external/mailinabox
1
0
Fork 0
mirror of https://github.com/mail-in-a-box/mailinabox.git synced 2025-04-30 04:27:01 +00:00
Code Issues Releases Wiki Activity
9695fd9803
mailinabox/guide.html
Stephan Brauer 9695fd9803 Fix typo.
2014-08-17 18:07:22 +02:00

482 lines
25 KiB
HTML
Raw Blame History

<!DOCTYPE html>
<html class="no-js">
<head>
<meta charset="utf-8">
<meta http-equiv="X-UA-Compatible" content="IE=edge,chrome=1">
<meta name="viewport" content="width=device-width">
<title>Mail-in-a-Box Setup Guide</title>
<link rel="stylesheet" href="https://maxcdn.bootstrapcdn.com/bootstrap/3.1.1/css/bootstrap.min.css" />
<style>
@import url(https://fonts.googleapis.com/css?family=Iceland);
@import url(https://fonts.googleapis.com/css?family=Raleway:400,700);
@import url(https://fonts.googleapis.com/css?family=Ubuntu:300);
body {
font-family: Raleway, sans-serif;
font-size: 16px;
color: #555;
}
h1 {
font-family: 'Iceland', sans-serif;
font-size: 50px;
}
h2 {
margin-top: 1.75em;
font-family: Ubuntu, Arial, sans-serif;
font-weight: 300;
font-size: 20px;
padding-bottom: .25em;
border-bottom: 1px solid #DDD;
margin-bottom: 1em;
}
h3 {
margin-top: 1.5em;
margin-bottom: .75em;
font-family: Ubuntu, Arial, sans-serif;
font-weight: 300;
font-size: 18px;
font-style: italic;
color: #777;
}
a {
color: #24A;
text-decoration: underline;
}
#back {
background-color: #EEE;
font-size: 90%;
padding: .5em;
}
#back a { text-decoration: none; }
#back a:hover { text-decoration: underline; }
p {
margin-bottom: 1.25em; /* see .example, .figure, pre */
}
p.pros {
font-size: 12px;
font-family: Ubuntu;
margin: 11px 0 22px -6px;
padding: 6px;
background-color: #F8F8F8;
color: #666;
}
p.pros:before {
content: "Expert summary: ";
font-weight: bold;
color: #777;
}
.example {
margin: 1em 1em 1.3em 1.5em; /* bottom must match p */
border: 1px solid #EEF;
padding: .5em;
background-color: #FAFAFF;
}
.figure {
margin: 1.25em auto; /* bottom must match p */
}
pre {
margin-bottom: 1.25em; /* bottom must match p */
}
dl > dt {
margin-top: 1em;
}
code {
background-color: black;
color: #FDD;
font-weight: bold;
}
table { margin-bottom: 1.25em; }
table thead th { border-bottom: 1px solid #555; }
table th, table td {
padding: .25em 1em .25em 0;
}
#nav {
margin-top: 2em;
}
#nav a { padding-bottom: .25em; color: #E64; text-decoration: none; }
#nav li.active { background-color: #D55; }
#nav li.active a { color: white; }
#nav li.active a:hover { color: #E64; }
</style>
</head>
<body data-spy="scroll" data-target="#nav">
<a href="https://github.com/mail-in-a-box/mailinabox/tree/website" class="visible-md visible-lg"><img style="position: absolute; top: 0; right: 0; border: 0;" src="https://camo.githubusercontent.com/365986a132ccd6a44c23a9169022c0b5c890c387/68747470733a2f2f73332e616d617a6f6e6177732e636f6d2f6769746875622f726962626f6e732f666f726b6d655f72696768745f7265645f6161303030302e706e67" alt="Fork me on GitHub" data-canonical-src="https://s3.amazonaws.com/github/ribbons/forkme_right_red_aa0000.png"></a>
<div id="back">
<div class="container">
<a href="/">
&lt; Back to Mail-in-a-Box
</a>
</div>
</div>
<div class="container">
<div class="row">
<div id="sidebar" class="col-sm-4 col-md-3">
<div id="nav" class="small">
<p style="margin: 0 0 .5em 14px; border-bottom: 1px solid #CCC; color: #888;">Table of Contents</p>
<ul class="nav nav-list">
<li><a href="#checklist">Checklist</a></li>
<li><a href="#domain-name-registration">Getting a Domain Name</a></li>
<li><a href="#hostname">The Box&rsquo;s Hostname</a></li>
<li><a href="#machine">The Machine</a></li>
<li><a href="#domain-name-configuration">Domain Name Configuration</a></li>
<li><a href="#setup">Machine Setup</a></li>
<li><a href="#mail">Checking/Sending Mail</a></li>
<li><a href="#mail-users">Adding Email Addresses</a></li>
<li><a href="#ssl">SSL Certificate</a></li>
<li><a href="#web">Your Website</a></li>
<li><a href="#custom_dns">Custom DNS</a></li>
<li><a href="#dnssec">DNSSEC</a></li>
<li><a href="#other">Other</a></li>
<li><a href="#checks">Systems Checks</a></li>
</ul>
</div>
</div>
<div class="col-sm-8 col-md-9">
<div style="padding-left: 1em; max-width: 55em">
<h1>Mail-in-a-Box Setup Guide</h1>
<h2 id="checklist">Pre-flight Checklist</h2>
<dl>
<dt>Can I use my box for something else too?</dt>
<dd>No. Mail-in-a-Box must be installed on a <u>fresh</u> machine that will be <u>dedicated</u> to Mail-in-a-Box. You are on your own if you try any other configuration.</dd>
<dt>Can I use my domain name for something else?</dt>
<dd>Yes. Even though your Mail-in-a-Box will be handling mail for your domain name, you can actually point domain anywhere else. And you can create other subdomains. This is documented at the end of this guide.</dd>
<dt>What will it cost?</dt>
<dd>This is going to cost you about $15 per month. You&rsquo;re going to become your own Internet service provider &mdash; an ISP. You can divide this among friends and share your Mail-in-a-Box if you&rsquo;d like to split it up. Most of the cost is in having a (virtual) machine connected to the Internet 24/7.</dd>
<dt>Do I have time?</dt>
<dd>There&rsquo;s also your time. Once a Mail-in-a-Box is set up, we hope it &ldquo;just works&rdquo; but when you are your own systems administrator you must be prepared to resolve issues as they arise.</dd>
</dl>
<h2 id="domain-name-registration">Your Domain Name</h2>
<p class="pros">Register a new domain name, or have a domain name that you can have your Mail-in-a-Box completely take over.</p>
<p>The first step in setting up a Mail-in-a-Box is to pick your new email address. An email address has two parts. The part after the @-sign is the <b>domain name</b>. Each domain name is owned by someone, and you are going to be the owner of your own.</p>
<p class="example">Josh&rsquo;s email address is <script>document.write("tj".split("").reverse().join(""));</script>@occams.info. His domain name is <code>occams.info</code>.</p>
<p>Besides using the domain name for email, you&rsquo;ll also be able to put a simple website at the domain.</p>
<p>Go over to <a href="http://www.gandi.net/domain">Gandi.net</a>, a domain name registrar, and buy a new domain name. It&rsquo;s about $17/year, but the price varies by which &ldquo;top-level domain&rdquo; (TLD) you use, whether it&rsquo;s <code>.com</code>, <code>.me</code>, <code>.info</code>, and so on.</p>
<p>Buy anything you want. This is your new identity.</p>
<p>After you buy the name you&rsquo;ll need to set it up, but that comes later so keep reading. Note that a Mail-in-a-Box can handle the email for multiple domains names too &mdash; more on that later.</p>
<h2 id="hostname">Your Box Has A Name</h2>
<p class="pros">Your box&rsquo;s hostname should be <tt>box.yourdomain.com</tt>.</p>
<p>Every machine connected to the Internet has a <b>name</b> and an <b>address</b>.</p>
<p>The <b>address</b>, an IP address, is like a telephone number. It&rsquo;s made up of numbers and is assigned to you by whoever provides Internet access to you.</p>
<p>The name &mdash; called a <b>hostname</b> &mdash; is something you decide. It can be a domain name you own or any &ldquo;subdomain&rdquo; of a domain you own.</p>
<p>For your Mail-in-a-Box, we recommend naming your box <code>box</code> + <code>.</code> + your domain name.</p>
<p class="example">Josh&rsquo;s Mail-in-a-Box is named <code>box.occams.info</code>. This is its hostname.</p>
<p>Your Mail-in-a-Box may handle the email for multiple domain names, but the box has a single name.</p>
<h2 id="machine">The Machine</h2>
<p class="pros">Spin up an Ubuntu 14.04 x64 machine with about 1 GB memory and 12 GB disk, and then set the machine&rsquo;s <u>reverse DNS</u>.</p>
<p>Now you will rent a machine, or a virtual part of a machine, somewhere in &ldquo;the cloud.&rdquo; We&rsquo;ll call this machine your box.</p>
<p>We recommend going over to <a href="https://www.digitalocean.com/">Digital Ocean</a>. You must choose the <code>Ubuntu 14.04 x64</code> operating system. We recommend using a machine with 1 GB of RAM and a 30 GB disk. This setup currently costs $10/month.</p>
<p>At Digital Ocean, your machine is called a &ldquo;droplet&rdquo; and you <strong>must</strong> name your droplet the same as its hostname.</p>
<p class="example">Josh&rsquo;s droplet would be named <code>box.occams.info</code> (if Josh used Digital Ocean).</p>
<p>I've been a long-time customer of <a href="http://rimuhosting.com/order/v2orderstart.jsp">Rimuhosting.com</a> which also provides cheap virtual machines, which they call &ldquo;VPS&rdquo;s, at several locations around the world. Choose a location near you &mdash; it&rsquo;ll be faster! Most any cloud provider will do, but not Amazon Web Services because its network is often blocked to prevent users from sending spam. Wherever you rent your box, you <em>must</em> choose Ubuntu 14.04 x64 and at least 768 MB RAM.</p>
<p>Each cloud provider will have different instructions for setting up &ldquo;reverse DNS.&rdquo; You <strong>must</strong> follow your cloud provider&rsquo;s instructions for setting the reverse DNS of your box to your box&rsquo;s hostname. At Digital Ocean you set the name of your droplet to the box&rsquo;s hostname, as mentioned above.</p>
<p class="example">Josh&rsquo;s box&rsquo;s reverse DNS is set to the same as the box&rsquo;s hostname: <code>box.occams.info</code>.</p>
<p>Your cloud provider will also now tell you the IP address of your machine. It looks like 123.123.123.123.</p>
<p class="example">Josh&rsquo;s box&rsquo;s IP address is <code>94.76.202.152</code>.</p>
<h2 id="domain-name-configuration">Configuring Your Domain Name</h2>
<p class="pros">At your registrar, create hostname records for <code>ns1.box.yourdomain.com</code> and <code>ns2.box.yourdomain.com</code> providing your box&rsquo;s IP address, and then set your domain name&rsquo;s nameservers to these two hostnames.</p>
<p>We&rsquo;ll now go back to your domain name registrar to associate your domain name with your box&rsquo;s IP address.</p>
<p>The association between your domain name and IP address is . . . complicated. The domain name system (DNS) is a global, distributed network of machines that turn domain names into IP addresses. Your registrar and your box play a role in the domain name system.</p>
<p>The way this works varies from registrar to registrar, but it goes something like this:</p>
<h3>Glue Records</h3>
<p>First, you&rsquo;ll create two &ldquo;glue records.&rdquo; The purpose of glue records is to say that your box is becoming a part of the domain name system. These records go by different names at different registrars, so also look out for &ldquo;hostnames&rdquo; or child nameservers. This will <em>not</em> be found in a DNS control panel.</p>
<p>A glue record has a hostname and an IP address. For historical reasons we need two glue records. The two records you need to create are for <code>ns1</code> + <code>.</code> + your box&rsquo;s hostname and <code>ns2</code> + <code>.</code> + your box&rsquo;s hostname. (They stand for &ldquo;nameserver one&rdquo; and &ldquo;nameserver two&rdquo;.) For the IP address, enter the IP address of your box.</p>
<p class="example">Josh&rsquo;s box&rsquo;s hostname is box.occams.info. The two glue records are for <code>ns1.box.occams.info</code> and <code>ns2.box.occams.info</code> and list the box&rsquo;s IP address of <code>94.76.202.152</code>.</p>
<p>It looks something like what&rsquo;s shown here:</p>
<img src="static/domain_hostnames.png" title="Glue Record Configuration at Your Domain Registrar" class="img-responsive figure"/>
<p>Your registrar may ask you to enter these hostnames with the domain name part omitted, as mine did in this case. If so, enter the part of the hostname up to the domain name.</p>
<p class="example">Josh&rsquo;s domain name is occams.info. The two glue hostnames are <code>ns1.box.occams.info</code> and <code>ns2.box.occams.info</code>, but his registrar asks him to enter them with &ldquo;.occams.info&rdquo; omitted leaving just <code>ns1.box</code> and <code>ns2.box</code>.</p>
<p>If your Mail-in-a-Box is handling mail for multiple domains, you only do the part above once. Other domain names skip this step.</p>
<h3>Nameservers</h3>
<p>Second, you&rsquo;ll tell your domain registrar that your domain name&rsquo;s nameservers are <code>ns1</code> + <code>.</code> + your box&rsquo;s hostname and <code>ns2</code> + <code>.</code> + your box&rsquo;s hostname.</p>
<p>You will usually be turning off the registrar&rsquo;s provided nameservers and turning on custom servers. This is usually <i>not</i> found in the domain name&rsquo;s DNS control panel. You will be disabling that control panel.</p>
<p>Here&rsquo;s what that looks like in my registrar:</p>
<img src="static/domain_nameservers.png" title="Nameserver Configuration at Your Domain Registrar" class="img-responsive figure"/>
<p>Don&rsquo;t worry if you are confused about what this all means. It is complicated &mdash; we all get confused at this point.</p>
<h2 id="setup">Setting Up The Box</h2>
<p class="pros">Clone our github repo <a href="https://github.com/mail-in-a-box/mailinabox">https://github.com/mail-in-a-box/mailinabox</a>, cd to the directory, and run <code>setup/start.sh</code>.</p>
<p>You will now have to log into your running box using SSH. Your cloud provider will probably give you some instructions on how to do that. If your personal computer has a command line, you'll be doing something like this:</p>
<pre>ssh -i yourkey.pem ubuntu@10.20.30.40</pre>
<p>Once inside, you will now get the Mail-in-a-Box code onto your box. Type:</p>
<pre>sudo apt-get install -y git
git clone https://github.com/mail-in-a-box/mailinabox
cd mailinabox</pre>
<p>And then start the setup process:</p>
<pre>sudo setup/start.sh</pre>
<p>You will be asked to enter the email address you want and a few other configuration questions. At the end you will be asked for a password for your email address.</p>
<p>This password will be used to login to webmail, and to authorize sending and receiving mail through SMTP and IMAP. It will <strong>not</strong> be used to log onto your Mail-in-a-Box server using SSH.</p>
<p>It is always safe to re-run the setup script. If something goes wrong or you just want to see it again, just do again <code>sudo setup/start.sh</code>.</p>
<p>When the setup script is done running, you have a working mail server. But first check that everything is correct so far by typing:</p>
<pre>sudo management/whats_next.py</pre>
<p>This script reports configuration problems and next steps.</p>
<p>Things related to the domain name system sometimes take several minutes, or much longer, to update. This is called DNS propagation. If you get domain name resolving problems, you may need to wait a bit for your registrar and your home ISP&rsquo;s name servers to update. If the problem persists, there is a configuration problem either at your domain name registrar or on the box.</p>
<p>Also right now your SSL certificates won&rsquo;t be signed. This does not prevent you from sending or receiving email, though, so we will come back to this below.</p>
<h2 id="mail">Checking and Sending Mail</h2>
<p class="pros">You have webmail at <code>https://hostname/mail</code>. IMAP with SSL is on port 993 and SMTP with STARTTLS is on port 587. Your username is your email address.</p>
<h3>Webmail</h3>
<p>You can access your email at <code>https://hostname/mail</code>, where hostname is your box&rsquo;s hostname.</p>
<p class="example">Josh goes to <a href="https://box.occams.info/mail">https://box.occams.info/mail</a> to check and send email using webmail.</p>
<p>When you visit this page you will see a warning about the site&rsquo;s SSL certificate being invalid. Right now you are using a self-signed certificate. If it is unlikely that anyone is running an active network attack on you right now, just permanently confirm the security exception and you will be good to go.</p>
<p>(Otherwise, check that the SSL fingerprint show to you matches the SSL fingerprint printed toward the top of the long output of the setup script. You may run <code>sudo setup/start.sh</code> again if you missed it.)</p>
<p>Your username is the <u>email address</u> you entered when you ran the setup program above.</p>
<p><strong>Try to send some mail now!</strong></p>
<h3>Mobile and other mail clients</h3>
<p>On mobile devices you might need to install a &ldquo;mail client&rdquo; app. We recommend <a href="https://play.google.com/store/apps/details?id=com.fsck.k9">K-9 Mail</a>. On a desktop you could try <a href="https://www.mozilla.org/en-US/thunderbird/">Mozilla Thunderbird</a>.</p>
<p>Configure your device as follows:</p>
<table>
<tr><th>Server Name:</th> <td>Your box&rsquo;s hostname.</td></tr>
<tr><th>Username:</th> <td>The complete <u>email address</u> you provided when you ran the setup program earlier.</td></tr>
<tr><th>Password:</th> <td>The password you gave the email address during the setup program earlier.</td></tr>
</table>
<p>Depending on your mail program, you will either use IMAP &amp; SMTP or Exchange ActiveSync:</p>
<table>
<thead><tr><th>Protocol</th> <th>Port</th> <th>Options</th></tr></thead>
<tr><th>IMAP</th> <td>993</td> <td>SSL</td></tr>
<tr><th>SMTP</th> <td>587</td> <td>STARTTLS</td></tr>
<tr><th>Exchange ActiveSync</th> <td>n/a</td> <td>Secure Connection</td></tr>
<tr><td colspan="3" style="padding: 0 0 0 1em; font-size: 90%">see <a href="http://z-push.org/compatibility/">list of compatible devices</a> for Exchange ActiveSync</td></tr>
</table>
<p>Note: Mail-in-a-Box uses <a href="http://en.wikipedia.org/wiki/Greylisting">greylisting</a> to cut down on spam. The first time you receive an email from a recipient, it may be delayed for ten minutes.</p>
<h2 id="mail-users">Adding More Email Addresses</h2>
<p class="pros">Use <code>tools/mail.py</code> to manage email addresses and aliases.</p>
<p>Your box may manage the email for multiple email addresses. While logged in with SSH (see above), run:</p>
<pre>sudo tools/mail.py</pre>
<p>This command will help you add and remove email accounts and email aliases (forwarders).</p>
<p>You may add email addresses on other domain names. If you do, you will need to set the nameservers for those domains in the domain name registrar configuration too, as described above.</p>
<h2 id="ssl">Getting a Signed Certificate</h2>
<p>To configure a real signed SSL certificate, run the <code>whats_next</code> script and follow the instructions:</p>
<pre>sudo management/whats_next.py</pre>
<p>The script will give you the CSR (which you give to your registrar or other SSL provider).</p>
<p>When you purchase an SSL certificate you will receive a certificate in PEM format and possibly a file containing &ldquo;intermediate certificates&rdquo; in PEM format. If you receive intermediate certificates, use a text editor like Notepad or Gedit and paste <em>your</em> certificate on top and <em>then</em> the intermediate certificates below it. Save the file and place this <em>combined</em> file onto your box in the location indicated by the <code>whats_next</code> script.</p>
<h2 id="web">Publishing Your Website</h2>
<p class="pros">Put static files in <code>/home/user-data/www/default</code>.</p>
<p>Your box will immediately begin serving a simple, default static website at the box&rsquo;s hostname (you already saw webmail there) and on any domain that you set up an email address for.</p>
<p>Replace the files in <tt>/home/user-data/www/default</tt> on your box with any HTML pages and other static files for your own website. You will probably need to use an SSH file transfer program such as <a href="https://filezilla-project.org/">FileZilla</a> or <a href="http://linuxcommand.org/man_pages/scp1.html">scp</a>. (Use the same login credentials as when you connected with <tt>ssh</tt>.)</p>
<p>If you want a different website to appear at different domain names, put the files instead in <tt>/home/user-data/www/[your.domainname.com]</tt>. Then run:</p>
<pre>sudo tools/web_update</pre>
<p>to update the web configuration so that it knows the new location of the static files.</p>
<p>The box also provides support for <a href="http://webfinger.net/">Webfinger</a>, which is a web-based protocol, if you have installed a signed certificate for the domain.</p>
<p>If you want to have the box host a static website on a domain that you have&rsquo;t set up an email address for, create a dummy email address on the domain (see above for how to do that). Then run the <tt>whats_next.py</tt> script as described in the previous section to ensure it is set up correctly.</p>
<p>Although your box is handling mail for your domain name, it is actually possible to host a website on another machine by using custom DNS. See below.</p>
<h2 id="custom_dns">Custom DNS</h2>
<p>Your box is managing the DNS for your domain names. If you run other web services on other machines, you may want to create custom DNS records.</p>
<p>Create a file named <tt>/home/user-data/dns/custom.yaml</tt> and put in it custom DNS settings in this format:</p>
<pre>www.yourdomain.com: 72.249.66.164</pre>
<p>or</p>
<pre>www.yourdomain.com:
CNAME: otherserver.com.</pre>
<p>After modifying this file, run:</p>
<pre>sudo tools/dns_update</pre>
<p>to update the DNS settings.</p>
<p>Mail and web are handled by separate types of DNS records. You can actually override the DNS for any domain you have an email address at &mdash; except the box&rsquo;s hostname itself &mdash; to have the domain's website served by another machine without affecting its email.</p>
<h2 id="dnssec">Configuring DNSSEC</h2>
<p>The domain name system is not very secure. Enabling DNSSEC provides a layer of cryptographic security on top of the domain name system in a similar way to how HTTPS web addresses add a layer of security to the web.</p>
<p>DNSSEC is optional, but with it your box will advertise that it is secure. Other mail servers that support DNSSEC and DANE will begin encrypting mail to you while it is in transit. (Since Mail-in-a-Box supports this too, email between DNSSEC-enabled Mail-in-a-Boxes is always encrypted in transit.)</p>
<p>DNSSEC is configured at your domain name registrar. To activate DNSSEC, you'll need to get DS configuration information from the box and then enter that at your registrar. While logged in on the box, run:</p>
<pre>sudo management/whats_next.py</pre>
<p>Copy the DS information and follow the DS record instructions provided by your domain name registrar. How this works varies from registrar to registrar.</p>
<h2 id="maintenance">Keeping Your Box Humming</h2>
<p>Follow <a href="http://twitter.com/Mailinabox">@Mailinabox</a> on Twitter so you know when we post any updates to Mail-in-a-Box.</p>
<p>You should periodically update the software on Mail-in-a-Box. Every now and then update the Ubuntu base packages in case there have been any security updates. Log into your machine with SSH and then type:</p>
<pre>sudo apt-get update &amp;&amp; sudo apt-get upgrade</pre>
<p>You should also move to the latest Mail-in-a-Box release occasionally:</p>
<pre>cd mailinabox
git pull
sudo setup/start.sh</pre>
<p>Remember that it is always safe to re-run the setup script like this.</p>
<h2 id="other">To-be-written</h2>
<p>It is also possible to...</p>
<ul>
<li>Backup your mail.</li>
</ul>
<h2 id="checks">Systems Checks</h2>
<p>If you want to double-check that your system is configured correctly, here are some tools:</p>
<ul>
<li>DNS: <a href="http://pingability.com/zoneinfo.jsp">pingability.com/zoneinfo</a></li>
<li>DKIM and SPF: <a href="http://www.brandonchecketts.com/emailtest.php">brandonchecketts.com/emailtest</a></li>
<li>SSL: <a href="https://www.ssllabs.com/ssltest/analyze.html">ssllabs.com</a></li>
</ul>
<p>There are also Python scripts in the <a href="https://github.com/mail-in-a-box/mailinabox/tree/master/tests"><code>tests/</code></a> directory on GitHub for automated testing.</p>
<div class="hidden-xs" style="height: 200px"> </div>
</div>
</div>
</div>
<script src="https://code.jquery.com/jquery-2.1.1.min.js"> </script>
<script src="https://maxcdn.bootstrapcdn.com/bootstrap/3.1.1/js/bootstrap.min.js"></script>
<script>
if ($(window).width() >= 768) {
// scroll spy with a fixed TOC doesn't work on small screens
$('#nav').attr('data-spy', 'affix');
$('body').scrollspy()
}
</script>
</body>
</html>
Reference in New Issue View Git Blame Copy Permalink