exu

crystal kemal dataset
An Exim virtual domain and user management system.

exu - EVALinux Virtual Mail Administration Web CRUD Interface

exu is a lightweight, statically-compiled Crystal web application that provides a modern, fast, and secure interface for administering virtual mail domains, users, and aliases. It is designed specifically for CentOS Stream 10 servers.

Filesystem Layout (FHS 3.0 Compliance)

exu strictly adheres to the Filesystem Hierarchy Standard (FHS 3.0) for system directories, security domains, and daemon operations:

Path Standard Directory Description
./ (Repository root) Project Root Local source code and assets.
/usr/local/sbin/exu /usr/local/sbin (System Binaries) Statically-linked web administration daemon.
/usr/local/sbin/eum /usr/local/sbin (System Binaries) Statically-linked command-line administration tool.
/usr/local/libexec/exu/ /usr/local/libexec (Internal Helpers) System administration helper scripts (e.g. mail-user.bash).
/etc/virtual/ /etc (Host-specific Config) Configuration directory for virtual mail domains.
/etc/virtual/exu.json /etc (Host-specific Config) Access database mapping user certificates to roles.
/etc/localdomains /etc (Host-specific Config) List of local mail domains processed by Exim/Dovecot.
/var/mail/virtual/ /var/mail (User Mail Spools) Directory containing users' Maildir mailboxes.
/etc/systemd/system/exu.service /etc/systemd/system (Services) Systemd unit file running the web admin daemon.
/etc/sudoers.d/mailadm /etc/sudoers.d (Sudoers Permissions) Escalated privileges configuration for scripts.

Prerequisites

  • Crystal Compiler (or Podman / Docker for containerized builds).
  • OpenSSL development headers (if compiling natively).
  • sudo (for user and domain shell management).

Installation

The installation and configuration of the mail services and the exu web administration daemon are fully automated.

1. Build from Source

Compile the statically-linked release binaries (both exu and eum). The build uses a containerized Crystal environment:

make release

This generates bin/exu-release and bin/eum-release and copies them to the local resources/usr/local/sbin/ directory.

2. Run the Automated Setup

Execute the setup script from the root of the repository as root. This script installs dependencies, creates system users, deploys configuration templates, sets up the systemd service, and applies SELinux context rules:

sudo bash resources/usr/local/libexec/exu/setup.bash [<mail_hostname>]

Alternatively, if the binaries are already copied to system folders, you can run the setup via the CLI:

sudo eum setup

Once the setup completes, all mail services (Exim, Dovecot, SpamAssassin, Fail2ban, Caddy) and the exu web administrator will be configured, started, and enabled.

Security Hardening Details

  • Privilege Separation: The web server runs entirely as the unprivileged mailadm user. Sudo actions are strictly limited to /usr/local/libexec/exu/mail-* scripts and executed as root.
  • Kernel Namespace Isolation: ProtectSystem=full mounts critical system directories read-only. ReadWritePaths overrides this mount strictly for active mail configuration and spool paths.
  • SELinux contexts: Configuration directories and files must inherit the etc_t type, which is checked and applied using restorecon.

Standalone CLI Tool (eum)

eum is a standalone, statically-compiled command-line administration utility that provides full virtual mail administration features. It does not require the web daemon (exu) to be running and runs natively on the command line, enforcing the exact same RBAC rules and permission policies.

Usage

eum [options] <command> <subcommand> [arguments]

Global Options

  • -u USER, --user USER : Enforce RBAC permissions for a specific user (admin only).
  • -v, --version : Show version.
  • -h, --help : Show help message.

Subcommands

1. Domain Commands

  • List virtual domains:

    eum domain list

  • Create a virtual domain:

    eum domain create <domain>

  • Delete a virtual domain:

    eum domain delete <domain>
2. User Commands

  • List users in a domain:

    eum user list <domain>

  • Create a virtual user:

    eum user create <email> [password]  # Prompts securely for password if omitted

  • Delete a virtual user:

    eum user delete <email>

  • Update a user password:

    eum user passwd <email> [password]  # Prompts securely for password if omitted
3. Alias Commands

  • List aliases in a domain:

    eum alias list <domain>

  • Create/append a virtual alias:

    eum alias create <domain> <alias> <destination>

  • Delete an alias or specific destination target:

    eum alias delete <domain> <alias> [destination]

Development

Run the web app locally in debug mode:

make
./bin/exu

Contributing & Code of Honor

This project adheres to the Universal Code of Honor. Please read the Contributing Guidelines before submitting any contributions. All changes are logged in the Changelog.

Contributors

  • Rénich Bon Ćirić (Creator & Maintainer)
  • Gemini AI (Co-developer)
Repository

exu

Owner
Statistic
  • 0
  • 0
  • 0
  • 0
  • 3
  • about 4 hours ago
  • June 20, 2026
License

GNU General Public License v3.0 or later

Links
Synced at

Sat, 20 Jun 2026 12:07:11 GMT

Languages
Crystal 36.96% Shell 29.15% HTML 22.52% BitBake 4.4% Makefile 3.26%