commit - 65eea1582b54d0c0b675be358e33ab3994c015db
commit + 83ecec5237b3e6799dff09be2f7a88f5ca49a3b8
blob - c059ade036f84a30c881da06b1f534ae3f56668f
blob + 2268c0bbc3a4bc267fa190f33f09466256ae4928
--- cmd/mailmux/mailmux.go
+++ cmd/mailmux/mailmux.go
@@ -2,7 +2,9 @@ package main
 
 import (
 	"encoding/json"
+	"errors"
 	"fmt"
+	"io/fs"
 	"log"
 	"math/rand"
 	"net/http"
@@ -28,14 +30,12 @@ func (srv *server) aliasHandler(w http.ResponseWriter,
 		return
 	}
 
-	fmt.Println("authenticating...")
 	err = srv.users.Authenticate(tmsg.Username, mailmux.Password(tmsg.Password))
 	if err != nil {
 		rerror(w, "unauthorised", http.StatusUnauthorized)
 		log.Println(err)
 		return
 	}
-	fmt.Println("authenticated?")
 
 	switch tmsg.Type {
 	case mailmux.Tnew:
@@ -115,7 +115,7 @@ func (srv *server) deleteAlias(w http.ResponseWriter, 
 	http.Error(w, msg, http.StatusNotFound)
 }
 
-// rerror replies to the HTTP request with a JSON-encoded rerror message
+// rerror replies to the HTTP request with a JSON-encoded Rerror message
 // with its Error field set to errormsg.
 // Just like http.Error, callers should ensure no further writes are done to w.
 func rerror(w http.ResponseWriter, errormsg string, status int) {
@@ -141,12 +141,15 @@ func main() {
 
 	srv := &server{}
 	srv.users, err = mailmux.OpenUserDB(path.Join(cdir, "/mailmux/db"), ticketDir)
+	if errors.Is(err, fs.ErrNotExist) {
+		srv.users, err = mailmux.CreateUserDB(path.Join(cdir, "/mailmux/db"), ticketDir)
+	}
 	if err != nil {
 		fmt.Fprintln(os.Stderr, err)
 		os.Exit(1)
 	}
 
-	srv.aliaspath = "/tmp/aliases"
+	srv.aliaspath = path.Join(cdir, "/mailmux/aliases")
 	srv.aliases, err = aliases.Load(srv.aliaspath)
 	if err != nil {
 		fmt.Fprintln(os.Stderr, err)