This document describes the setup of sendmail with offlineimap, imap and ssh/ssl.
Mail for my domain is routed to my slicehost via MX. Sendmail on my slicehost considers itself local for the domain, via /etc/mail/local-host-names.
olemichaelsen.dk heibergkring.com ukukus.dk
sendmail is configured with virtusertable to re-write email for specificed users at my domain to the local user.
sendmail.mc:
FEATURE(`virtusertable')dnl
and
dnl DAEMON_OPTIONS(`Family=inet, Name=MTA-v4, Port=smtp, Addr=127.0.0.1')dnl DAEMON_OPTIONS(`Family=inet, Name=MTA-v4, Port=smtp')dnl
to listen on public interface.
Email for my domain for users not explicitly specified in the virtusertable is rejected with "no such user".
user1@olemichaelsen.dk ole user2@olemichaelsen.dk ole user3@olemichaelsen.dk ole user4@olemichaelsen.dk ole user5@olemichaelsen.dk ole # @olemichaelsen.dk error:nouser User unknown user6@ukukus.dk someuser@gmail.com user7@ukukus.dk ole user8@ukukus.dk ole user9@ukukus.dk auser@2hansen.dk # @ukukus.dk error:nouser User unknown
procmail is invoked as MDA to place email in ~/Maildir
sendmail.mc: FEATURE(`local_procmail')dnl
/etc/procmailrc: DEFAULT=$HOME/Maildir/ LOGFILE=$MAILDIR/procmail.log
dovecot-imapd's configuration is changed from the default to
#protocols = imap imaps protocols = imaps # mail_location = mail_location = maildir:~/Maildir
On the client, /etc/mail/sendmail.mc is modified to have
FEATURE(`local_procmail')dnl
to use procmail as local MDA.
On the laptop there is no global procmailrc file, instead one in my homedirectory, which does some antispam filtering, and also places incoming email in ~/Maildir/current/INBOX
Sendmail on the laptop also has
define(`SMART_HOST',`esmtp:[127.0.0.1]')dnl define(`ESMTP_MAILER_ARGS',`TCP $h 125')dnl
which sets localhost port 125 as smarthost. Local submitted mail will still be picked up by submit daemon, which passes it on to sendmail. Sendmail will then place outgoing email with the smarthost - localhost port 125.
openbsd-inetd is installed, with inetd.conf:
127.0.0.1:125 stream tcp nowait tunnelclient /usr/bin/ssh -q -T tunnelendpoint@armstrong.heibergkring.com
tunnelclient is a localuser with locked password. It has a ssh keypair, where the public key is placed on the mailserver, in user tunnelendpoint .ssh/authorized_keys file:
command="nc localhost 25",no-X11-forwarding,no-agent-forwarding,no-port-forwarding ssh-rsa AAAAB3NzaC1yc2EAAAABIwAAAQEAuB1jZxkQZIhzQZBfVTz29HC9f61+6PSkmu4LusXeK4ZcAqcn6iuz0PeqdxOUr50Hv44av3xVfxOjknA4VKfnEGEKeeY/y+YdGAOh9W5Y0zb3Yx7kSe ...
So when my laptop connects to localhost port 125, it talks to inetd, which runs ssh, as the tunnelclient user, towards the mailserver, as tunnelendpoint user. Here, the command "nc localhost 25" is executed, meaning that sendmail will pickup.
And sendmail on the mailserver will consider it local submitted mail, and relay it towards the internet.
The client runs offlineimap:
# Sample minimal config file. Copy this to ~/.offlineimaprc and edit to # suit to get started fast. [general] accounts = general #ui = TTY.TTYUI ui = Noninteractive.Quiet [Account general] localrepository = Local remoterepository = Remote autorefresh = 5 [Repository Local] type = Maildir localfolders = ~/Maildir/current [Repository Remote] type = IMAP remotehost = armstrong.heibergkring.com remoteuser = ole ssl = yes remotepass = SECRET!