2014-03-16 21:18:38 +00:00
Mail-in-a-Box
2013-08-21 02:27:32 +00:00
=============
2014-09-14 00:45:10 +00:00
By [@JoshData ](https://github.com/JoshData ) and [contributors ](https://github.com/mail-in-a-box/mailinabox/graphs/contributors ).
2014-08-16 14:20:57 +00:00
2014-03-16 21:18:38 +00:00
Mail-in-a-Box helps individuals take back control of their email by defining a one-click, easy-to-deploy SMTP+everything else server: a mail server in a box.
2013-09-05 11:21:53 +00:00
2014-09-07 11:24:50 +00:00
**Please see [https://mailinabox.email ](https://mailinabox.email ) for the project's website and setup guide!**
* * *
2014-05-15 12:57:38 +00:00
2014-08-23 22:08:03 +00:00
I am trying to:
2014-08-23 22:09:07 +00:00
* Make deploying a good mail server easy.
* Promote [decentralization ](http://redecentralize.org/ ), innovation, and privacy on the web.
2014-05-15 12:57:38 +00:00
* Have automated, auditable, and [idempotent ](http://sharknet.us/2014/02/01/automated-configuration-management-challenges-with-idempotency/ ) configuration.
2015-05-19 15:18:53 +00:00
* **Not** make a totally unhackable, NSA-proof server.
* **Not** make something customizable by power users.
2013-08-31 23:46:36 +00:00
2014-09-03 15:10:30 +00:00
This setup is what has been powering my own personal email since September 2013.
The Box
-------
2015-05-22 20:53:13 +00:00
Mail-in-a-Box turns a fresh Ubuntu 14.04 LTS 64-bit machine into a working mail server by installing and configuring various components.
2015-08-14 21:04:42 +00:00
It is a one-click email appliance. There are no user-configurable setup options. It "just works".
2015-05-22 20:53:13 +00:00
The components installed are:
* SMTP ([postfix](http://www.postfix.org/)), IMAP ([dovecot](http://dovecot.org/)), CardDAV/CalDAV ([ownCloud](http://owncloud.org/)), Exchange ActiveSync ([z-push](https://github.com/fmbiete/Z-Push-contrib))
* Webmail ([Roundcube](http://roundcube.net/)), static website hosting ([nginx](http://nginx.org/))
* Spam filtering ([spamassassin](https://spamassassin.apache.org/)), greylisting ([postgrey](http://postgrey.schweikert.ch/))
* DNS ([nsd4](http://www.nlnetlabs.nl/projects/nsd/)) with [SPF ](https://en.wikipedia.org/wiki/Sender_Policy_Framework ), DKIM ([OpenDKIM](http://www.opendkim.org/)), [DMARC ](https://en.wikipedia.org/wiki/DMARC ), [DNSSEC ](https://en.wikipedia.org/wiki/DNSSEC ), [DANE TLSA ](https://en.wikipedia.org/wiki/DNS-based_Authentication_of_Named_Entities ), and [SSHFP ](https://tools.ietf.org/html/rfc4255 ) records automatically set
2015-08-17 12:20:31 +00:00
* Backups ([duplicity](http://duplicity.nongnu.org/)), firewall ([ufw](https://launchpad.net/ufw)), intrusion protection ([fail2ban](http://www.fail2ban.org/wiki/index.php/Main_Page)), system monitoring ([munin](http://munin-monitoring.org/))
2015-06-03 20:30:26 +00:00
It also includes:
2015-06-06 12:55:13 +00:00
* A control panel and API for adding/removing mail users, aliases, custom DNS records, etc. and detailed system monitoring.
2015-08-17 12:20:31 +00:00
* Our own builds of postgrey (adding better whitelisting) and dovecot-lucene (faster search for mail) distributed via the [Mail-in-a-Box PPA ](https://launchpad.net/~mail-in-a-box/+archive/ubuntu/ppa ) on Launchpad.
2015-05-22 20:53:13 +00:00
For more information on how Mail-in-a-Box handles your privacy, see the [security details page ](security.md ).
2014-09-03 15:10:30 +00:00
2015-08-14 21:04:42 +00:00
Installation
2015-04-01 14:38:09 +00:00
------------
2015-08-14 21:04:42 +00:00
See the [setup guide ](https://mailinabox.email/guide.html ) for detailed, user-friendly instructions.
2015-05-29 01:41:23 +00:00
2015-08-14 21:04:42 +00:00
For experts, start with a completely fresh (really, I mean it) Ubuntu 14.04 LTS 64-bit machine. On the machine...
2015-04-01 14:38:09 +00:00
2015-08-14 21:04:42 +00:00
Clone this repository:
2015-04-01 14:38:09 +00:00
$ git clone https://github.com/mail-in-a-box/mailinabox
$ cd mailinabox
2015-08-14 21:04:42 +00:00
_Optional:_ Download my PGP key and then verify that the sources were signed
v0.14
v0.14 (November 4, 2015)
------------------------
Mail:
* Spamassassin's network-based tests (Pyzor, others) and DKIM tests are now enabled. (Pyzor had always been installed but was not active due to a misconfiguration.)
* Moving spam out of the Spam folder and into Trash would incorrectly train Spamassassin that those messages were not spam.
* Automatically create the Sent and Archive folders for new users.
* The HTML5_Notifier plugin for Roundcube is now included, which when turned on in Roundcube settings provides desktop notifications for new mail.
* The Exchange/ActiveSync backend Z-Push has been updated to fix a problem with CC'd emails not being sent to the CC recipients.
Calender/Contacts:
* CalDAV/CardDAV and Exchange/ActiveSync for calendar/contacts wasn't working in some network configurations.
Web:
* When a new domain is added to the box, rather than applying a new self-signed certificate for that domain, the SSL certificate for the box's primary hostname will be used instead.
* If a custom DNS record is set on a domain or 'www'+domain, web would not be served for that domain. If the custom DNS record is just the box's IP address, that's a configuration mistake, but allow it and let web continue to be served.
* Accommodate really long domain names by increasing an nginx setting.
Control panel:
* Added an option to check for new Mail-in-a-Box versions within status checks. It is off by default so that boxes don't "phone home" without permission.
* Added a random password generator on the users page to simplify creating new accounts.
* When S3 backup credentials are set, the credentials are now no longer ever sent back from the box to the client, for better security.
* Fixed the jumpiness when a modal is displayed.
* Focus is put into the login form fields when the login form is displayed.
* Status checks now include a warning if a custom DNS record has been set on a domain that would normally serve web and as a result that domain no longer is serving web.
* Status checks now check that secondary nameservers, if specified, are actually serving the domains.
* Some errors in the control panel when there is invalid data in the database or an improperly named archived user account have been suppressed.
* Added subresource integrity attributes to all remotely-sourced resources (i.e. via CDNs) to guard against CDNs being used as an attack vector.
System:
* Tweaks to fail2ban settings.
* Fixed a spurrious warning while installing munin.
2015-11-04 22:56:31 +00:00
by me:
2015-08-14 21:04:42 +00:00
$ curl -s https://keybase.io/joshdata/key.asc | gpg --import
gpg: key C10BDD81: public key "Joshua Tauberer < jt @ occams . info > " imported
v0.15 (January 1, 2016)
-----------------------
Mail:
* Updated Roundcube to version 1.1.3.
* Auto-create aliases for abuse@, as required by RFC2142.
* The DANE TLSA record is changed to use the certificate subject public key rather than the whole certificate, which means the record remains valid after certificate changes (so long as the private key remains the same, which it does for us).
Control panel:
* When IPv6 is enabled, check that system services are accessible over IPv6 too, that the box's hostname resolves over IPv6, and that reverse DNS is setup correctly for IPv6.
* Explanatory text for setting up secondary nameserver is added/fixed.
* DNS checks now have a timeout in case a DNS server is not responding, so the checks don't stall indefinitely.
* Better messages if external DNS is used and, weirdly, custom secondary nameservers are set.
* Add POP to the mail client settings documentation.
* The box's IP address is added to the fail2ban whitelist so that the status checks don't trigger the machine banning itself, which results in the status checks showing services down even though they are running.
* For SSL certificates, rather than asking you what country you are in during setup, ask at the time a CSR is generated. The default system self-signed certificate now omits a country in the subject (it was never needed). The CSR_COUNTRY Mail-in-a-Box setting is dropped entirely.
System:
* Nightly backups and system status checks are now moved to 3am in the system's timezone.
* fail2ban's recidive jail is now active, which guards against persistent brute force login attacks over long periods of time.
* Setup (first run only) now asks for your timezone to set the system time.
* The Exchange/ActiveSync server is now taken offline during nightly backups (along with SMTP and IMAP).
* The machine's random number generator (/dev/urandom) is now seeded with Ubuntu Pollinate and a blocking read on /dev/random.
* DNSSEC key generation during install now uses /dev/urandom (instead of /dev/random), which is faster.
* The $STORAGE_ROOT/ssl directory is flattened by a migration script and the system SSL certificate path is now a symlink to the actual certificate.
* If ownCloud sends out email, it will use the box's administrative address now (admin@yourboxname).
* Z-Push (Exchange/ActiveSync) logs now exclude warnings and are now rotated to save disk space.
* Fix pip command that might have not installed all necessary Python packages.
* The control panel and backup would not work on Google Compute Engine because GCE installs a conflicting boto package.
* Added a new command `management/backup.py --restore` to restore files from a backup to a target directory (command line arguments are passed to `duplicity restore`).
2016-01-01 22:47:18 +00:00
$ git verify-tag v0.15
2015-04-01 14:38:09 +00:00
gpg: Signature made ..... using RSA key ID C10BDD81
gpg: Good signature from "Joshua Tauberer < jt @ occams . info > "
gpg: WARNING: This key is not certified with a trusted signature!
gpg: There is no indication that the signature belongs to the owner.
Primary key fingerprint: 5F4C 0E73 13CC D744 693B 2AEA B920 41F4 C10B DD81
v0.14
v0.14 (November 4, 2015)
------------------------
Mail:
* Spamassassin's network-based tests (Pyzor, others) and DKIM tests are now enabled. (Pyzor had always been installed but was not active due to a misconfiguration.)
* Moving spam out of the Spam folder and into Trash would incorrectly train Spamassassin that those messages were not spam.
* Automatically create the Sent and Archive folders for new users.
* The HTML5_Notifier plugin for Roundcube is now included, which when turned on in Roundcube settings provides desktop notifications for new mail.
* The Exchange/ActiveSync backend Z-Push has been updated to fix a problem with CC'd emails not being sent to the CC recipients.
Calender/Contacts:
* CalDAV/CardDAV and Exchange/ActiveSync for calendar/contacts wasn't working in some network configurations.
Web:
* When a new domain is added to the box, rather than applying a new self-signed certificate for that domain, the SSL certificate for the box's primary hostname will be used instead.
* If a custom DNS record is set on a domain or 'www'+domain, web would not be served for that domain. If the custom DNS record is just the box's IP address, that's a configuration mistake, but allow it and let web continue to be served.
* Accommodate really long domain names by increasing an nginx setting.
Control panel:
* Added an option to check for new Mail-in-a-Box versions within status checks. It is off by default so that boxes don't "phone home" without permission.
* Added a random password generator on the users page to simplify creating new accounts.
* When S3 backup credentials are set, the credentials are now no longer ever sent back from the box to the client, for better security.
* Fixed the jumpiness when a modal is displayed.
* Focus is put into the login form fields when the login form is displayed.
* Status checks now include a warning if a custom DNS record has been set on a domain that would normally serve web and as a result that domain no longer is serving web.
* Status checks now check that secondary nameservers, if specified, are actually serving the domains.
* Some errors in the control panel when there is invalid data in the database or an improperly named archived user account have been suppressed.
* Added subresource integrity attributes to all remotely-sourced resources (i.e. via CDNs) to guard against CDNs being used as an attack vector.
System:
* Tweaks to fail2ban settings.
* Fixed a spurrious warning while installing munin.
2015-11-04 22:56:31 +00:00
You'll get a lot of warnings, but that's OK. Check that the primary key fingerprint matchs the
fingerprint in the key details at [https://keybase.io/joshdata ](https://keybase.io/joshdata )
and on my [personal homepage ](https://razor.occams.info/ ). (Of course, if this repository has been compromised you can't trust these instructions.)
2015-08-14 21:04:42 +00:00
Checkout the tag corresponding to the most recent release:
v0.15 (January 1, 2016)
-----------------------
Mail:
* Updated Roundcube to version 1.1.3.
* Auto-create aliases for abuse@, as required by RFC2142.
* The DANE TLSA record is changed to use the certificate subject public key rather than the whole certificate, which means the record remains valid after certificate changes (so long as the private key remains the same, which it does for us).
Control panel:
* When IPv6 is enabled, check that system services are accessible over IPv6 too, that the box's hostname resolves over IPv6, and that reverse DNS is setup correctly for IPv6.
* Explanatory text for setting up secondary nameserver is added/fixed.
* DNS checks now have a timeout in case a DNS server is not responding, so the checks don't stall indefinitely.
* Better messages if external DNS is used and, weirdly, custom secondary nameservers are set.
* Add POP to the mail client settings documentation.
* The box's IP address is added to the fail2ban whitelist so that the status checks don't trigger the machine banning itself, which results in the status checks showing services down even though they are running.
* For SSL certificates, rather than asking you what country you are in during setup, ask at the time a CSR is generated. The default system self-signed certificate now omits a country in the subject (it was never needed). The CSR_COUNTRY Mail-in-a-Box setting is dropped entirely.
System:
* Nightly backups and system status checks are now moved to 3am in the system's timezone.
* fail2ban's recidive jail is now active, which guards against persistent brute force login attacks over long periods of time.
* Setup (first run only) now asks for your timezone to set the system time.
* The Exchange/ActiveSync server is now taken offline during nightly backups (along with SMTP and IMAP).
* The machine's random number generator (/dev/urandom) is now seeded with Ubuntu Pollinate and a blocking read on /dev/random.
* DNSSEC key generation during install now uses /dev/urandom (instead of /dev/random), which is faster.
* The $STORAGE_ROOT/ssl directory is flattened by a migration script and the system SSL certificate path is now a symlink to the actual certificate.
* If ownCloud sends out email, it will use the box's administrative address now (admin@yourboxname).
* Z-Push (Exchange/ActiveSync) logs now exclude warnings and are now rotated to save disk space.
* Fix pip command that might have not installed all necessary Python packages.
* The control panel and backup would not work on Google Compute Engine because GCE installs a conflicting boto package.
* Added a new command `management/backup.py --restore` to restore files from a backup to a target directory (command line arguments are passed to `duplicity restore`).
2016-01-01 22:47:18 +00:00
$ git checkout v0.15
2015-07-03 14:31:44 +00:00
2015-08-14 21:04:42 +00:00
Begin the installation.
$ sudo setup/start.sh
For help, DO NOT contact me directly --- I don't do tech support by email or tweet (no exceptions).
Post your question on the [discussion forum ](https://discourse.mailinabox.email/ ) instead, where me and other Mail-in-a-Box users may be able to help you.
2015-04-01 14:38:09 +00:00
2014-03-16 21:18:38 +00:00
The Acknowledgements
--------------------
2013-08-31 23:46:36 +00:00
2014-03-16 21:18:38 +00:00
This project was inspired in part by the ["NSA-proof your email in 2 hours" ](http://sealedabstract.com/code/nsa-proof-your-e-mail-in-2-hours/ ) blog post by Drew Crawford, [Sovereign ](https://github.com/al3x/sovereign ) by Alex Payne, and conversations with < a href = "http://twitter.com/shevski" target = "_blank" > @shevski</ a > , < a href = "https://github.com/konklone" target = "_blank" > @konklone</ a > , and < a href = "https://github.com/gregelin" target = "_blank" > @GregElin</ a > .
2013-08-31 23:46:36 +00:00
2014-09-26 12:20:13 +00:00
Mail-in-a-Box is similar to [iRedMail ](http://www.iredmail.org/ ) and [Modoboa ](https://github.com/tonioo/modoboa ).
2014-04-23 16:49:04 +00:00
2014-03-16 21:18:38 +00:00
The History
-----------
2013-08-31 23:46:36 +00:00
2014-04-24 17:15:42 +00:00
* In 2007 I wrote a relatively popular Mozilla Thunderbird extension that added client-side SPF and DKIM checks to mail to warn users about possible phishing: [add-on page ](https://addons.mozilla.org/en-us/thunderbird/addon/sender-verification-anti-phish/ ), [source ](https://github.com/JoshData/thunderbird-spf ).
2015-05-22 20:53:13 +00:00
* In August 2013 I began Mail-in-a-Box by combining my own mail server configuration with the setup in ["NSA-proof your email in 2 hours" ](http://sealedabstract.com/code/nsa-proof-your-e-mail-in-2-hours/ ) and making the setup steps reproducible with bash scripts.
2014-06-10 22:48:09 +00:00
* Mail-in-a-Box was a semifinalist in the 2014 [Knight News Challenge ](https://www.newschallenge.org/challenge/2014/submissions/mail-in-a-box ), but it was not selected as a winner.
2015-05-29 20:43:14 +00:00
* Mail-in-a-Box hit the front page of Hacker News in [April ](https://news.ycombinator.com/item?id=7634514 ) 2014, [September ](https://news.ycombinator.com/item?id=8276171 ) 2014, and [May ](https://news.ycombinator.com/item?id=9624267 ) 2015.
2015-06-27 14:10:33 +00:00
* FastCompany mentioned Mail-in-a-Box a [roundup of privacy projects ](http://www.fastcompany.com/3047645/your-own-private-cloud ) on June 26, 2015.