Futuristic SMTP INBOUND-only server for home usage.
 
 
 
Go to file
Uriel Fanelli 386c80b6a4 Add Dockerfile
#Start multistage Docker
#Stage 1 : build brutalinks


FROM golang:latest AS zangbuilder
RUN apt install make  git -y
RUN mkdir -p /go/src/zangtumb
RUN git clone https://git.keinpfusch.net/loweel/zangtumb.git /go/src/zangtumb 
WORKDIR /go/src/zangtumb
ENV GO111MODULE=auto 
RUN go build 


#Start multistage Docker
#Stage 3 : put pieces together

FROM debian:latest 
RUN apt update
RUN apt upgrade -y
RUN apt install ca-certificates -y
RUN mkdir -p /opt/zangtumb
WORKDIR  /opt/zangtumb
COPY --from=zangbuilder /go/src/zangtumb /opt/zangtumb/
ENTRYPOINT ["/opt/zangtumb/zangtumb"]
2023-06-18 18:00:22 +02:00
smtpd Now Zangtumb will create its own selfsigned certificates 2021-07-31 13:26:20 +02:00
vendor First release 2020-10-08 22:36:17 +02:00
.gitignore First release 2020-10-08 22:36:17 +02:00
Dockerfile Add Dockerfile 2023-06-18 18:00:22 +02:00
LICENSE Update 'LICENSE' 2021-02-02 19:09:02 +00:00
README.md Updated readme. 2021-07-31 14:02:25 +02:00
backend.go Protected map, better check for RCPT 2021-07-30 23:20:49 +02:00
go.mod Protected map, better check for RCPT 2021-07-30 23:20:49 +02:00
go.sum Protected map, better check for RCPT 2021-07-30 23:20:49 +02:00
handler.go Now Zangtumb will create its own selfsigned certificates 2021-07-31 13:26:20 +02:00
recipients.conf.example First release 2020-10-08 22:36:17 +02:00
run.sh improved tls selfsigned 2021-07-31 18:07:38 +02:00
session.go Protected map, better check for RCPT 2021-07-30 23:20:49 +02:00
tls.go improved tls selfsigned 2021-07-31 18:07:38 +02:00
zangtumb.go creating certs in the proper time 2021-07-31 15:00:12 +02:00

README.md

Futuristic SMTP INBOUND-only server for home usage. Inspired by Marinetti's RFC (AKA Manifesto of Futurism).

It only serves a precise list of email address. No aliases.

Everything else will be apparently accepted, and then discarded. So that, spammers will waste their time (and money).

REQUIREMENTS:

  • Golang version >= 1.13
  • git

INSTALLATION

First download the code into the folder you want to use with Golang

git clone https://git.keinpfusch.net/loweel/zangtumb.git
go build -mod=vendor

./zangtumb to start the daemon , after setting the environment strings.

CONFIGURATION

zangtumb is designed be easy to dockerize.

A reference pseudo-dockerfile could be:


FROM debian:stable-slim  
##MAIN
ENV KEYFILE "/certs/"mydomain.key"
ENV CERTFILE "/certs/mydomain.crt"
ENV DOMAINNAME "mydomain.tld"
ENV LISTEN ":5025"


##SESSION
ENV RECIPIENTS "recipients.conf"
ENV MAILFOLDER "/zangmail"

##MAIN
ENV USETLS="true"
## HERE WE GO

RUN useradd -ms /bin/bash zangtumb 
RUN mkdir -p /opt/zangtumb
RUN mkdir -p /zangmail
COPY . /opt/zangtumb/

RUN chown -R zangtumb:zangtumb /opt/zangtumb
RUN chown -R zangtumb:zangtumb /zangmail
EXPOSE 5025

USER zangtumb
WORKDIR /opt/zangtumb
ENTRYPOINT ["/opt/zangtumb/zangtumb"]

everything is configured using ENV strings , as follows

ENV STRING Example value Meaning
KEYFILE "/certs/mydomain.key" Path for private key. Only needed when using TLS. Which means, well... it's your email. So you don't want to send it in clear, isn't it?
CERTFILE "/certs/mydomain.crt" Path for certificate. Only needed when using TLS. Which means, well... it's your email. So you don't want to send it in clear, isn't it?
DOMAINNAME "mydomain.tld" will declare this value on the banner. No impact on recipients. Used as CN in self-signed certificates
LISTEN ":5025" Address to listen in golang format. This example will listen to port 5025 on all interfaces. You may specify a specific interface like "1.2.3.4:5025"
RECIPIENTS "recipients.conf" File containing a list with email to serve. One mail address per line. Please notice, that pippo@pluto.com and pippo@paperino.com will end in the same mailbox, "pippo".
MAILFOLDER "/zangmail" Root of mailfolder. Mail is stored in the default dovecot Maildir format, meaning in the example "/zangmail/%u/Maildir" .
USETLS "true" Whether to force all to use TLS or not. yes. Do it.

Of course , if you put your certificatesinto /certs, (likethe example), this folder MUST exist.

That's it.

FAQ

  • This TLS behavior is violating RFC 2487

  • To give a shit of RFCs is a de facto standard. Zangtumb works, and no spammer will ever buy a certificate per each spambot.

  • The minimal amount of recipients by RFC 5321 is 100. You reduced it.

  • Yes. The reason is, we allow the ones we need. No more. This server is supposed to run inside a Raspberry, if needed. Call the RFC police, if you don't like.

  • The example dockerfile is way too big. Why no multistage?

  • This is because is an example. An example must be easy to understand. An example must be simple. Even you should be able to understand it. Well.... ok. Let's say, even Bob should.

  • Why don't you use opensmtpd?

  • To make this server took less than dockerizing opensmtpd in a decent way.

  • Why don't you use postfix/sendmail/qmail/courier

  • I serve 4 mailboxes in total. Why should I deploy all that complexity? Complexity != security.

  • Silently discarrding email after pretending you've accepted is not nice. Perhaps, this will make your server to look like an open relay.

  • Unfortunately, English cannot translate the correct answer, which is "esticazzi non ce lo scriviamo?". So I can't properly answer you.

  • This golang code is not idiomatic. And there is no graphene, no quantum computing, no UI/UX and no horizontal scaling of Internet of Things with Artificial Intelligence of Big Data.

  • Please, bring me a Frappuccino.