDFLAGS="-L/opt/libressl/lib" CFLAGS="-I/opt/libressl/include" ./configure \
--with-gnu-ld \
--with-auth-pam \
--with-libssl="/opt/libressl/lib" \
--with-path-CAfile="/etc/ssl/certs/ca-certificates.crt" \
--with-path-empty="/var/lib/opensmtpd/empty" \
--sysconfdir="/etc/smtpd" \
--sbindir="/usr/sbin" \
--libexecdir="/usr/lib/opensmtpd" \
--with-path-mbox="/var/mail" \
--with-table-db \
--with-user-smtpd="smtpd" \
--with-user-queue="smtpq" \
--with-group-queue="smtpq"
make -j4
make install
cd /usr/sbin
ln -s /usr/sbin/smtpctl /usr/sbin/sendmail
ln -s /usr/sbin/smtpctl /usr/sbin/makemap
ln -s /usr/sbin/smtpctl /usr/sbin/newaliases
ln -s /usr/sbin/smtpctl /usr/sbin/mailq
cat <<EOF >> /etc/aliases
# Enter mail aliases below in the format described by aliases(5)
# RFC 2142 NETWORK OPERATIONS MAILBOX NAMES
abuse: root
noc: root
security: root
# RFC 2142 SUPPORT MAILBOX NAMES FOR SPECIFIC INTERNET SERVICES
postmaster: root
hostmaster: root
# usenet: root
# news: usenet
webmaster: root
www: webmaster
# uucp: root
ftp: root
EOF
mkdir -p /var/lib/opensmtpd/empty
for name in smtpd smtpq; do
id -g ${name} > /dev/null 2>&1 || addgroup --system ${name}
done
# Based on postfix.postinst:
id smtpd > /dev/null 2>&1 || \
adduser --system --home /var/lib/opensmtpd/empty \
--no-create-home --disabled-password \
--gecos "OpenSMTP Daemon" \
--ingroup smtpd smtpd
id smtpq > /dev/null 2>&1 || \
adduser --system --home /var/lib/opensmtpd/empty \
--no-create-home --disabled-password \
--gecos "OpenSMTPd queue user" \
--ingroup smtpq smtpq
systemctl edit --full --force smtpd
[Unit]
Description=OpenSMTPD SMTP server
Documentation=man:smtpd(8)
After=network.target
[Service]
Type=forking
ExecStart=/usr/sbin/smtpd
ExecStop=/bin/kill -15 $MAINPID
[Install]
WantedBy=multi-user.target
systemctl enable smtpd
systemctl start smtpd
systemctl status smtpd
This will show that smtpd failed to start. We need to enter some configuration first.
cat <<EOF > /etc/smtpd/smtpd.conf
# $OpenBSD: smtpd.conf,v 1.10 2018/05/24 11:40:17 gilles Exp $
# This is the smtpd server system-wide configuration file.
# See smtpd.conf(5) for more information.
table aliases file:/etc/aliases
# To accept external mail, replace with: listen on all
#
listen on localhost
action "local" mbox alias <aliases>
action "relay" relay
# Uncomment the following to accept external mail for domain "example.org"
#
# match from any for domain "example.org" action "local"
match for local action "local"
match from local for any action "relay"
EOF
systemctl restart smtpd
systemctl status smtpd
Refer to the OpenSMTPd man pages https://opensmtpd.org/manual.html for more information on how to configure the software to match your needs.
Updates
- 2020-06-27: Update article to latest software versions.
- 2020-12-22: Update article to latest software versions.
- 2021-02-04: Update article to latest software versions.
- 2021-05-27: Update article to latest software versions.
- 2021-10-17: Update libressl 3.3.3 -> 3.4.1.
