mailinabox/README.md

245 lines
10 KiB
Markdown
Raw Normal View History

2019-01-28 07:24:09 +00:00
Mail-in-a-Box with Quotas
=========================
This is an experimental implementation of Mail-in-a-box with quota support.
2019-01-28 07:24:09 +00:00
Quotas can be set and viewed in the control panel
To set quotas from the command line, use:
tools/mail.py user quota <email> <quota>
To set the system default quota for new users, use:
tools/mail.py system default-quota <quota>
Mailbox size recalculation by Dovecot can be forced using the command:
doveadm quota recalc -A
2019-01-28 07:24:09 +00:00
2019-01-30 10:52:02 +00:00
Please report any bugs on github.
2019-02-27 13:02:11 +00:00
Installing v0.41-quota
----------------------
To install the latest version, log into your box and execute the following commands:
$ git clone https://github.com/jrsupplee/mailinabox.git
$ cd mailinabox
$ sudo bash setup/bootstrap.sh
Follow the standard directions for setting up an MiaB installation. There are no special installation steps for installing this version.
The default quota is set to `0` which means unlimited. If you want to set a different default quota, follow the directions above.
2019-02-27 13:02:11 +00:00
Upgrading v0.41 to v.0.41-quota
-------------------------------
This is experimental software. You have been warned.
* Rename your `mailinabox` directory to something like `miab.old`
* Clone this repository using:
`git clone https://github.com/jrsupplee/mailinabox.git`
2019-04-15 14:34:56 +00:00
* cd into `mailinabox` and run `sudo bash setup/bootstrap.sh` On occasion there are lock errors when updating `Munin`. Just re-run `sudo setup/start.sh` until the error does not occur.
* Note: all existing users at the time of the upgrade will have there quota set to `0` (unlimited).
2019-02-27 13:02:11 +00:00
Upgrading MiaB with quotas to a New Version
---------------------------------------
* `cd` into the `mailinabox` directory.
* Execute `git pull` to download the latest changes.
* Execute `sudo bash setup/bootstrap.sh` to checkout the latest version and re-run setup.
Issues
------
* When a user's quota is changed, any IMAP session running for that user will not recognize the new quota. To solve this a `dovecot reload` could be issued causing all current IMAP sessions to be terminated. On a system with many users, it might not be desirable to reset all users sessions to fix the quota for one user. Also if the administrator is setting the quota for several users it would result in the continual reset of those connections.
2019-01-30 10:52:02 +00:00
2019-01-30 10:52:02 +00:00
Changes
-------
2019-01-30 07:44:23 +00:00
2019-03-30 12:23:38 +00:00
### v0.41-quota-0.18-beta
* Bump version to add a new annotated tag. The last version had a plain tag which is not seen when checking for the latest version.
2019-03-30 11:54:27 +00:00
### v0.41-quota-0.17-beta
* Change status of project to beta. No changes to the code
2019-02-27 13:02:11 +00:00
### v0.41-quota-0.17-alpha
* Update the README
### v0.41-quota-0.16-alpha
* Update to v0.41 of Mail-in-a-Box
### v0.40-quota-0.16-alpha
* Fix problem with quota field on control panel that prevented adding users.
### v0.40-quota-0.15-alpha
* Fix bug where quotas are not recalculated when a user's quota is changed in control panel
### v0.40-quota-0.14-alpha
* When updating a user's quota, execute `doveadm quota recalc -u <email>` to forces an immediate recalculation of the user's quota.
* Add a thousands separator (,) to the messages count in the control panel user list.
* Execute `doveadm quota recalc -A` to force a recalculation of all user quotas when running `start.sh`.
* Get rid of the error message complaining that the `quota` column already exists when upgrading from a previous version of `v0.40-quota`.
### v0.40-quota-0.13-alpha
* Add a `default-quota` setting in `settings.yaml`.
* Add input for setting quota when entering a new user in control panel.
* Modify `tools/mail.py` to allow for setting and getting the default system quota.
* Modify `tools/mail.py` to allow for getting a user's quota setting.
* Modify the mail users list in control panel to display percentage of quota used.
### v0.40-quota-0.12-alpha
* Update README
### v0.40-quota-0.11-alpha
* Read latest version from this repository not the Mail-in-a-Box master repository
### v0.40-quota-0.1-alpha
2019-01-30 10:52:02 +00:00
* First experimental release of Mail-in-a-Box for quotas.
* Quotas are working and there is basic support in the control panel and `tools/mail.py`.
Reference Documents
-------------------
* https://blog.sys4.de/postfix-dovecot-mailbox-quota-en.html
* https://linuxize.com/post/install-and-configure-postfix-and-dovecot/
2019-01-28 07:24:09 +00:00
\[BEGIN Official README]
Mail-in-a-Box
=============
By [@JoshData](https://github.com/JoshData) and [contributors](https://github.com/mail-in-a-box/mailinabox/graphs/contributors).
Mail-in-a-Box helps individuals take back control of their email by defining a one-click, easy-to-deploy SMTP+everything else server: a mail server in a box.
2013-09-05 11:21:53 +00:00
2014-09-07 11:24:50 +00:00
**Please see [https://mailinabox.email](https://mailinabox.email) for the project's website and setup guide!**
* * *
2016-08-08 12:19:42 +00:00
Our goals are to:
* Make deploying a good mail server easy.
* Promote [decentralization](http://redecentralize.org/), innovation, and privacy on the web.
* Have automated, auditable, and [idempotent](https://sharknet.us/2014/02/01/automated-configuration-management-challenges-with-idempotency/) configuration.
2015-05-19 15:18:53 +00:00
* **Not** make a totally unhackable, NSA-proof server.
* **Not** make something customizable by power users.
2013-08-31 23:46:36 +00:00
2016-08-08 12:19:42 +00:00
Additionally, this project has a [Code of Conduct](CODE_OF_CONDUCT.md), which supersedes the goals above. Please review it when joining our community.
The Box
-------
Mail-in-a-Box turns a fresh Ubuntu 18.04 LTS 64-bit machine into a working mail server by installing and configuring various components.
2015-05-22 20:53:13 +00:00
2015-08-14 21:04:42 +00:00
It is a one-click email appliance. There are no user-configurable setup options. It "just works".
2015-05-22 20:53:13 +00:00
The components installed are:
* SMTP ([postfix](http://www.postfix.org/)), IMAP ([dovecot](http://dovecot.org/)), CardDAV/CalDAV ([Nextcloud](https://nextcloud.com/)), Exchange ActiveSync ([z-push](http://z-push.org/))
2015-05-22 20:53:13 +00:00
* Webmail ([Roundcube](http://roundcube.net/)), static website hosting ([nginx](http://nginx.org/))
* Spam filtering ([spamassassin](https://spamassassin.apache.org/)), greylisting ([postgrey](http://postgrey.schweikert.ch/))
* DNS ([nsd4](https://www.nlnetlabs.nl/projects/nsd/)) with [SPF](https://en.wikipedia.org/wiki/Sender_Policy_Framework), DKIM ([OpenDKIM](http://www.opendkim.org/)), [DMARC](https://en.wikipedia.org/wiki/DMARC), [DNSSEC](https://en.wikipedia.org/wiki/DNSSEC), [DANE TLSA](https://en.wikipedia.org/wiki/DNS-based_Authentication_of_Named_Entities), and [SSHFP](https://tools.ietf.org/html/rfc4255) records automatically set
2015-08-17 12:20:31 +00:00
* Backups ([duplicity](http://duplicity.nongnu.org/)), firewall ([ufw](https://launchpad.net/ufw)), intrusion protection ([fail2ban](http://www.fail2ban.org/wiki/index.php/Main_Page)), system monitoring ([munin](http://munin-monitoring.org/))
It also includes:
2015-06-06 12:55:13 +00:00
* A control panel and API for adding/removing mail users, aliases, custom DNS records, etc. and detailed system monitoring.
2015-05-22 20:53:13 +00:00
For more information on how Mail-in-a-Box handles your privacy, see the [security details page](security.md).
2015-08-14 21:04:42 +00:00
Installation
------------
2015-08-14 21:04:42 +00:00
See the [setup guide](https://mailinabox.email/guide.html) for detailed, user-friendly instructions.
2015-05-29 01:41:23 +00:00
For experts, start with a completely fresh (really, I mean it) Ubuntu 18.04 LTS 64-bit machine. On the machine...
2015-08-14 21:04:42 +00:00
Clone this repository:
$ git clone https://github.com/mail-in-a-box/mailinabox
$ cd mailinabox
2019-01-12 13:24:15 +00:00
_Optional:_ Download Josh's PGP key and then verify that the sources were signed
by him:
2015-08-14 21:04:42 +00:00
$ curl -s https://keybase.io/joshdata/key.asc | gpg --import
gpg: key C10BDD81: public key "Joshua Tauberer <jt@occams.info>" imported
2019-09-01 11:43:47 +00:00
$ git verify-tag v0.43
gpg: Signature made ..... using RSA key ID C10BDD81
gpg: Good signature from "Joshua Tauberer <jt@occams.info>"
gpg: WARNING: This key is not certified with a trusted signature!
gpg: There is no indication that the signature belongs to the owner.
Primary key fingerprint: 5F4C 0E73 13CC D744 693B 2AEA B920 41F4 C10B DD81
You'll get a lot of warnings, but that's OK. Check that the primary key fingerprint matches the
v0.14 v0.14 (November 4, 2015) ------------------------ Mail: * Spamassassin's network-based tests (Pyzor, others) and DKIM tests are now enabled. (Pyzor had always been installed but was not active due to a misconfiguration.) * Moving spam out of the Spam folder and into Trash would incorrectly train Spamassassin that those messages were not spam. * Automatically create the Sent and Archive folders for new users. * The HTML5_Notifier plugin for Roundcube is now included, which when turned on in Roundcube settings provides desktop notifications for new mail. * The Exchange/ActiveSync backend Z-Push has been updated to fix a problem with CC'd emails not being sent to the CC recipients. Calender/Contacts: * CalDAV/CardDAV and Exchange/ActiveSync for calendar/contacts wasn't working in some network configurations. Web: * When a new domain is added to the box, rather than applying a new self-signed certificate for that domain, the SSL certificate for the box's primary hostname will be used instead. * If a custom DNS record is set on a domain or 'www'+domain, web would not be served for that domain. If the custom DNS record is just the box's IP address, that's a configuration mistake, but allow it and let web continue to be served. * Accommodate really long domain names by increasing an nginx setting. Control panel: * Added an option to check for new Mail-in-a-Box versions within status checks. It is off by default so that boxes don't "phone home" without permission. * Added a random password generator on the users page to simplify creating new accounts. * When S3 backup credentials are set, the credentials are now no longer ever sent back from the box to the client, for better security. * Fixed the jumpiness when a modal is displayed. * Focus is put into the login form fields when the login form is displayed. * Status checks now include a warning if a custom DNS record has been set on a domain that would normally serve web and as a result that domain no longer is serving web. * Status checks now check that secondary nameservers, if specified, are actually serving the domains. * Some errors in the control panel when there is invalid data in the database or an improperly named archived user account have been suppressed. * Added subresource integrity attributes to all remotely-sourced resources (i.e. via CDNs) to guard against CDNs being used as an attack vector. System: * Tweaks to fail2ban settings. * Fixed a spurrious warning while installing munin.
2015-11-04 22:56:31 +00:00
fingerprint in the key details at [https://keybase.io/joshdata](https://keybase.io/joshdata)
2019-01-12 13:24:15 +00:00
and on his [personal homepage](https://razor.occams.info/). (Of course, if this repository has been compromised you can't trust these instructions.)
v0.14 v0.14 (November 4, 2015) ------------------------ Mail: * Spamassassin's network-based tests (Pyzor, others) and DKIM tests are now enabled. (Pyzor had always been installed but was not active due to a misconfiguration.) * Moving spam out of the Spam folder and into Trash would incorrectly train Spamassassin that those messages were not spam. * Automatically create the Sent and Archive folders for new users. * The HTML5_Notifier plugin for Roundcube is now included, which when turned on in Roundcube settings provides desktop notifications for new mail. * The Exchange/ActiveSync backend Z-Push has been updated to fix a problem with CC'd emails not being sent to the CC recipients. Calender/Contacts: * CalDAV/CardDAV and Exchange/ActiveSync for calendar/contacts wasn't working in some network configurations. Web: * When a new domain is added to the box, rather than applying a new self-signed certificate for that domain, the SSL certificate for the box's primary hostname will be used instead. * If a custom DNS record is set on a domain or 'www'+domain, web would not be served for that domain. If the custom DNS record is just the box's IP address, that's a configuration mistake, but allow it and let web continue to be served. * Accommodate really long domain names by increasing an nginx setting. Control panel: * Added an option to check for new Mail-in-a-Box versions within status checks. It is off by default so that boxes don't "phone home" without permission. * Added a random password generator on the users page to simplify creating new accounts. * When S3 backup credentials are set, the credentials are now no longer ever sent back from the box to the client, for better security. * Fixed the jumpiness when a modal is displayed. * Focus is put into the login form fields when the login form is displayed. * Status checks now include a warning if a custom DNS record has been set on a domain that would normally serve web and as a result that domain no longer is serving web. * Status checks now check that secondary nameservers, if specified, are actually serving the domains. * Some errors in the control panel when there is invalid data in the database or an improperly named archived user account have been suppressed. * Added subresource integrity attributes to all remotely-sourced resources (i.e. via CDNs) to guard against CDNs being used as an attack vector. System: * Tweaks to fail2ban settings. * Fixed a spurrious warning while installing munin.
2015-11-04 22:56:31 +00:00
2015-08-14 21:04:42 +00:00
Checkout the tag corresponding to the most recent release:
2019-09-01 11:43:47 +00:00
$ git checkout v0.43
2015-08-14 21:04:42 +00:00
Begin the installation.
$ sudo setup/start.sh
2019-01-12 13:24:15 +00:00
For help, DO NOT contact Josh directly --- I don't do tech support by email or tweet (no exceptions).
2015-08-14 21:04:42 +00:00
2019-01-12 13:24:15 +00:00
Post your question on the [discussion forum](https://discourse.mailinabox.email/) instead, where maintainers and Mail-in-a-Box users may be able to help you.
Contributing and Development
----------------------------
Mail-in-a-Box is an open source project. Your contributions and pull requests are welcome. See [CONTRIBUTING](CONTRIBUTING.md) to get started.
The Acknowledgements
--------------------
2013-08-31 23:46:36 +00:00
This project was inspired in part by the ["NSA-proof your email in 2 hours"](http://sealedabstract.com/code/nsa-proof-your-e-mail-in-2-hours/) blog post by Drew Crawford, [Sovereign](https://github.com/sovereign/sovereign) by Alex Payne, and conversations with <a href="https://twitter.com/shevski" target="_blank">@shevski</a>, <a href="https://github.com/konklone" target="_blank">@konklone</a>, and <a href="https://github.com/gregelin" target="_blank">@GregElin</a>.
2013-08-31 23:46:36 +00:00
2014-09-26 12:20:13 +00:00
Mail-in-a-Box is similar to [iRedMail](http://www.iredmail.org/) and [Modoboa](https://github.com/tonioo/modoboa).
2014-04-23 16:49:04 +00:00
The History
-----------
2013-08-31 23:46:36 +00:00
* In 2007 I wrote a relatively popular Mozilla Thunderbird extension that added client-side SPF and DKIM checks to mail to warn users about possible phishing: [add-on page](https://addons.mozilla.org/en-us/thunderbird/addon/sender-verification-anti-phish/), [source](https://github.com/JoshData/thunderbird-spf).
2015-05-22 20:53:13 +00:00
* In August 2013 I began Mail-in-a-Box by combining my own mail server configuration with the setup in ["NSA-proof your email in 2 hours"](http://sealedabstract.com/code/nsa-proof-your-e-mail-in-2-hours/) and making the setup steps reproducible with bash scripts.
2014-06-10 22:48:09 +00:00
* Mail-in-a-Box was a semifinalist in the 2014 [Knight News Challenge](https://www.newschallenge.org/challenge/2014/submissions/mail-in-a-box), but it was not selected as a winner.
* Mail-in-a-Box hit the front page of Hacker News in [April](https://news.ycombinator.com/item?id=7634514) 2014, [September](https://news.ycombinator.com/item?id=8276171) 2014, [May](https://news.ycombinator.com/item?id=9624267) 2015, and [November](https://news.ycombinator.com/item?id=13050500) 2016.
2015-06-27 14:10:33 +00:00
* FastCompany mentioned Mail-in-a-Box a [roundup of privacy projects](http://www.fastcompany.com/3047645/your-own-private-cloud) on June 26, 2015.