289936db7a
Work-around for ownCloud 8.1.1 upgrade bug and tweaking munin's setup. v0.13a (August 23, 2015) ------------------------ Note: v0.13 (no 'a', August 19, 2015) was pulled immediately due to an ownCloud bug that prevented upgrades. v0.13a works around that problem. Mail: * Outbound mail headers (the Recieved: header) are tweaked to possibly improve deliverability. * Some MIME messages would hang Roundcube due to a missing package. * The users permitted to send as an alias can now be different from where an alias forwards to. DNS: * The secondary nameservers option in the control panel now accepts more than one nameserver and a special xfr:IP format to specify zone-transfer-only IP addresses. * A TLSA record is added for HTTPS for DNSSEC-aware clients that support it. System: * Backups can now be turned off, or stored in Amazon S3, through new control panel options. * Munin was not working on machines confused about their hostname and had lots of errors related to PANGO, NTP peers and network interfaces that were not up. * ownCloud updated to version 8.1.1 (with upgrade work-around), its memcached caching enabled. * When upgrading, network checks like blocked port 25 are now skipped. * Tweaks to the intrusion detection rules for IMAP. * Mail-in-a-Box's setup is a lot quieter, hiding lots of irrelevant messages. Control panel: * SSL certificate checks were failing on OVH/OpenVZ servers due to missing /dev/stdin. * Improve the sort order of the domains in the status checks. * Some links in the control panel were only working in Chrome. |
||
|---|---|---|
| conf | ||
| management | ||
| ppa | ||
| setup | ||
| tests | ||
| tools | ||
| .gitignore | ||
| CHANGELOG.md | ||
| CONTRIBUTING.md | ||
| LICENSE | ||
| README.md | ||
| Vagrantfile | ||
| security.md | ||
README.md
Mail-in-a-Box
By @JoshData and contributors.
Mail-in-a-Box helps individuals take back control of their email by defining a one-click, easy-to-deploy SMTP+everything else server: a mail server in a box.
Please see https://mailinabox.email for the project's website and setup guide!
I am trying to:
- Make deploying a good mail server easy.
- Promote decentralization, innovation, and privacy on the web.
- Have automated, auditable, and idempotent configuration.
- Not make a totally unhackable, NSA-proof server.
- Not make something customizable by power users.
This setup is what has been powering my own personal email since September 2013.
The Box
Mail-in-a-Box turns a fresh Ubuntu 14.04 LTS 64-bit machine into a working mail server by installing and configuring various components.
It is a one-click email appliance. There are no user-configurable setup options. It "just works".
The components installed are:
- SMTP (postfix), IMAP (dovecot), CardDAV/CalDAV (ownCloud), Exchange ActiveSync (z-push)
- Webmail (Roundcube), static website hosting (nginx)
- Spam filtering (spamassassin), greylisting (postgrey)
- DNS (nsd4) with SPF, DKIM (OpenDKIM), DMARC, DNSSEC, DANE TLSA, and SSHFP records automatically set
- Backups (duplicity), firewall (ufw), intrusion protection (fail2ban), system monitoring (munin)
It also includes:
- A control panel and API for adding/removing mail users, aliases, custom DNS records, etc. and detailed system monitoring.
- Our own builds of postgrey (adding better whitelisting) and dovecot-lucene (faster search for mail) distributed via the Mail-in-a-Box PPA on Launchpad.
For more information on how Mail-in-a-Box handles your privacy, see the security details page.
Installation
See the setup guide for detailed, user-friendly instructions.
For experts, start with a completely fresh (really, I mean it) Ubuntu 14.04 LTS 64-bit machine. On the machine...
Clone this repository:
$ git clone https://github.com/mail-in-a-box/mailinabox
$ cd mailinabox
Optional: Download my PGP key and then verify that the sources were signed by me. You'll get a lot of warnings, but the fingerprint should match the fingerprint in the key details at https://keybase.io/joshdata and on my personal homepage. (Of course, if this repository has been compromised you can't trust these instructions anyway.)
$ curl -s https://keybase.io/joshdata/key.asc | gpg --import
gpg: key C10BDD81: public key "Joshua Tauberer <jt@occams.info>" imported
$ git verify-tag v0.13
gpg: Signature made ..... using RSA key ID C10BDD81
gpg: Good signature from "Joshua Tauberer <jt@occams.info>"
gpg: WARNING: This key is not certified with a trusted signature!
gpg: There is no indication that the signature belongs to the owner.
Primary key fingerprint: 5F4C 0E73 13CC D744 693B 2AEA B920 41F4 C10B DD81
Checkout the tag corresponding to the most recent release:
$ git checkout v0.13
Begin the installation.
$ sudo setup/start.sh
For help, DO NOT contact me directly --- I don't do tech support by email or tweet (no exceptions).
Post your question on the discussion forum instead, where me and other Mail-in-a-Box users may be able to help you.
The Acknowledgements
This project was inspired in part by the "NSA-proof your email in 2 hours" blog post by Drew Crawford, Sovereign by Alex Payne, and conversations with @shevski, @konklone, and @GregElin.
Mail-in-a-Box is similar to iRedMail and Modoboa.
The History
- In 2007 I wrote a relatively popular Mozilla Thunderbird extension that added client-side SPF and DKIM checks to mail to warn users about possible phishing: add-on page, source.
- In August 2013 I began Mail-in-a-Box by combining my own mail server configuration with the setup in "NSA-proof your email in 2 hours" and making the setup steps reproducible with bash scripts.
- Mail-in-a-Box was a semifinalist in the 2014 Knight News Challenge, but it was not selected as a winner.
- Mail-in-a-Box hit the front page of Hacker News in April 2014, September 2014, and May 2015.
- FastCompany mentioned Mail-in-a-Box a roundup of privacy projects on June 26, 2015.