chasquid

chasquid is an SMTP (email) server.

It aims to be easy to configure and maintain for a small mail server, at the expense of flexibility and functionality.

It's written in Go.

Features

• Easy to configure, hard to mis-configure in ways that are harmful or insecure (e.g. no open relay, clear-text authentication, etc.).
• Tracking of per-domain TLS support, prevents connection downgrading.
• SMTP UTF8 (international usernames).
• IDNA (international domain names).
• Hooks for easy integration with greylisting, anti-virus and anti-spam.
• Multiple domains, with per-domain user database and aliases.
• Multiple TLS certificates.
• Suffix dropping (user+something@domain -> user@domain).
• Easy integration with letsencrypt.
• SPF checking.
• Monitoring HTTP server, with exported variables and tracing to help debugging.

The following are intentionally not implemented:

• Custom email routing and transport.
• DKIM/DMARC checking (although the post-data hook can be used for it).
• Different backends for domain and user configuration (Dovecot authentication may be implemented in the future).

Status

chasquid is in beta.

It's functional and has had some production exposure, but some things may still change in backwards-incompatible way, including the configuration format. It should be rare and will be avoided if possible.

You should subscribe to the mailing list to get notifications of such changes.

Contact

If you have any questions, comments or patches please send them to the mailing list, chasquid@googlegroups.com.

To subscribe, send an email to chasquid+subscribe@googlegroups.com.

You can also browse the archives.

Installation

To get the code and build it, you will need a working Go environment.

# Get the code and build the binaries.
go get blitiri.com.ar/go/chasquid
cd "$GOPATH/src/blitiri.com.ar/go/chasquid"
make

# Install the binaries to /usr/local/bin.
sudo make install-binaries

# Copy the example configuration to /etc/chasquid and /etc/systemd, and create
# the /var/lib/chasquid directory.
sudo make install-config-skeleton

Configuration

The configuration is in /etc/chasquid/ by default, and has the following structure:

- chasquid.conf      Main config file.

- domains/           Domains' data.
  - example.com/
    - users          User and password database for the domain.
    - aliases        Aliases for the domain.
  ...

- certs/             Certificates to use, one dir per pair.
  - mx.example.com/
    - fullchain.pem  Certificate (full chain).
    - privkey.pem    Private key.
  ...

Note the certs/ directory matches certbot's structure, so if you use it you can just symlink to /etc/letsencrypt/live.

Make sure the user you use to run chasquid under ("mail" in the example config) can access the certificates and private keys.

Adding users

You can add users with:

chasquid-util user-add user@domain

This will also create the corresponding domain directory if it doesn't exist.

Checking your configuration

Run chasquid-util print-config to parse your configuration and display the resulting values.

Checking your setup

Run smtp-check yourdomain.com, it will check:

• MX DNS records.
• SPF DNS records (will just warn if not present).
• TLS certificates.

It needs to access port 25, which is often blocked by ISPs, so it's likely that you need to run it from your server.

Greylisting, anti-spam and anti-virus

chasquid supports running a post-DATA hook, which can be used to perform greylisting, and run anti-spam and anti-virus filters.

The hook should be at /etc/chasquid/hooks/post-data.

The one installed by default is a bash script supporting:

• greylisting using greylistd.
• anti-spam using spamassassin.
• anti-virus using clamav.

To use them, they just need to be available in your system.

For example, in Debian you can run the following to install all three:

apt install greylistd spamc clamdscan
usermod -a -G greylist mail

Note that the default hook may not work in all cases, it is provided as a practical example but you should adjust it to your particular system if needed.