Excision Mail

Fullstack, security focused mailserver based on OpenSMTPD for OpenBSD.

Website is still a WIP but feel free to explore and give feedback.

Security Highlights

  • All connections are TLS enforced, including pop3s, imaps, smtps.
    • smtp and sieve are STARTTLS with enforced TLS escalation.
    • Insecure versions of pop3 and imap are disabled for additional security.
  • GnuPG Web Key Service and Web Key Directory support for automatic publishing of public keys in a multi-domain server setting.
    • Server only contains public keys of user, so encrypted emails can only be decrypted by the user.
    • Currently the only email deployment service which handles automated publishing of GPG keys.
  • mta-sts for fully encrypted email transfer channels.
  • Virtual users for email, to separate from base system.
    • Imperative for any modern email system, in case of a compromised user account.
  • Hardened firewall to deter hackers sniffing for weak passwords.


The documentation covers various aspects of the system

A lot of the documentation is underwritten and not up to the desired standard.
Any help writing it is appreciated.