E-MailRelay
E-MailRelay is an e-mail store-and-forward message transfer agent and proxy server. E-MailRelay does three things: it stores any incoming e-mail messages that it receives, it forwards e-mail messages on to another remote e-mail server, and it serves up stored e-mail messages to local e-mail reader programs. More technically, it acts as a SMTP storage daemon, a SMTP forwarding agent, and a POP3 server.
E-MailRelay does not do routing of individual messages; it is not a routing MTA. It forwards all e-mail messages to a pre-configured SMTP server, regardless of any message addressing or DNS redirects.
Package emailrelay takes up to 1.4mb space and installs following files:
/usr/bin/emailrelay /usr/bin/emailrelay-filter-copy /usr/bin/emailrelay-passwd /usr/bin/emailrelay-submit /etc/config/emailrelay /etc/emailrelay.auth
Its uci configuration is located in /etc/config/emailrelay. The config starts emailrelay command with options that are described in manual.
You can also use plain config file /etc/emailrelay.conf. See https://sourceforge.net/p/emailrelay/code/HEAD/tree/trunk/etc/emailrelay.conf.template
Sections
The default emailrelay config file contains server, proxy and cmdline sections.
The possible options are listed in the table below.
| Name | Type | Required | Default | Description |
|---|---|---|---|---|
enabled | integer | yes | 0 | Listen SMTP |
mode | string | yes | server, proxy or cmdline | Mode: --as-server or --as-proxy. The cmdline means append extra_cmdline |
smarthost | string | yes | (none) | For proxy mode specify the SMTP to forward emails. The option for --as-proxy <host:port> |
port | integer | yes | 25 | Port to listen incoming emails. |
remote_clients | integer | yes | 0 | To allow connections from anywhere. By default only local allowed. Check your firewall to avoid spam. See --remote-clients |
address_verifier | string | no | (none) | Runs the specified external program to verify a message recipient's e-mail address. See --address-verifier |
domain | string | no | (none) | Specifies the network name that is used in SMTP EHLO. The default is derived from a DNS lookup of the local hostname. See --domain |
anonymous | integer | no | 0 | Disables the server's SMTP VRFY command. See --anonymous |
server_tls | integer | no | 0 | For server and proxy mode. See --server-tls Doesn't work in v2.1, see fix |
server_auth | string | no | (none) | For server and proxy mode. See --server-auth and /etc/emailrelay.auth |
client_tls | integer | no | 0 | For proxy mode. See --client-tls |
client_auth | string | no | (none) | For proxy mode. See --client-auth and /etc/emailrelay.auth |
extra_cmdline | string | no | (none) | Extra command line options. See http://emailrelay.sourceforge.net/#reference_md_Reference for command line reference |
Server
A minimal server declaration:
config emailrelay 'server'
option enabled '0'
option mode 'server'
option port '25'
option remote_clients '0'
Proxy
A minimal proxy declaration:
config emailrelay 'proxy'
option enabled '0'
option mode 'proxy'
option smarthost '192.0.2.1:25'
option port '25'
option remote_clients '0'
Plain commands
A minimal cmdline declaration:
config emailrelay 'cmdline'
option enabled '0'
option mode 'cmdline'
# specify all arguments that should be passed to emailrelay here
# see http://emailrelay.sourceforge.net/#reference_md_Reference for command line reference
option extra_cmdline '--some-other --cmdline-options'
Useful options
Configure TLS
Obtain a TLS cert
Then configure server_tls option and put private key and then after a comma a fullchain.
Mail storage location
By default mails are stored into /var/spool/emailrelay. On the OpenWrt the entire /var/ directory is tmpfs stored in RAM memory and will be lost on a router reboot.
So you need to change it to store them into some USB disk. To do this you have to create a folder e.g. /mnt/usb_disk/spool/ and configure emailrelay to use it by setting:
option extra_cmdline '--spool-dir /mnt/usb_disk/spool/'
In next versions of the emailrelay package you'll have a separate UCI option spool_dir
Also if you are using the “POP by name” option then you need to create a subfolders for each account
Reading email with POP
If you are using email client (MUA) like Thunderbird, Outlook then you can fetch received mails by enabling POP protocol.
option extra_cmdline '--pop --pop-auth=/etc/pop.auth'. Also you must allow an access so set option remote_clients='1'.
Then you must create the /etc/pop.auth file as described in http://emailrelay.sourceforge.net/index.html#userguide_md_Running_as_a_POP_server.
Please note that if you are going to read emails from internet then you have to configure TLS for security.
See below how to open a port for internet.
Open ports for internet in Firewall
This is a very bad idea for security and don't do this unless you know what are you doing.
Add to /etc/config/firewall:
config rule
option name 'Allow-WAN-SMTP'
option target 'ACCEPT'
option src 'wan'
option proto 'tcp'
option dest_port '25'
config rule
option name 'Allow-WAN-SMTP-Submission'
option target 'ACCEPT'
option src 'wan'
option proto 'tcp'
option dest_port '587'
config rule
option name 'Allow-WAN-POP'
option target 'ACCEPT'
option src 'wan'
option proto 'tcp'
option dest_port '110'
You can add these rules with command line:
uci add firewall rule uci set firewall.wan_https_turris_rule=rule uci set firewall.wan_https_turris_rule.name='Allow-WAN-SMTP' uci set firewall.wan_https_turris_rule.src='wan' uci set firewall.wan_https_turris_rule.proto='tcp' uci set firewall.wan_https_turris_rule.dest_port='25' uci set firewall.wan_https_turris_rule.target='ACCEPT' uci add firewall rule uci set firewall.wan_https_turris_rule=rule uci set firewall.wan_https_turris_rule.name='Allow-WAN-SMTP-Submission' uci set firewall.wan_https_turris_rule.src='wan' uci set firewall.wan_https_turris_rule.proto='tcp' uci set firewall.wan_https_turris_rule.dest_port='587' uci set firewall.wan_https_turris_rule.target='ACCEPT' uci add firewall rule uci set firewall.wan_https_turris_rule=rule uci set firewall.wan_https_turris_rule.name='Allow-WAN-POP' uci set firewall.wan_https_turris_rule.src='wan' uci set firewall.wan_https_turris_rule.proto='tcp' uci set firewall.wan_https_turris_rule.dest_port='110' uci set firewall.wan_https_turris_rule.target='ACCEPT' uci commit firewall service firewall restart