2020-04-12 00:41:01 +00:00
(Power) Mail-in-a-Box
=====================
2020-04-22 15:29:44 +00:00
## Installation
2020-06-21 14:45:34 +00:00
- **PRE-REQUISITES:** Debian 10 (Buster) or Ubuntu 20.04 LTS fresh installation
2020-04-22 15:29:44 +00:00
Update packages:
```sh
sudo apt update
sudo apt full-upgrade
```
2020-06-29 08:47:38 +00:00
Make sure that the `en_US.UTF-8` locale exists and is set as primary (this depends on the image you use)
2020-04-22 15:29:44 +00:00
```sh
sudo apt install locales
sudo dpkg-reconfigure locales
```
Install Power-Mail-in-a-Box (short link)
```sh
curl -L https://dvn.pt/powermiab | sudo bash
```
2020-06-29 08:47:38 +00:00
If that doesn't work:
```sh
curl https://raw.githubusercontent.com/ddavness/power-mailinabox/master/setup/bootstrap.sh | sudo bash
```
2020-11-21 02:42:26 +00:00
## Current Version: v0.51.POWER.1 (Tracking v0.51)
2020-04-18 13:45:42 +00:00
2020-04-12 00:41:01 +00:00
This is a fork of MiaB (duh), hacked and tuned to my needs:
✅ - **Done**
👨💻 - **Not there yet, but soon!**
💤 - **I did not begin this part yet!**
2020-11-15 18:45:13 +00:00
- ✅ Support for Debian AND Ubuntu 20.04 LTS;
2020-04-12 00:41:01 +00:00
2020-04-18 13:45:42 +00:00
- ✅ Native support for SMTP relays (For example: SendGrid);
2020-04-12 00:41:01 +00:00
2020-04-20 14:57:47 +00:00
- ✅ Bumped the bootstrap and jQuery dependencies' versions - and we've got a brand new admin panel now!
2020-04-12 00:41:01 +00:00
2020-11-15 18:45:13 +00:00
- ✅ Per-domain `nginx` configuration: Custom pages will no longer have their pages defaulting to the MiaB services (`/admin`, `/mail` , etc.);
2020-04-20 14:57:47 +00:00
2020-06-27 20:32:36 +00:00
- ✅ Updated NextCloud to the latest version available;
2020-07-22 11:45:18 +00:00
- ✅ Performing backups immediately from the admin panel (independently from the daily schedule);
2020-07-11 07:43:46 +00:00
2020-11-15 18:45:13 +00:00
- 👨💻 Encrypting backups using user-provided PGP keys;
2020-07-08 14:00:04 +00:00
2020-11-15 18:45:13 +00:00
- 👨💻 Integrate a WKD server (Web Key Directory) for PGP keys;
- 💤 Restricting access to the admin panel to certain IP's?
- 💤 Customizing MTA names? (because privacy)
2020-04-16 18:52:01 +00:00
2020-06-29 08:47:38 +00:00
### Ideas section:
2020-11-15 18:45:13 +00:00
- 💤 Ability to download the backups from the admin panel;
2020-07-08 14:00:04 +00:00
- 💤 Possibility of making some services optional (if they require more software to be installed) on setup?
- - For example, one might simply not use NextCloud/Munin at all, and they're there... just wasting resources.
- 💤 AXFR Transfers (for secondary DNS) using TSIG?
2020-06-29 08:47:38 +00:00
2020-07-08 14:00:04 +00:00
- 💤 Expand DNS record options?
2020-06-29 08:47:38 +00:00
2020-07-08 14:00:04 +00:00
- 💤 More complete webmail configuration via the admin panel/plugin management?
2020-06-29 08:47:38 +00:00
2020-11-15 18:45:13 +00:00
- 💤 Expand the TOTP Two-Factor-Authentication for the webmail?
2020-07-11 07:43:46 +00:00
- - Maybe U2F one day, too, but I don't have a capable device for this just yet...
2020-04-12 00:41:01 +00:00
- 💤 Anything else I might need to use;
All in all, I think I should rename this to something like "Central [Clown Computing ](https://www.urbandictionary.com/define.php?term=clown%20computing )", since I'm trying to cram as many services as possible into that poor machine (Spending 5$ is better than spending 10$)
Original Documentation
======================
2013-08-21 02:27:32 +00:00
2014-09-14 00:45:10 +00:00
By [@JoshData ](https://github.com/JoshData ) and [contributors ](https://github.com/mail-in-a-box/mailinabox/graphs/contributors ).
2014-08-16 14:20:57 +00:00
2014-03-16 21:18:38 +00:00
Mail-in-a-Box helps individuals take back control of their email by defining a one-click, easy-to-deploy SMTP+everything else server: a mail server in a box.
2013-09-05 11:21:53 +00:00
2014-09-07 11:24:50 +00:00
**Please see [https://mailinabox.email ](https://mailinabox.email ) for the project's website and setup guide!**
* * *
2014-05-15 12:57:38 +00:00
2016-08-08 12:19:42 +00:00
Our goals are to:
2014-08-23 22:08:03 +00:00
2014-08-23 22:09:07 +00:00
* Make deploying a good mail server easy.
* Promote [decentralization ](http://redecentralize.org/ ), innovation, and privacy on the web.
2019-12-19 23:33:36 +00:00
* Have automated, auditable, and [idempotent ](https://web.archive.org/web/20190518072631/https://sharknet.us/2014/02/01/automated-configuration-management-challenges-with-idempotency/ ) configuration.
2015-05-19 15:18:53 +00:00
* **Not** make a totally unhackable, NSA-proof server.
2020-04-12 00:41:01 +00:00
* ~~**Not** make something customizable by power users.~~
2013-08-31 23:46:36 +00:00
2016-08-08 12:19:42 +00:00
Additionally, this project has a [Code of Conduct ](CODE_OF_CONDUCT.md ), which supersedes the goals above. Please review it when joining our community.
2014-09-03 15:10:30 +00:00
2020-09-25 11:43:30 +00:00
In The Box
----------
2014-09-03 15:10:30 +00:00
2020-04-22 15:29:44 +00:00
Mail-in-a-Box turns a fresh ~~Ubuntu 18.04 LTS~~ Debian 10 (Buster) 64-bit machine into a working mail server by installing and configuring various components.
2015-05-22 20:53:13 +00:00
2020-09-25 11:43:30 +00:00
It is a one-click email appliance. There are no user-configurable setup options. It "just works."
2015-05-22 20:53:13 +00:00
The components installed are:
2020-09-25 11:43:30 +00:00
* SMTP ([postfix](http://www.postfix.org/)), IMAP ([Dovecot](http://dovecot.org/)), CardDAV/CalDAV ([Nextcloud](https://nextcloud.com/)), and Exchange ActiveSync ([z-push](http://z-push.org/)) servers
* Webmail ([Roundcube](http://roundcube.net/)), mail filter rules (thanks to Roundcube and Dovecot), and email client autoconfig settings (served by [nginx ](http://nginx.org/ ))
2020-05-17 16:10:38 +00:00
* Spam filtering ([spamassassin](https://spamassassin.apache.org/)) and greylisting ([postgrey](http://postgrey.schweikert.ch/))
* DNS ([nsd4](https://www.nlnetlabs.nl/projects/nsd/)) with [SPF ](https://en.wikipedia.org/wiki/Sender_Policy_Framework ), DKIM ([OpenDKIM](http://www.opendkim.org/)), [DMARC ](https://en.wikipedia.org/wiki/DMARC ), [DNSSEC ](https://en.wikipedia.org/wiki/DNSSEC ), [DANE TLSA ](https://en.wikipedia.org/wiki/DNS-based_Authentication_of_Named_Entities ), [MTA-STS ](https://tools.ietf.org/html/rfc8461 ), and [SSHFP ](https://tools.ietf.org/html/rfc4255 ) policy records automatically set
2020-09-25 11:43:30 +00:00
* TLS certificates are automatically provisioned using [Let's Encrypt ](https://letsencrypt.org/ ) for protecting https and all of the other services on the box
2020-05-17 16:10:38 +00:00
* Backups ([duplicity](http://duplicity.nongnu.org/)), firewall ([ufw](https://launchpad.net/ufw)), intrusion protection ([fail2ban](http://www.fail2ban.org/wiki/index.php/Main_Page)), and basic system monitoring ([munin](http://munin-monitoring.org/))
2015-06-03 20:30:26 +00:00
2020-05-17 16:10:38 +00:00
It also includes system management tools:
2015-06-03 20:30:26 +00:00
2020-05-17 16:10:38 +00:00
* Comprehensive health monitoring that checks each day that services are running, ports are open, TLS certificates are valid, and DNS records are correct
* A control panel for adding/removing mail users, aliases, custom DNS records, configuring backups, etc.
* An API for all of the actions on the control panel
2020-09-25 11:43:30 +00:00
It also supports static website hosting since the box is serving HTTPS anyway. (To serve a website for your domains elsewhere, just add a custom DNS "A" record in you Mail-in-a-Box's control panel to point domains to another server.)
2015-05-22 20:53:13 +00:00
For more information on how Mail-in-a-Box handles your privacy, see the [security details page ](security.md ).
2014-09-03 15:10:30 +00:00
2020-09-25 11:43:30 +00:00
2015-08-14 21:04:42 +00:00
Installation
2015-04-01 14:38:09 +00:00
------------
2015-08-14 21:04:42 +00:00
See the [setup guide ](https://mailinabox.email/guide.html ) for detailed, user-friendly instructions.
2015-05-29 01:41:23 +00:00
2018-09-30 00:11:48 +00:00
For experts, start with a completely fresh (really, I mean it) Ubuntu 18.04 LTS 64-bit machine. On the machine...
2015-04-01 14:38:09 +00:00
2015-08-14 21:04:42 +00:00
Clone this repository:
2015-04-01 14:38:09 +00:00
$ git clone https://github.com/mail-in-a-box/mailinabox
$ cd mailinabox
2019-01-12 13:24:15 +00:00
_Optional:_ Download Josh's PGP key and then verify that the sources were signed
by him:
2015-08-14 21:04:42 +00:00
$ curl -s https://keybase.io/joshdata/key.asc | gpg --import
gpg: key C10BDD81: public key "Joshua Tauberer < jt @ occams . info > " imported
2020-11-14 15:05:20 +00:00
$ git verify-tag v0.51
2015-04-01 14:38:09 +00:00
gpg: Signature made ..... using RSA key ID C10BDD81
gpg: Good signature from "Joshua Tauberer < jt @ occams . info > "
gpg: WARNING: This key is not certified with a trusted signature!
gpg: There is no indication that the signature belongs to the owner.
Primary key fingerprint: 5F4C 0E73 13CC D744 693B 2AEA B920 41F4 C10B DD81
2016-02-18 04:17:47 +00:00
You'll get a lot of warnings, but that's OK. Check that the primary key fingerprint matches the
v0.14
v0.14 (November 4, 2015)
------------------------
Mail:
* Spamassassin's network-based tests (Pyzor, others) and DKIM tests are now enabled. (Pyzor had always been installed but was not active due to a misconfiguration.)
* Moving spam out of the Spam folder and into Trash would incorrectly train Spamassassin that those messages were not spam.
* Automatically create the Sent and Archive folders for new users.
* The HTML5_Notifier plugin for Roundcube is now included, which when turned on in Roundcube settings provides desktop notifications for new mail.
* The Exchange/ActiveSync backend Z-Push has been updated to fix a problem with CC'd emails not being sent to the CC recipients.
Calender/Contacts:
* CalDAV/CardDAV and Exchange/ActiveSync for calendar/contacts wasn't working in some network configurations.
Web:
* When a new domain is added to the box, rather than applying a new self-signed certificate for that domain, the SSL certificate for the box's primary hostname will be used instead.
* If a custom DNS record is set on a domain or 'www'+domain, web would not be served for that domain. If the custom DNS record is just the box's IP address, that's a configuration mistake, but allow it and let web continue to be served.
* Accommodate really long domain names by increasing an nginx setting.
Control panel:
* Added an option to check for new Mail-in-a-Box versions within status checks. It is off by default so that boxes don't "phone home" without permission.
* Added a random password generator on the users page to simplify creating new accounts.
* When S3 backup credentials are set, the credentials are now no longer ever sent back from the box to the client, for better security.
* Fixed the jumpiness when a modal is displayed.
* Focus is put into the login form fields when the login form is displayed.
* Status checks now include a warning if a custom DNS record has been set on a domain that would normally serve web and as a result that domain no longer is serving web.
* Status checks now check that secondary nameservers, if specified, are actually serving the domains.
* Some errors in the control panel when there is invalid data in the database or an improperly named archived user account have been suppressed.
* Added subresource integrity attributes to all remotely-sourced resources (i.e. via CDNs) to guard against CDNs being used as an attack vector.
System:
* Tweaks to fail2ban settings.
* Fixed a spurrious warning while installing munin.
2015-11-04 22:56:31 +00:00
fingerprint in the key details at [https://keybase.io/joshdata ](https://keybase.io/joshdata )
2019-01-12 13:24:15 +00:00
and on his [personal homepage ](https://razor.occams.info/ ). (Of course, if this repository has been compromised you can't trust these instructions.)
v0.14
v0.14 (November 4, 2015)
------------------------
Mail:
* Spamassassin's network-based tests (Pyzor, others) and DKIM tests are now enabled. (Pyzor had always been installed but was not active due to a misconfiguration.)
* Moving spam out of the Spam folder and into Trash would incorrectly train Spamassassin that those messages were not spam.
* Automatically create the Sent and Archive folders for new users.
* The HTML5_Notifier plugin for Roundcube is now included, which when turned on in Roundcube settings provides desktop notifications for new mail.
* The Exchange/ActiveSync backend Z-Push has been updated to fix a problem with CC'd emails not being sent to the CC recipients.
Calender/Contacts:
* CalDAV/CardDAV and Exchange/ActiveSync for calendar/contacts wasn't working in some network configurations.
Web:
* When a new domain is added to the box, rather than applying a new self-signed certificate for that domain, the SSL certificate for the box's primary hostname will be used instead.
* If a custom DNS record is set on a domain or 'www'+domain, web would not be served for that domain. If the custom DNS record is just the box's IP address, that's a configuration mistake, but allow it and let web continue to be served.
* Accommodate really long domain names by increasing an nginx setting.
Control panel:
* Added an option to check for new Mail-in-a-Box versions within status checks. It is off by default so that boxes don't "phone home" without permission.
* Added a random password generator on the users page to simplify creating new accounts.
* When S3 backup credentials are set, the credentials are now no longer ever sent back from the box to the client, for better security.
* Fixed the jumpiness when a modal is displayed.
* Focus is put into the login form fields when the login form is displayed.
* Status checks now include a warning if a custom DNS record has been set on a domain that would normally serve web and as a result that domain no longer is serving web.
* Status checks now check that secondary nameservers, if specified, are actually serving the domains.
* Some errors in the control panel when there is invalid data in the database or an improperly named archived user account have been suppressed.
* Added subresource integrity attributes to all remotely-sourced resources (i.e. via CDNs) to guard against CDNs being used as an attack vector.
System:
* Tweaks to fail2ban settings.
* Fixed a spurrious warning while installing munin.
2015-11-04 22:56:31 +00:00
2015-08-14 21:04:42 +00:00
Checkout the tag corresponding to the most recent release:
2020-11-14 15:05:20 +00:00
$ git checkout v0.51
2015-07-03 14:31:44 +00:00
2015-08-14 21:04:42 +00:00
Begin the installation.
$ sudo setup/start.sh
2019-01-12 13:24:15 +00:00
For help, DO NOT contact Josh directly --- I don't do tech support by email or tweet (no exceptions).
2015-08-14 21:04:42 +00:00
2019-01-12 13:24:15 +00:00
Post your question on the [discussion forum ](https://discourse.mailinabox.email/ ) instead, where maintainers and Mail-in-a-Box users may be able to help you.
2015-04-01 14:38:09 +00:00
2020-09-25 11:43:30 +00:00
Note that while we want everything to "just work," we can't control the rest of the Internet. Other mail services might block or spam-filter email sent from your Mail-in-a-Box.
This is a challenge faced by everyone who runs their own mail server, with or without Mail-in-a-Box. See our discussion forum for tips about that.
2018-02-05 13:41:19 +00:00
Contributing and Development
----------------------------
2020-04-12 00:41:01 +00:00
Mail-in-a-Box is an open source project. Your contributions and pull requests are welcome. See [CONTRIBUTING ](CONTRIBUTING.md ) to get started.
2018-02-05 13:41:19 +00:00
2014-03-16 21:18:38 +00:00
The Acknowledgements
--------------------
2013-08-31 23:46:36 +00:00
2016-08-15 15:07:09 +00:00
This project was inspired in part by the ["NSA-proof your email in 2 hours" ](http://sealedabstract.com/code/nsa-proof-your-e-mail-in-2-hours/ ) blog post by Drew Crawford, [Sovereign ](https://github.com/sovereign/sovereign ) by Alex Payne, and conversations with < a href = "https://twitter.com/shevski" target = "_blank" > @shevski</ a > , < a href = "https://github.com/konklone" target = "_blank" > @konklone</ a > , and < a href = "https://github.com/gregelin" target = "_blank" > @GregElin</ a > .
2013-08-31 23:46:36 +00:00
2014-09-26 12:20:13 +00:00
Mail-in-a-Box is similar to [iRedMail ](http://www.iredmail.org/ ) and [Modoboa ](https://github.com/tonioo/modoboa ).
2014-04-23 16:49:04 +00:00
2020-09-25 11:43:30 +00:00
2014-03-16 21:18:38 +00:00
The History
-----------
2013-08-31 23:46:36 +00:00
2014-04-24 17:15:42 +00:00
* In 2007 I wrote a relatively popular Mozilla Thunderbird extension that added client-side SPF and DKIM checks to mail to warn users about possible phishing: [add-on page ](https://addons.mozilla.org/en-us/thunderbird/addon/sender-verification-anti-phish/ ), [source ](https://github.com/JoshData/thunderbird-spf ).
2015-05-22 20:53:13 +00:00
* In August 2013 I began Mail-in-a-Box by combining my own mail server configuration with the setup in ["NSA-proof your email in 2 hours" ](http://sealedabstract.com/code/nsa-proof-your-e-mail-in-2-hours/ ) and making the setup steps reproducible with bash scripts.
2014-06-10 22:48:09 +00:00
* Mail-in-a-Box was a semifinalist in the 2014 [Knight News Challenge ](https://www.newschallenge.org/challenge/2014/submissions/mail-in-a-box ), but it was not selected as a winner.
2016-11-28 12:24:57 +00:00
* Mail-in-a-Box hit the front page of Hacker News in [April ](https://news.ycombinator.com/item?id=7634514 ) 2014, [September ](https://news.ycombinator.com/item?id=8276171 ) 2014, [May ](https://news.ycombinator.com/item?id=9624267 ) 2015, and [November ](https://news.ycombinator.com/item?id=13050500 ) 2016.
2015-06-27 14:10:33 +00:00
* FastCompany mentioned Mail-in-a-Box a [roundup of privacy projects ](http://www.fastcompany.com/3047645/your-own-private-cloud ) on June 26, 2015.