diff --git a/README.md b/README.md deleted file mode 100644 index ad912a28..00000000 --- a/README.md +++ /dev/null @@ -1,99 +0,0 @@ -Mail-in-a-Box -============= - -By [@JoshData](https://github.com/JoshData) and [contributors](https://github.com/mail-in-a-box/mailinabox/graphs/contributors). - -Mail-in-a-Box helps individuals take back control of their email by defining a one-click, easy-to-deploy SMTP+everything else server: a mail server in a box. - -**Please see [https://mailinabox.email](https://mailinabox.email) for the project's website and setup guide!** - -* * * - -I am trying to: - -* Make deploying a good mail server easy. -* Promote [decentralization](http://redecentralize.org/), innovation, and privacy on the web. -* Have automated, auditable, and [idempotent](http://sharknet.us/2014/02/01/automated-configuration-management-challenges-with-idempotency/) configuration. -* **Not** make a totally unhackable, NSA-proof server. -* **Not** make something customizable by power users. - -This setup is what has been powering my own personal email since September 2013. - -The Box -------- - -Mail-in-a-Box turns a fresh Ubuntu 14.04 LTS 64-bit machine into a working mail server by installing and configuring various components. - -It is a one-click email appliance. There are no user-configurable setup options. It "just works". - -The components installed are: - -* SMTP ([postfix](http://www.postfix.org/)), IMAP ([dovecot](http://dovecot.org/)), CardDAV/CalDAV ([ownCloud](http://owncloud.org/)), Exchange ActiveSync ([z-push](https://github.com/fmbiete/Z-Push-contrib)) -* Webmail ([Roundcube](http://roundcube.net/)), static website hosting ([nginx](http://nginx.org/)) -* Spam filtering ([spamassassin](https://spamassassin.apache.org/)), greylisting ([postgrey](http://postgrey.schweikert.ch/)) -* DNS ([nsd4](http://www.nlnetlabs.nl/projects/nsd/)) with [SPF](https://en.wikipedia.org/wiki/Sender_Policy_Framework), DKIM ([OpenDKIM](http://www.opendkim.org/)), [DMARC](https://en.wikipedia.org/wiki/DMARC), [DNSSEC](https://en.wikipedia.org/wiki/DNSSEC), [DANE TLSA](https://en.wikipedia.org/wiki/DNS-based_Authentication_of_Named_Entities), and [SSHFP](https://tools.ietf.org/html/rfc4255) records automatically set -* Backups ([duplicity](http://duplicity.nongnu.org/)), firewall ([ufw](https://launchpad.net/ufw)), intrusion protection ([fail2ban](http://www.fail2ban.org/wiki/index.php/Main_Page)), system monitoring ([munin](http://munin-monitoring.org/)) - -It also includes: - -* A control panel and API for adding/removing mail users, aliases, custom DNS records, etc. and detailed system monitoring. -* Our own builds of postgrey (adding better whitelisting) and dovecot-lucene (faster search for mail) distributed via the [Mail-in-a-Box PPA](https://launchpad.net/~mail-in-a-box/+archive/ubuntu/ppa) on Launchpad. - -For more information on how Mail-in-a-Box handles your privacy, see the [security details page](security.md). - -Installation ------------- - -See the [setup guide](https://mailinabox.email/guide.html) for detailed, user-friendly instructions. - -For experts, start with a completely fresh (really, I mean it) Ubuntu 14.04 LTS 64-bit machine. On the machine... - -Clone this repository: - - $ git clone https://github.com/mail-in-a-box/mailinabox - $ cd mailinabox - -_Optional:_ Download my PGP key and then verify that the sources were signed -by me: - - $ curl -s https://keybase.io/joshdata/key.asc | gpg --import - gpg: key C10BDD81: public key "Joshua Tauberer " imported - - $ git verify-tag v0.18c - gpg: Signature made ..... using RSA key ID C10BDD81 - gpg: Good signature from "Joshua Tauberer " - gpg: WARNING: This key is not certified with a trusted signature! - gpg: There is no indication that the signature belongs to the owner. - Primary key fingerprint: 5F4C 0E73 13CC D744 693B 2AEA B920 41F4 C10B DD81 - -You'll get a lot of warnings, but that's OK. Check that the primary key fingerprint matches the -fingerprint in the key details at [https://keybase.io/joshdata](https://keybase.io/joshdata) -and on my [personal homepage](https://razor.occams.info/). (Of course, if this repository has been compromised you can't trust these instructions.) - -Checkout the tag corresponding to the most recent release: - - $ git checkout v0.18c - -Begin the installation. - - $ sudo setup/start.sh - -For help, DO NOT contact me directly --- I don't do tech support by email or tweet (no exceptions). - -Post your question on the [discussion forum](https://discourse.mailinabox.email/) instead, where me and other Mail-in-a-Box users may be able to help you. - -The Acknowledgements --------------------- - -This project was inspired in part by the ["NSA-proof your email in 2 hours"](http://sealedabstract.com/code/nsa-proof-your-e-mail-in-2-hours/) blog post by Drew Crawford, [Sovereign](https://github.com/al3x/sovereign) by Alex Payne, and conversations with @shevski, @konklone, and @GregElin. - -Mail-in-a-Box is similar to [iRedMail](http://www.iredmail.org/) and [Modoboa](https://github.com/tonioo/modoboa). - -The History ------------ - -* In 2007 I wrote a relatively popular Mozilla Thunderbird extension that added client-side SPF and DKIM checks to mail to warn users about possible phishing: [add-on page](https://addons.mozilla.org/en-us/thunderbird/addon/sender-verification-anti-phish/), [source](https://github.com/JoshData/thunderbird-spf). -* In August 2013 I began Mail-in-a-Box by combining my own mail server configuration with the setup in ["NSA-proof your email in 2 hours"](http://sealedabstract.com/code/nsa-proof-your-e-mail-in-2-hours/) and making the setup steps reproducible with bash scripts. -* Mail-in-a-Box was a semifinalist in the 2014 [Knight News Challenge](https://www.newschallenge.org/challenge/2014/submissions/mail-in-a-box), but it was not selected as a winner. -* Mail-in-a-Box hit the front page of Hacker News in [April](https://news.ycombinator.com/item?id=7634514) 2014, [September](https://news.ycombinator.com/item?id=8276171) 2014, and [May](https://news.ycombinator.com/item?id=9624267) 2015. -* FastCompany mentioned Mail-in-a-Box a [roundup of privacy projects](http://www.fastcompany.com/3047645/your-own-private-cloud) on June 26, 2015. diff --git a/conf/ios-profile.xml b/conf/ios-profile.xml deleted file mode 100644 index 983b260d..00000000 --- a/conf/ios-profile.xml +++ /dev/null @@ -1,128 +0,0 @@ - - - - - - PayloadContent - - - CalDAVAccountDescription - PRIMARY_HOSTNAME calendar - CalDAVHostName - PRIMARY_HOSTNAME - CalDAVPort - 443 - CalDAVPrincipalURL - /cloud/remote.php/caldav/calendars/ - CalDAVUseSSL - - PayloadDescription - PRIMARY_HOSTNAME (Mail-in-a-Box) - PayloadDisplayName - PRIMARY_HOSTNAME calendar - PayloadIdentifier - email.mailinabox.mobileconfig.PRIMARY_HOSTNAME.CalDAV - PayloadOrganization - - PayloadType - com.apple.caldav.account - PayloadUUID - UUID1 - PayloadVersion - 1 - - - EmailAccountDescription - PRIMARY_HOSTNAME mail - EmailAccountType - EmailTypeIMAP - IncomingMailServerAuthentication - EmailAuthPassword - IncomingMailServerHostName - PRIMARY_HOSTNAME - IncomingMailServerPortNumber - 993 - IncomingMailServerUseSSL - - OutgoingMailServerAuthentication - EmailAuthPassword - OutgoingMailServerHostName - PRIMARY_HOSTNAME - OutgoingMailServerPortNumber - 587 - OutgoingMailServerUseSSL - - OutgoingPasswordSameAsIncomingPassword - - PayloadDescription - PRIMARY_HOSTNAME (Mail-in-a-Box) - PayloadDisplayName - PRIMARY_HOSTNAME mail - PayloadIdentifier - email.mailinabox.mobileconfig.PRIMARY_HOSTNAME.E-Mail - PayloadOrganization - - PayloadType - com.apple.mail.managed - PayloadUUID - UUID2 - PayloadVersion - 1 - PreventAppSheet - - PreventMove - - SMIMEEnabled - - - - CardDAVAccountDescription - PRIMARY_HOSTNAME contacts - CardDAVHostName - PRIMARY_HOSTNAME - CardDAVPort - 443 - CardDAVPrincipalURL - /cloud/remote.php/carddav/addressbooks/ - CardDAVUseSSL - - PayloadDescription - PRIMARY_HOSTNAME (Mail-in-a-Box) - PayloadDisplayName - PRIMARY_HOSTNAME contacts - PayloadIdentifier - email.mailinabox.mobileconfig.PRIMARY_HOSTNAME.carddav - PayloadOrganization - - PayloadType - com.apple.carddav.account - PayloadUUID - UUID3 - PayloadVersion - 1 - - - PayloadDescription - PRIMARY_HOSTNAME (Mail-in-a-Box) - PayloadDisplayName - PRIMARY_HOSTNAME - PayloadIdentifier - email.mailinabox.mobileconfig.PRIMARY_HOSTNAME - PayloadOrganization - - PayloadRemovalDisallowed - - PayloadType - Configuration - PayloadUUID - UUID4 - PayloadVersion - 1 - - diff --git a/conf/mozilla-autoconfig.xml b/conf/mozilla-autoconfig.xml deleted file mode 100644 index 03e2fef3..00000000 --- a/conf/mozilla-autoconfig.xml +++ /dev/null @@ -1,44 +0,0 @@ - - - - PRIMARY_HOSTNAME - - PRIMARY_HOSTNAME (Mail-in-a-Box) - PRIMARY_HOSTNAME - - - PRIMARY_HOSTNAME - 993 - SSL - %EMAILADDRESS% - password-cleartext - - - - PRIMARY_HOSTNAME - 587 - STARTTLS - %EMAILADDRESS% - password-cleartext - true - true - - - - PRIMARY_HOSTNAME website. - - - - - - - %EMAILADDRESS% - - - - - - - - - diff --git a/conf/nginx-alldomains.conf b/conf/nginx-alldomains.conf index 995745e4..df8ec46b 100644 --- a/conf/nginx-alldomains.conf +++ b/conf/nginx-alldomains.conf @@ -12,13 +12,6 @@ access_log off; } - location = /mailinabox.mobileconfig { - alias /var/lib/mailinabox/mobileconfig.xml; - } - location = /.well-known/autoconfig/mail/config-v1.1.xml { - alias /var/lib/mailinabox/mozilla-autoconfig.xml; - } - # Roundcube Webmail configuration. rewrite ^/mail$ /mail/ redirect; rewrite ^/mail/$ /mail/index.php; @@ -43,26 +36,6 @@ client_max_body_size 128M; } - # Z-Push (Microsoft Exchange ActiveSync) - location /Microsoft-Server-ActiveSync { - include /etc/nginx/fastcgi_params; - fastcgi_param SCRIPT_FILENAME /usr/local/lib/z-push/index.php; - fastcgi_param PHP_VALUE "include_path=.:/usr/share/php:/usr/share/pear:/usr/share/awl/inc"; - fastcgi_read_timeout 630; - fastcgi_pass php-fpm; - - # Outgoing mail also goes through this endpoint, so increase the maximum - # file upload limit to match the corresponding Postfix limit. - client_max_body_size 128M; - } - location ~* ^/autodiscover/autodiscover.xml$ { - include fastcgi_params; - fastcgi_param SCRIPT_FILENAME /usr/local/lib/z-push/autodiscover/autodiscover.php; - fastcgi_param PHP_VALUE "include_path=.:/usr/share/php:/usr/share/pear:/usr/share/awl/inc"; - fastcgi_pass php-fpm; - } - - # ADDITIONAL DIRECTIVES HERE # Disable viewing dotfiles (.htaccess, .svn, .git, etc.) diff --git a/conf/nginx-primaryonly.conf b/conf/nginx-primaryonly.conf index eb446251..ceefee77 100644 --- a/conf/nginx-primaryonly.conf +++ b/conf/nginx-primaryonly.conf @@ -11,57 +11,4 @@ add_header Content-Security-Policy "frame-ancestors 'none';"; add_header Strict-Transport-Security max-age=31536000; } - - # ownCloud configuration. - rewrite ^/cloud$ /cloud/ redirect; - rewrite ^/cloud/$ /cloud/index.php; - rewrite ^/cloud/(contacts|calendar|files)$ /cloud/index.php/apps/$1/ redirect; - rewrite ^(/cloud/core/doc/[^\/]+/)$ $1/index.html; - location /cloud/ { - alias /usr/local/lib/owncloud/; - location ~ ^/cloud/(build|tests|config|lib|3rdparty|templates|data|README)/ { - deny all; - } - location ~ ^/cloud/(?:\.|autotest|occ|issue|indie|db_|console) { - deny all; - } - } - location ~ ^(/cloud)((?:/ocs)?/[^/]+\.php)(/.*)?$ { - # note: ~ has precendence over a regular location block - # Accept URLs like: - # /cloud/index.php/apps/files/ - # /cloud/index.php/apps/files/ajax/scan.php (it's really index.php; see 6fdef379adfdeac86cc2220209bdf4eb9562268d) - # /cloud/ocs/v1.php/apps/files_sharing/api/v1 (see #240) - # /cloud/remote.php/webdav/yourfilehere... - include fastcgi_params; - fastcgi_param SCRIPT_FILENAME /usr/local/lib/owncloud/$2; - fastcgi_param SCRIPT_NAME $1$2; - fastcgi_param PATH_INFO $3; - fastcgi_param MOD_X_ACCEL_REDIRECT_ENABLED on; - fastcgi_param MOD_X_ACCEL_REDIRECT_PREFIX /owncloud-xaccel; - fastcgi_read_timeout 630; - fastcgi_pass php-fpm; - error_page 403 /cloud/core/templates/403.php; - error_page 404 /cloud/core/templates/404.php; - client_max_body_size 1G; - fastcgi_buffers 64 4K; - } - location ^~ /owncloud-xaccel/ { - # This directory is for MOD_X_ACCEL_REDIRECT_ENABLED. ownCloud sends the full file - # path on disk as a subdirectory under this virtual path. - # We must only allow 'internal' redirects within nginx so that the filesystem - # is not exposed to the world. - internal; - alias /; - } - location ~ ^/((caldav|carddav|webdav).*)$ { - # Z-Push doesn't like getting a redirect, and a plain rewrite didn't work either. - # Properly proxying like this seems to work fine. - proxy_pass https://127.0.0.1/cloud/remote.php/$1; - } - rewrite ^/.well-known/host-meta /cloud/public.php?service=host-meta last; - rewrite ^/.well-known/host-meta.json /cloud/public.php?service=host-meta-json last; - rewrite ^/.well-known/carddav /cloud/remote.php/carddav/ redirect; - rewrite ^/.well-known/caldav /cloud/remote.php/caldav/ redirect; - # ADDITIONAL DIRECTIVES HERE diff --git a/conf/www_default.html b/conf/www_default.html index edefc428..51474b47 100644 --- a/conf/www_default.html +++ b/conf/www_default.html @@ -1,9 +1,4 @@ - - this is a mail-in-a-box - -

this is a mail-in-a-box

-

take control of your email at https://mailinabox.email/

diff --git a/conf/zpush/autodiscover_config.php b/conf/zpush/autodiscover_config.php deleted file mode 100644 index df6faa1e..00000000 --- a/conf/zpush/autodiscover_config.php +++ /dev/null @@ -1,24 +0,0 @@ - diff --git a/conf/zpush/backend_caldav.php b/conf/zpush/backend_caldav.php deleted file mode 100644 index b10ebc3e..00000000 --- a/conf/zpush/backend_caldav.php +++ /dev/null @@ -1,16 +0,0 @@ - diff --git a/conf/zpush/backend_carddav.php b/conf/zpush/backend_carddav.php deleted file mode 100644 index 4b166ad5..00000000 --- a/conf/zpush/backend_carddav.php +++ /dev/null @@ -1,31 +0,0 @@ - diff --git a/conf/zpush/backend_combined.php b/conf/zpush/backend_combined.php deleted file mode 100644 index 9d5aea24..00000000 --- a/conf/zpush/backend_combined.php +++ /dev/null @@ -1,49 +0,0 @@ - array( - 'i' => array( - 'name' => 'BackendIMAP', - ), - 'c' => array( - 'name' => 'BackendCalDAV', - ), - 'd' => array( - 'name' => 'BackendCardDAV', - ), - ), - 'delimiter' => '/', - 'folderbackend' => array( - SYNC_FOLDER_TYPE_INBOX => 'i', - SYNC_FOLDER_TYPE_DRAFTS => 'i', - SYNC_FOLDER_TYPE_WASTEBASKET => 'i', - SYNC_FOLDER_TYPE_SENTMAIL => 'i', - SYNC_FOLDER_TYPE_OUTBOX => 'i', - SYNC_FOLDER_TYPE_TASK => 'c', - SYNC_FOLDER_TYPE_APPOINTMENT => 'c', - SYNC_FOLDER_TYPE_CONTACT => 'd', - SYNC_FOLDER_TYPE_NOTE => 'c', - SYNC_FOLDER_TYPE_JOURNAL => 'c', - SYNC_FOLDER_TYPE_OTHER => 'i', - SYNC_FOLDER_TYPE_USER_MAIL => 'i', - SYNC_FOLDER_TYPE_USER_APPOINTMENT => 'c', - SYNC_FOLDER_TYPE_USER_CONTACT => 'd', - SYNC_FOLDER_TYPE_USER_TASK => 'c', - SYNC_FOLDER_TYPE_USER_JOURNAL => 'c', - SYNC_FOLDER_TYPE_USER_NOTE => 'c', - SYNC_FOLDER_TYPE_UNKNOWN => 'i', - ), - 'rootcreatefolderbackend' => 'i', - ); - } -} - -?> diff --git a/conf/zpush/backend_imap.php b/conf/zpush/backend_imap.php deleted file mode 100644 index 84dc7358..00000000 --- a/conf/zpush/backend_imap.php +++ /dev/null @@ -1,51 +0,0 @@ - true))); -define('IMAP_FROM_SQL_QUERY', "select first_name, last_name, mail_address from users where mail_address = '#username@#domain'"); -define('IMAP_FROM_SQL_FIELDS', serialize(array('first_name', 'last_name', 'mail_address'))); -define('IMAP_FROM_SQL_FROM', '#first_name #last_name <#mail_address>'); -define('IMAP_FROM_LDAP_SERVER', ''); -define('IMAP_FROM_LDAP_SERVER_PORT', '389'); -define('IMAP_FROM_LDAP_USER', 'cn=zpush,ou=servers,dc=zpush,dc=org'); -define('IMAP_FROM_LDAP_PASSWORD', 'password'); -define('IMAP_FROM_LDAP_BASE', 'dc=zpush,dc=org'); -define('IMAP_FROM_LDAP_QUERY', '(mail=#username@#domain)'); -define('IMAP_FROM_LDAP_FIELDS', serialize(array('givenname', 'sn', 'mail'))); -define('IMAP_FROM_LDAP_FROM', '#givenname #sn <#mail>'); - -define('IMAP_SMTP_METHOD', 'sendmail'); - -global $imap_smtp_params; -$imap_smtp_params = array('host' => 'ssl://127.0.0.1', 'port' => 587, 'auth' => true, 'username' => 'imap_username', 'password' => 'imap_password'); - -define('MAIL_MIMEPART_CRLF', "\r\n"); - -?> diff --git a/management/templates/index.html b/management/templates/index.html index 09684774..6ad63a03 100644 --- a/management/templates/index.html +++ b/management/templates/index.html @@ -5,7 +5,7 @@ - {{hostname}} - Mail-in-a-Box Control Panel + {{hostname}} @@ -63,7 +63,6 @@ margin-bottom: 1em; } - @@ -104,7 +103,6 @@
  • Aliases
  • -
  • Contacts/Calendar
  • Web