1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
|
# chasquid
[chasquid](https://blitiri.com.ar/p/chasquid) is an SMTP (email) server.
It aims to be easy to configure and maintain for a small mail server, at the
expense of flexibility and functionality.
It's written in [Go](https://golang.org).
## Features
* Easy to configure, hard to mis-configure in ways that are harmful or
insecure (e.g. no open relay, clear-text authentication, etc.).
* Tracking of per-domain TLS support, prevents connection downgrading.
* SMTP UTF8 (international usernames).
* IDNA (international domain names).
* Hooks for easy integration with greylisting, anti-virus and anti-spam.
* Multiple domains, with per-domain user database and aliases.
* Multiple TLS certificates.
* Suffix dropping (user+something@domain -> user@domain).
* Easy integration with letsencrypt.
* SPF checking.
* Monitoring HTTP server, with exported variables and tracing to help
debugging.
The following are intentionally *not* implemented:
* Custom email routing and transport.
* DKIM/DMARC checking (although the post-data hook can be used for it).
* Different backends for domain and user configuration (Dovecot authentication
may be implemented in the future).
## Status
chasquid is in beta.
It's functional and has had some production exposure, but some things may
still change in backwards-incompatible way, including the configuration format.
It should be rare and will be avoided if possible.
You should subscribe to the mailing list to get notifications of such changes.
## Contact
If you have any questions, comments or patches please send them to the mailing
list, chasquid@googlegroups.com.
To subscribe, send an email to chasquid+subscribe@googlegroups.com.
You can also browse the
[archives](https://groups.google.com/forum/#!forum/chasquid).
## Installation
To get the code and build it, you will need a working [Go](http://golang.org)
environment.
```shell
# Get the code and build the binaries.
go get blitiri.com.ar/go/chasquid
cd "$GOPATH/src/blitiri.com.ar/go/chasquid"
make
# Install the binaries to /usr/local/bin.
sudo make install-binaries
# Copy the example configuration to /etc/chasquid and /etc/systemd, and create
# the /var/lib/chasquid directory.
sudo make install-config-skeleton
```
## Configuration
The configuration is in `/etc/chasquid/` by default, and has the following
structure:
```
- chasquid.conf Main config file.
- domains/ Domains' data.
- example.com/
- users User and password database for the domain.
- aliases Aliases for the domain.
...
- certs/ Certificates to use, one dir per pair.
- mx.example.com/
- fullchain.pem Certificate (full chain).
- privkey.pem Private key.
...
```
Note the certs/ directory matches certbot's structure, so if you use it you
can just symlink to /etc/letsencrypt/live.
Make sure the user you use to run chasquid under ("mail" in the example
config) can access the certificates and private keys.
### Adding users
You can add users with:
```
chasquid-util user-add user@domain
```
This will also create the corresponding domain directory if it doesn't exist.
### Checking your configuration
Run `chasquid-util print-config` to parse your configuration and display the
resulting values.
### Checking your setup
Run `smtp-check yourdomain.com`, it will check:
* MX DNS records.
* SPF DNS records (will just warn if not present).
* TLS certificates.
It needs to access port 25, which is often blocked by ISPs, so it's likely
that you need to run it from your server.
### Greylisting, anti-spam and anti-virus
chasquid supports running a post-DATA hook, which can be used to perform
greylisting, and run anti-spam and anti-virus filters.
The hook should be at `/etc/chasquid/hooks/post-data`.
The one installed by default is a bash script supporting:
* greylisting using greylistd.
* anti-spam using spamassassin.
* anti-virus using clamav.
To use them, they just need to be available in your system.
For example, in Debian you can run the following to install all three:
```
apt install greylistd spamc clamdscan
usermod -a -G greylist mail
```
Note that the default hook may not work in all cases, it is provided as a
practical example but you should adjust it to your particular system if
needed.
|
