| author | Alberto Bertogli
<albertito@blitiri.com.ar> 2016-10-26 22:54:41 UTC |
| committer | Alberto Bertogli
<albertito@blitiri.com.ar> 2016-11-01 23:56:04 UTC |
| parent | 3865dd0ea472cbaa0816a09dd03e0903ce5937ab |
| etc/chasquid/README | +27 | -0 |
| etc/chasquid/certs | +1 | -0 |
| etc/chasquid/chasquid.conf | +77 | -0 |
| etc/chasquid/domains/.gitignore | +0 | -0 |
| {hooks => etc/chasquid/hooks}/post-data | +0 | -0 |
| etc/systemd/system/chasquid-smtp.socket | +11 | -0 |
| etc/systemd/system/chasquid-submission.socket | +11 | -0 |
| etc/systemd/system/chasquid.service | +23 | -0 |
| internal/config/config.proto | +14 | -5 |
diff --git a/etc/chasquid/README b/etc/chasquid/README new file mode 100644 index 0000000..82ac8ac --- /dev/null +++ b/etc/chasquid/README @@ -0,0 +1,27 @@ + +This directory contains chasquid's configuration. + +- chasquid.conf Main config file. + +- domains/ Domains' data. + - example.com/ + - users User and password database for the domain. + - aliases Aliases for the domain. + ... + +- certs/ Certificates to use, one dir per pair. + - example.com/ + - fullchain.pem Certificate (full chain). + - privkey.pem Private key. + ... + + +Note the certs/ directory matches certbot's structure, so if you use it you +can just symlink to /etc/letsencrypt/live. + +Make sure the user you use to run chasquid under ("mail" in the example +config) can access the certificates and private keys. + + +The user databases can be created and edited with the chasquid-util tool. + diff --git a/etc/chasquid/certs b/etc/chasquid/certs new file mode 120000 index 0000000..1f4d9d6 --- /dev/null +++ b/etc/chasquid/certs @@ -0,0 +1 @@ +/etc/letsencrypt/live/ \ No newline at end of file diff --git a/etc/chasquid/chasquid.conf b/etc/chasquid/chasquid.conf new file mode 100644 index 0000000..42e0bf0 --- /dev/null +++ b/etc/chasquid/chasquid.conf @@ -0,0 +1,77 @@ + +# Main/default hostname to use. +# This is used to say hello to clients, and by default as the domain +# we send delivery notifications errors from. +# It should be a domain we can send email from, and we should have a +# certificate for it. +# It usually helps if our IP address resolves to it. +# Default: machine hostname. +#hostname: "mx.example.com" + +# Maximum email size, in megabytes. +# Default: 50. +#max_data_size_mb: 50 + +# Addresses to listen on for SMTP (usually port 25). +# Default: "systemd", which means systemd passes sockets to us. +# systemd sockets must be named with "FileDescriptorName=smtp". +#smtp_address: "systemd" +#smtp_address: ":25" + +# Addresses to listen on for submission (usually port 587). +# Default: "systemd", which means systemd passes sockets to us. +# systemd sockets must be named with "FileDescriptorName=submission". +#submission_address: "systemd" +#submission_address: ":587" + +# Address for the monitoring http server. +# Do NOT expose this to the public internet. +# Default: no monitoring http server. +#monitoring_address: "127.0.0.1:1099" + +# Mail delivery agent (MDA, also known as LDA) to use. +# This should point to the binary to use to deliver email to local users. +# The content of the email will be passed via stdin. +# If it exits unsuccessfully, we assume the mail was not delivered. +# Default: "procmail". +#mail_delivery_agent_bin: "procmail" + +# Command line arguments for the mail delivery agent. One per argument. +# Some replacements will be done. +# On an email sent from marsnik@mars to venera@venus: +# - %from% -> from address (marsnik@mars) +# - %from_user% -> from user (marsnik) +# - %from_domain% -> from domain (mars) +# - %to% -> to address (venera@venus) +# - %to_user% -> to user (venera) +# - %to_domain% -> to domain (venus) +# +# Default: "-f", "%from%", "-d", "%to_user%" (adequate for procmail and +# maildrop). +#mail_delivery_agent_args: "-f" +#mail_delivery_agent_args: "%from%" +#mail_delivery_agent_args: "-d" +#mail_delivery_agent_args: "%to_user%" + +# Directory where we store our persistent data. +# Default: "/var/lib/chasquid" +#data_dir: "/var/lib/chasquid" + +# Suffix separator, to perform suffix removal of local users. +# For example, if you set this to "-+", email to local user +# "user-blah" and "user+blah" will be delivered to "user". +# Including "+" is strongly encouraged, as it is assumed for email +# forwarding. +# Default: "+". +#suffix_separators: "+" + +# Characters to drop from the user part on local emails. +# For example, if you set this to "._", email to local user +# "u.se_r" will be delivered to "user". +# Default: ".". +#drop_characters: "." + +# Path where to write the mail log to. +# If "<syslog>", log using the syslog (at MAIL|INFO priority). +# Default: <syslog> +#mail_log_path: "<syslog>" diff --git a/etc/chasquid/domains/.gitignore b/etc/chasquid/domains/.gitignore new file mode 100644 index 0000000..e69de29 diff --git a/hooks/post-data b/etc/chasquid/hooks/post-data similarity index 100% rename from hooks/post-data rename to etc/chasquid/hooks/post-data diff --git a/etc/systemd/system/chasquid-smtp.socket b/etc/systemd/system/chasquid-smtp.socket new file mode 100644 index 0000000..dfb37dd --- /dev/null +++ b/etc/systemd/system/chasquid-smtp.socket @@ -0,0 +1,11 @@ +[Unit] +Description=chasquid mail daemon (SMTP sockets) + +[Socket] +ListenStream=25 +FileDescriptorName=smtp +Service=chasquid.service + +[Install] +WantedBy=chasquid.target + diff --git a/etc/systemd/system/chasquid-submission.socket b/etc/systemd/system/chasquid-submission.socket new file mode 100644 index 0000000..f182f6d --- /dev/null +++ b/etc/systemd/system/chasquid-submission.socket @@ -0,0 +1,11 @@ +[Unit] +Description=chasquid mail daemon (submission sockets) + +[Socket] +ListenStream=587 +FileDescriptorName=submission +Service=chasquid.service + +[Install] +WantedBy=chasquid.target + diff --git a/etc/systemd/system/chasquid.service b/etc/systemd/system/chasquid.service new file mode 100644 index 0000000..98f6a5b --- /dev/null +++ b/etc/systemd/system/chasquid.service @@ -0,0 +1,23 @@ +[Unit] +Description=chasquid mail daemon (service) +Requires = chasquid-smtp.socket chasquid-submission.socket + +[Service] +ExecStart = /usr/local/bin/chasquid \ + +# -v=3 \ +# --log_dir=/var/log/chasquid/ \ +# --alsologtostderr \ + +Type = simple +Restart = always + +User = mail +Group = mail + +# Simple security measures just in case. +ProtectSystem = full + +[Install] +WantedBy = multi-user.target + diff --git a/internal/config/config.proto b/internal/config/config.proto index bedaba9..3d49358 100644 --- a/internal/config/config.proto +++ b/internal/config/config.proto @@ -5,7 +5,8 @@ message Config { // Main/default hostname to use. // This is used to say hello to clients, and by default as the domain // we send delivery notifications errors from. - // It should be a domain we can send email from. + // It should be a domain we can send email from, and we should have a + // certificate for it. // It usually helps if our IP address resolves to it. // Default: machine hostname. string hostname = 1; @@ -25,6 +26,7 @@ message Config { repeated string submission_address = 4; // Address for the monitoring http server. + // Do NOT expose this to the public internet. // Default: no monitoring http server. string monitoring_address = 5; @@ -36,10 +38,17 @@ message Config { string mail_delivery_agent_bin = 6; // Command line arguments for the mail delivery agent. One per argument. - // Some replacements will be done: - // - "%user%" -> local user (anything before the @) - // - "%domain%" -> domain (anything after the @) - // Default: "-d", "%user" (adequate for procmail) + // Some replacements will be done. + // On an email sent from marsnik@mars to venera@venus: + // - %from% -> from address (marsnik@mars) + // - %from_user% -> from user (marsnik) + // - %from_domain% -> from domain (mars) + // - %to% -> to address (venera@venus) + // - %to_user% -> to user (venera) + // - %to_domain% -> to domain (venus) + // + // Default: "-f", "%from%", "-d", "%to_user%" (adequate for procmail + // and maildrop). repeated string mail_delivery_agent_args = 7; // Directory where we store our persistent data.