Installing and configuring chasquid

Installation

Debian/Ubuntu

If you're using Debian or Ubuntu, chasquid can be installed by running:

sudo apt install chasquid

Arch

If you're using Arch, there is a chasquid AUR package you can use. See the official Arch documentation for how to install it. If you use the pacaur helper, you can just run:

pacaur -S chasquid

Binary packages are also available, courtesy of foxcpp.

From source

To get, build and install from source, you will need a working Go environment.

# Get the code and build the binaries.
git clone https://blitiri.com.ar/repos/chasquid
cd chasquid
make

# Install the binaries to /usr/local/bin.
sudo make install-binaries

# Copy the example configuration to /etc/chasquid and /etc/systemd, and create
# the /var/lib/chasquid directory.
sudo make install-config-skeleton

Configuration

The configuration is in /etc/chasquid/ by default, and has the following structure:

- chasquid.conf      Main config file.

- domains/           Domains' data.
  - example.com/
    - users          User and password database for the domain.
    - aliases        Aliases for the domain.
  ...

- certs/             Certificates to use, one dir per pair.
  - mx.example.com/
    - fullchain.pem  Certificate (full chain).
    - privkey.pem    Private key.
  ...

Certificates

The certs/ directory layout matches the one from certbot, letsencrypt's default client, to make it easier to integrate.

A convenient way to set this up is:

  1. Obtain TLS certificates using certbot as needed.
  2. Symlink chasquid's certs/ to /etc/letsencrypt/live: sudo ln -s /etc/letsencrypt/live/ /etc/chasquid/certs
  3. Give chasquid permissions to read the certificates: sudo setfacl -R -m u:chasquid:rX /etc/letsencrypt/{live,archive}
  4. Set up automatic renewal to restart chasquid when certificates are renewed.

Please see the how-to guide for more detailed examples.

Adding users

You can add users with:

chasquid-util user-add user@domain

This will also create the corresponding domain directory if it doesn't exist.

Checking your configuration

Run chasquid-util print-config to parse your configuration and display the resulting values.

Checking your setup

Run smtp-check yourdomain.com, it will check:

It needs to access port 25, which is often blocked by ISPs, so it's likely that you need to run it from your server.

Greylisting, anti-spam and anti-virus

chasquid supports running a post-DATA hook, which can be used to perform greylisting, and run anti-spam and anti-virus filters.

The hook should be at /etc/chasquid/hooks/post-data.

The one installed by default is a bash script supporting:

To use them, they just need to be available in your system.

For example, in Debian you can run the following to install all three:

apt install greylistd spamc clamdscan
usermod -a -G greylist mail

Note that the default hook may not work in all cases, it is provided as a practical example but you should adjust it to your particular system if needed.