Fullstack, security focused mailserver based on OpenSMTPD for OpenBSD.
Website is still a WIP but feel free to explore and give feedback.
- All connections are TLS enforced, including
sieve are STARTTLS with enforced TLS escalation.
- Insecure versions of
imap are disabled for additional security.
- GnuPG Web Key Service and Web Key Directory support for automatic publishing of public keys in a multi-domain server setting.
- Server only contains public keys of user, so encrypted emails can only be decrypted by the user.
- Currently the only email deployment service which handles automated publishing of GPG keys.
- mta-sts for fully encrypted email transfer channels.
- Virtual users for email, to separate from base system.
- Imperative for any modern email system, in case of a compromised user account.
- Hardened firewall to deter hackers sniffing for weak passwords.
The documentation covers various aspects of the system
A lot of the documentation is underwritten and not up to the desired standard.
Any help writing it is appreciated.