1
0
mirror of https://github.com/mail-in-a-box/mailinabox.git synced 2024-12-24 07:37:04 +00:00
Go to file
David Duque 7de99aa690 v0.50 (September 25, 2020)
--------------------------
 
 Setup:
 
 * When upgrading from versions before v0.40, setup will now warn that ownCloud/Nextcloud data cannot be migrated rather than failing the installation.
 
 Mail:
 
 * An MTA-STS policy for incoming mail is now published (in DNS and over HTTPS) when the primary hostname and email address domain both have a signed TLS certificate installed, allowing senders to know that an encrypted connection should be enforced.
 * The per-IP connection limit to the IMAP server has been doubled to allow more devices to connect at once, especially with multiple users behind a NAT.
 
 DNS:
 
 * autoconfig and autodiscover subdomains and CalDAV/CardDAV SRV records are no longer generated for domains that don't have user accounts since they are unnecessary.
 * IPv6 addresses can now be specified for secondary DNS nameservers in the control panel.
 
 TLS:
 
 * TLS certificates are now provisioned in groups by parent domain to limit easy domain enumeration and make provisioning more resilient to errors for particular domains.
 
 Control Panel:
 
 * The control panel API is now fully documented at https://mailinabox.email/api-docs.html.
 * User passwords can now have spaces.
 * Status checks for automatic subdomains have been moved into the section for the parent domain.
 * Typo fixed.
 
 Web:
 
 * The default web page served on fresh installations now adds the `noindex` meta tag.
 * The HSTS header is revised to also be sent on non-success responses.
 -----BEGIN PGP SIGNATURE-----
 
 iQFDBAABCgAtFiEEX0wOcxPM10RpOyrquSBB9MEL3YEFAl9t2AgPHGp0QG9jY2Ft
 cy5pbmZvAAoJELkgQfTBC92BZNkH/1jIGoWTz0xlS+e+TeXpHoCp/7zYAvQq/a/y
 vj9t1N1+bBg6Ywbd8UxyvOHwuL/UQU/5LTq6hk3gD+2ARfJUvDRbb047Xzlisg3N
 LhNoVhVbsxqKP1X2ZjeIBq9DgzMavuB64Bwd5UNdceM0Addi8KuCDOMF+FNY2t8k
 xytGjYdBi1/BG6SLBX+FAm5yrJghmkUJs2FnJjebSyyeV2HP3L1iBrk2N8UBd6PU
 fVjde534lgygFZK/8yXJpY2olfLMYJv7CaOMxvaW6RpbMI8VeLwDLfRt5LcrQZqq
 YXkuEnUI0eygbQYkeK/Vr1Vey6uQAWzIfbImEglHfvOXsZSYFXs=
 =SJNM
 -----END PGP SIGNATURE-----
gpgsig -----BEGIN PGP SIGNATURE-----
 
 iQIzBAABCAAdFiEEAKK/toPAcMkE+dinLzJ3OKPArjoFAl9vB/0ACgkQLzJ3OKPA
 rjpXTg/+L2W6LXtqJcDdPiLb7uRJ1a+R7DAPPLhZOXT8alFt6g2nAJHHI3NxKWVM
 KsrSGlL+XSw744tfEzw21WsDuoME2F536/q4V4iprQx0LSJ61EQtqFYABbHT7lSc
 EyJellcIBxvK9ZTrHhJy3jVJL5eEkrHr4YpaRd68CZGneziMbxZusrlD23OfOn+U
 Pi6O39+Xh9lB4nxMfzkjYwCPEyNsTaCieKforPE+7TYh6d5NFHp22e2/yNEwYHhv
 90txul+/ByeT6UNFsVQ+QXCpMr/m06W9zbCDgrArol12MlgeAg4bL2trgDUV2D9j
 Dpfo1SYo/VUYetlT98adxW7BK2JuGe3SsFDrgjNPDyMBZRoybLY/l1X5TF5d7dq/
 bhgDcHXSJ6iBmhZ8nGDuBWhiEld9orn/9vfj/nHmleurXxgDwMcGKn0eINDuX8Xd
 NauJdhyOiZLfy8+Rha9ltLlFC/sX8nq0o6iM1Xr+4UOTFVVxlVadkPTMOxuRIQfD
 +JaMRCoXLfbAknoGdKfAcxEAzzyylO6z4Ztj/fVp9SHjQgby1paLpJMHEVUaQzEZ
 VYqdOzmz7vrV1H5OHOIy6mthQrTw+Mg4KubJs7w99e3pZKJBpvp55+DLvA0JhKLD
 dVXqr7rBTkLk/tg4u2SWlj3aZOnkzMz0Iwiu5X+hx3kLl0f3Zgk=
 =VgsY
 -----END PGP SIGNATURE-----

Merge v0.50 from upstream
2020-09-26 10:21:01 +01:00
api Add OpenAPI HTTP spec (#1804) 2020-08-22 15:44:19 -04:00
conf v0.50 (September 25, 2020) 2020-09-26 10:21:01 +01:00
management v0.50 (September 25, 2020) 2020-09-26 10:21:01 +01:00
setup v0.50 (September 25, 2020) 2020-09-26 10:21:01 +01:00
tests add a test for fail2ban monitoring managesieve 2019-08-31 09:15:41 -04:00
tools v0.50 (September 25, 2020) 2020-09-26 10:21:01 +01:00
.editorconfig Fix status check colors, add SMTP relay stub 2020-04-13 01:16:23 +01:00
.gitignore Add OpenAPI HTTP spec (#1804) 2020-08-22 15:44:19 -04:00
CHANGELOG.md v0.50 2020-09-25 07:43:30 -04:00
CODE_OF_CONDUCT.md some improvements suggested by the community 2016-08-15 20:09:05 -04:00
CONTRIBUTING.md Add some development instructions to CONTRIBUTING.md (#1348) 2018-02-05 08:41:19 -05:00
LICENSE add CC0 1.0 Universal in LICENSE 2014-04-23 15:49:23 -04:00
README.md v0.50 (September 25, 2020) 2020-09-26 10:21:01 +01:00
security.md MTA-STS tweaks, add status check using postfix-mta-sts-resolver, change to enforce 2020-05-29 15:36:52 -04:00
Vagrantfile Vagrant: Use libvirt/debian 2020-08-10 03:06:59 +01:00

(Power) Mail-in-a-Box

Installation

  • PRE-REQUISITES: Debian 10 (Buster) or Ubuntu 20.04 LTS fresh installation

Update packages:

sudo apt update
sudo apt full-upgrade

Make sure that the en_US.UTF-8 locale exists and is set as primary (this depends on the image you use)

sudo apt install locales
sudo dpkg-reconfigure locales

Install Power-Mail-in-a-Box (short link)

curl -L https://dvn.pt/powermiab | sudo bash

If that doesn't work:

curl https://raw.githubusercontent.com/ddavness/power-mailinabox/master/setup/bootstrap.sh | sudo bash

Current Version: v0.48.POWER.0 (Tracking v0.48)

This is a fork of MiaB (duh), hacked and tuned to my needs:

- Done

👨‍💻 - Not there yet, but soon!

💤 - I did not begin this part yet!

  • Proper support for Debian (I recommend Debian Buster or later, but if it works on your machine, it works!) AND Ubuntu 20.04 LTS;

  • Native support for SMTP relays (For example: SendGrid);

  • Bumped the bootstrap and jQuery dependencies' versions - and we've got a brand new admin panel now!

  • Per-domain nginx configuration support. This will allow you to:

    • Use PHP (e.g. host a domain shortener);
    • Custom pages will no longer have their pages defaulting to the MiaB services (/admin, /mail, etc.);
  • Updated NextCloud to the latest version available;

  • Performing backups immediately from the admin panel (independently from the daily schedule);

  • 💤 Encrypting backups using user-provided PGP keys;

  • 💤 Ability to download the backups from the admin panel;

Ideas section:

  • 💤 Possibility of making some services optional (if they require more software to be installed) on setup?

    • For example, one might simply not use NextCloud/Munin at all, and they're there... just wasting resources.
  • 💤 Restricting access to the admin panel to certain IP's?

  • 💤 Customizing MTA names? (because privacy)

  • 💤 AXFR Transfers (for secondary DNS) using TSIG?

  • 💤 Expand DNS record options?

  • 💤 More complete webmail configuration via the admin panel/plugin management?

  • 💤 Optional TOTP Two-Factor-Authentication for the admin panel/webmail?

    • Maybe U2F one day, too, but I don't have a capable device for this just yet...
  • 💤 Anything else I might need to use;

All in all, I think I should rename this to something like "Central Clown Computing", since I'm trying to cram as many services as possible into that poor machine (Spending 5$ is better than spending 10$)

Original Documentation

By @JoshData and contributors.

Mail-in-a-Box helps individuals take back control of their email by defining a one-click, easy-to-deploy SMTP+everything else server: a mail server in a box.

Please see https://mailinabox.email for the project's website and setup guide!


Our goals are to:

  • Make deploying a good mail server easy.
  • Promote decentralization, innovation, and privacy on the web.
  • Have automated, auditable, and idempotent configuration.
  • Not make a totally unhackable, NSA-proof server.
  • Not make something customizable by power users.

Additionally, this project has a Code of Conduct, which supersedes the goals above. Please review it when joining our community.

In The Box

Mail-in-a-Box turns a fresh Ubuntu 18.04 LTS Debian 10 (Buster) 64-bit machine into a working mail server by installing and configuring various components.

It is a one-click email appliance. There are no user-configurable setup options. It "just works."

The components installed are:

It also includes system management tools:

  • Comprehensive health monitoring that checks each day that services are running, ports are open, TLS certificates are valid, and DNS records are correct
  • A control panel for adding/removing mail users, aliases, custom DNS records, configuring backups, etc.
  • An API for all of the actions on the control panel

It also supports static website hosting since the box is serving HTTPS anyway. (To serve a website for your domains elsewhere, just add a custom DNS "A" record in you Mail-in-a-Box's control panel to point domains to another server.)

For more information on how Mail-in-a-Box handles your privacy, see the security details page.

Installation

See the setup guide for detailed, user-friendly instructions.

For experts, start with a completely fresh (really, I mean it) Ubuntu 18.04 LTS 64-bit machine. On the machine...

Clone this repository:

$ git clone https://github.com/mail-in-a-box/mailinabox
$ cd mailinabox

Optional: Download Josh's PGP key and then verify that the sources were signed by him:

$ curl -s https://keybase.io/joshdata/key.asc | gpg --import
gpg: key C10BDD81: public key "Joshua Tauberer <jt@occams.info>" imported

$ git verify-tag v0.50
gpg: Signature made ..... using RSA key ID C10BDD81
gpg: Good signature from "Joshua Tauberer <jt@occams.info>"
gpg: WARNING: This key is not certified with a trusted signature!
gpg:          There is no indication that the signature belongs to the owner.
Primary key fingerprint: 5F4C 0E73 13CC D744 693B  2AEA B920 41F4 C10B DD81

You'll get a lot of warnings, but that's OK. Check that the primary key fingerprint matches the fingerprint in the key details at https://keybase.io/joshdata and on his personal homepage. (Of course, if this repository has been compromised you can't trust these instructions.)

Checkout the tag corresponding to the most recent release:

$ git checkout v0.50

Begin the installation.

$ sudo setup/start.sh

For help, DO NOT contact Josh directly --- I don't do tech support by email or tweet (no exceptions).

Post your question on the discussion forum instead, where maintainers and Mail-in-a-Box users may be able to help you.

Note that while we want everything to "just work," we can't control the rest of the Internet. Other mail services might block or spam-filter email sent from your Mail-in-a-Box. This is a challenge faced by everyone who runs their own mail server, with or without Mail-in-a-Box. See our discussion forum for tips about that.

Contributing and Development

Mail-in-a-Box is an open source project. Your contributions and pull requests are welcome. See CONTRIBUTING to get started.

The Acknowledgements

This project was inspired in part by the "NSA-proof your email in 2 hours" blog post by Drew Crawford, Sovereign by Alex Payne, and conversations with @shevski, @konklone, and @GregElin.

Mail-in-a-Box is similar to iRedMail and Modoboa.

The History

  • In 2007 I wrote a relatively popular Mozilla Thunderbird extension that added client-side SPF and DKIM checks to mail to warn users about possible phishing: add-on page, source.
  • In August 2013 I began Mail-in-a-Box by combining my own mail server configuration with the setup in "NSA-proof your email in 2 hours" and making the setup steps reproducible with bash scripts.
  • Mail-in-a-Box was a semifinalist in the 2014 Knight News Challenge, but it was not selected as a winner.
  • Mail-in-a-Box hit the front page of Hacker News in April 2014, September 2014, May 2015, and November 2016.
  • FastCompany mentioned Mail-in-a-Box a roundup of privacy projects on June 26, 2015.