Uriel Fanelli
386c80b6a4
#Start multistage Docker #Stage 1 : build brutalinks FROM golang:latest AS zangbuilder RUN apt install make git -y RUN mkdir -p /go/src/zangtumb RUN git clone https://git.keinpfusch.net/loweel/zangtumb.git /go/src/zangtumb WORKDIR /go/src/zangtumb ENV GO111MODULE=auto RUN go build #Start multistage Docker #Stage 3 : put pieces together FROM debian:latest RUN apt update RUN apt upgrade -y RUN apt install ca-certificates -y RUN mkdir -p /opt/zangtumb WORKDIR /opt/zangtumb COPY --from=zangbuilder /go/src/zangtumb /opt/zangtumb/ ENTRYPOINT ["/opt/zangtumb/zangtumb"] |
||
---|---|---|
smtpd | ||
vendor | ||
.gitignore | ||
Dockerfile | ||
LICENSE | ||
README.md | ||
backend.go | ||
go.mod | ||
go.sum | ||
handler.go | ||
recipients.conf.example | ||
run.sh | ||
session.go | ||
tls.go | ||
zangtumb.go |
README.md
Futuristic SMTP INBOUND-only server for home usage. Inspired by Marinetti's RFC (AKA Manifesto of Futurism).
It only serves a precise list of email address. No aliases.
Everything else will be apparently accepted, and then discarded. So that, spammers will waste their time (and money).
REQUIREMENTS:
- Golang version >= 1.13
- git
INSTALLATION
First download the code into the folder you want to use with Golang
git clone https://git.keinpfusch.net/loweel/zangtumb.git
go build -mod=vendor
./zangtumb to start the daemon , after setting the environment strings.
CONFIGURATION
zangtumb is designed be easy to dockerize.
A reference pseudo-dockerfile could be:
FROM debian:stable-slim
##MAIN
ENV KEYFILE "/certs/"mydomain.key"
ENV CERTFILE "/certs/mydomain.crt"
ENV DOMAINNAME "mydomain.tld"
ENV LISTEN ":5025"
##SESSION
ENV RECIPIENTS "recipients.conf"
ENV MAILFOLDER "/zangmail"
##MAIN
ENV USETLS="true"
## HERE WE GO
RUN useradd -ms /bin/bash zangtumb
RUN mkdir -p /opt/zangtumb
RUN mkdir -p /zangmail
COPY . /opt/zangtumb/
RUN chown -R zangtumb:zangtumb /opt/zangtumb
RUN chown -R zangtumb:zangtumb /zangmail
EXPOSE 5025
USER zangtumb
WORKDIR /opt/zangtumb
ENTRYPOINT ["/opt/zangtumb/zangtumb"]
everything is configured using ENV strings , as follows
ENV STRING | Example value | Meaning |
---|---|---|
KEYFILE | "/certs/mydomain.key" | Path for private key. Only needed when using TLS. Which means, well... it's your email. So you don't want to send it in clear, isn't it? |
CERTFILE | "/certs/mydomain.crt" | Path for certificate. Only needed when using TLS. Which means, well... it's your email. So you don't want to send it in clear, isn't it? |
DOMAINNAME | "mydomain.tld" | will declare this value on the banner. No impact on recipients. Used as CN in self-signed certificates |
LISTEN | ":5025" | Address to listen in golang format. This example will listen to port 5025 on all interfaces. You may specify a specific interface like "1.2.3.4:5025" |
RECIPIENTS | "recipients.conf" | File containing a list with email to serve. One mail address per line. Please notice, that pippo@pluto.com and pippo@paperino.com will end in the same mailbox, "pippo". |
MAILFOLDER | "/zangmail" | Root of mailfolder. Mail is stored in the default dovecot Maildir format, meaning in the example "/zangmail/%u/Maildir" . |
USETLS | "true" | Whether to force all to use TLS or not. yes. Do it. |
Of course , if you put your certificatesinto /certs, (likethe example), this folder MUST exist.
That's it.
FAQ
-
This TLS behavior is violating RFC 2487
-
To give a shit of RFCs is a de facto standard. Zangtumb works, and no spammer will ever buy a certificate per each spambot.
-
The minimal amount of recipients by RFC 5321 is 100. You reduced it.
-
Yes. The reason is, we allow the ones we need. No more. This server is supposed to run inside a Raspberry, if needed. Call the RFC police, if you don't like.
-
The example dockerfile is way too big. Why no multistage?
-
This is because is an example. An example must be easy to understand. An example must be simple. Even you should be able to understand it. Well.... ok. Let's say, even Bob should.
-
Why don't you use opensmtpd?
-
To make this server took less than dockerizing opensmtpd in a decent way.
-
Why don't you use postfix/sendmail/qmail/courier
-
I serve 4 mailboxes in total. Why should I deploy all that complexity? Complexity != security.
-
Silently discarrding email after pretending you've accepted is not nice. Perhaps, this will make your server to look like an open relay.
-
Unfortunately, English cannot translate the correct answer, which is "esticazzi non ce lo scriviamo?". So I can't properly answer you.
-
This golang code is not idiomatic. And there is no graphene, no quantum computing, no UI/UX and no horizontal scaling of Internet of Things with Artificial Intelligence of Big Data.
-
Please, bring me a Frappuccino.