1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 64 65 66 67 68 69 70 71 72 73 74 75 76 77 78 79 80 81 82 83 84 85 86 87 88 89 90 91 92 93 94 95 96 97 98 99 100 101 102 103 104 105 106 107 108 109 110 111 112 113 114 115 116 117 118 119 120 121 122 123 124 125 126 127 128 129 130 131 132 133 134 135 136 137 138 139 140 141 142 143 144 145 146 147 148 149 150 151 152 153 154 155 156 157 158 159 160 161 162
|
# chasquid
[chasquid](https://blitiri.com.ar/p/chasquid) is an SMTP (email) server.
It aims to be easy to configure and maintain for a small mail server, at the
expense of flexibility and functionality.
It's written in [Go](https://golang.org).
## Features
* Easy to configure, hard to mis-configure in ways that are harmful or
insecure (e.g. no open relay, clear-text authentication, etc.).
* Tracking of per-domain TLS support, prevents connection downgrading.
* SMTP UTF8 (international usernames).
* IDNA (international domain names).
* Hooks for easy integration with greylisting, anti-virus and anti-spam.
* Multiple domains, with per-domain user database and aliases.
* Multiple TLS certificates.
* Suffix dropping (user+something@domain -> user@domain).
* Easy integration with letsencrypt.
* SPF checking.
* Monitoring HTTP server, with exported variables and tracing to help
debugging.
The following are intentionally *not* implemented:
* Custom email routing and transport.
* DKIM/DMARC checking (although the post-data hook can be used for it).
* Different backends for domain and user configuration (Dovecot authentication
may be implemented in the future).
## Status
chasquid is in beta.
It's functional and has had some production exposure, but some things may
still change in backwards-incompatible way, including the configuration format.
It should be rare and will be avoided if possible.
You should subscribe to the mailing list to get notifications of such changes.
## Contact
If you have any questions, comments or patches please send them to the mailing
list, chasquid@googlegroups.com.
To subscribe, send an email to chasquid+subscribe@googlegroups.com.
You can also browse the
[archives](https://groups.google.com/forum/#!forum/chasquid).
## Installation
To get the code and build it, you will need a working [Go](http://golang.org)
environment.
```shell
# Get the code and build the binaries.
go get blitiri.com.ar/go/chasquid
cd "$GOPATH/src/blitiri.com.ar/go/chasquid"
make
# Install the binaries to /usr/local/bin.
sudo make install-binaries
# Copy the example configuration to /etc/chasquid and /etc/systemd, and create
# the /var/lib/chasquid directory.
sudo make install-config-skeleton
```
## Configuration
The configuration is in `/etc/chasquid/` by default, and has the following
structure:
```
- chasquid.conf Main config file.
- domains/ Domains' data.
- example.com/
- users User and password database for the domain.
- aliases Aliases for the domain.
...
- certs/ Certificates to use, one dir per pair.
- mx.example.com/
- fullchain.pem Certificate (full chain).
- privkey.pem Private key.
...
```
Note the certs/ directory matches certbot's structure, so if you use it you
can just symlink to /etc/letsencrypt/live.
Make sure the user you use to run chasquid under ("mail" in the example
config) can access the certificates and private keys.
### Adding users
You can add users with:
```
chasquid-util user-add user@domain
```
This will also create the corresponding domain directory if it doesn't exist.
### Checking your configuration
Run `chasquid-util print-config` to parse your configuration and display the
resulting values.
### Checking your setup
Run `smtp-check yourdomain.com`, it will check:
* MX DNS records.
* SPF DNS records (will just warn if not present).
* TLS certificates.
It needs to access port 25, which is often blocked by ISPs, so it's likely
that you need to run it from your server.
### Greylisting, anti-spam and anti-virus
chasquid supports running a post-DATA hook, which can be used to perform
greylisting, and run anti-spam and anti-virus filters.
The hook should be at `/etc/chasquid/hooks/post-data`.
The one installed by default is a bash script supporting:
* greylisting using greylistd.
* anti-spam using spamassassin.
* anti-virus using clamav.
To use them, they just need to be available in your system.
For example, in Debian you can run the following to install all three:
```
apt install greylistd spamc clamdscan
usermod -a -G greylist mail
```
Note that the default hook may not work in all cases, it is provided as a
practical example but you should adjust it to your particular system if
needed.
|