Differences

This shows you the differences between two versions of the page.

Link to this comparison view

Next revision
Previous revision
Next revisionBoth sides next revision
docs:guide-user:services:email:emailrelay [2022/05/12 12:17] – created stokitodocs:guide-user:services:email:emailrelay [2023/01/28 18:36] stokito
Line 31: Line 31:
 | ''domain'' | string | no | //(none)// | Specifies the network name that is used in SMTP EHLO. The default is derived from a DNS lookup of the local hostname. See //--domain// | | ''domain'' | string | no | //(none)// | Specifies the network name that is used in SMTP EHLO. The default is derived from a DNS lookup of the local hostname. See //--domain// |
 | ''anonymous'' | integer | no | //0// | Disables the server's SMTP VRFY command. See //--anonymous// | | ''anonymous'' | integer | no | //0// | Disables the server's SMTP VRFY command. See //--anonymous// |
-| ''server_tls'' | integer | no | //0// | For //server// and //proxy// mode. See //--server-tls// |+| ''server_tls'' | integer | no | //0// | For //server// and //proxy// mode. See //--server-tls// Doesn't work in v2.1, see [[https://github.com/openwrt/packages/pull/18536|fix]]  |
 | ''server_auth'' | string | no | //(none)// | For //server// and //proxy// mode. See //--server-auth// and /etc/emailrelay.auth | | ''server_auth'' | string | no | //(none)// | For //server// and //proxy// mode. See //--server-auth// and /etc/emailrelay.auth |
 | ''client_tls'' | integer | no | //0// | For //proxy// mode. See //--client-tls// | | ''client_tls'' | integer | no | //0// | For //proxy// mode. See //--client-tls// |
 | ''client_auth'' | string | no | //(none)// | For //proxy// mode. See //--client-auth// and /etc/emailrelay.auth | | ''client_auth'' | string | no | //(none)// | For //proxy// mode. See //--client-auth// and /etc/emailrelay.auth |
 +| ''extra_cmdline'' | string | no | //(none)// | Extra command line options. See http://emailrelay.sourceforge.net/#reference_md_Reference for command line reference |
  
 ==== Server ==== ==== Server ====
Line 69: Line 69:
         option mode 'cmdline'         option mode 'cmdline'
         # specify all arguments that should be passed to emailrelay here         # specify all arguments that should be passed to emailrelay here
-        # see https://emailrelay.sourceforge.net/reference.html for command line reference+        # see http://emailrelay.sourceforge.net/#reference_md_Reference for command line reference
         option extra_cmdline '--some-other --cmdline-options'         option extra_cmdline '--some-other --cmdline-options'
 </code> </code>
  
 +===== Useful options ====
 +==== Configure TLS ====
  
 +[[:docs:guide-user:services:tls:certs|Obtain a TLS cert]]
 +Then configure ''server_tls'' option and put private key and then after a comma a fullchain.
 +==== Mails storage location ====
 +By default mails are stored into ''/var/spool/emailrelay''. You may want to store them into some USB disk. To do this you have to create a folder e.g. ''/mnt/usb_disk/spool/'' and configure emailrelay to use it by setting ''option extra_cmdline '--spool-dir /srv/spool/'''.
 +Alternatively you can make the ''/var/spool/emailrelay'' a symlink to the disk.
 +
 +==== Reading email with POP ====
 +If you are using email client (MUA) like Thunderbird, Outlook then you can fetch received mails by enabling POP protocol.
 +
 +''option extra_cmdline '--pop --pop-auth=/etc/pop.auth'''. Also you must allow an access so set ''option remote_clients='1'''.
 +Then you must create the ''/etc/pop.auth'' file as described in http://emailrelay.sourceforge.net/index.html#userguide_md_Running_as_a_POP_server.
 +Please note that if you are going to read emails from internet then you have to configure TLS for security.
 +See below how to open a port for internet.
 +
 +===== Open ports for internet in Firewall =====
 +This is a very bad idea for security and don't do this unless you know what are you doing.
 +Add to ''/etc/config/firewall'':
 +<code>
 +config rule
 +        option name 'Allow-WAN-SMTP'
 +        option target 'ACCEPT'
 +        option src 'wan'
 +        option proto 'tcp'
 +        option dest_port '25'
 +config rule
 +        option name 'Allow-WAN-SMTP-Submission'
 +        option target 'ACCEPT'
 +        option src 'wan'
 +        option proto 'tcp'
 +        option dest_port '587'  
 +config rule
 +        option name 'Allow-WAN-POP'
 +        option target 'ACCEPT'
 +        option src 'wan'
 +        option proto 'tcp'
 +        option dest_port '110'
 +</code>
 +
 +You can add these rules with command line:
 +
 +<code>
 +uci add firewall rule
 +uci set firewall.wan_https_turris_rule=rule
 +uci set firewall.wan_https_turris_rule.name='Allow-WAN-SMTP'
 +uci set firewall.wan_https_turris_rule.src='wan'
 +uci set firewall.wan_https_turris_rule.proto='tcp'
 +uci set firewall.wan_https_turris_rule.dest_port='25'
 +uci set firewall.wan_https_turris_rule.target='ACCEPT'
 +
 +uci add firewall rule
 +uci set firewall.wan_https_turris_rule=rule
 +uci set firewall.wan_https_turris_rule.name='Allow-WAN-SMTP-Submission'
 +uci set firewall.wan_https_turris_rule.src='wan'
 +uci set firewall.wan_https_turris_rule.proto='tcp'
 +uci set firewall.wan_https_turris_rule.dest_port='587'
 +uci set firewall.wan_https_turris_rule.target='ACCEPT'
 +
 +
 +uci add firewall rule
 +uci set firewall.wan_https_turris_rule=rule
 +uci set firewall.wan_https_turris_rule.name='Allow-WAN-POP'
 +uci set firewall.wan_https_turris_rule.src='wan'
 +uci set firewall.wan_https_turris_rule.proto='tcp'
 +uci set firewall.wan_https_turris_rule.dest_port='110'
 +uci set firewall.wan_https_turris_rule.target='ACCEPT'
 +
 +uci commit firewall
 +service firewall restart
 +</code>
  • Last modified: 2023/01/29 19:40
  • by stokito