mailinabox/README.md

Mail-in-a-Box
=============

By [@JoshData](https://github.com/JoshData) and [contributors](https://github.com/mail-in-a-box/mailinabox/graphs/contributors).

Mail-in-a-Box helps individuals take back control of their email by defining a one-click, easy-to-deploy SMTP+everything else server: a mail server in a box.

**Please see [https://mailinabox.email](https://mailinabox.email) for the project's website and setup guide!**

* * *

I am trying to:

* Make deploying a good mail server easy.
* Promote [decentralization](http://redecentralize.org/), innovation, and privacy on the web.
* Have automated, auditable, and [idempotent](http://sharknet.us/2014/02/01/automated-configuration-management-challenges-with-idempotency/) configuration.
* **Not** make a totally unhackable, NSA-proof server.
* **Not** make something customizable by power users.

This setup is what has been powering my own personal email since September 2013.

The Box
-------

Mail-in-a-Box turns a fresh Ubuntu 14.04 LTS 64-bit machine into a working mail server by installing and configuring various components.

It is a one-click email appliance. There are no user-configurable setup options. It "just works".

The components installed are:

* SMTP ([postfix](http://www.postfix.org/)), IMAP ([dovecot](http://dovecot.org/)), CardDAV/CalDAV ([ownCloud](http://owncloud.org/)), Exchange ActiveSync ([z-push](https://github.com/fmbiete/Z-Push-contrib))
* Webmail ([Roundcube](http://roundcube.net/)), static website hosting ([nginx](http://nginx.org/))
* Spam filtering ([spamassassin](https://spamassassin.apache.org/)), greylisting ([postgrey](http://postgrey.schweikert.ch/))
* DNS ([nsd4](http://www.nlnetlabs.nl/projects/nsd/)) with [SPF](https://en.wikipedia.org/wiki/Sender_Policy_Framework), DKIM ([OpenDKIM](http://www.opendkim.org/)), [DMARC](https://en.wikipedia.org/wiki/DMARC), [DNSSEC](https://en.wikipedia.org/wiki/DNSSEC), [DANE TLSA](https://en.wikipedia.org/wiki/DNS-based_Authentication_of_Named_Entities), and [SSHFP](https://tools.ietf.org/html/rfc4255) records automatically set
* Backups ([duplicity](http://duplicity.nongnu.org/)), firewall ([ufw](https://launchpad.net/ufw)), intrusion protection ([fail2ban](http://www.fail2ban.org/wiki/index.php/Main_Page)), system monitoring ([munin](http://munin-monitoring.org/))

It also includes:

* A control panel and API for adding/removing mail users, aliases, custom DNS records, etc. and detailed system monitoring.
* Our own builds of postgrey (adding better whitelisting) and dovecot-lucene (faster search for mail) distributed via the [Mail-in-a-Box PPA](https://launchpad.net/~mail-in-a-box/+archive/ubuntu/ppa) on Launchpad.

For more information on how Mail-in-a-Box handles your privacy, see the [security details page](security.md).

Installation
------------

See the [setup guide](https://mailinabox.email/guide.html) for detailed, user-friendly instructions.

For experts, start with a completely fresh (really, I mean it) Ubuntu 14.04 LTS 64-bit machine. On the machine...

Clone this repository:

	$ git clone https://github.com/mail-in-a-box/mailinabox
	$ cd mailinabox

_Optional:_ Download my PGP key and then verify that the sources were signed
by me. You'll get a lot of warnings, but the fingerprint should match the
fingerprint in the key details at [https://keybase.io/joshdata](https://keybase.io/joshdata)
and on my [personal homepage](https://razor.occams.info/). (Of course, if this repository has been compromised you can't trust these instructions anyway.)

	$ curl -s https://keybase.io/joshdata/key.asc | gpg --import
	gpg: key C10BDD81: public key "Joshua Tauberer <jt@occams.info>" imported

	$ git verify-tag v0.13b
	gpg: Signature made ..... using RSA key ID C10BDD81
	gpg: Good signature from "Joshua Tauberer <jt@occams.info>"
	gpg: WARNING: This key is not certified with a trusted signature!
	gpg:          There is no indication that the signature belongs to the owner.
	Primary key fingerprint: 5F4C 0E73 13CC D744 693B  2AEA B920 41F4 C10B DD81

Checkout the tag corresponding to the most recent release:

	$ git checkout v0.13b

Begin the installation.

	$ sudo setup/start.sh

For help, DO NOT contact me directly --- I don't do tech support by email or tweet (no exceptions).

Post your question on the [discussion forum](https://discourse.mailinabox.email/) instead, where me and other Mail-in-a-Box users may be able to help you.

The Acknowledgements
--------------------

This project was inspired in part by the ["NSA-proof your email in 2 hours"](http://sealedabstract.com/code/nsa-proof-your-e-mail-in-2-hours/) blog post by Drew Crawford, [Sovereign](https://github.com/al3x/sovereign) by Alex Payne, and conversations with <a href="http://twitter.com/shevski" target="_blank">@shevski</a>, <a href="https://github.com/konklone" target="_blank">@konklone</a>, and <a href="https://github.com/gregelin" target="_blank">@GregElin</a>.

Mail-in-a-Box is similar to [iRedMail](http://www.iredmail.org/) and [Modoboa](https://github.com/tonioo/modoboa).

The History
-----------

* In 2007 I wrote a relatively popular Mozilla Thunderbird extension that added client-side SPF and DKIM checks to mail to warn users about possible phishing: [add-on page](https://addons.mozilla.org/en-us/thunderbird/addon/sender-verification-anti-phish/), [source](https://github.com/JoshData/thunderbird-spf).
* In August 2013 I began Mail-in-a-Box by combining my own mail server configuration with the setup in ["NSA-proof your email in 2 hours"](http://sealedabstract.com/code/nsa-proof-your-e-mail-in-2-hours/) and making the setup steps reproducible with bash scripts.
* Mail-in-a-Box was a semifinalist in the 2014 [Knight News Challenge](https://www.newschallenge.org/challenge/2014/submissions/mail-in-a-box), but it was not selected as a winner.
* Mail-in-a-Box hit the front page of Hacker News in [April](https://news.ycombinator.com/item?id=7634514) 2014, [September](https://news.ycombinator.com/item?id=8276171) 2014, and [May](https://news.ycombinator.com/item?id=9624267) 2015.
* FastCompany mentioned Mail-in-a-Box a [roundup of privacy projects](http://www.fastcompany.com/3047645/your-own-private-cloud) on June 26, 2015.
paste my KNC entry into the README, move docs to a new file 2014-03-16 21:18:38 +00:00			`Mail-in-a-Box`
initial commit of some preliminary notes 2013-08-21 02:27:32 +00:00			`=============`

add link to contributors, remove duplicate "to"s 2014-09-14 00:45:10 +00:00			`By [@JoshData](https://github.com/JoshData) and [contributors](https://github.com/mail-in-a-box/mailinabox/graphs/contributors).`
credit myself since it's not apparent who runs the project once it's been forked 2014-08-16 14:20:57 +00:00
paste my KNC entry into the README, move docs to a new file 2014-03-16 21:18:38 +00:00			`Mail-in-a-Box helps individuals take back control of their email by defining a one-click, easy-to-deploy SMTP+everything else server: a mail server in a box.`
improving README 2013-09-05 11:21:53 +00:00
move website link to the top of README 2014-09-07 11:24:50 +00:00			`Please see [https://mailinabox.email](https://mailinabox.email) for the project's website and setup guide!`

			`* * *`
clean up README a bit; moving the bit Rationale into the github wiki 2014-05-15 12:57:38 +00:00
fix double negation in README, fixes #154 2014-08-23 22:08:03 +00:00			`I am trying to:`

update the first goal to match what's on the website: s/email appliance/easy email/ 2014-08-23 22:09:07 +00:00			`* Make deploying a good mail server easy.`
			`* Promote [decentralization](http://redecentralize.org/), innovation, and privacy on the web.`
clean up README a bit; moving the bit Rationale into the github wiki 2014-05-15 12:57:38 +00:00			`* Have automated, auditable, and [idempotent](http://sharknet.us/2014/02/01/automated-configuration-management-challenges-with-idempotency/) configuration.`
tweak unhackable language, see #402 2015-05-19 15:18:53 +00:00			`* Not make a totally unhackable, NSA-proof server.`
			`* Not make something customizable by power users.`
more for the README 2013-08-31 23:46:36 +00:00
tweak readme to emphasize not being customizable 2014-09-03 15:10:30 +00:00			`This setup is what has been powering my own personal email since September 2013.`

			`The Box`
			`-------`

add security.md and clean up README 2015-05-22 20:53:13 +00:00			`Mail-in-a-Box turns a fresh Ubuntu 14.04 LTS 64-bit machine into a working mail server by installing and configuring various components.`

tweak README 2015-08-14 21:04:42 +00:00			`It is a one-click email appliance. There are no user-configurable setup options. It "just works".`
add security.md and clean up README 2015-05-22 20:53:13 +00:00
			`The components installed are:`

			`* SMTP ([postfix](http://www.postfix.org/)), IMAP ([dovecot](http://dovecot.org/)), CardDAV/CalDAV ([ownCloud](http://owncloud.org/)), Exchange ActiveSync ([z-push](https://github.com/fmbiete/Z-Push-contrib))`
			`* Webmail ([Roundcube](http://roundcube.net/)), static website hosting ([nginx](http://nginx.org/))`
			`* Spam filtering ([spamassassin](https://spamassassin.apache.org/)), greylisting ([postgrey](http://postgrey.schweikert.ch/))`
			`* DNS ([nsd4](http://www.nlnetlabs.nl/projects/nsd/)) with [SPF](https://en.wikipedia.org/wiki/Sender_Policy_Framework), DKIM ([OpenDKIM](http://www.opendkim.org/)), [DMARC](https://en.wikipedia.org/wiki/DMARC), [DNSSEC](https://en.wikipedia.org/wiki/DNSSEC), [DANE TLSA](https://en.wikipedia.org/wiki/DNS-based_Authentication_of_Named_Entities), and [SSHFP](https://tools.ietf.org/html/rfc4255) records automatically set`
readme tweaks 2015-08-17 12:20:31 +00:00			`* Backups ([duplicity](http://duplicity.nongnu.org/)), firewall ([ufw](https://launchpad.net/ufw)), intrusion protection ([fail2ban](http://www.fail2ban.org/wiki/index.php/Main_Page)), system monitoring ([munin](http://munin-monitoring.org/))`
changelog entries and mention our forks of postgrey and dovecot in the README 2015-06-03 20:30:26 +00:00
			`It also includes:`

add munin to readme 2015-06-06 12:55:13 +00:00			`* A control panel and API for adding/removing mail users, aliases, custom DNS records, etc. and detailed system monitoring.`
readme tweaks 2015-08-17 12:20:31 +00:00			`* Our own builds of postgrey (adding better whitelisting) and dovecot-lucene (faster search for mail) distributed via the [Mail-in-a-Box PPA](https://launchpad.net/~mail-in-a-box/+archive/ubuntu/ppa) on Launchpad.`
add security.md and clean up README 2015-05-22 20:53:13 +00:00
			`For more information on how Mail-in-a-Box handles your privacy, see the [security details page](security.md).`
tweak readme to emphasize not being customizable 2014-09-03 15:10:30 +00:00
tweak README 2015-08-14 21:04:42 +00:00			`Installation`
add instructions for verifying the signed tags to the README 2015-04-01 14:38:09 +00:00			`------------`

tweak README 2015-08-14 21:04:42 +00:00			`See the [setup guide](https://mailinabox.email/guide.html) for detailed, user-friendly instructions.`
link security.md from the readme 2015-05-29 01:41:23 +00:00
tweak README 2015-08-14 21:04:42 +00:00			`For experts, start with a completely fresh (really, I mean it) Ubuntu 14.04 LTS 64-bit machine. On the machine...`
add instructions for verifying the signed tags to the README 2015-04-01 14:38:09 +00:00
tweak README 2015-08-14 21:04:42 +00:00			`Clone this repository:`
add instructions for verifying the signed tags to the README 2015-04-01 14:38:09 +00:00
			`$ git clone https://github.com/mail-in-a-box/mailinabox`
			`$ cd mailinabox`

tweak README 2015-08-14 21:04:42 +00:00			`_Optional:_ Download my PGP key and then verify that the sources were signed`
			`by me. You'll get a lot of warnings, but the fingerprint should match the`
			`fingerprint in the key details at [https://keybase.io/joshdata](https://keybase.io/joshdata)`
			`and on my [personal homepage](https://razor.occams.info/). (Of course, if this repository has been compromised you can't trust these instructions anyway.)`

			`$ curl -s https://keybase.io/joshdata/key.asc \| gpg --import`
			`gpg: key C10BDD81: public key "Joshua Tauberer <jt@occams.info>" imported`

v0.13b ownCloud 8.1.1 trusted_domains autoconfiguration fix. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1 iQEcBAABAgAGBQJV43ODAAoJELkgQfTBC92BAMEH/3DbsticgFhbPzMsCcmcjxkg 1Dxw4e8YRgMPp3xuq4/5we6bL/KXSxioFc1488jfiLhAe6fHZGmSi4p6L8twnsxD exUd/pHZ8L1SC953JhBXLUWYfAQ/ozEZ8bNPVJ4NLx5T58FPWBSRouQHHZTMc/z1 Pduc6RjZQ3o1dmTzbwt5hB/ZS61CFV2V9cr+aKmFSDKh7/qzBSaqGfiTOsWI43GE JfCN6hwnCUvvkGfaYmxJSY/emgiJETLkQCv0e1kZs5MfojkFUspqvmTQViE2HI4f y5FWmPXvhoHuMIgH0q0Rrw0xchXW44fJbK4SnT50z7do8F7KmSX6ztw5oxux/U0= =kcFy -----END PGP SIGNATURE----- v0.13b - release & merge side-branch ownCloud 8.1.1 trusted_domains autoconfiguration fix. 2015-08-30 21:20:32 +00:00			`$ git verify-tag v0.13b`
add instructions for verifying the signed tags to the README 2015-04-01 14:38:09 +00:00			`gpg: Signature made ..... using RSA key ID C10BDD81`
			`gpg: Good signature from "Joshua Tauberer <jt@occams.info>"`
			`gpg: WARNING: This key is not certified with a trusted signature!`
			`gpg: There is no indication that the signature belongs to the owner.`
			`Primary key fingerprint: 5F4C 0E73 13CC D744 693B 2AEA B920 41F4 C10B DD81`

tweak README 2015-08-14 21:04:42 +00:00			`Checkout the tag corresponding to the most recent release:`

v0.13b ownCloud 8.1.1 trusted_domains autoconfiguration fix. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1 iQEcBAABAgAGBQJV43ODAAoJELkgQfTBC92BAMEH/3DbsticgFhbPzMsCcmcjxkg 1Dxw4e8YRgMPp3xuq4/5we6bL/KXSxioFc1488jfiLhAe6fHZGmSi4p6L8twnsxD exUd/pHZ8L1SC953JhBXLUWYfAQ/ozEZ8bNPVJ4NLx5T58FPWBSRouQHHZTMc/z1 Pduc6RjZQ3o1dmTzbwt5hB/ZS61CFV2V9cr+aKmFSDKh7/qzBSaqGfiTOsWI43GE JfCN6hwnCUvvkGfaYmxJSY/emgiJETLkQCv0e1kZs5MfojkFUspqvmTQViE2HI4f y5FWmPXvhoHuMIgH0q0Rrw0xchXW44fJbK4SnT50z7do8F7KmSX6ztw5oxux/U0= =kcFy -----END PGP SIGNATURE----- v0.13b - release & merge side-branch ownCloud 8.1.1 trusted_domains autoconfiguration fix. 2015-08-30 21:20:32 +00:00			`$ git checkout v0.13b`
v0.12 -------------------- This is a minor update to v0.11, which was a major update. Please read v0.11's advisories. * The administrator@ alias was incorrectly created starting with v0.11. If your first install was v0.11, check that the administrator@ alias forwards mail to you. * Intrusion detection rules (fail2ban) are relaxed (i.e. less is blocked). * SSL certificates could not be installed for the new automatic 'www.' redirect domains. * PHP's default character encoding is changed from no default to UTF8. The effect of this change is unclear but should prevent possible future text conversion issues. * User-installed SSL private keys in the BEGIN PRIVATE KEY format were not accepted. * SSL certificates with SAN domains with IDNA encoding were broken in v0.11. * Some IDNA functionality was using IDNA 2003 rather than IDNA 2008. 2015-07-03 14:31:44 +00:00
tweak README 2015-08-14 21:04:42 +00:00			`Begin the installation.`

			`$ sudo setup/start.sh`

			`For help, DO NOT contact me directly --- I don't do tech support by email or tweet (no exceptions).`

			`Post your question on the [discussion forum](https://discourse.mailinabox.email/) instead, where me and other Mail-in-a-Box users may be able to help you.`
add instructions for verifying the signed tags to the README 2015-04-01 14:38:09 +00:00
paste my KNC entry into the README, move docs to a new file 2014-03-16 21:18:38 +00:00			`The Acknowledgements`
			`--------------------`
more for the README 2013-08-31 23:46:36 +00:00
paste my KNC entry into the README, move docs to a new file 2014-03-16 21:18:38 +00:00			`This project was inspired in part by the ["NSA-proof your email in 2 hours"](http://sealedabstract.com/code/nsa-proof-your-e-mail-in-2-hours/) blog post by Drew Crawford, [Sovereign](https://github.com/al3x/sovereign) by Alex Payne, and conversations with <a href="http://twitter.com/shevski" target="_blank">@shevski</a>, <a href="https://github.com/konklone" target="_blank">@konklone</a>, and <a href="https://github.com/gregelin" target="_blank">@GregElin</a>.`
more for the README 2013-08-31 23:46:36 +00:00
link to Modoboa in README 2014-09-26 12:20:13 +00:00			`Mail-in-a-Box is similar to [iRedMail](http://www.iredmail.org/) and [Modoboa](https://github.com/tonioo/modoboa).`
acknowledge iRedMail 2014-04-23 16:49:04 +00:00
paste my KNC entry into the README, move docs to a new file 2014-03-16 21:18:38 +00:00			`The History`
			`-----------`
more for the README 2013-08-31 23:46:36 +00:00
messed up markdown in the README, in 263fdb15f9328a5f4c8d9cb53eee0509ea7e05fa 2014-04-24 17:15:42 +00:00			`* In 2007 I wrote a relatively popular Mozilla Thunderbird extension that added client-side SPF and DKIM checks to mail to warn users about possible phishing: [add-on page](https://addons.mozilla.org/en-us/thunderbird/addon/sender-verification-anti-phish/), [source](https://github.com/JoshData/thunderbird-spf).`
add security.md and clean up README 2015-05-22 20:53:13 +00:00			`* In August 2013 I began Mail-in-a-Box by combining my own mail server configuration with the setup in ["NSA-proof your email in 2 hours"](http://sealedabstract.com/code/nsa-proof-your-e-mail-in-2-hours/) and making the setup steps reproducible with bash scripts.`
update News Challenge status in README 2014-06-10 22:48:09 +00:00			`* Mail-in-a-Box was a semifinalist in the 2014 [Knight News Challenge](https://www.newschallenge.org/challenge/2014/submissions/mail-in-a-box), but it was not selected as a winner.`
Update README.md Added latest front page appearance of Mail-In-A-Box to README.md 2015-05-29 20:43:14 +00:00			`* Mail-in-a-Box hit the front page of Hacker News in [April](https://news.ycombinator.com/item?id=7634514) 2014, [September](https://news.ycombinator.com/item?id=8276171) 2014, and [May](https://news.ycombinator.com/item?id=9624267) 2015.`
press hit 2015-06-27 14:10:33 +00:00			`* FastCompany mentioned Mail-in-a-Box a [roundup of privacy projects](http://www.fastcompany.com/3047645/your-own-private-cloud) on June 26, 2015.`