da3d726fb1
Adds a new tls_external_cert_and_key config option for chatmail servers that manage their own TLS certificates (e.g. via an external ACME client or a load balancer). A systemd path unit (tls-cert-reload.path) watches the certificate file via inotify and automatically reloads dovecot and nginx when it changes. Postfix reads certs per TLS handshake so needs no reload. Also extracts openssl_selfsigned_args() so cert generation parameters are shared between SelfSignedTlsDeployer and the e2e test.
Chatmail relays for end-to-end encrypted email
Chatmail relay servers are interoperable Mail Transport Agents (MTAs) designed for:
-
Zero State: no private data or metadata collected, messages are auto-deleted, low disk usage
-
Instant/Realtime: sub-second message delivery, realtime P2P streaming, privacy-preserving Push Notifications for Apple, Google, and Huawei;
-
Security Enforcement: only strict TLS, DKIM and OpenPGP with minimized metadata accepted
-
Reliable Federation and Decentralization: No spam or IP reputation checks, federating depends on established IETF standards and protocols.
This repository contains everything needed to setup a ready-to-use chatmail relay on an ssh-reachable host. For getting started and more information please refer to the web version of this repositories' documentation at