Go to file
Joshua Tauberer 202c4a948b our users/aliases database is case sensitive - force new users/aliases to lowercase
Unfortunately our users/aliases database is case sensitive. (Perhaps I should have defined the columns with COLLATE NOCASE, see https://www.sqlite.org/datatype3.html.) Postfix always queries the tables in lowecase, so mail delivery would fail if a user or alias were defined with any capital letters. It would have also been possible to add multiple euqivalent addresses into the database with different case.

This commit rejects new mail users that have capital letters and forces new aliases to lowecase. I prefer to reject rather than casefold user accounts so that the login credentials the user gave are exactly what goes into the database.

https://discourse.mailinabox.email/t/recipient-address-rejected-user-unknown-in-virtual-mailbox-table/512/4
2015-05-28 13:11:30 +00:00
conf anonymize X-Pgp-Agent, Mime-Version outgoing mail headers; fixes #342 2015-05-03 14:03:59 +00:00
management our users/aliases database is case sensitive - force new users/aliases to lowercase 2015-05-28 13:11:30 +00:00
ppa ppa: build the dovecot-lucene package 2015-05-23 14:03:14 -04:00
setup the switch of smtpd_tls_security_level may to encrypt for submission broke smtpd_tls_protocols 2015-05-20 22:27:11 +00:00
tests best guess at what clients are supported by the tls settings used 2015-05-22 17:36:55 -04:00
tools editconf.py: better error message if command line arguments are not valid 2015-04-11 15:25:11 -04:00
.gitignore adding externals and .env to gitignore 2014-07-07 07:06:36 -04:00
CHANGELOG.md our users/aliases database is case sensitive - force new users/aliases to lowercase 2015-05-28 13:11:30 +00:00
CONTRIBUTING.md adding CONTRIBUTING.md, see #23 2014-04-23 15:52:49 -04:00
LICENSE add CC0 1.0 Universal in LICENSE 2014-04-23 15:49:23 -04:00
README.md add security.md and clean up README 2015-05-22 16:53:13 -04:00
Vagrantfile replace '-t 0' test with an environment variable since '-t 0' is false when standard input has been redirected and doesn't tell us whether or not we can use dialog for input, but Vagrant must be non-interactive 2014-08-25 07:54:11 -04:00
security.md add security.md and clean up README 2015-05-22 16:53:13 -04:00

README.md

Mail-in-a-Box

By @JoshData and contributors.

Mail-in-a-Box helps individuals take back control of their email by defining a one-click, easy-to-deploy SMTP+everything else server: a mail server in a box.

Please see https://mailinabox.email for the project's website and setup guide!


I am trying to:

  • Make deploying a good mail server easy.
  • Promote decentralization, innovation, and privacy on the web.
  • Have automated, auditable, and idempotent configuration.
  • Not make a totally unhackable, NSA-proof server.
  • Not make something customizable by power users.

This setup is what has been powering my own personal email since September 2013.

The Box

Mail-in-a-Box turns a fresh Ubuntu 14.04 LTS 64-bit machine into a working mail server by installing and configuring various components.

It is a one-click email appliance (see the setup guide). There are no user-configurable setup options. It "just works".

The components installed are:

For more information on how Mail-in-a-Box handles your privacy, see the security details page.

Authenticity

I sign the release tags. To verify that a tag is signed by me, you can perform the following steps:

# Download my PGP key.
$ curl -s https://keybase.io/joshdata/key.asc | gpg --import
gpg: key C10BDD81: public key "Joshua Tauberer <jt@occams.info>" imported

# Clone this repository.
$ git clone https://github.com/mail-in-a-box/mailinabox
$ cd mailinabox

# Verify the tag.
$ git verify-tag v0.08
gpg: Signature made ..... using RSA key ID C10BDD81
gpg: Good signature from "Joshua Tauberer <jt@occams.info>"
gpg: WARNING: This key is not certified with a trusted signature!
gpg:          There is no indication that the signature belongs to the owner.
Primary key fingerprint: 5F4C 0E73 13CC D744 693B  2AEA B920 41F4 C10B DD81

The key ID and fingerprint above should match my Keybase.io key and the fingerprint I publish on my homepage.

The Acknowledgements

This project was inspired in part by the "NSA-proof your email in 2 hours" blog post by Drew Crawford, Sovereign by Alex Payne, and conversations with @shevski, @konklone, and @GregElin.

Mail-in-a-Box is similar to iRedMail and Modoboa.

The History

  • In 2007 I wrote a relatively popular Mozilla Thunderbird extension that added client-side SPF and DKIM checks to mail to warn users about possible phishing: add-on page, source.
  • In August 2013 I began Mail-in-a-Box by combining my own mail server configuration with the setup in "NSA-proof your email in 2 hours" and making the setup steps reproducible with bash scripts.
  • Mail-in-a-Box was a semifinalist in the 2014 Knight News Challenge, but it was not selected as a winner.
  • Mail-in-a-Box hit the front page of Hacker News in April and September 2014.