mailinabox/README.md

4.2 KiB

Mail-in-a-Box

By @JoshData and contributors.

Mail-in-a-Box helps individuals take back control of their email by defining a one-click, easy-to-deploy SMTP+everything else server: a mail server in a box.

Please see https://mailinabox.email for the project's website and setup guide!


I am trying to:

  • Make deploying a good mail server easy.
  • Promote decentralization, innovation, and privacy on the web.
  • Have automated, auditable, and idempotent configuration.
  • Not be a mail server that the NSA cannot hack.
  • Not be customizable by power users.

The long-term goal is to have this be a one-click email appliance with no user-configurable setup options.

For more background, see The Rationale.

This setup is what has been powering my own personal email since September 2013.

The Box

Mail-in-a-Box turns a fresh Ubuntu 14.04 LTS 64-bit machine into a working mail server, including SMTP (postfix), IMAP (dovecot), Exchange ActiveSync (z-push), webmail (Roundcube), spam filtering (spamassassin), greylisting (postgrey), CardDAV/CalDAV (ownCloud), DNS, SPF, DKIM (OpenDKIM), DMARC, DNSSEC, DANE TLSA, SSHFP, and basic system services like a firewall, intrusion protection, and setting the system clock.

Authenticity

I sign the release tags. To verify that a tag is signed by me, you can perform the following steps:

# Download my PGP key.
$ curl -s https://keybase.io/joshdata/key.asc | gpg --import
gpg: key C10BDD81: public key "Joshua Tauberer <jt@occams.info>" imported

# Clone this repository.
$ git clone https://github.com/mail-in-a-box/mailinabox
$ cd mailinabox

# Verify the tag.
$ git verify-tag v0.08
gpg: Signature made ..... using RSA key ID C10BDD81
gpg: Good signature from "Joshua Tauberer <jt@occams.info>"
gpg: WARNING: This key is not certified with a trusted signature!
gpg:          There is no indication that the signature belongs to the owner.
Primary key fingerprint: 5F4C 0E73 13CC D744 693B  2AEA B920 41F4 C10B DD81

The key ID and fingerprint above should match my Keybase.io key and the fingerprint I publish on my homepage.

The Acknowledgements

This project was inspired in part by the "NSA-proof your email in 2 hours" blog post by Drew Crawford, Sovereign by Alex Payne, and conversations with @shevski, @konklone, and @GregElin.

Mail-in-a-Box is similar to iRedMail and Modoboa.

The History

  • In 2007 I wrote a relatively popular Mozilla Thunderbird extension that added client-side SPF and DKIM checks to mail to warn users about possible phishing: add-on page, source.
  • Mail-in-a-Box was a semifinalist in the 2014 Knight News Challenge, but it was not selected as a winner.
  • Mail-in-a-Box hit the front page of Hacker News in April and September 2014.