MBF Knowledge Base

How do I configure Haraka for outbound email?

It is trivially easy to configure Haraka as an outbound email server. But first there are external things you may want to sort out:

1.) Get your DNS PTR record set up - be sure it matches the A record of the host you're sending from.


2.) Consider implementing an SPF record.



There's lots of information elsewhere on the internet about getting these things working, and they are specific to your network and your DNS hosting.


First Some Background

Sending outbound mail through Haraka is called "relaying", and that is the term the internals use. The process is simple - if a plugin in Haraka tells the internals that this mail is to be relayed, then it gets queued in the "queue" directory for delivery. Then it will go through several delivery attempts until it is either successful or fails hard for some reason. A hard failure will result in a bounce email being sent to the "MAIL FROM" address used when connecting to Haraka. If that address also bounces then it is considered a "double bounce" and Haraka will log an error.


The Setup

Outbound mail servers should run on port 587 and enforce authentication. This is slightly different from the "old" model where there would simply be a check based on the connecting IP address to see if it was valid to relay. Note however that Haraka doesn't stop you doing it this way - it just don't provide a plugin to do that by default - you will have to write one. The reason is purely based on security and personal preference.


Create a new Haraka instance:

haraka -i haraka-outbound
cd haraka-outbound

Now edit config/smtp.ini - change the port to 587.

Next we setup our plugins - all we need is the auth plugin:

echo "auth/flat_file" > config/plugins

Now edit the flat file password file, and put in an appropriate username and password:

vi config/auth_flat_file.ini

See the documentation in docs/plugins/auth/flat_file.md for information about what can go in that file.

Now you can start Haraka.

haraka -c .

That's all the configuration you need.