etc: Add a skeleton configuration structure

This patch adds an "etc" directory, with a basic configuration structure
that can be used for an initial installation.

etc/chasquid/README

@@ -0,0 +1,27 @@
+
+This directory contains chasquid's configuration.
+
+- chasquid.conf          Main config file.
+
+- domains/               Domains' data.
+  - example.com/
+    - users          User and password database for the domain.
+    - aliases        Aliases for the domain.
+  ...
+
+- certs/                 Certificates to use, one dir per pair.
+  - example.com/
+    - fullchain.pem  Certificate (full chain).
+    - privkey.pem    Private key.
+  ...
+
+
+Note the certs/ directory matches certbot's structure, so if you use it you
+can just symlink to /etc/letsencrypt/live.
+
+Make sure the user you use to run chasquid under ("mail" in the example
+config) can access the certificates and private keys.
+
+
+The user databases can be created and edited with the chasquid-util tool.
+

etc/chasquid/certs

@@ -0,0 +1 @@
+/etc/letsencrypt/live/

etc/chasquid/chasquid.conf

@@ -0,0 +1,77 @@
+
+# Main/default hostname to use.
+# This is used to say hello to clients, and by default as the domain
+# we send delivery notifications errors from.
+# It should be a domain we can send email from, and we should have a
+# certificate for it.
+# It usually helps if our IP address resolves to it.
+# Default: machine hostname.
+#hostname: "mx.example.com"
+
+# Maximum email size, in megabytes.
+# Default: 50.
+#max_data_size_mb: 50
+
+# Addresses to listen on for SMTP (usually port 25).
+# Default: "systemd", which means systemd passes sockets to us.
+# systemd sockets must be named with "FileDescriptorName=smtp".
+#smtp_address: "systemd"
+#smtp_address: ":25"
+
+# Addresses to listen on for submission (usually port 587).
+# Default: "systemd", which means systemd passes sockets to us.
+# systemd sockets must be named with "FileDescriptorName=submission".
+#submission_address: "systemd"
+#submission_address: ":587"
+
+# Address for the monitoring http server.
+# Do NOT expose this to the public internet.
+# Default: no monitoring http server.
+#monitoring_address: "127.0.0.1:1099"
+
+# Mail delivery agent (MDA, also known as LDA) to use.
+# This should point to the binary to use to deliver email to local users.
+# The content of the email will be passed via stdin.
+# If it exits unsuccessfully, we assume the mail was not delivered.
+# Default: "procmail".
+#mail_delivery_agent_bin: "procmail"
+
+# Command line arguments for the mail delivery agent. One per argument.
+# Some replacements will be done.
+# On an email sent from marsnik@mars to venera@venus:
+#  - %from%        -> from address (marsnik@mars)
+#  - %from_user%   -> from user (marsnik)
+#  - %from_domain% -> from domain (mars)
+#  - %to%        -> to address (venera@venus)
+#  - %to_user%   -> to user (venera)
+#  - %to_domain% -> to domain (venus)
+#
+# Default: "-f", "%from%", "-d", "%to_user%"  (adequate for procmail and
+# maildrop).
+#mail_delivery_agent_args: "-f"
+#mail_delivery_agent_args: "%from%"
+#mail_delivery_agent_args: "-d"
+#mail_delivery_agent_args: "%to_user%"
+
+# Directory where we store our persistent data.
+# Default: "/var/lib/chasquid"
+#data_dir: "/var/lib/chasquid"
+
+# Suffix separator, to perform suffix removal of local users.
+# For example, if you set this to "-+", email to local user
+# "user-blah" and "user+blah" will be delivered to "user".
+# Including "+" is strongly encouraged, as it is assumed for email
+# forwarding.
+# Default: "+".
+#suffix_separators: "+"
+
+# Characters to drop from the user part on local emails.
+# For example, if you set this to "._", email to local user
+# "u.se_r" will be delivered to "user".
+# Default: ".".
+#drop_characters: "."
+
+# Path where to write the mail log to.
+# If "<syslog>", log using the syslog (at MAIL|INFO priority).
+# Default: <syslog>
+#mail_log_path: "<syslog>"

etc/chasquid/hooks/post-data

@@ -0,0 +1,55 @@
+#!/bin/bash
+#
+# This file is an example post-data hook that will run standard filtering
+# utilities if they are available.
+#
+#  - greylist (from greylistd) to do greylisting.
+#  - spamc (from Spamassassin) to filter spam.
+#  - clamdscan (from ClamAV) to filter virus.
+#
+# If it exits with code 20, it will be considered a permanent error.
+# Otherwise, temporary.
+
+set -e
+
+
+# Note greylistd needs you to add the user to the "greylist" group:
+#   usermod -a -G greylist mail
+if [ "$AUTH_AS" == "" ] && [ "$SPF_PASS" == "0" ] && \
+	command -v greylist >/dev/null && \
+	groups | grep -q greylist;
+then
+	REMOTE_IP=$(echo "$REMOTE_ADDR" | rev | cut -d : -f 2- | rev)
+	if ! greylist update "$REMOTE_IP" "$MAIL_FROM" 1>&2; then
+		echo "greylisted, please try again"
+		exit 75  # temporary error
+	fi
+	echo "X-Greylist: pass"
+fi
+
+
+TF="$(mktemp --tmpdir post-data-XXXXXXXXXX)"
+trap 'rm "$TF"' EXIT
+
+# Save the message to the temporary file, so we can pass it on to the various
+# filters.
+cat > "$TF"
+
+
+if command -v spamc >/dev/null; then
+        if ! SL=$(spamc -c - < "$TF") ; then
+                echo "spam detected"
+                exit 20  # permanent
+        fi
+        echo "X-Spam-Score: $SL"
+fi
+
+
+if command -v clamdscan >/dev/null; then
+        if ! clamdscan --no-summary --infected - < "$TF" 1>&2 ; then
+                echo "virus detected"
+                exit 20  # permanent
+        fi
+        echo "X-Virus-Scanned: pass"
+fi
+

etc/systemd/system/chasquid-smtp.socket

@@ -0,0 +1,11 @@
+[Unit]
+Description=chasquid mail daemon (SMTP sockets)
+
+[Socket]
+ListenStream=25
+FileDescriptorName=smtp
+Service=chasquid.service
+
+[Install]
+WantedBy=chasquid.target
+

etc/systemd/system/chasquid-submission.socket

@@ -0,0 +1,11 @@
+[Unit]
+Description=chasquid mail daemon (submission sockets)
+
+[Socket]
+ListenStream=587
+FileDescriptorName=submission
+Service=chasquid.service
+
+[Install]
+WantedBy=chasquid.target
+

etc/systemd/system/chasquid.service

@@ -0,0 +1,23 @@
+[Unit]
+Description=chasquid mail daemon (service)
+Requires = chasquid-smtp.socket chasquid-submission.socket
+
+[Service]
+ExecStart = /usr/local/bin/chasquid \
+
+#	-v=3 \
+#	--log_dir=/var/log/chasquid/ \
+#	--alsologtostderr \
+
+Type = simple
+Restart = always
+
+User = mail
+Group = mail
+
+# Simple security measures just in case.
+ProtectSystem = full
+
+[Install]
+WantedBy = multi-user.target
+