external
/
mailinabox
mirror of https://github.com/mail-in-a-box/mailinabox.git
1
0
Fork 0
Code Issues Releases Wiki Activity
mailinabox/README.md

101 lines
6.7 KiB
Markdown
Raw Normal View History

paste my KNC entry into the README, move docs to a new file
2014-03-16 21:18:38 +00:00
Mail-in-a-Box
initial commit of some preliminary notes
2013-08-21 02:27:32 +00:00
=============
add link to contributors, remove duplicate "to"s
2014-09-14 00:45:10 +00:00
By [@JoshData](https://github.com/JoshData) and [contributors](https://github.com/mail-in-a-box/mailinabox/graphs/contributors).
credit myself since it's not apparent who runs the project once it's been forked
2014-08-16 14:20:57 +00:00
paste my KNC entry into the README, move docs to a new file
2014-03-16 21:18:38 +00:00
Mail-in-a-Box helps individuals take back control of their email by defining a one-click, easy-to-deploy SMTP+everything else server: a mail server in a box.
improving README
2013-09-05 11:21:53 +00:00
move website link to the top of README
2014-09-07 11:24:50 +00:00
**Please see [https://mailinabox.email](https://mailinabox.email) for the project's website and setup guide!**
* * *
clean up README a bit; moving the bit Rationale into the github wiki
2014-05-15 12:57:38 +00:00
add a Code of Conduct
2016-08-08 12:19:42 +00:00
Our goals are to:
fix double negation in README, fixes #154
2014-08-23 22:08:03 +00:00
update the first goal to match what's on the website: s/email appliance/easy email/
2014-08-23 22:09:07 +00:00
* Make deploying a good mail server easy.
* Promote [decentralization](http://redecentralize.org/), innovation, and privacy on the web.
Replace dead link with archive.org link (#1698)
2019-12-19 23:33:36 +00:00
* Have automated, auditable, and [idempotent](https://web.archive.org/web/20190518072631/https://sharknet.us/2014/02/01/automated-configuration-management-challenges-with-idempotency/) configuration.
tweak unhackable language, see #402
2015-05-19 15:18:53 +00:00
* **Not** make a totally unhackable, NSA-proof server.
* **Not** make something customizable by power users.
more for the README
2013-08-31 23:46:36 +00:00
add a Code of Conduct
2016-08-08 12:19:42 +00:00
Additionally, this project has a [Code of Conduct](CODE_OF_CONDUCT.md), which supersedes the goals above. Please review it when joining our community.
tweak readme to emphasize not being customizable
2014-09-03 15:10:30 +00:00
v0.50 v0.50 (September 25, 2020) -------------------------- Setup: * When upgrading from versions before v0.40, setup will now warn that ownCloud/Nextcloud data cannot be migrated rather than failing the installation. Mail: * An MTA-STS policy for incoming mail is now published (in DNS and over HTTPS) when the primary hostname and email address domain both have a signed TLS certificate installed, allowing senders to know that an encrypted connection should be enforced. * The per-IP connection limit to the IMAP server has been doubled to allow more devices to connect at once, especially with multiple users behind a NAT. DNS: * autoconfig and autodiscover subdomains and CalDAV/CardDAV SRV records are no longer generated for domains that don't have user accounts since they are unnecessary. * IPv6 addresses can now be specified for secondary DNS nameservers in the control panel. TLS: * TLS certificates are now provisioned in groups by parent domain to limit easy domain enumeration and make provisioning more resilient to errors for particular domains. Control Panel: * The control panel API is now fully documented at https://mailinabox.email/api-docs.html. * User passwords can now have spaces. * Status checks for automatic subdomains have been moved into the section for the parent domain. * Typo fixed. Web: * The default web page served on fresh installations now adds the `noindex` meta tag. * The HSTS header is revised to also be sent on non-success responses.
2020-09-25 11:43:30 +00:00
In The Box
----------
tweak readme to emphasize not being customizable
2014-09-03 15:10:30 +00:00
Start changelog and instructions updates for version 60 supporting Ubuntu 22.04 To scan for updated apt packages in Ubuntu 22.04, I ran on Ubuntu 18.04 and 22.04 and compared the output: ``` for package in openssl openssh-client haveged pollinate fail2ban ufw bind9 nsd ldnsutils nginx dovecot-core postfix opendkim opendkim-tools opendmarc postgrey spampd razor pyzor dovecot-antispam sqlite3 duplicity certbot munin munin-node php python3; do echo -n "$package "; dpkg-query --showformat='${Version}' --show $package; echo done ```
2022-01-09 15:39:29 +00:00
Mail-in-a-Box turns a fresh Ubuntu 22.04 LTS 64-bit machine into a working mail server by installing and configuring various components.
add security.md and clean up README
2015-05-22 20:53:13 +00:00
v0.50 v0.50 (September 25, 2020) -------------------------- Setup: * When upgrading from versions before v0.40, setup will now warn that ownCloud/Nextcloud data cannot be migrated rather than failing the installation. Mail: * An MTA-STS policy for incoming mail is now published (in DNS and over HTTPS) when the primary hostname and email address domain both have a signed TLS certificate installed, allowing senders to know that an encrypted connection should be enforced. * The per-IP connection limit to the IMAP server has been doubled to allow more devices to connect at once, especially with multiple users behind a NAT. DNS: * autoconfig and autodiscover subdomains and CalDAV/CardDAV SRV records are no longer generated for domains that don't have user accounts since they are unnecessary. * IPv6 addresses can now be specified for secondary DNS nameservers in the control panel. TLS: * TLS certificates are now provisioned in groups by parent domain to limit easy domain enumeration and make provisioning more resilient to errors for particular domains. Control Panel: * The control panel API is now fully documented at https://mailinabox.email/api-docs.html. * User passwords can now have spaces. * Status checks for automatic subdomains have been moved into the section for the parent domain. * Typo fixed. Web: * The default web page served on fresh installations now adds the `noindex` meta tag. * The HSTS header is revised to also be sent on non-success responses.
2020-09-25 11:43:30 +00:00
It is a one-click email appliance. There are no user-configurable setup options. It "just works."
add security.md and clean up README
2015-05-22 20:53:13 +00:00
The components installed are:
v0.50 v0.50 (September 25, 2020) -------------------------- Setup: * When upgrading from versions before v0.40, setup will now warn that ownCloud/Nextcloud data cannot be migrated rather than failing the installation. Mail: * An MTA-STS policy for incoming mail is now published (in DNS and over HTTPS) when the primary hostname and email address domain both have a signed TLS certificate installed, allowing senders to know that an encrypted connection should be enforced. * The per-IP connection limit to the IMAP server has been doubled to allow more devices to connect at once, especially with multiple users behind a NAT. DNS: * autoconfig and autodiscover subdomains and CalDAV/CardDAV SRV records are no longer generated for domains that don't have user accounts since they are unnecessary. * IPv6 addresses can now be specified for secondary DNS nameservers in the control panel. TLS: * TLS certificates are now provisioned in groups by parent domain to limit easy domain enumeration and make provisioning more resilient to errors for particular domains. Control Panel: * The control panel API is now fully documented at https://mailinabox.email/api-docs.html. * User passwords can now have spaces. * Status checks for automatic subdomains have been moved into the section for the parent domain. * Typo fixed. Web: * The default web page served on fresh installations now adds the `noindex` meta tag. * The HSTS header is revised to also be sent on non-success responses.
2020-09-25 11:43:30 +00:00
* SMTP ([postfix](http://www.postfix.org/)), IMAP ([Dovecot](http://dovecot.org/)), CardDAV/CalDAV ([Nextcloud](https://nextcloud.com/)), and Exchange ActiveSync ([z-push](http://z-push.org/)) servers
* Webmail ([Roundcube](http://roundcube.net/)), mail filter rules (thanks to Roundcube and Dovecot), and email client autoconfig settings (served by [nginx](http://nginx.org/))
MTA-STS tweaks, add status check using postfix-mta-sts-resolver, change to enforce
2020-05-17 16:10:38 +00:00
* Spam filtering ([spamassassin](https://spamassassin.apache.org/)) and greylisting ([postgrey](http://postgrey.schweikert.ch/))
* DNS ([nsd4](https://www.nlnetlabs.nl/projects/nsd/)) with [SPF](https://en.wikipedia.org/wiki/Sender_Policy_Framework), DKIM ([OpenDKIM](http://www.opendkim.org/)), [DMARC](https://en.wikipedia.org/wiki/DMARC), [DNSSEC](https://en.wikipedia.org/wiki/DNSSEC), [DANE TLSA](https://en.wikipedia.org/wiki/DNS-based_Authentication_of_Named_Entities), [MTA-STS](https://tools.ietf.org/html/rfc8461), and [SSHFP](https://tools.ietf.org/html/rfc4255) policy records automatically set
v0.50 v0.50 (September 25, 2020) -------------------------- Setup: * When upgrading from versions before v0.40, setup will now warn that ownCloud/Nextcloud data cannot be migrated rather than failing the installation. Mail: * An MTA-STS policy for incoming mail is now published (in DNS and over HTTPS) when the primary hostname and email address domain both have a signed TLS certificate installed, allowing senders to know that an encrypted connection should be enforced. * The per-IP connection limit to the IMAP server has been doubled to allow more devices to connect at once, especially with multiple users behind a NAT. DNS: * autoconfig and autodiscover subdomains and CalDAV/CardDAV SRV records are no longer generated for domains that don't have user accounts since they are unnecessary. * IPv6 addresses can now be specified for secondary DNS nameservers in the control panel. TLS: * TLS certificates are now provisioned in groups by parent domain to limit easy domain enumeration and make provisioning more resilient to errors for particular domains. Control Panel: * The control panel API is now fully documented at https://mailinabox.email/api-docs.html. * User passwords can now have spaces. * Status checks for automatic subdomains have been moved into the section for the parent domain. * Typo fixed. Web: * The default web page served on fresh installations now adds the `noindex` meta tag. * The HSTS header is revised to also be sent on non-success responses.
2020-09-25 11:43:30 +00:00
* TLS certificates are automatically provisioned using [Let's Encrypt](https://letsencrypt.org/) for protecting https and all of the other services on the box
MTA-STS tweaks, add status check using postfix-mta-sts-resolver, change to enforce
2020-05-17 16:10:38 +00:00
* Backups ([duplicity](http://duplicity.nongnu.org/)), firewall ([ufw](https://launchpad.net/ufw)), intrusion protection ([fail2ban](http://www.fail2ban.org/wiki/index.php/Main_Page)), and basic system monitoring ([munin](http://munin-monitoring.org/))
changelog entries and mention our forks of postgrey and dovecot in the README
2015-06-03 20:30:26 +00:00
MTA-STS tweaks, add status check using postfix-mta-sts-resolver, change to enforce
2020-05-17 16:10:38 +00:00
It also includes system management tools:
changelog entries and mention our forks of postgrey and dovecot in the README
2015-06-03 20:30:26 +00:00
MTA-STS tweaks, add status check using postfix-mta-sts-resolver, change to enforce
2020-05-17 16:10:38 +00:00
* Comprehensive health monitoring that checks each day that services are running, ports are open, TLS certificates are valid, and DNS records are correct
* A control panel for adding/removing mail users, aliases, custom DNS records, configuring backups, etc.
* An API for all of the actions on the control panel
Disable SMTPUTF8 in Postfix because Dovecot LMTP doesn't support it and bounces messages that require SMTPUTF8 By not advertising SMTPUTF8 support at the start, senders may opt to transmit recipient internationalized domain names in IDNA form instead, which will be deliverable. Incoming mail with internationalized domains was probably working prior to our move to Ubuntu 18.04 when postfix's SMTPUTF8 support became enabled by default. The previous commit is retained because Mail-in-a-Box users might prefer to keep SMTPUTF8 on for outbound mail, if they are not using internationalized domains for email, in which case the previous commit fixes the 'relay access denied' error even if the emails aren't deliverable.
2021-09-18 23:54:48 +00:00
Internationalized domain names are supported and configured easily (but SMTPUTF8 is not supported, unfortunately).
v0.50 v0.50 (September 25, 2020) -------------------------- Setup: * When upgrading from versions before v0.40, setup will now warn that ownCloud/Nextcloud data cannot be migrated rather than failing the installation. Mail: * An MTA-STS policy for incoming mail is now published (in DNS and over HTTPS) when the primary hostname and email address domain both have a signed TLS certificate installed, allowing senders to know that an encrypted connection should be enforced. * The per-IP connection limit to the IMAP server has been doubled to allow more devices to connect at once, especially with multiple users behind a NAT. DNS: * autoconfig and autodiscover subdomains and CalDAV/CardDAV SRV records are no longer generated for domains that don't have user accounts since they are unnecessary. * IPv6 addresses can now be specified for secondary DNS nameservers in the control panel. TLS: * TLS certificates are now provisioned in groups by parent domain to limit easy domain enumeration and make provisioning more resilient to errors for particular domains. Control Panel: * The control panel API is now fully documented at https://mailinabox.email/api-docs.html. * User passwords can now have spaces. * Status checks for automatic subdomains have been moved into the section for the parent domain. * Typo fixed. Web: * The default web page served on fresh installations now adds the `noindex` meta tag. * The HSTS header is revised to also be sent on non-success responses.
2020-09-25 11:43:30 +00:00
It also supports static website hosting since the box is serving HTTPS anyway. (To serve a website for your domains elsewhere, just add a custom DNS "A" record in you Mail-in-a-Box's control panel to point domains to another server.)
add security.md and clean up README
2015-05-22 20:53:13 +00:00
For more information on how Mail-in-a-Box handles your privacy, see the [security details page](security.md).
tweak readme to emphasize not being customizable
2014-09-03 15:10:30 +00:00
v0.50 v0.50 (September 25, 2020) -------------------------- Setup: * When upgrading from versions before v0.40, setup will now warn that ownCloud/Nextcloud data cannot be migrated rather than failing the installation. Mail: * An MTA-STS policy for incoming mail is now published (in DNS and over HTTPS) when the primary hostname and email address domain both have a signed TLS certificate installed, allowing senders to know that an encrypted connection should be enforced. * The per-IP connection limit to the IMAP server has been doubled to allow more devices to connect at once, especially with multiple users behind a NAT. DNS: * autoconfig and autodiscover subdomains and CalDAV/CardDAV SRV records are no longer generated for domains that don't have user accounts since they are unnecessary. * IPv6 addresses can now be specified for secondary DNS nameservers in the control panel. TLS: * TLS certificates are now provisioned in groups by parent domain to limit easy domain enumeration and make provisioning more resilient to errors for particular domains. Control Panel: * The control panel API is now fully documented at https://mailinabox.email/api-docs.html. * User passwords can now have spaces. * Status checks for automatic subdomains have been moved into the section for the parent domain. * Typo fixed. Web: * The default web page served on fresh installations now adds the `noindex` meta tag. * The HSTS header is revised to also be sent on non-success responses.
2020-09-25 11:43:30 +00:00
tweak README
2015-08-14 21:04:42 +00:00
Installation
add instructions for verifying the signed tags to the README
2015-04-01 14:38:09 +00:00
------------
tweak README
2015-08-14 21:04:42 +00:00
See the [setup guide](https://mailinabox.email/guide.html) for detailed, user-friendly instructions.
link security.md from the readme
2015-05-29 01:41:23 +00:00
Start changelog and instructions updates for version 60 supporting Ubuntu 22.04 To scan for updated apt packages in Ubuntu 22.04, I ran on Ubuntu 18.04 and 22.04 and compared the output: ``` for package in openssl openssh-client haveged pollinate fail2ban ufw bind9 nsd ldnsutils nginx dovecot-core postfix opendkim opendkim-tools opendmarc postgrey spampd razor pyzor dovecot-antispam sqlite3 duplicity certbot munin munin-node php python3; do echo -n "$package "; dpkg-query --showformat='${Version}' --show $package; echo done ```
2022-01-09 15:39:29 +00:00
For experts, start with a completely fresh (really, I mean it) Ubuntu 22.04 LTS 64-bit machine. On the machine...
add instructions for verifying the signed tags to the README
2015-04-01 14:38:09 +00:00
Remove the instructions for checking that release tags are signed by me since I am not going to do that anymore
2021-01-31 13:47:33 +00:00
Clone this repository and checkout the tag corresponding to the most recent release:
add instructions for verifying the signed tags to the README
2015-04-01 14:38:09 +00:00
$ git clone https://github.com/mail-in-a-box/mailinabox
$ cd mailinabox
v68
2024-04-01 14:55:17 +00:00
$ git checkout v68
v0.12 -------------------- This is a minor update to v0.11, which was a major update. Please read v0.11's advisories. * The administrator@ alias was incorrectly created starting with v0.11. If your first install was v0.11, check that the administrator@ alias forwards mail to you. * Intrusion detection rules (fail2ban) are relaxed (i.e. less is blocked). * SSL certificates could not be installed for the new automatic 'www.' redirect domains. * PHP's default character encoding is changed from no default to UTF8. The effect of this change is unclear but should prevent possible future text conversion issues. * User-installed SSL private keys in the BEGIN PRIVATE KEY format were not accepted. * SSL certificates with SAN domains with IDNA encoding were broken in v0.11. * Some IDNA functionality was using IDNA 2003 rather than IDNA 2008.
2015-07-03 14:31:44 +00:00
tweak README
2015-08-14 21:04:42 +00:00
Begin the installation.
$ sudo setup/start.sh
Remove the instructions for checking that release tags are signed by me since I am not going to do that anymore
2021-01-31 13:47:33 +00:00
The installation will install, uninstall, and configure packages to turn the machine into a working, good mail server.
v0.40
2019-01-12 13:24:15 +00:00
For help, DO NOT contact Josh directly --- I don't do tech support by email or tweet (no exceptions).
tweak README
2015-08-14 21:04:42 +00:00
v0.40
2019-01-12 13:24:15 +00:00
Post your question on the [discussion forum](https://discourse.mailinabox.email/) instead, where maintainers and Mail-in-a-Box users may be able to help you.
add instructions for verifying the signed tags to the README
2015-04-01 14:38:09 +00:00
v0.50 v0.50 (September 25, 2020) -------------------------- Setup: * When upgrading from versions before v0.40, setup will now warn that ownCloud/Nextcloud data cannot be migrated rather than failing the installation. Mail: * An MTA-STS policy for incoming mail is now published (in DNS and over HTTPS) when the primary hostname and email address domain both have a signed TLS certificate installed, allowing senders to know that an encrypted connection should be enforced. * The per-IP connection limit to the IMAP server has been doubled to allow more devices to connect at once, especially with multiple users behind a NAT. DNS: * autoconfig and autodiscover subdomains and CalDAV/CardDAV SRV records are no longer generated for domains that don't have user accounts since they are unnecessary. * IPv6 addresses can now be specified for secondary DNS nameservers in the control panel. TLS: * TLS certificates are now provisioned in groups by parent domain to limit easy domain enumeration and make provisioning more resilient to errors for particular domains. Control Panel: * The control panel API is now fully documented at https://mailinabox.email/api-docs.html. * User passwords can now have spaces. * Status checks for automatic subdomains have been moved into the section for the parent domain. * Typo fixed. Web: * The default web page served on fresh installations now adds the `noindex` meta tag. * The HSTS header is revised to also be sent on non-success responses.
2020-09-25 11:43:30 +00:00
Note that while we want everything to "just work," we can't control the rest of the Internet. Other mail services might block or spam-filter email sent from your Mail-in-a-Box.
This is a challenge faced by everyone who runs their own mail server, with or without Mail-in-a-Box. See our discussion forum for tips about that.
Remove the instructions for checking that release tags are signed by me since I am not going to do that anymore
2021-01-31 13:47:33 +00:00
Add some development instructions to CONTRIBUTING.md (#1348)
2018-02-05 13:41:19 +00:00
Contributing and Development
----------------------------
Mail-in-a-Box is an open source project. Your contributions and pull requests are welcome. See [CONTRIBUTING](CONTRIBUTING.md) to get started.
paste my KNC entry into the README, move docs to a new file
2014-03-16 21:18:38 +00:00
The Acknowledgements
--------------------
more for the README
2013-08-31 23:46:36 +00:00
Update README URLs based on HTTP redirects (#908)
2016-08-15 15:07:09 +00:00
This project was inspired in part by the ["NSA-proof your email in 2 hours"](http://sealedabstract.com/code/nsa-proof-your-e-mail-in-2-hours/) blog post by Drew Crawford, [Sovereign](https://github.com/sovereign/sovereign) by Alex Payne, and conversations with <a href="https://twitter.com/shevski" target="_blank">@shevski</a>, <a href="https://github.com/konklone" target="_blank">@konklone</a>, and <a href="https://github.com/gregelin" target="_blank">@GregElin</a>.
more for the README
2013-08-31 23:46:36 +00:00
link to Modoboa in README
2014-09-26 12:20:13 +00:00
Mail-in-a-Box is similar to [iRedMail](http://www.iredmail.org/) and [Modoboa](https://github.com/tonioo/modoboa).
acknowledge iRedMail
2014-04-23 16:49:04 +00:00
v0.50 v0.50 (September 25, 2020) -------------------------- Setup: * When upgrading from versions before v0.40, setup will now warn that ownCloud/Nextcloud data cannot be migrated rather than failing the installation. Mail: * An MTA-STS policy for incoming mail is now published (in DNS and over HTTPS) when the primary hostname and email address domain both have a signed TLS certificate installed, allowing senders to know that an encrypted connection should be enforced. * The per-IP connection limit to the IMAP server has been doubled to allow more devices to connect at once, especially with multiple users behind a NAT. DNS: * autoconfig and autodiscover subdomains and CalDAV/CardDAV SRV records are no longer generated for domains that don't have user accounts since they are unnecessary. * IPv6 addresses can now be specified for secondary DNS nameservers in the control panel. TLS: * TLS certificates are now provisioned in groups by parent domain to limit easy domain enumeration and make provisioning more resilient to errors for particular domains. Control Panel: * The control panel API is now fully documented at https://mailinabox.email/api-docs.html. * User passwords can now have spaces. * Status checks for automatic subdomains have been moved into the section for the parent domain. * Typo fixed. Web: * The default web page served on fresh installations now adds the `noindex` meta tag. * The HSTS header is revised to also be sent on non-success responses.
2020-09-25 11:43:30 +00:00
paste my KNC entry into the README, move docs to a new file
2014-03-16 21:18:38 +00:00
The History
-----------
more for the README
2013-08-31 23:46:36 +00:00
messed up markdown in the README, in 263fdb15f9328a5f4c8d9cb53eee0509ea7e05fa
2014-04-24 17:15:42 +00:00
* In 2007 I wrote a relatively popular Mozilla Thunderbird extension that added client-side SPF and DKIM checks to mail to warn users about possible phishing: [add-on page](https://addons.mozilla.org/en-us/thunderbird/addon/sender-verification-anti-phish/), [source](https://github.com/JoshData/thunderbird-spf).
add security.md and clean up README
2015-05-22 20:53:13 +00:00
* In August 2013 I began Mail-in-a-Box by combining my own mail server configuration with the setup in ["NSA-proof your email in 2 hours"](http://sealedabstract.com/code/nsa-proof-your-e-mail-in-2-hours/) and making the setup steps reproducible with bash scripts.
update News Challenge status in README
2014-06-10 22:48:09 +00:00
* Mail-in-a-Box was a semifinalist in the 2014 [Knight News Challenge](https://www.newschallenge.org/challenge/2014/submissions/mail-in-a-box), but it was not selected as a winner.
Added Hacker-News Reference Nov 2016 (#1014)
2016-11-28 12:24:57 +00:00
* Mail-in-a-Box hit the front page of Hacker News in [April](https://news.ycombinator.com/item?id=7634514) 2014, [September](https://news.ycombinator.com/item?id=8276171) 2014, [May](https://news.ycombinator.com/item?id=9624267) 2015, and [November](https://news.ycombinator.com/item?id=13050500) 2016.
press hit
2015-06-27 14:10:33 +00:00
* FastCompany mentioned Mail-in-a-Box a [roundup of privacy projects](http://www.fastcompany.com/3047645/your-own-private-cloud) on June 26, 2015.