7 releases (4 stable)
|1.2.0||Aug 4, 2021|
|1.1.0||Feb 6, 2021|
|1.0.1||Aug 24, 2020|
|1.0.1-snapshot||Aug 13, 2020|
#26 in Email
You can run your own privacy focussed, resource efficient mail server. Samotop docker image is available for your convenience.
- Tiny docker image - only contains statically compiled samotop and openssl, no OS clutter.
- The server will receive mail and write it to a given maildir folder. Another program can pick the folder and process it further.
- STARTTLS can be configured if you provide a cert and identity file.
- Encryption at rest
- Mail relaying
- Antispam features:
- SPF - refuse mail with failing SPF check
- Using cargo:
cargo install samotop-server
- Using docker:
docker pull brightopen/samotop
- locally, run
samotop-server --helpfor command-line reference.
- in docker, run
docker run --rm -ti samotop
Both should produce a usage information not too different from this:
samotop 1.2.0 USAGE: samotop-server [FLAGS] [OPTIONS] --cert-file <cert file path> --identity-file <identity file path> FLAGS: -h, --help Prints help information --no-tls Disable TLS suport -V, --version Prints version information OPTIONS: -n, --name <SMTP service name> Use the given name in SMTP greetings, or if absent, use hostname -b, --base-dir <base dir path> What is the base dir for other relative paths? [default: .] -c, --cert-file <cert file path> Use this cert file for TLS. Disabled with --no-tls. If a relative path is given, it will be relative to base-dir --banner_delay <delay> Should we enforce prudent banner deleay? Delay is in miliseconds -i, --identity-file <identity file path> Use this identity file for TLS. Disabled with --no-tls. If a relative path is given, it will be relative to base-dir -m, --mail-dir <mail dir path> Where to store incoming mail? If a relative path is given, it will be relative to base-dir [default: inmail] -p, --port <port>... SMTP server address:port, such as 127.0.0.1:25 or localhost:12345. The option can be set multiple times and the server will start on all given ports. If no ports are given, the default is to start on localhost:25 --command_timeout <timeout> Should we enforce prudent command timeout? Timeout is in miliseconds
You can run these openssl commands in docker as well. This will run an openssl with the current folder mounted under /data and that is also the work dir:
docker run --rm -ti -v "$PWD:/data/" -w "/data/" --entrypoint openssl samotop help
Generate a cert and ID with openssl:
openssl req -new -newkey rsa:4096 -x509 -sha256 -days 365 -nodes -out Samotop.crt -keyout Samotop.key
openssl s_client -connect localhost:25 -starttls smtp
Debug with STARTTLS:
openssl s_client -connect localhost:25 -debug -starttls smtp
For native-tls, you'd convert to pfx:
openssl pkcs12 -export -out Samotop.pfx -inkey Samotop.key -in Samotop.crt
Extracting pub key from cert:
openssl x509 -pubkey -noout -in Samotop.crt > Samotop.pem
MIT OR Apache-2.0
Unless you explicitly state otherwise, any contribution submitted for inclusion in samotop projects by you, as defined in the Apache-2.0 license, shall be licensed as above, without any additional terms or conditions.