Go to file
Joshua Tauberer 5efdd72f41 update TLS test to record changes in the ciphers we offer on the open ports 2017-10-03 12:01:10 -04:00
conf update nginx cipher list to Mozilla's current intermediate ciphers and update HSTS header to be six months 2017-10-03 11:47:32 -04:00
management update nginx cipher list to Mozilla's current intermediate ciphers and update HSTS header to be six months 2017-10-03 11:47:32 -04:00
ppa update PPA build URL for postgrey 1.35. Fixes #1211 (#1212) 2017-07-21 15:13:57 -04:00
setup Merge #1233 - Limit Dovecot ciphers to the Mozilla modern set 2017-10-03 11:55:16 -04:00
tests update TLS test to record changes in the ciphers we offer on the open ports 2017-10-03 12:01:10 -04:00
tools Update to Nextcloud 12 using PHP7 2017-07-14 06:48:22 -04:00
.editorconfig added editorconfig setup (#1037) 2017-01-15 10:44:13 -05:00
.gitignore adding a fully qualified domain name for the hostname and ignoring the .vagrant dir (#1027) 2016-12-20 16:32:06 -05:00
CHANGELOG.md Merge #1233 - Limit Dovecot ciphers to the Mozilla modern set 2017-10-03 11:55:16 -04:00
CODE_OF_CONDUCT.md some improvements suggested by the community 2016-08-15 20:09:05 -04:00
CONTRIBUTING.md add a Code of Conduct 2016-08-08 08:19:42 -04:00
LICENSE add CC0 1.0 Universal in LICENSE 2014-04-23 15:49:23 -04:00
README.md v0.24 2017-10-03 10:49:04 -04:00
Vagrantfile adds optional vagrant-cachier if you have the plugin installed (#1028) 2017-01-15 10:47:36 -05:00
security.md Rename ownCloud to Nextcloud in safe places 2017-04-02 11:19:21 +02:00

README.md

Mail-in-a-Box

By @JoshData and contributors.

Mail-in-a-Box helps individuals take back control of their email by defining a one-click, easy-to-deploy SMTP+everything else server: a mail server in a box.

Please see https://mailinabox.email for the project's website and setup guide!


Our goals are to:

  • Make deploying a good mail server easy.
  • Promote decentralization, innovation, and privacy on the web.
  • Have automated, auditable, and idempotent configuration.
  • Not make a totally unhackable, NSA-proof server.
  • Not make something customizable by power users.

Additionally, this project has a Code of Conduct, which supersedes the goals above. Please review it when joining our community.

The Box

Mail-in-a-Box turns a fresh Ubuntu 14.04 LTS 64-bit machine into a working mail server by installing and configuring various components.

It is a one-click email appliance. There are no user-configurable setup options. It "just works".

The components installed are:

It also includes:

  • A control panel and API for adding/removing mail users, aliases, custom DNS records, etc. and detailed system monitoring.
  • Our own builds of postgrey (adding better whitelisting) and dovecot-lucene (faster search for mail) distributed via the Mail-in-a-Box PPA on Launchpad.

For more information on how Mail-in-a-Box handles your privacy, see the security details page.

Installation

See the setup guide for detailed, user-friendly instructions.

For experts, start with a completely fresh (really, I mean it) Ubuntu 14.04 LTS 64-bit machine. On the machine...

Clone this repository:

$ git clone https://github.com/mail-in-a-box/mailinabox
$ cd mailinabox

Optional: Download my PGP key and then verify that the sources were signed by me:

$ curl -s https://keybase.io/joshdata/key.asc | gpg --import
gpg: key C10BDD81: public key "Joshua Tauberer <jt@occams.info>" imported

$ git verify-tag v0.24
gpg: Signature made ..... using RSA key ID C10BDD81
gpg: Good signature from "Joshua Tauberer <jt@occams.info>"
gpg: WARNING: This key is not certified with a trusted signature!
gpg:          There is no indication that the signature belongs to the owner.
Primary key fingerprint: 5F4C 0E73 13CC D744 693B  2AEA B920 41F4 C10B DD81

You'll get a lot of warnings, but that's OK. Check that the primary key fingerprint matches the fingerprint in the key details at https://keybase.io/joshdata and on my personal homepage. (Of course, if this repository has been compromised you can't trust these instructions.)

Checkout the tag corresponding to the most recent release:

$ git checkout v0.24

Begin the installation.

$ sudo setup/start.sh

For help, DO NOT contact me directly --- I don't do tech support by email or tweet (no exceptions).

Post your question on the discussion forum instead, where me and other Mail-in-a-Box users may be able to help you.

The Acknowledgements

This project was inspired in part by the "NSA-proof your email in 2 hours" blog post by Drew Crawford, Sovereign by Alex Payne, and conversations with @shevski, @konklone, and @GregElin.

Mail-in-a-Box is similar to iRedMail and Modoboa.

The History

  • In 2007 I wrote a relatively popular Mozilla Thunderbird extension that added client-side SPF and DKIM checks to mail to warn users about possible phishing: add-on page, source.
  • In August 2013 I began Mail-in-a-Box by combining my own mail server configuration with the setup in "NSA-proof your email in 2 hours" and making the setup steps reproducible with bash scripts.
  • Mail-in-a-Box was a semifinalist in the 2014 Knight News Challenge, but it was not selected as a winner.
  • Mail-in-a-Box hit the front page of Hacker News in April 2014, September 2014, May 2015, and November 2016.
  • FastCompany mentioned Mail-in-a-Box a roundup of privacy projects on June 26, 2015.