Go to file
David Duque 3d9f0e2135
Vagrant: Use libvirt/debian
2020-08-10 03:06:59 +01:00
conf Determine the PHP version at runtime (instead of at setup-time) 2020-07-15 15:28:02 +01:00
management Update deprecated function from dnspython 2020-07-26 01:00:17 +01:00
setup Version bump 2020-07-30 15:43:48 +01:00
tests add a test for fail2ban monitoring managesieve 2019-08-31 09:15:41 -04:00
tools Merge remote-tracking branch 'up/master' 2020-06-21 15:52:31 +01:00
.editorconfig Fix status check colors, add SMTP relay stub 2020-04-13 01:16:23 +01:00
.gitignore adding a fully qualified domain name for the hostname and ignoring the .vagrant dir (#1027) 2016-12-20 16:32:06 -05:00
CHANGELOG.md v0.47 2020-07-29 10:24:56 -04:00
CODE_OF_CONDUCT.md some improvements suggested by the community 2016-08-15 20:09:05 -04:00
CONTRIBUTING.md Add some development instructions to CONTRIBUTING.md (#1348) 2018-02-05 08:41:19 -05:00
LICENSE add CC0 1.0 Universal in LICENSE 2014-04-23 15:49:23 -04:00
README.md Version bump 2020-07-30 15:43:48 +01:00
Vagrantfile Vagrant: Use libvirt/debian 2020-08-10 03:06:59 +01:00
security.md MTA-STS tweaks, add status check using postfix-mta-sts-resolver, change to enforce 2020-05-29 15:36:52 -04:00

README.md

(Power) Mail-in-a-Box

Installation

  • PRE-REQUISITES: Debian 10 (Buster) or Ubuntu 20.04 LTS fresh installation

Update packages:

sudo apt update
sudo apt full-upgrade

Make sure that the en_US.UTF-8 locale exists and is set as primary (this depends on the image you use)

sudo apt install locales
sudo dpkg-reconfigure locales

Install Power-Mail-in-a-Box (short link)

curl -L https://dvn.pt/powermiab | sudo bash

If that doesn't work:

curl https://raw.githubusercontent.com/ddavness/power-mailinabox/master/setup/bootstrap.sh | sudo bash

Current Version: v0.47.POWER.0 (Tracking v0.47)

This is a fork of MiaB (duh), hacked and tuned to my needs:

- Done

👨‍💻 - Not there yet, but soon!

💤 - I did not begin this part yet!

  • Proper support for Debian (I recommend Debian Buster or later, but if it works on your machine, it works!) AND Ubuntu 20.04 LTS;

  • Native support for SMTP relays (For example: SendGrid);

  • Bumped the bootstrap and jQuery dependencies' versions - and we've got a brand new admin panel now!

  • Per-domain nginx configuration support. This will allow you to:

    • Use PHP (e.g. host a domain shortener);
    • Custom pages will no longer have their pages defaulting to the MiaB services (/admin, /mail, etc.);
  • Updated NextCloud to the latest version available;

  • Performing backups immediately from the admin panel (independently from the daily schedule);

  • 💤 Encrypting backups using user-provided PGP keys;

  • 💤 Ability to download the backups from the admin panel;

Ideas section:

  • 💤 Possibility of making some services optional (if they require more software to be installed) on setup?

    • For example, one might simply not use NextCloud/Munin at all, and they're there... just wasting resources.
  • 💤 Restricting access to the admin panel to certain IP's?

  • 💤 Customizing MTA names? (because privacy)

  • 💤 AXFR Transfers (for secondary DNS) using TSIG?

  • 💤 Expand DNS record options?

  • 💤 More complete webmail configuration via the admin panel/plugin management?

  • 💤 Optional TOTP Two-Factor-Authentication for the admin panel/webmail?

    • Maybe U2F one day, too, but I don't have a capable device for this just yet...
  • 💤 Anything else I might need to use;

All in all, I think I should rename this to something like "Central Clown Computing", since I'm trying to cram as many services as possible into that poor machine (Spending 5$ is better than spending 10$)

Original Documentation

By @JoshData and contributors.

Mail-in-a-Box helps individuals take back control of their email by defining a one-click, easy-to-deploy SMTP+everything else server: a mail server in a box.

Please see https://mailinabox.email for the project's website and setup guide!


Our goals are to:

  • Make deploying a good mail server easy.
  • Promote decentralization, innovation, and privacy on the web.
  • Have automated, auditable, and idempotent configuration.
  • Not make a totally unhackable, NSA-proof server.
  • Not make something customizable by power users.

Additionally, this project has a Code of Conduct, which supersedes the goals above. Please review it when joining our community.

The Box

Mail-in-a-Box turns a fresh Ubuntu 18.04 LTS Debian 10 (Buster) 64-bit machine into a working mail server by installing and configuring various components.

It is a one-click email appliance. There are no user-configurable setup options. It "just works".

The components installed are:

It also includes system management tools:

  • Comprehensive health monitoring that checks each day that services are running, ports are open, TLS certificates are valid, and DNS records are correct
  • A control panel for adding/removing mail users, aliases, custom DNS records, configuring backups, etc.
  • An API for all of the actions on the control panel

It also supports static website hosting since the box is serving HTTPS anyway.

For more information on how Mail-in-a-Box handles your privacy, see the security details page.

Installation

See the setup guide for detailed, user-friendly instructions.

For experts, start with a completely fresh (really, I mean it) Ubuntu 18.04 LTS 64-bit machine. On the machine...

Clone this repository:

$ git clone https://github.com/mail-in-a-box/mailinabox
$ cd mailinabox

Optional: Download Josh's PGP key and then verify that the sources were signed by him:

$ curl -s https://keybase.io/joshdata/key.asc | gpg --import
gpg: key C10BDD81: public key "Joshua Tauberer <jt@occams.info>" imported

$ git verify-tag v0.47
gpg: Signature made ..... using RSA key ID C10BDD81
gpg: Good signature from "Joshua Tauberer <jt@occams.info>"
gpg: WARNING: This key is not certified with a trusted signature!
gpg:          There is no indication that the signature belongs to the owner.
Primary key fingerprint: 5F4C 0E73 13CC D744 693B  2AEA B920 41F4 C10B DD81

You'll get a lot of warnings, but that's OK. Check that the primary key fingerprint matches the fingerprint in the key details at https://keybase.io/joshdata and on his personal homepage. (Of course, if this repository has been compromised you can't trust these instructions.)

Checkout the tag corresponding to the most recent release:

$ git checkout v0.47

Begin the installation.

$ sudo setup/start.sh

For help, DO NOT contact Josh directly --- I don't do tech support by email or tweet (no exceptions).

Post your question on the discussion forum instead, where maintainers and Mail-in-a-Box users may be able to help you.

Contributing and Development

Mail-in-a-Box is an open source project. Your contributions and pull requests are welcome. See CONTRIBUTING to get started.

The Acknowledgements

This project was inspired in part by the "NSA-proof your email in 2 hours" blog post by Drew Crawford, Sovereign by Alex Payne, and conversations with @shevski, @konklone, and @GregElin.

Mail-in-a-Box is similar to iRedMail and Modoboa.

The History

  • In 2007 I wrote a relatively popular Mozilla Thunderbird extension that added client-side SPF and DKIM checks to mail to warn users about possible phishing: add-on page, source.
  • In August 2013 I began Mail-in-a-Box by combining my own mail server configuration with the setup in "NSA-proof your email in 2 hours" and making the setup steps reproducible with bash scripts.
  • Mail-in-a-Box was a semifinalist in the 2014 Knight News Challenge, but it was not selected as a winner.
  • Mail-in-a-Box hit the front page of Hacker News in April 2014, September 2014, May 2015, and November 2016.
  • FastCompany mentioned Mail-in-a-Box a roundup of privacy projects on June 26, 2015.