DIY Mail, Calendar and Contact Server
WORK IN PROGRESS NOTICE: This article still a work in progress.
This post serves as a refresher and documentation for setting up a simple mail, contact and calendar server using:
- OpenBSD as the base operating system (secure by default),
- OpenSMTPD as our main mail server handling SMTP sessions,
- Dovecot for access to mailboxes via IMAP,
- Radicale to host and provide access to our calendars and contacts via CalDAV and CardDAV
In addition to the above we’ll use:
- acme-client to get our SSL certificates,
- relayd for SSL termination and to act as a reverse proxy for Radicale
- dkimproxy to sign outgoing mails
- pf to close all but the required ports
I recommend reading the condensed guide to mail delivery first.
How does calendar work, anyway?
Similarly to mail, a calendar is simply a collection of files describing events. The de facto standard file format for this is iCalendar which looks like this:
BEGIN:VCALENDAR VERSION:2.0 PRODID:-//hacksw/handcal//NONSGML v1.0//EN BEGIN:VEVENT UID:firstname.lastname@example.org DTSTAMP:19970714T170000Z ORGANIZER;CN=John Doe:MAILTO:email@example.com DTSTART:19970714T170000Z DTEND:19970715T035959Z SUMMARY:Bastille Day Party GEO:48.85299;2.36885 END:VEVENT END:VCALENDAR
The way to exchange these files is by using the calendaring extensions of WebDAV called CalDAV so in essence all you need to do is use standard HTTP(S) requests to handle these files. There isn’t much more to it than that.
You can of course read the fairly short (for an RFC) WebDAV RFC for an idea of how these requests look like. Given enough knowhow, you can essentially manage your calendar using
All you need is a CalDAV server and a URL to connect to. No crazy DNS mangling, encryption, verifications and so on but I’m sure if you wanted to you would be able to tack on more security.
And lastly, address books
Continuing on the theme of using files, contacts are also stored as Virtual Contact File (vCard or VCF) files. They look like this:
BEGIN:VCARD VERSION:4.0 N:Gump;Forrest;;Mr.; FN:Forrest Gump ORG:Bubba Gump Shrimp Co. TITLE:Shrimp Man PHOTO;MEDIATYPE=image/gif:http://www.example.com/dir_photos/my_photo.gif TEL;TYPE=work,voice;VALUE=uri:tel:+1-111-555-1212 TEL;TYPE=home,voice;VALUE=uri:tel:+1-404-555-1212 ADR;TYPE=WORK;PREF=1;LABEL="100 Waters Edge\nBaytown\, LA 30314\nUnited States of America":;;100 Waters Edge;Baytown;LA;30314;United States of America ADR;TYPE=HOME;LABEL="42 Plantation St.\nBaytown\, LA 30314\nUnited States of America":;;42 Plantation St.;Baytown;LA;30314;United States of America EMAIL:firstname.lastname@example.org REV:20080424T195243Z x-qq:21588891 END:VCARD
And they too use WebDAV with a set of extensions called CardDAV for managing these. Same story as for CalDAV.
There you have it! The UNIX philosophy of “everything is a file” works pretty well for all these things. Granted, you can make all of this more complicated by introducing relational databases, replication, LDAP authentication and identity management, but for small groups of people none of that is necessary.
Enough theory, let’s get started!
Preparing the OS