<p>This will tell you what to do next. Then visit <code>https://yourdomain.com/mail</code> to start emailing. Or use any mail program with IMAPS (port 993) and SMTP with STARTTLS (port 587). Your username is your complete email address.</p>
<pclass="text-danger small">Note: This is a work in progress. I work on Mail-in-a-Box in my limited free time. Your mileage may vary.</p>
<h2>Why build this?</h2>
<p>Mass electronic surveillance by governments revealed over the last year has spurred a new movement to <ahref="http://redecentralize.org/">re-decentralize the web</a>: to empower individuals to be their own service providers again.</p>
<p>Although the core protocal of email, <ahref="http://www.faqs.org/rfcs/rfc821.html">SMTP</a>, is completely decentralized, in practice email has become highly centralized because it is so damn difficult to implement the dozens of modern protocols that surround it. </p>
<h2>A mail server in a box</h2>
<p>Mail-in-a-Box turns a fresh Ubuntu 14.04 LTS 64-bit machine into a working mail server including all of the components listed <spanclass="hidden-xs">on the left</span><spanclass="hidden-sm hidden-md hidden-lg">below</span>.</p>
<h2>My goals</h2>
<p>I want to...</p>
<ul>
<li>Make deploying a good mail server easy.</li>
<li>Promote <ahref="http://redecentralize.org/">decentralization</a>, innovation, and privacy on the web.</li>
<li>Have automated, auditable, and <ahref="http://sharknet.us/2014/02/01/automated-configuration-management-challenges-with-idempotency/">idempotent</a> system configuration.</li>
<li><strong>Not</strong> build a mail server that the NSA cannot hack.</li>
<li><strong>Not</strong> be endlessly customizable by power users.</li>
</ul>
<p>Who am I? I'm <ahref="http://razor.occams.info">@JoshData</a>. I’ve been running my own mail server for 15 years and am tired of feeling like the last hold-out. So join me.</p>
<h2>Development</h2>
<p>Development takes place on github at <ahref="https://github.com/joshdata/mailinabox">https://github.com/joshdata/mailinabox</a>.</p>
<p>Thank you to the contributors!</p>
<p>Mail-in-a-Box is dedicated to the public domain using CC0.</p>
<h2>Acknowledgements</h2>
<p>This project was inspired in part by the <ahref="http://sealedabstract.com/code/nsa-proof-your-e-mail-in-2-hours/">"NSA-proof your email in 2 hours"</a> blog post by Drew Crawford, <ahref="https://github.com/al3x/sovereign">Sovereign</a> by Alex Payne, and conversations with <ahref="http://twitter.com/shevski"target="_blank">@shevski</a>, <ahref="https://github.com/konklone"target="_blank">@konklone</a>, and <ahref="https://github.com/gregelin"target="_blank">@GregElin</a>.</p>
<p>Mail-in-a-Box is similar to <ahref="http://www.iredmail.org/">iRedMail</a>.</p>
<lidata-title="SMTP"data-content="SMTP is the core protocol of email. Mail servers talk in SMTP, and when you send off a new email you connect to your box using SMTP."><ahref="http://www.postfix.org/">SMTP</a></li>
<lidata-title="IMAP"data-content="IMAP is the protocol you'll use to connect to your box to see if you have new mail."><ahref="http://dovecot.org/">IMAP</a></li>
<lidata-title="Webmail"data-content="Check your email from your browser from anywhere. We use the open source Roundcube Webmail project."><ahref="http://roundcube.net/">Webmail</a></li>
<li>Your log-in to your box is always encrypted over TLS/HTTPS.</li>
<lidata-title="Spam Filtering"data-content="Spamassassin and IP address blacklists protect you from spam."><ahref="https://spamassassin.apache.org/">Spam filtering</a></li>
<lidata-title="Greylisting"data-content="Greylisting cuts down on spam by soft-rejecting mail the first time it arrives. All compliant SMTP servers re-send the mail after a few minutes. Spammers don't usually bother trying again."><ahref="http://postgrey.schweikert.ch/">Greylisting</a></li>
<lidata-title="Email Identity"data-content="Your box sets up SPF, DKIM, and DMARC for you. These DNS-based protocols tell recipients of your mail that you were definitely the sender."><ahref="https://en.wikipedia.org/wiki/Sender_Policy_Framework">SPF</a>, <ahref="https://en.wikipedia.org/wiki/DomainKeys_Identified_Mail">DKIM</a>, <ahref="https://en.wikipedia.org/wiki/DMARC">DMARC</a></li>
<lidata-title="Secure DNS and TLSA"data-content="When enabled, DNSSEC provides a higher level of protection against active attacks. DANE TLSA guarantees that mail sent between two Mail-in-a-Boxes will be encrypted."><ahref="https://en.wikipedia.org/wiki/DNSSEC">DNSSEC</a>, <ahref="https://en.wikipedia.org/wiki/DNS-based_Authentication_of_Named_Entities">DANE TLSA</a></li>
<lidata-title="Opportunistic Encryption"data-content="As a protection against passive surveillance, your mail will be encrypted in transit when communicating with other SMTP servers that support opportunistic TLS."><ahref="https://en.wikipedia.org/wiki/Opportunistic_encryption">Opportunistic TLS</a></li>
<lidata-title="Cryptography Settings"data-content="Settings are tweaked for strong ciphers, the right protocols, and HSTS. Privacy sensitive mail headers in your outgoing email are stripped."><ahref="https://gist.github.com/konklone/6532544">Other Good Crypto Settings</a></li>