Its definitely something to watch for all those hackers that want an alternative to gmail that isnt the insanity of a postfix/qmail setup.
listen on em0
map aliases { source db "/etc/mail/aliases.db" }
accept for local deliver to mbox
accept for all relay
#
# /etc/postfix/main.cf
#
# disable diff service
biff = no
# TLS parameters
smtpd_tls_cert_file=/etc/ssl/certs/ssl-cert-snakeoil.pem
smtpd_tls_key_file=/etc/ssl/private/ssl-cert-snakeoil.key
smtpd_use_tls=yes
smtpd_tls_session_cache_database = btree:${data_directory}/smtpd_scache
smtp_tls_session_cache_database = btree:${data_directory}/smtp_scache
# disable warnings about NIS on mail delivery (default adds nis:mail.aliases)
alias_maps = hash:/etc/aliases
# do not grant special privileges to hosts except localhost
mynetworks_style = host
#set the mailbox size to limit to `unlimited'
mailbox_size_limit = 0
myhostname = fulla.mrothe.de
mydestination = $myhostname, localhost.$mydomain, localhost,
mrothe.de
mailbox_command = procmail -a "$EXTENSION"
[...]
myhostname = blei.mrothe.de
#don't touch mydestination, which defaults to "$myhostname, localhost.$mydomain, localhost"
# accept mail for these domains to be relayed
relay_domains = $mydestination, mrothe.deHowever, here's a better example of a configuration that is simple with OpenSMTPD and slightly more complex on others:
listen on em0 tls cert "mycert" enable auth
map "vmap" { source plain "/etc/mail/virtual" }
accept from all for virtual "vmap" deliver to maildir
accept for all relay
That is a fairly basic setup that quite a lot of people use, yet the effort required to achieve similar setup on other software can range from just "slightly irritating" to "extremely painful". Here it's done with 4 lines that are almost readable by someone who has never used the software.
Some other features like relaying through remote MX that require auth; tagging; forcing secure channels; allow more complex setups while retaining the same simple syntax.
/!\ warning: as a major contributor to OpenSMTPD, I'm biased ;-) /!\
If this defines an open mail relay, please think twice because your machine may be used to send spam and get blacklisted.
accept for all relay -> accept from local for all relay
to create an open relay one has to explicitly:
accept from all for all relay
I've never had an openbsd upgrade break, even when I do it the ninja way (which I often do, being a reckless fool).
Despite the longer setup time, I've found that openbsd servers end up needing far less maintenance than any others. It works well as a "fire-and-forget" operating system, a quality that seems to be lacking among the larger players.
(EDIT: not disagreeing that apt-get, yum, and pacman/yaourt are nice. Just talking about how awesome OpenBSD is.)
In my opinion: OpenBSD - Focused on security above all else. Host project of OpenSSH and pf/carp/altq?. Lags behind on architecture support and performance (Previously poor SMP performance?). Primary use: Router/firewall.
FreeBSD - All around features and performance (zfs,dtrace,pf,linux syscall emulation layer). The most popular, and I believe has the most development effort. Popular freebsd derivatives: pfSense (firewall appliance), FreeNAS (zfs storage appliance), PC-BSD (packaged up for an easier desktop experience). Primary use: Desktop/server/firewall/storage/database.
NetBSD: Focused on architecture support. Supports 57 platforms/15 processor architectures: http://www.netbsd.org/ports/. Primary use: support on embedded/uncommon hardware.
DragonFlyBSD: Interesting technologies being developed: HAMMERfs (compare with zfs), application snapshots, virtualized kernel. Matt Dillon's fork of FreeBSD adding the spirit of AmigaOS. Primary use: Compute clusters?
NetBSD is the one whose source you should study. The emphasis is on correctness and portability. The book Code Reading by Diomidis Spinellis used mainly examples from NetBSD even though he is a FreeBSD developer, because (he implies) the code is easier to read.
OpenBSD forked first and developed a reason to exist second; its storied past is really quite an interesting read, but won't leave you feeling like it is being developed by the greatest minds in security for exactly that purpose. I think its secure reputation is more fiat than fact and I'd like to see recent benchmarks substantiating the notion that it is better to run on routers and whatnot. I have no use for it.
http://en.wikipedia.org/wiki/Comparison_of_BSD_operating_sys...
Also, smtpd seems to be coming along nicely.
Sounds really interesting.