mailinabox/README.md

186 lines
8.5 KiB
Markdown
Raw Normal View History

2019-01-28 07:24:09 +00:00
Mail-in-a-Box with Quotas
=========================
This is an experimental implementation of Mail-in-a-box with quota support.
2019-01-28 07:24:09 +00:00
There is baisc support for quotas in the control panel now. To set quotas from the command line, either use `tools/mail.py` or set the `quota`
column for the user in the `users.sqlite` database. If you modify the `users` table using SQL note the following:
* The `quota` column is text and allows for the `M` and `G` suffixes for megabytes and gigabytes respectively.
* No spaces should be used in the quota value (e.g. `2G` or `100M`).
2019-01-28 07:24:09 +00:00
2019-01-30 10:52:02 +00:00
Please report any bugs on github.
Installing v0.40-quota
----------------------
Follow the directions below for installing from a repository except clone from this repository instead of the official one.
Upgrading v0.40 to v.0.40-quota
-------------------------------
This is experimental software. You have been warned.
* Rename your `mailinabox` directory to something like `miab.old`
* Clone this repository using:
`git clone https://github.com/jrsupplee/mailinabox.git`
* cd into `mailinabox` and run `setup/start.sh` with root privileges.
* On occasion there are lock errors when updating `Munin`. Just re-run `setup/start.sh` until the error does not occur.
Upgrading v.0.40-quota to a New Version
---------------------------------------
* Remember that this is experimental software and review the changes in the repository.
* `cd` into the `mailinabox` directory.
* Execute `git pull` to download the latest changes.
* Execute `setup/start.sh` with root privileges.
Todo
----
2019-01-30 10:52:02 +00:00
* Allow Trash to have a grace percentage to allow users whose quota is full to delete messages.
* Allow configuration of default quota value on installation.
2019-01-30 07:44:23 +00:00
2019-01-30 10:52:02 +00:00
Changes
-------
2019-01-30 07:44:23 +00:00
### v0.40-quota-0.12-alpha
* Update README
### v0.40-quota-0.11-alpha
* Read latest version from this repository not the Mail-in-a-Box master repository
### v0.40-quota-0.1-alpha
2019-01-30 10:52:02 +00:00
* First experimental release of Mail-in-a-Box for quotas.
* Quotas are working and there is basic support in the control panel and `tools/mail.py`.
Reference Documents
-------------------
* https://blog.sys4.de/postfix-dovecot-mailbox-quota-en.html
* https://linuxize.com/post/install-and-configure-postfix-and-dovecot/
2019-01-28 07:24:09 +00:00
\[BEGIN Official README]
Mail-in-a-Box
=============
By [@JoshData](https://github.com/JoshData) and [contributors](https://github.com/mail-in-a-box/mailinabox/graphs/contributors).
Mail-in-a-Box helps individuals take back control of their email by defining a one-click, easy-to-deploy SMTP+everything else server: a mail server in a box.
2013-09-05 11:21:53 +00:00
2014-09-07 11:24:50 +00:00
**Please see [https://mailinabox.email](https://mailinabox.email) for the project's website and setup guide!**
* * *
2016-08-08 12:19:42 +00:00
Our goals are to:
* Make deploying a good mail server easy.
* Promote [decentralization](http://redecentralize.org/), innovation, and privacy on the web.
* Have automated, auditable, and [idempotent](https://sharknet.us/2014/02/01/automated-configuration-management-challenges-with-idempotency/) configuration.
2015-05-19 15:18:53 +00:00
* **Not** make a totally unhackable, NSA-proof server.
* **Not** make something customizable by power users.
2013-08-31 23:46:36 +00:00
2016-08-08 12:19:42 +00:00
Additionally, this project has a [Code of Conduct](CODE_OF_CONDUCT.md), which supersedes the goals above. Please review it when joining our community.
The Box
-------
Mail-in-a-Box turns a fresh Ubuntu 18.04 LTS 64-bit machine into a working mail server by installing and configuring various components.
2015-05-22 20:53:13 +00:00
2015-08-14 21:04:42 +00:00
It is a one-click email appliance. There are no user-configurable setup options. It "just works".
2015-05-22 20:53:13 +00:00
The components installed are:
* SMTP ([postfix](http://www.postfix.org/)), IMAP ([dovecot](http://dovecot.org/)), CardDAV/CalDAV ([Nextcloud](https://nextcloud.com/)), Exchange ActiveSync ([z-push](http://z-push.org/))
2015-05-22 20:53:13 +00:00
* Webmail ([Roundcube](http://roundcube.net/)), static website hosting ([nginx](http://nginx.org/))
* Spam filtering ([spamassassin](https://spamassassin.apache.org/)), greylisting ([postgrey](http://postgrey.schweikert.ch/))
* DNS ([nsd4](https://www.nlnetlabs.nl/projects/nsd/)) with [SPF](https://en.wikipedia.org/wiki/Sender_Policy_Framework), DKIM ([OpenDKIM](http://www.opendkim.org/)), [DMARC](https://en.wikipedia.org/wiki/DMARC), [DNSSEC](https://en.wikipedia.org/wiki/DNSSEC), [DANE TLSA](https://en.wikipedia.org/wiki/DNS-based_Authentication_of_Named_Entities), and [SSHFP](https://tools.ietf.org/html/rfc4255) records automatically set
2015-08-17 12:20:31 +00:00
* Backups ([duplicity](http://duplicity.nongnu.org/)), firewall ([ufw](https://launchpad.net/ufw)), intrusion protection ([fail2ban](http://www.fail2ban.org/wiki/index.php/Main_Page)), system monitoring ([munin](http://munin-monitoring.org/))
It also includes:
2015-06-06 12:55:13 +00:00
* A control panel and API for adding/removing mail users, aliases, custom DNS records, etc. and detailed system monitoring.
2015-05-22 20:53:13 +00:00
For more information on how Mail-in-a-Box handles your privacy, see the [security details page](security.md).
2015-08-14 21:04:42 +00:00
Installation
------------
2015-08-14 21:04:42 +00:00
See the [setup guide](https://mailinabox.email/guide.html) for detailed, user-friendly instructions.
2015-05-29 01:41:23 +00:00
For experts, start with a completely fresh (really, I mean it) Ubuntu 18.04 LTS 64-bit machine. On the machine...
2015-08-14 21:04:42 +00:00
Clone this repository:
$ git clone https://github.com/mail-in-a-box/mailinabox
$ cd mailinabox
2019-01-12 13:24:15 +00:00
_Optional:_ Download Josh's PGP key and then verify that the sources were signed
by him:
2015-08-14 21:04:42 +00:00
$ curl -s https://keybase.io/joshdata/key.asc | gpg --import
gpg: key C10BDD81: public key "Joshua Tauberer <jt@occams.info>" imported
2019-01-12 13:24:15 +00:00
$ git verify-tag v0.40
gpg: Signature made ..... using RSA key ID C10BDD81
gpg: Good signature from "Joshua Tauberer <jt@occams.info>"
gpg: WARNING: This key is not certified with a trusted signature!
gpg: There is no indication that the signature belongs to the owner.
Primary key fingerprint: 5F4C 0E73 13CC D744 693B 2AEA B920 41F4 C10B DD81
You'll get a lot of warnings, but that's OK. Check that the primary key fingerprint matches the
v0.14 v0.14 (November 4, 2015) ------------------------ Mail: * Spamassassin's network-based tests (Pyzor, others) and DKIM tests are now enabled. (Pyzor had always been installed but was not active due to a misconfiguration.) * Moving spam out of the Spam folder and into Trash would incorrectly train Spamassassin that those messages were not spam. * Automatically create the Sent and Archive folders for new users. * The HTML5_Notifier plugin for Roundcube is now included, which when turned on in Roundcube settings provides desktop notifications for new mail. * The Exchange/ActiveSync backend Z-Push has been updated to fix a problem with CC'd emails not being sent to the CC recipients. Calender/Contacts: * CalDAV/CardDAV and Exchange/ActiveSync for calendar/contacts wasn't working in some network configurations. Web: * When a new domain is added to the box, rather than applying a new self-signed certificate for that domain, the SSL certificate for the box's primary hostname will be used instead. * If a custom DNS record is set on a domain or 'www'+domain, web would not be served for that domain. If the custom DNS record is just the box's IP address, that's a configuration mistake, but allow it and let web continue to be served. * Accommodate really long domain names by increasing an nginx setting. Control panel: * Added an option to check for new Mail-in-a-Box versions within status checks. It is off by default so that boxes don't "phone home" without permission. * Added a random password generator on the users page to simplify creating new accounts. * When S3 backup credentials are set, the credentials are now no longer ever sent back from the box to the client, for better security. * Fixed the jumpiness when a modal is displayed. * Focus is put into the login form fields when the login form is displayed. * Status checks now include a warning if a custom DNS record has been set on a domain that would normally serve web and as a result that domain no longer is serving web. * Status checks now check that secondary nameservers, if specified, are actually serving the domains. * Some errors in the control panel when there is invalid data in the database or an improperly named archived user account have been suppressed. * Added subresource integrity attributes to all remotely-sourced resources (i.e. via CDNs) to guard against CDNs being used as an attack vector. System: * Tweaks to fail2ban settings. * Fixed a spurrious warning while installing munin.
2015-11-04 22:56:31 +00:00
fingerprint in the key details at [https://keybase.io/joshdata](https://keybase.io/joshdata)
2019-01-12 13:24:15 +00:00
and on his [personal homepage](https://razor.occams.info/). (Of course, if this repository has been compromised you can't trust these instructions.)
v0.14 v0.14 (November 4, 2015) ------------------------ Mail: * Spamassassin's network-based tests (Pyzor, others) and DKIM tests are now enabled. (Pyzor had always been installed but was not active due to a misconfiguration.) * Moving spam out of the Spam folder and into Trash would incorrectly train Spamassassin that those messages were not spam. * Automatically create the Sent and Archive folders for new users. * The HTML5_Notifier plugin for Roundcube is now included, which when turned on in Roundcube settings provides desktop notifications for new mail. * The Exchange/ActiveSync backend Z-Push has been updated to fix a problem with CC'd emails not being sent to the CC recipients. Calender/Contacts: * CalDAV/CardDAV and Exchange/ActiveSync for calendar/contacts wasn't working in some network configurations. Web: * When a new domain is added to the box, rather than applying a new self-signed certificate for that domain, the SSL certificate for the box's primary hostname will be used instead. * If a custom DNS record is set on a domain or 'www'+domain, web would not be served for that domain. If the custom DNS record is just the box's IP address, that's a configuration mistake, but allow it and let web continue to be served. * Accommodate really long domain names by increasing an nginx setting. Control panel: * Added an option to check for new Mail-in-a-Box versions within status checks. It is off by default so that boxes don't "phone home" without permission. * Added a random password generator on the users page to simplify creating new accounts. * When S3 backup credentials are set, the credentials are now no longer ever sent back from the box to the client, for better security. * Fixed the jumpiness when a modal is displayed. * Focus is put into the login form fields when the login form is displayed. * Status checks now include a warning if a custom DNS record has been set on a domain that would normally serve web and as a result that domain no longer is serving web. * Status checks now check that secondary nameservers, if specified, are actually serving the domains. * Some errors in the control panel when there is invalid data in the database or an improperly named archived user account have been suppressed. * Added subresource integrity attributes to all remotely-sourced resources (i.e. via CDNs) to guard against CDNs being used as an attack vector. System: * Tweaks to fail2ban settings. * Fixed a spurrious warning while installing munin.
2015-11-04 22:56:31 +00:00
2015-08-14 21:04:42 +00:00
Checkout the tag corresponding to the most recent release:
2019-01-12 13:24:15 +00:00
$ git checkout v0.40
2015-08-14 21:04:42 +00:00
Begin the installation.
$ sudo setup/start.sh
2019-01-12 13:24:15 +00:00
For help, DO NOT contact Josh directly --- I don't do tech support by email or tweet (no exceptions).
2015-08-14 21:04:42 +00:00
2019-01-12 13:24:15 +00:00
Post your question on the [discussion forum](https://discourse.mailinabox.email/) instead, where maintainers and Mail-in-a-Box users may be able to help you.
Contributing and Development
----------------------------
Mail-in-a-Box is an open source project. Your contributions and pull requests are welcome. See [CONTRIBUTING](CONTRIBUTING.md) to get started.
The Acknowledgements
--------------------
2013-08-31 23:46:36 +00:00
This project was inspired in part by the ["NSA-proof your email in 2 hours"](http://sealedabstract.com/code/nsa-proof-your-e-mail-in-2-hours/) blog post by Drew Crawford, [Sovereign](https://github.com/sovereign/sovereign) by Alex Payne, and conversations with <a href="https://twitter.com/shevski" target="_blank">@shevski</a>, <a href="https://github.com/konklone" target="_blank">@konklone</a>, and <a href="https://github.com/gregelin" target="_blank">@GregElin</a>.
2013-08-31 23:46:36 +00:00
2014-09-26 12:20:13 +00:00
Mail-in-a-Box is similar to [iRedMail](http://www.iredmail.org/) and [Modoboa](https://github.com/tonioo/modoboa).
2014-04-23 16:49:04 +00:00
The History
-----------
2013-08-31 23:46:36 +00:00
* In 2007 I wrote a relatively popular Mozilla Thunderbird extension that added client-side SPF and DKIM checks to mail to warn users about possible phishing: [add-on page](https://addons.mozilla.org/en-us/thunderbird/addon/sender-verification-anti-phish/), [source](https://github.com/JoshData/thunderbird-spf).
2015-05-22 20:53:13 +00:00
* In August 2013 I began Mail-in-a-Box by combining my own mail server configuration with the setup in ["NSA-proof your email in 2 hours"](http://sealedabstract.com/code/nsa-proof-your-e-mail-in-2-hours/) and making the setup steps reproducible with bash scripts.
2014-06-10 22:48:09 +00:00
* Mail-in-a-Box was a semifinalist in the 2014 [Knight News Challenge](https://www.newschallenge.org/challenge/2014/submissions/mail-in-a-box), but it was not selected as a winner.
* Mail-in-a-Box hit the front page of Hacker News in [April](https://news.ycombinator.com/item?id=7634514) 2014, [September](https://news.ycombinator.com/item?id=8276171) 2014, [May](https://news.ycombinator.com/item?id=9624267) 2015, and [November](https://news.ycombinator.com/item?id=13050500) 2016.
2015-06-27 14:10:33 +00:00
* FastCompany mentioned Mail-in-a-Box a [roundup of privacy projects](http://www.fastcompany.com/3047645/your-own-private-cloud) on June 26, 2015.