Chasquid

Chasquid is a lightweight, self‑hosted SMTP mail transfer agent written in Go and released under the Apache 2.0 license. It is engineered to replace traditional MTAs such as Postfix or Exim for small‑to‑medium deployments where simplicity, security, and operational transparency are paramount. The core idea is to expose a minimal set of configuration knobs that prevent common mis‑configurations (open relay, clear‑text authentication) while still offering advanced mail routing features like virtual domains, suffix dropping, and per‑domain TLS management.

Architecture & Technical Stack

• Language & Runtime: Go 1.21+ (static binaries, no external runtime).
• Core Libraries: The SMTP protocol implementation is built from scratch using Go’s net/smtp primitives, with custom extensions for SMTPUTF8 and IDNA.
• Authentication: Delegates to Dovecot via its auth socket, allowing seamless integration with existing LDAP or SQL backends.
• Database: Configuration and routing tables are stored in a lightweight, file‑based SQLite database, eliminating the need for a separate DBMS.
• TLS & Certificates: Supports multiple TLS certificates per domain and automatic renewal via Let’s Encrypt (ACME) integration.
• Monitoring: Exposes an HTTP endpoint that streams Prometheus metrics, trace logs, and health checks.

The application follows a modular design: the SMTP listener, authentication module, routing engine, and delivery worker run as separate goroutines communicating over channels. This allows the server to scale horizontally by adding more delivery workers or replicating the SMTP listener behind a load balancer.

Core Capabilities & APIs

• Virtual Domains & Users: Per‑domain user tables and alias maps are loaded from the SQLite store, enabling multi‑tenant setups without separate configuration files.
• Suffix Dropping: user+tag@example.com is automatically mapped to user@example.com, simplifying address‑based routing.
• Hook System: External scripts can be invoked at key points (greylisting, anti‑virus scanning, DKIM signing) via configurable hooks.
• SMTP Extensions: Supports SMTPUTF8 and IDNA for internationalized email addresses, as well as MTA‑STS and SPF checks on incoming messages.
• API Exposure: A RESTful API (optional) can be enabled to programmatically add domains, users, or aliases, making it suitable for integration with user‑management platforms.

Deployment & Infrastructure

Chasquid ships as a single static binary, making it ideal for containerization. Official Docker images are available on Docker Hub, and the project includes a systemd unit for Debian/Ubuntu/Arch that automatically starts on boot. The minimal dependency footprint (no external services beyond Dovecot for authentication) keeps the attack surface small. For high‑availability, multiple instances can be run behind a TCP load balancer (e.g., HAProxy) with shared SQLite storage or replicated via a networked file system.

Integration & Extensibility

• Plugin Hooks: The hook mechanism allows developers to plug in third‑party spam filters, virus scanners, or custom logging solutions without modifying the core code.
• Webhooks: Optional outbound webhooks can notify external systems (e.g., mail‑box provisioning services) whenever a new user or domain is created.
• Custom TLS Policies: Per‑domain TLS settings can be overridden programmatically, enabling advanced security policies for sensitive domains.
• Community Extensions: The mailing list and GitHub issues board are active; contributors frequently add new hooks or improve existing integrations.

Developer Experience

Configuration is expressed in a single config.toml file, with clear documentation and sensible defaults. The project’s README includes a concise “how‑to” guide, installation instructions, and troubleshooting tips. The source code is well‑structured with extensive inline comments, facilitating onboarding for Go developers. Licensing under Apache 2.0 removes commercial restrictions, making it attractive for enterprise or open‑source projects.

Use Cases

• Small Business Mail Servers: Replace Postfix with a Go‑based, easy‑to‑configure MTA that still supports virtual hosting and modern TLS.
• Developer Portals: Expose an API for dynamic user/domain provisioning in SaaS applications.
• Security‑Focused Deployments: Use the hook system to integrate custom anti‑spam or threat‑intel services in a hardened mail stack.
• Educational Environments: Serve as a teaching tool for SMTP internals due to its minimal codebase and clear architecture.

Advantages

Chasquid offers a compelling blend of performance (native Go, single binary), security (hard‑to‑misconfigure defaults, TLS enforcement), and flexibility (hooks, API, multi‑domain support). Its lightweight footprint reduces infrastructure costs compared to heavyweight MTAs, while the active community and permissive license lower entry barriers. For developers seeking a modern, maintainable mail transfer agent that can be embedded in custom workflows or scaled via containers, Chasquid provides a robust foundation with minimal operational overhead.