mailinabox/README.md

303 lines
12 KiB
Markdown
Raw Normal View History

2019-01-28 07:24:09 +00:00
Mail-in-a-Box with Quotas
=========================
This is an experimental implementation of Mail-in-a-box with quota support.
2019-01-28 07:24:09 +00:00
Quotas can be set and viewed in the control panel
To set quotas from the command line, use:
tools/mail.py user quota <email> <quota>
To set the system default quota for new users, use:
tools/mail.py system default-quota <quota>
Mailbox size recalculation by Dovecot can be forced using the command:
doveadm quota recalc -A
2019-01-28 07:24:09 +00:00
2019-01-30 10:52:02 +00:00
Please report any bugs on github.
2019-10-10 15:09:33 +00:00
Installing v0.4x-quota
2019-10-04 15:46:10 +00:00
-----------------------
To install the latest version, log into your box and execute the following commands:
$ git clone https://github.com/jrsupplee/mailinabox.git
$ cd mailinabox
$ sudo bash setup/bootstrap.sh
Follow the standard directions for setting up an MiaB installation. There are no special installation steps for installing this version.
The default quota is set to `0` which means unlimited. If you want to set a different default quota, follow the directions above.
2019-10-10 15:09:33 +00:00
Upgrading v0.4x to v.0.4x-quota
2019-10-04 15:46:10 +00:00
--------------------------------
This is experimental software. You have been warned.
* Rename your `mailinabox` directory to something like `miab.old`
* Clone this repository using:
`git clone https://github.com/jrsupplee/mailinabox.git`
2019-04-15 14:34:56 +00:00
* cd into `mailinabox` and run `sudo bash setup/bootstrap.sh` On occasion there are lock errors when updating `Munin`. Just re-run `sudo setup/start.sh` until the error does not occur.
* Note: all existing users at the time of the upgrade will have there quota set to `0` (unlimited).
2019-02-27 13:02:11 +00:00
Upgrading MiaB with quotas to a New Version
2019-10-04 15:46:10 +00:00
-------------------------------------------
* `cd` into the `mailinabox` directory.
* Execute `git pull` to download the latest changes.
* Execute `sudo bash setup/bootstrap.sh` to checkout the latest version and re-run setup.
Issues
------
* When a user's quota is changed, any IMAP session running for that user will not recognize the new quota. To solve this a `dovecot reload` could be issued causing all current IMAP sessions to be terminated. On a system with many users, it might not be desirable to reset all users sessions to fix the quota for one user. Also if the administrator is setting the quota for several users it would result in the continual reset of those connections.
2019-01-30 10:52:02 +00:00
2020-12-03 21:25:22 +00:00
* API docs do not include the quota endpoints. Quota API endpoints need to be added to `api/mainlinabox.yml`.
2019-01-30 10:52:02 +00:00
Changes
-------
2019-01-30 07:44:23 +00:00
Merge tag 'v55' of https://github.com/mail-in-a-box/mailinabox Version 55 (October 18, 2021) ----------------------------- Mail: * "SMTPUTF8" is now disabled in Postfix. Because Dovecot still does not support SMTPUTF8, incoming mail to internationalized addresses was bouncing. This fixes incoming mail to internationalized domains (which was probably working prior to v0.40), but it will prevent sending outbound mail to addresses with internationalized local-parts. * Upgraded to Roundcube 1.5. Control panel: * The control panel menus are now hidden before login, but now non-admins can log in to access the mail and contacts/calendar instruction pages. * The login form now disables browser autocomplete in the two-factor authentication code field. * After logging in, the default page is now a fast-loading welcome page rather than the slow-loading system status checks page. * The backup retention period option now displays for B2 backup targets. * The DNSSEC DS record recommendations are cleaned up and now recommend changing records that use SHA1. * The Munin monitoring pages no longer require a separate HTTP basic authentication login and can be used if two-factor authentication is turned on. * Control panel logins are now tied to a session backend that allows true logouts (rather than an encrypted cookie). * Failed logins no longer directly reveal whether the email address corresponds to a user account. * Browser dark mode now inverts the color scheme. Other: * Fail2ban's IPv6 support is enabled. * The mail log tool now doesn't crash if there are email addresess in log messages with invalid UTF-8 characters. * Additional nsd.conf files can be placed in /etc/nsd.conf.d.
2021-10-30 09:58:47 +00:00
### v0.55-quota-0.22-beta
* Update to v55 of Mail-in-a-Box
### v0.53-quota-0.22-beta
* Update to v0.53 of Mail-in-a-Box
### v0.52-quota-0.22-beta
* Update to v0.52 of Mail-in-a-Box
2020-12-03 21:25:22 +00:00
### v0.51-quota-0.22-beta
* Update to v0.51 of Mail-in-a-Box
v0.50 (September 25, 2020) -------------------------- Setup: * When upgrading from versions before v0.40, setup will now warn that ownCloud/Nextcloud data cannot be migrated rather than failing the installation. Mail: * An MTA-STS policy for incoming mail is now published (in DNS and over HTTPS) when the primary hostname and email address domain both have a signed TLS certificate installed, allowing senders to know that an encrypted connection should be enforced. * The per-IP connection limit to the IMAP server has been doubled to allow more devices to connect at once, especially with multiple users behind a NAT. DNS: * autoconfig and autodiscover subdomains and CalDAV/CardDAV SRV records are no longer generated for domains that don't have user accounts since they are unnecessary. * IPv6 addresses can now be specified for secondary DNS nameservers in the control panel. TLS: * TLS certificates are now provisioned in groups by parent domain to limit easy domain enumeration and make provisioning more resilient to errors for particular domains. Control Panel: * The control panel API is now fully documented at https://mailinabox.email/api-docs.html. * User passwords can now have spaces. * Status checks for automatic subdomains have been moved into the section for the parent domain. * Typo fixed. Web: * The default web page served on fresh installations now adds the `noindex` meta tag. * The HSTS header is revised to also be sent on non-success responses. -----BEGIN PGP SIGNATURE----- iQFDBAABCgAtFiEEX0wOcxPM10RpOyrquSBB9MEL3YEFAl9t2AgPHGp0QG9jY2Ft cy5pbmZvAAoJELkgQfTBC92BZNkH/1jIGoWTz0xlS+e+TeXpHoCp/7zYAvQq/a/y vj9t1N1+bBg6Ywbd8UxyvOHwuL/UQU/5LTq6hk3gD+2ARfJUvDRbb047Xzlisg3N LhNoVhVbsxqKP1X2ZjeIBq9DgzMavuB64Bwd5UNdceM0Addi8KuCDOMF+FNY2t8k xytGjYdBi1/BG6SLBX+FAm5yrJghmkUJs2FnJjebSyyeV2HP3L1iBrk2N8UBd6PU fVjde534lgygFZK/8yXJpY2olfLMYJv7CaOMxvaW6RpbMI8VeLwDLfRt5LcrQZqq YXkuEnUI0eygbQYkeK/Vr1Vey6uQAWzIfbImEglHfvOXsZSYFXs= =SJNM -----END PGP SIGNATURE----- Merge tag 'v0.50' of https://github.com/mail-in-a-box/mailinabox into master v0.50 (September 25, 2020) -------------------------- Setup: * When upgrading from versions before v0.40, setup will now warn that ownCloud/Nextcloud data cannot be migrated rather than failing the installation. Mail: * An MTA-STS policy for incoming mail is now published (in DNS and over HTTPS) when the primary hostname and email address domain both have a signed TLS certificate installed, allowing senders to know that an encrypted connection should be enforced. * The per-IP connection limit to the IMAP server has been doubled to allow more devices to connect at once, especially with multiple users behind a NAT. DNS: * autoconfig and autodiscover subdomains and CalDAV/CardDAV SRV records are no longer generated for domains that don't have user accounts since they are unnecessary. * IPv6 addresses can now be specified for secondary DNS nameservers in the control panel. TLS: * TLS certificates are now provisioned in groups by parent domain to limit easy domain enumeration and make provisioning more resilient to errors for particular domains. Control Panel: * The control panel API is now fully documented at https://mailinabox.email/api-docs.html. * User passwords can now have spaces. * Status checks for automatic subdomains have been moved into the section for the parent domain. * Typo fixed. Web: * The default web page served on fresh installations now adds the `noindex` meta tag. * The HSTS header is revised to also be sent on non-success responses. # gpg verification failed. # Conflicts: # .gitignore # setup/bootstrap.sh
2020-10-11 16:16:36 +00:00
### v0.50-quota-0.22-beta
* Update to v0.50 of Mail-in-a-Box
### v0.48-quota-0.22-beta
* Update to v0.48 of Mail-in-a-Box
### v0.46-quota-0.22-beta
* Update to v0.46 of Mail-in-a-Box
2020-05-17 16:19:11 +00:00
### v0.45-quota-0.22-beta
* Update to v0.45 of Mail-in-a-Box
### v0.44-quota-0.22-beta
* Update to v0.44 of Mail-in-a-Box
### v0.43-quota-0.22-beta
* Fix bug that crashed user list when there is an archived user.
### v0.43-quota-0.21-beta
* Remove extra features from the master branch
2019-10-10 15:09:33 +00:00
### v0.43-quota-0.20-beta
* Hide *set quota* for a mailbox that has been archived
2019-10-04 15:46:10 +00:00
### v0.43-quota-0.19-beta
* Add user quota API documentation to the mail users page
2019-09-02 22:40:52 +00:00
### v0.43-quota-0.18-beta
* Update to v0.43 of Mail-in-a-Box
2019-08-28 21:50:38 +00:00
### v0.42b-quota-0.18-beta
* Update to v0.42b of Mail-in-a-Box
2019-03-30 12:23:38 +00:00
### v0.41-quota-0.18-beta
* Bump version to add a new annotated tag. The last version had a plain tag which is not seen when checking for the latest version.
2019-03-30 11:54:27 +00:00
### v0.41-quota-0.17-beta
* Change status of project to beta. No changes to the code
2019-02-27 13:02:11 +00:00
### v0.41-quota-0.17-alpha
* Update the README
### v0.41-quota-0.16-alpha
* Update to v0.41 of Mail-in-a-Box
### v0.40-quota-0.16-alpha
* Fix problem with quota field on control panel that prevented adding users.
### v0.40-quota-0.15-alpha
* Fix bug where quotas are not recalculated when a user's quota is changed in control panel
### v0.40-quota-0.14-alpha
* When updating a user's quota, execute `doveadm quota recalc -u <email>` to forces an immediate recalculation of the user's quota.
* Add a thousands separator (,) to the messages count in the control panel user list.
* Execute `doveadm quota recalc -A` to force a recalculation of all user quotas when running `start.sh`.
* Get rid of the error message complaining that the `quota` column already exists when upgrading from a previous version of `v0.40-quota`.
### v0.40-quota-0.13-alpha
* Add a `default-quota` setting in `settings.yaml`.
* Add input for setting quota when entering a new user in control panel.
* Modify `tools/mail.py` to allow for setting and getting the default system quota.
* Modify `tools/mail.py` to allow for getting a user's quota setting.
* Modify the mail users list in control panel to display percentage of quota used.
### v0.40-quota-0.12-alpha
* Update README
### v0.40-quota-0.11-alpha
* Read latest version from this repository not the Mail-in-a-Box master repository
### v0.40-quota-0.1-alpha
2019-01-30 10:52:02 +00:00
* First experimental release of Mail-in-a-Box for quotas.
* Quotas are working and there is basic support in the control panel and `tools/mail.py`.
Reference Documents
-------------------
* https://blog.sys4.de/postfix-dovecot-mailbox-quota-en.html
* https://linuxize.com/post/install-and-configure-postfix-and-dovecot/
2019-01-28 07:24:09 +00:00
\[BEGIN Official README]
Mail-in-a-Box
=============
By [@JoshData](https://github.com/JoshData) and [contributors](https://github.com/mail-in-a-box/mailinabox/graphs/contributors).
Mail-in-a-Box helps individuals take back control of their email by defining a one-click, easy-to-deploy SMTP+everything else server: a mail server in a box.
2013-09-05 11:21:53 +00:00
2014-09-07 11:24:50 +00:00
**Please see [https://mailinabox.email](https://mailinabox.email) for the project's website and setup guide!**
* * *
2016-08-08 12:19:42 +00:00
Our goals are to:
* Make deploying a good mail server easy.
* Promote [decentralization](http://redecentralize.org/), innovation, and privacy on the web.
* Have automated, auditable, and [idempotent](https://web.archive.org/web/20190518072631/https://sharknet.us/2014/02/01/automated-configuration-management-challenges-with-idempotency/) configuration.
2015-05-19 15:18:53 +00:00
* **Not** make a totally unhackable, NSA-proof server.
* **Not** make something customizable by power users.
2013-08-31 23:46:36 +00:00
2016-08-08 12:19:42 +00:00
Additionally, this project has a [Code of Conduct](CODE_OF_CONDUCT.md), which supersedes the goals above. Please review it when joining our community.
2020-09-25 11:43:30 +00:00
In The Box
----------
Mail-in-a-Box turns a fresh Ubuntu 18.04 LTS 64-bit machine into a working mail server by installing and configuring various components.
2015-05-22 20:53:13 +00:00
2020-09-25 11:43:30 +00:00
It is a one-click email appliance. There are no user-configurable setup options. It "just works."
2015-05-22 20:53:13 +00:00
The components installed are:
2020-09-25 11:43:30 +00:00
* SMTP ([postfix](http://www.postfix.org/)), IMAP ([Dovecot](http://dovecot.org/)), CardDAV/CalDAV ([Nextcloud](https://nextcloud.com/)), and Exchange ActiveSync ([z-push](http://z-push.org/)) servers
* Webmail ([Roundcube](http://roundcube.net/)), mail filter rules (thanks to Roundcube and Dovecot), and email client autoconfig settings (served by [nginx](http://nginx.org/))
* Spam filtering ([spamassassin](https://spamassassin.apache.org/)) and greylisting ([postgrey](http://postgrey.schweikert.ch/))
* DNS ([nsd4](https://www.nlnetlabs.nl/projects/nsd/)) with [SPF](https://en.wikipedia.org/wiki/Sender_Policy_Framework), DKIM ([OpenDKIM](http://www.opendkim.org/)), [DMARC](https://en.wikipedia.org/wiki/DMARC), [DNSSEC](https://en.wikipedia.org/wiki/DNSSEC), [DANE TLSA](https://en.wikipedia.org/wiki/DNS-based_Authentication_of_Named_Entities), [MTA-STS](https://tools.ietf.org/html/rfc8461), and [SSHFP](https://tools.ietf.org/html/rfc4255) policy records automatically set
2020-09-25 11:43:30 +00:00
* TLS certificates are automatically provisioned using [Let's Encrypt](https://letsencrypt.org/) for protecting https and all of the other services on the box
* Backups ([duplicity](http://duplicity.nongnu.org/)), firewall ([ufw](https://launchpad.net/ufw)), intrusion protection ([fail2ban](http://www.fail2ban.org/wiki/index.php/Main_Page)), and basic system monitoring ([munin](http://munin-monitoring.org/))
It also includes system management tools:
* Comprehensive health monitoring that checks each day that services are running, ports are open, TLS certificates are valid, and DNS records are correct
* A control panel for adding/removing mail users, aliases, custom DNS records, configuring backups, etc.
* An API for all of the actions on the control panel
Internationalized domain names are supported and configured easily (but SMTPUTF8 is not supported, unfortunately).
2020-09-25 11:43:30 +00:00
It also supports static website hosting since the box is serving HTTPS anyway. (To serve a website for your domains elsewhere, just add a custom DNS "A" record in you Mail-in-a-Box's control panel to point domains to another server.)
2015-05-22 20:53:13 +00:00
For more information on how Mail-in-a-Box handles your privacy, see the [security details page](security.md).
2020-09-25 11:43:30 +00:00
2015-08-14 21:04:42 +00:00
Installation
------------
2015-08-14 21:04:42 +00:00
See the [setup guide](https://mailinabox.email/guide.html) for detailed, user-friendly instructions.
2015-05-29 01:41:23 +00:00
For experts, start with a completely fresh (really, I mean it) Ubuntu 18.04 LTS 64-bit machine. On the machine...
Clone this repository and checkout the tag corresponding to the most recent release:
$ git clone https://github.com/mail-in-a-box/mailinabox
$ cd mailinabox
2022-01-19 21:59:34 +00:00
$ git checkout v56
2015-08-14 21:04:42 +00:00
Begin the installation.
$ sudo setup/start.sh
The installation will install, uninstall, and configure packages to turn the machine into a working, good mail server.
2019-01-12 13:24:15 +00:00
For help, DO NOT contact Josh directly --- I don't do tech support by email or tweet (no exceptions).
2015-08-14 21:04:42 +00:00
2019-01-12 13:24:15 +00:00
Post your question on the [discussion forum](https://discourse.mailinabox.email/) instead, where maintainers and Mail-in-a-Box users may be able to help you.
2020-09-25 11:43:30 +00:00
Note that while we want everything to "just work," we can't control the rest of the Internet. Other mail services might block or spam-filter email sent from your Mail-in-a-Box.
This is a challenge faced by everyone who runs their own mail server, with or without Mail-in-a-Box. See our discussion forum for tips about that.
Contributing and Development
----------------------------
Mail-in-a-Box is an open source project. Your contributions and pull requests are welcome. See [CONTRIBUTING](CONTRIBUTING.md) to get started.
The Acknowledgements
--------------------
2013-08-31 23:46:36 +00:00
This project was inspired in part by the ["NSA-proof your email in 2 hours"](http://sealedabstract.com/code/nsa-proof-your-e-mail-in-2-hours/) blog post by Drew Crawford, [Sovereign](https://github.com/sovereign/sovereign) by Alex Payne, and conversations with <a href="https://twitter.com/shevski" target="_blank">@shevski</a>, <a href="https://github.com/konklone" target="_blank">@konklone</a>, and <a href="https://github.com/gregelin" target="_blank">@GregElin</a>.
2013-08-31 23:46:36 +00:00
2014-09-26 12:20:13 +00:00
Mail-in-a-Box is similar to [iRedMail](http://www.iredmail.org/) and [Modoboa](https://github.com/tonioo/modoboa).
2014-04-23 16:49:04 +00:00
2020-09-25 11:43:30 +00:00
The History
-----------
2013-08-31 23:46:36 +00:00
* In 2007 I wrote a relatively popular Mozilla Thunderbird extension that added client-side SPF and DKIM checks to mail to warn users about possible phishing: [add-on page](https://addons.mozilla.org/en-us/thunderbird/addon/sender-verification-anti-phish/), [source](https://github.com/JoshData/thunderbird-spf).
2015-05-22 20:53:13 +00:00
* In August 2013 I began Mail-in-a-Box by combining my own mail server configuration with the setup in ["NSA-proof your email in 2 hours"](http://sealedabstract.com/code/nsa-proof-your-e-mail-in-2-hours/) and making the setup steps reproducible with bash scripts.
2014-06-10 22:48:09 +00:00
* Mail-in-a-Box was a semifinalist in the 2014 [Knight News Challenge](https://www.newschallenge.org/challenge/2014/submissions/mail-in-a-box), but it was not selected as a winner.
* Mail-in-a-Box hit the front page of Hacker News in [April](https://news.ycombinator.com/item?id=7634514) 2014, [September](https://news.ycombinator.com/item?id=8276171) 2014, [May](https://news.ycombinator.com/item?id=9624267) 2015, and [November](https://news.ycombinator.com/item?id=13050500) 2016.
2015-06-27 14:10:33 +00:00
* FastCompany mentioned Mail-in-a-Box a [roundup of privacy projects](http://www.fastcompany.com/3047645/your-own-private-cloud) on June 26, 2015.