Differences

This shows you the differences between two versions of the page.

Link to this comparison view

Both sides previous revision Previous revision
Next revision
Previous revision
Next revisionBoth sides next revision
docs:guide-user:services:email:emailrelay [2022/05/12 13:34] – [Mails storage location] stokitodocs:guide-user:services:email:emailrelay [2023/01/28 18:36] stokito
Line 31: Line 31:
 | ''domain'' | string | no | //(none)// | Specifies the network name that is used in SMTP EHLO. The default is derived from a DNS lookup of the local hostname. See //--domain// | | ''domain'' | string | no | //(none)// | Specifies the network name that is used in SMTP EHLO. The default is derived from a DNS lookup of the local hostname. See //--domain// |
 | ''anonymous'' | integer | no | //0// | Disables the server's SMTP VRFY command. See //--anonymous// | | ''anonymous'' | integer | no | //0// | Disables the server's SMTP VRFY command. See //--anonymous// |
-| ''server_tls'' | integer | no | //0// | For //server// and //proxy// mode. See //--server-tls// |+| ''server_tls'' | integer | no | //0// | For //server// and //proxy// mode. See //--server-tls// Doesn't work in v2.1, see [[https://github.com/openwrt/packages/pull/18536|fix]]  |
 | ''server_auth'' | string | no | //(none)// | For //server// and //proxy// mode. See //--server-auth// and /etc/emailrelay.auth | | ''server_auth'' | string | no | //(none)// | For //server// and //proxy// mode. See //--server-auth// and /etc/emailrelay.auth |
 | ''client_tls'' | integer | no | //0// | For //proxy// mode. See //--client-tls// | | ''client_tls'' | integer | no | //0// | For //proxy// mode. See //--client-tls// |
 | ''client_auth'' | string | no | //(none)// | For //proxy// mode. See //--client-auth// and /etc/emailrelay.auth | | ''client_auth'' | string | no | //(none)// | For //proxy// mode. See //--client-auth// and /etc/emailrelay.auth |
 +| ''extra_cmdline'' | string | no | //(none)// | Extra command line options. See http://emailrelay.sourceforge.net/#reference_md_Reference for command line reference |
  
 ==== Server ==== ==== Server ====
Line 69: Line 69:
         option mode 'cmdline'         option mode 'cmdline'
         # specify all arguments that should be passed to emailrelay here         # specify all arguments that should be passed to emailrelay here
-        # see https://emailrelay.sourceforge.net/reference.html for command line reference+        # see http://emailrelay.sourceforge.net/#reference_md_Reference for command line reference
         option extra_cmdline '--some-other --cmdline-options'         option extra_cmdline '--some-other --cmdline-options'
 </code> </code>
  
 ===== Useful options ==== ===== Useful options ====
 +==== Configure TLS ====
 +
 +[[:docs:guide-user:services:tls:certs|Obtain a TLS cert]]
 +Then configure ''server_tls'' option and put private key and then after a comma a fullchain.
 ==== Mails storage location ==== ==== Mails storage location ====
 By default mails are stored into ''/var/spool/emailrelay''. You may want to store them into some USB disk. To do this you have to create a folder e.g. ''/mnt/usb_disk/spool/'' and configure emailrelay to use it by setting ''option extra_cmdline '--spool-dir /srv/spool/'''. By default mails are stored into ''/var/spool/emailrelay''. You may want to store them into some USB disk. To do this you have to create a folder e.g. ''/mnt/usb_disk/spool/'' and configure emailrelay to use it by setting ''option extra_cmdline '--spool-dir /srv/spool/'''.
Line 84: Line 88:
 Then you must create the ''/etc/pop.auth'' file as described in http://emailrelay.sourceforge.net/index.html#userguide_md_Running_as_a_POP_server. Then you must create the ''/etc/pop.auth'' file as described in http://emailrelay.sourceforge.net/index.html#userguide_md_Running_as_a_POP_server.
 Please note that if you are going to read emails from internet then you have to configure TLS for security. Please note that if you are going to read emails from internet then you have to configure TLS for security.
 +See below how to open a port for internet.
  
 +===== Open ports for internet in Firewall =====
 +This is a very bad idea for security and don't do this unless you know what are you doing.
 +Add to ''/etc/config/firewall'':
 +<code>
 +config rule
 +        option name 'Allow-WAN-SMTP'
 +        option target 'ACCEPT'
 +        option src 'wan'
 +        option proto 'tcp'
 +        option dest_port '25'
 +config rule
 +        option name 'Allow-WAN-SMTP-Submission'
 +        option target 'ACCEPT'
 +        option src 'wan'
 +        option proto 'tcp'
 +        option dest_port '587'  
 +config rule
 +        option name 'Allow-WAN-POP'
 +        option target 'ACCEPT'
 +        option src 'wan'
 +        option proto 'tcp'
 +        option dest_port '110'
 +</code>
  
 +You can add these rules with command line:
  
 +<code>
 +uci add firewall rule
 +uci set firewall.wan_https_turris_rule=rule
 +uci set firewall.wan_https_turris_rule.name='Allow-WAN-SMTP'
 +uci set firewall.wan_https_turris_rule.src='wan'
 +uci set firewall.wan_https_turris_rule.proto='tcp'
 +uci set firewall.wan_https_turris_rule.dest_port='25'
 +uci set firewall.wan_https_turris_rule.target='ACCEPT'
 +
 +uci add firewall rule
 +uci set firewall.wan_https_turris_rule=rule
 +uci set firewall.wan_https_turris_rule.name='Allow-WAN-SMTP-Submission'
 +uci set firewall.wan_https_turris_rule.src='wan'
 +uci set firewall.wan_https_turris_rule.proto='tcp'
 +uci set firewall.wan_https_turris_rule.dest_port='587'
 +uci set firewall.wan_https_turris_rule.target='ACCEPT'
 +
 +
 +uci add firewall rule
 +uci set firewall.wan_https_turris_rule=rule
 +uci set firewall.wan_https_turris_rule.name='Allow-WAN-POP'
 +uci set firewall.wan_https_turris_rule.src='wan'
 +uci set firewall.wan_https_turris_rule.proto='tcp'
 +uci set firewall.wan_https_turris_rule.dest_port='110'
 +uci set firewall.wan_https_turris_rule.target='ACCEPT'
 +
 +uci commit firewall
 +service firewall restart
 +</code>
  • Last modified: 2023/01/29 19:40
  • by stokito