Email Networking

A complete email stack in pure C. Full SMTP MTA, IMAP4rev1 server, TLS via mbedTLS, DKIM signing, mail queuing, and a lightweight CLI client. Zero external dependencies beyond libcurl for the client.

● SMTP ● SMTP Submission ● IMAP4rev1 ● TLS / STARTTLS

Overview

The scorpiox email subsystem provides two complementary binaries: scorpiox-server-email (a full MTA and IMAP server) and scorpiox-email (a CLI client). Together they handle sending, receiving, storing, and reading email — all from pure C with no runtime dependencies.

📮

Mail Server

Full SMTP MTA + IMAP4rev1. Inbound delivery, outbound relay, and mailbox access — all in one binary.

📤

SMTP Client

CLI email sender via libcurl. STARTTLS, SSL, plaintext. Queue, flush, HTML body support.

🔒

TLS Encryption

mbedTLS for SMTP STARTTLS and IMAP implicit TLS. No OpenSSL dependency. Certificate-based server authentication.

✍️

DKIM Signing

Automatic DKIM signing on outbound mail. RSA key generation and DNS TXT record output built in.

Architecture

Remote MTA
port 25
scorpiox-server-email
SMTP MTA · port 25
Maildir
/var/mail/<user>/
Mail Client
Thunderbird / iOS
IMAP4rev1
port 993 (TLS)
Maildir
read/flag/delete
scorpiox-email
CLI client
SMTP Submission
port 587 (STARTTLS)
Relay / Direct
outbound delivery

Ports & Protocols

Port Protocol Component Security Description
25 SMTP scorpiox-server-email STARTTLS (optional) Inbound MTA — receives mail from other servers
587 SMTP Submission scorpiox-server-email STARTTLS (required) Authenticated submission from local users
993 IMAPS scorpiox-server-email TLS from connect Mailbox access — IMAP4rev1 over implicit TLS
587 SMTP scorpiox-email (client) STARTTLS / SSL / Plain Outbound via any relay — libcurl backend

Server Features

Source: scorpiox/scorpiox-server-email.c

Client Features

Source: scorpiox/scorpiox-email.c

Server Configuration

scorpiox-env.txt
# ── Email Server Configuration ──

EMAIL_SMTP_PORT=25            # SMTP MTA listen port
EMAIL_SUBMISSION_PORT=587     # SMTP submission port (authenticated)
EMAIL_IMAP_PORT=993          # IMAP4rev1 port (implicit TLS)
EMAIL_DOMAIN=mail.scorpiox.net # Primary mail domain
EMAIL_MAILDIR=/var/mail       # Maildir root directory
EMAIL_TLS_CERT=/etc/ssl/mail.crt # TLS certificate path
EMAIL_TLS_KEY=/etc/ssl/mail.key  # TLS private key path
EMAIL_ACCOUNTS_FILE=/etc/scorpiox/email-accounts.txt # User accounts file

Client Configuration

scorpiox-env.txt
# ── Email Client Configuration ──

SMTP_HOST=smtp.scorpiox.net  # SMTP relay server
SMTP_PORT=587               # SMTP port (587=submission, 465=SMTPS)
SMTP_USER=admin@scorpiox.net # SMTP auth username
SMTP_PASS=••••••••          # SMTP auth password
SMTP_FROM=noreply@scorpiox.net # Default sender address
SMTP_TLS=starttls           # TLS mode: starttls, ssl, none

Usage Examples

Send a plain text email
scorpiox-email send \
  --to user@example.com \
  --subject "Deployment complete" \
  --body "Build v3.2.1 deployed to production."
Send HTML email from file
scorpiox-email send \
  --to team@scorpiox.net \
  --subject "Weekly Report" \
  --body-file /tmp/report.html \
  --html
Queue and batch send
# Queue emails for later
scorpiox-email queue --to a@x.com --subject "Hello" --body "Hi"
scorpiox-email queue --to b@x.com --subject "Hello" --body "Hi"

# List queued emails
scorpiox-email list

# Flush (send all queued)
scorpiox-email flush

# Clear queue
scorpiox-email clear
Start the mail server (daemon mode)
scorpiox-server-email --daemon

# Or run in TUI mode for monitoring
scorpiox-server-email --tui
Account management
# Add a mail account
scorpiox-server-email account add user@scorpiox.net

# List accounts
scorpiox-server-email account list

# Remove an account
scorpiox-server-email account remove user@scorpiox.net

Security

TLS via mbedTLS

All TLS operations use mbedTLS — no OpenSSL dependency. SMTP supports STARTTLS upgrade on ports 25 and 587. IMAP uses implicit TLS on port 993. Server and client certificate validation with configurable cert/key paths.

DKIM Signing

Outbound messages are automatically signed with DKIM. The server generates RSA keys and outputs the DNS TXT record for your domain. This ensures receiving servers can verify message authenticity and improves deliverability.

AUTH PLAIN/LOGIN

SMTP submission (port 587) requires authentication via AUTH PLAIN or AUTH LOGIN. Credentials are verified against the accounts file. Only authenticated users can relay mail through the submission port.

Maildir Isolation

Each user's mail is stored in a separate Maildir directory under EMAIL_MAILDIR. One file per message with cur/new/tmp structure. No shared database, no corruption risk from concurrent access.

DNS Records for Production
# MX record — route incoming mail
@    IN  MX  10  mail.scorpiox.net.

# SPF — authorize sending servers
@    IN  TXT     "v=spf1 mx a:mail.scorpiox.net ~all"

# DKIM — public key for signature verification
sx._domainkey  IN  TXT  "v=DKIM1; k=rsa; p=MIGf..."

# DMARC — policy for authentication failures
_dmarc  IN  TXT  "v=DMARC1; p=quarantine; rua=mailto:postmaster@scorpiox.net"