2023-12-07 13:52:00 +01:00
2023-12-08 14:59:17 +01:00
< img width = "800px" src = "www/src/collage-top.png" / >
2023-12-07 13:52:00 +01:00
2023-12-09 13:43:56 +01:00
# Chatmail services optimized for Delta Chat apps
2023-10-12 15:06:48 +02:00
2023-12-09 13:43:56 +01:00
This repository helps to setup a ready-to-use chatmail server
2023-10-17 00:21:32 +02:00
comprised of a minimal setup of the battle-tested
2023-11-01 19:14:48 +01:00
[postfix smtp ](https://www.postfix.org ) and [dovecot imap ](https://www.dovecot.org ) services.
2023-10-12 15:06:48 +02:00
2023-11-01 19:14:48 +01:00
The setup is designed and optimized for providing chatmail accounts
for use by [Delta Chat apps ](https://delta.chat ).
2023-10-13 16:14:11 +02:00
2023-11-01 19:14:48 +01:00
Chatmail accounts are automatically created by a first login,
after which the initially specified password is required for using them.
2023-12-09 13:43:56 +01:00
## Deploying your own chatmail server
2023-11-01 19:14:48 +01:00
2023-12-15 23:55:18 +01:00
We use `chat.example.org` as the chatmail domain in the following steps.
Please substitute it with your own domain.
2023-10-13 16:14:11 +02:00
2023-12-13 19:10:20 +01:00
1. Install the `cmdeploy` command in a virtualenv
2023-10-13 16:14:11 +02:00
2023-12-09 13:43:56 +01:00
```
2023-12-12 22:38:23 +01:00
git clone https://github.com/deltachat/chatmail
cd chatmail
2023-12-12 21:18:01 +01:00
scripts/initenv.sh
2023-12-09 13:43:56 +01:00
```
2023-12-15 23:55:18 +01:00
2023-12-13 19:10:20 +01:00
2. Create chatmail configuration file `chatmail.ini` :
2023-12-07 13:52:00 +01:00
2023-12-09 13:43:56 +01:00
```
2023-12-15 23:55:18 +01:00
scripts/cmdeploy init chat.example.org # < -- use your domain
2023-12-09 13:43:56 +01:00
```
2023-11-01 19:14:48 +01:00
2023-12-15 23:55:18 +01:00
3. Setup first DNS records for your chatmail domain,
2023-12-13 19:10:20 +01:00
according to the hints provided by `cmdeploy init` .
Verify that SSH root login works:
```
2023-12-15 23:55:18 +01:00
ssh root@chat.example.org # < -- use your domain
2023-12-13 19:10:20 +01:00
```
2023-12-09 17:45:26 +01:00
4. Deploy to the remote chatmail server:
2023-12-04 16:50:02 +01:00
2023-12-09 13:43:56 +01:00
```
2023-12-12 21:27:16 +01:00
scripts/cmdeploy run
2023-12-09 13:43:56 +01:00
```
2023-12-14 18:18:06 +01:00
This script will also show you additional DNS records
which you should configure at your DNS provider
(it can take some time until they are public).
2023-12-07 13:52:00 +01:00
2023-12-13 19:10:20 +01:00
### Other helpful commands:
2023-12-10 12:52:35 +01:00
2023-12-13 19:10:20 +01:00
To check the status of your remotely running chatmail service:
2023-12-10 12:52:35 +01:00
2023-12-13 19:10:20 +01:00
```
scripts/cmdeploy status
```
2023-12-10 14:38:57 +01:00
2023-12-14 18:18:06 +01:00
To check whether your DNS records are correct:
```
scripts/cmdeploy dns
```
2023-12-13 19:10:20 +01:00
To test whether your chatmail service is working correctly:
```
scripts/cmdeploy test
```
2023-12-10 14:38:57 +01:00
2023-12-13 19:10:20 +01:00
To measure the performance of your chatmail service:
2023-12-10 12:52:35 +01:00
2023-12-13 19:10:20 +01:00
```
scripts/cmdeploy bench
```
2023-11-01 19:14:48 +01:00
2023-12-13 19:10:20 +01:00
## Overview of this repository
2023-12-08 14:32:40 +01:00
2023-12-15 23:52:06 +01:00
This repository drives the development of chatmail services,
2023-12-13 19:10:20 +01:00
comprised of minimal setups of
2023-12-08 14:32:40 +01:00
2023-12-13 19:10:20 +01:00
- [postfix smtp server ](https://www.postfix.org )
- [dovecot imap server ](https://www.dovecot.org )
2023-12-08 14:32:40 +01:00
2023-12-13 19:10:20 +01:00
as well as custom services that are integrated with these two:
2023-12-09 13:43:56 +01:00
2023-12-13 19:10:20 +01:00
- `chatmaild/src/chatmaild/doveauth.py` implements
create-on-login account creation semantics and is used
by Dovecot during login authentication and by Postfix
which in turn uses [Dovecot SASL ](https://doc.dovecot.org/configuration_manual/authentication/dict/#complete-example-for-authenticating-via-a-unix-socket )
to authenticate users
to send mails for them.
2023-12-08 14:32:40 +01:00
2023-12-13 19:10:20 +01:00
- `chatmaild/src/chatmaild/filtermail.py` prevents
2023-12-15 23:52:06 +01:00
unencrypted e-mail from leaving the chatmail service
2023-12-13 19:10:20 +01:00
and is integrated into postfix's outbound mail pipelines.
2023-12-08 14:32:40 +01:00
2023-12-13 19:10:20 +01:00
There is also the `cmdeploy/src/cmdeploy/cmdeploy.py` command line tool
which helps with setting up and managing the chatmail service.
`cmdeploy run` uses [pyinfra-based scripting ](https://pyinfra.com/ )
in `cmdeploy/src/cmdeploy/__init__.py`
to automatically install all chatmail components on a server.
2023-12-08 14:32:40 +01:00
2023-12-09 13:43:56 +01:00
2023-12-13 19:10:20 +01:00
### Home page and getting started for users
2023-12-09 13:43:56 +01:00
2023-12-13 19:10:20 +01:00
`cmdeploy run` also creates default static Web pages and deploys them
2023-12-15 23:55:18 +01:00
to a nginx web server with:
2023-12-09 13:43:56 +01:00
2023-12-13 19:10:20 +01:00
- a default `index.html` along with a QR code that users can click to
2023-12-09 13:43:56 +01:00
create accounts on your chatmail provider,
- a default `info.html` that is linked from the home page,
2023-12-13 19:10:20 +01:00
- a default `policy.html` that is linked from the home page.
2023-12-09 13:43:56 +01:00
2023-12-13 19:10:20 +01:00
All `.html` files are generated
2023-12-09 13:43:56 +01:00
by the according markdown `.md` file in the `www/src` directory.
2023-12-08 14:32:40 +01:00
2023-12-13 19:10:20 +01:00
### Refining the web pages
2023-11-01 19:14:48 +01:00
2023-12-13 19:10:20 +01:00
```
scripts/cmdeploy webdev
```
2023-10-14 11:34:09 +02:00
2023-12-13 19:10:20 +01:00
This starts a local live development cycle for chatmail Web pages:
2023-10-14 11:34:09 +02:00
2023-12-13 19:10:20 +01:00
- uses the `www/src/page-layout.html` file for producing static
HTML pages from `www/src/*.md` files
2023-10-14 11:34:09 +02:00
2023-12-13 19:10:20 +01:00
- continously builds the web presence reading files from `www/src` directory
and generating html files and copying assets to the `www/build` directory.
2023-10-13 17:45:54 +02:00
2023-12-13 19:10:20 +01:00
- Starts a browser window automatically where you can "refresh" as needed.
2023-10-13 17:45:54 +02:00
2023-12-13 19:10:20 +01:00
## Emergency Commands to disable automatic account creation
2023-10-13 16:14:11 +02:00
2023-12-13 19:10:20 +01:00
If you need to stop account creation,
e.g. because some script is wildly creating accounts,
login to the server with ssh and run:
2023-10-12 15:06:48 +02:00
2023-12-13 19:10:20 +01:00
```
touch /etc/chatmail-nocreate
```
2023-10-12 15:06:48 +02:00
2023-12-13 19:10:20 +01:00
While this file is present, account creation will be blocked.
2023-10-12 15:06:48 +02:00
2023-12-13 19:10:20 +01:00
### Ports
2023-11-01 19:14:48 +01:00
2023-12-21 16:56:51 +01:00
[Postfix ](http://www.postfix.org/ ) listens on ports 25 (smtp) and 587 (submission) and 465 (submissions).
[Dovecot ](https://www.dovecot.org/ ) listens on ports 143 (imap) and 993 (imaps).
[nginx ](https://www.nginx.com/ ) listens on port 443 (https).
[acmetool ](https://hlandau.github.io/acmetool/ ) listens on port 80 (http).
2023-10-17 19:13:30 +02:00
2023-12-13 19:10:20 +01:00
Delta Chat apps will, however, discover all ports and configurations
2024-01-07 22:26:10 +01:00
automatically by reading the [autoconfig XML file ](https://www.ietf.org/archive/id/draft-bucksch-autoconfig-00.html ) from the chatmail service.
2023-10-17 19:13:30 +02:00
2024-04-10 19:46:18 +02:00
## Email authentication
chatmail servers rely on [DKIM ](https://www.rfc-editor.org/rfc/rfc6376 )
to authenticate incoming emails.
Incoming emails must have a valid DKIM signature with
Signing Domain Identifier (SDID, `d=` parameter in the DKIM-Signature header)
equal to the `From:` header domain.
This property is checked by OpenDKIM screen policy script
before validating the signatures.
This correpsonds to strict [DMARC ](https://www.rfc-editor.org/rfc/rfc7489 ) alignment (`adkim=s`),
but chatmail does not rely on DMARC and does not consult the sender policy published in DMARC records.
Other legacy authentication mechanisms such as [iprev ](https://www.rfc-editor.org/rfc/rfc8601#section-2.7.3 )
and [SPF ](https://www.rfc-editor.org/rfc/rfc7208 ) are also not taken into account.
If there is no valid DKIM signature on the incoming email,
the sender receives a "5.7.1 No valid DKIM signature found" error.
Outgoing emails must be sent over authenticated connection
with envelope MAIL FROM (return path) corresponding to the login.
This is ensured by Postfix which maps login username
to MAIL FROM with
[`smtpd_sender_login_maps` ](https://www.postfix.org/postconf.5.html#smtpd_sender_login_maps )
and rejects incorrectly authenticated emails with [`reject_sender_login_mismatch` ](reject_sender_login_mismatch ) policy.
`From:` header must correspond to envelope MAIL FROM,
this is ensured by `filtermail` proxy.