How to Install Simple NixOS Mailserver on OpenBSD

In this tutorial, we will explain how to install Simple NixOS Mailserver on OpenBSD. Simple NixOS Mailserver is a suite of software that allows you to run your own mail server. This tutorial assumes that you have a basic understanding of OpenBSD and know how to access the command line.

Prerequisites

  • A server running OpenBSD
  • A domain name pointed to the server
  • A valid SSL certificate

Step 1: Install required packages

The first step is to install the required packages on the OpenBSD server. Run the following command to install the packages:

doas pkg_add git gnupg curl postfix dovecot opendkim opendmarc rspamd certbot

Step 2: Install Simple NixOS Mailserver

Next, we need to install Simple NixOS Mailserver. Follow the steps below:

  1. Clone the Simple NixOS Mailserver repository using the command:
git clone https://gitlab.com/simple-nixos-mailserver/nixos-mailserver.git
  1. Change the directory to the cloned repository:
cd nixos-mailserver
  1. Import the Simple NixOS Mailserver public GPG key:
curl -sSL https://keybase.io/simple-nixos-mailserver/pgp_keys.asc | doas gpg --import
  1. Verify that the key has been imported correctly:
doas gpg --fingerprint BBE88A6FCB7E49A9C9B7CF319CFE6A9407F47B4E
  1. Run the Simple NixOS Mailserver installation script:
./install.sh

Step 3: Configure the Mailserver

After the installation is complete, we need to configure the mail server. Follow the steps below:

  1. Edit the mail-config-example.nix file:
doas vim mail-config-example.nix
  1. Modify the following settings in the file:
  • Change mydomain.com to your domain name
  • Modify the users block to include the email addresses you want to use
  • Add any aliases in the aliases block

  1. Save and close the file

  2. Generate the configuration file:

./generate-config.sh mail-config-example.nix > mail-config.nix
  1. Apply the configuration changes:
sudo nixos-rebuild switch

Step 4: Configure and Start Rspamd

Rspamd is the spam filter used by Simple NixOS Mailserver. We need to configure and start Rspamd using the following steps:

  1. Edit the rspamd/local.d/worker-controller.inc file:
sudo vim /etc/rspamd/local.d/worker-controller.inc
  1. Modify the bind_socket setting to listen on localhost:
bind_socket = "localhost:11333";

  1. Save and close the file

  2. Enable the Rspamd service:

sudo systemctl enable rspamd.service
  1. Start the Rspamd service:
sudo systemctl start rspamd.service

Step 5: Configure and Start Postfix

Postfix is the SMTP server used by Simple NixOS Mailserver. We need to configure and start Postfix using the following steps:

  1. Edit the mail-config.nix file:
sudo vim /etc/nixos/mail-config.nix
  1. Modify the smtpd_sasl_auth_enable setting to yes:
smtpd_sasl_auth_enable = "yes";

  1. Save and close the file

  2. Enable the Postfix service:

sudo systemctl enable postfix.service
  1. Start the Postfix service:
sudo systemctl start postfix.service

Step 6: Configure and Start Dovecot

Dovecot is the IMAP and POP3 server used by Simple NixOS Mailserver. We need to configure and start Dovecot using the following steps:

  1. Edit the mail-config.nix file:
sudo vim /etc/nixos/mail-config.nix
  1. Modify the protocols setting to include IMAP and POP3:
protocols = [ "imap" "pop3" ];

  1. Save and close the file

  2. Enable the Dovecot service:

sudo systemctl enable dovecot.service
  1. Start the Dovecot service:
sudo systemctl start dovecot.service

Step 7: Configure DKIM and DMARC

DKIM and DMARC are email authentication mechanisms that help prevent email spoofing. We need to configure and start DKIM and DMARC using the following steps:

  1. Edit the mail-config.nix file:
sudo vim /etc/nixos/mail-config.nix

  1. Add your DKIM selector and key file path under opendkim.keys

  2. Modify the opendmarc.report_email setting to your email address:

opendmarc.report_email = "[email protected]";

  1. Save and close the file

  2. Enable the opendkim and opendmarc services:

sudo systemctl enable opendkim.service
sudo systemctl enable opendmarc.service
  1. Start the opendkim and opendmarc services:
sudo systemctl start opendkim.service
sudo systemctl start opendmarc.service

Step 8: Configure SSL Certificate

Simple NixOS Mailserver requires an SSL certificate to secure the email traffic. We need to configure the SSL certificate using the following steps:

  1. Generate a new SSL certificate or obtain a trusted one

  2. Edit the mail-config.nix file:

sudo vim /etc/nixos/mail-config.nix
  1. Modify the sslCertificate and sslPrivateKey settings to the path of your SSL certificate and private key respectively:
sslCertificate = "/path/to/ssl/cert";
sslPrivateKey = "/path/to/ssl/private/key";

  1. Save and close the file

  2. Apply the configuration changes:

sudo nixos-rebuild switch

Conclusion

Congratulations! You have successfully installed Simple NixOS Mailserver on OpenBSD and configured it to run a mail server. You can now start sending and receiving emails from your own mail server.