Go to file

Dan Jensen cde4e0caca Change SSL notification email subject (#1653 ) Previously the notification email sent when a box's SSL certificate is automatically updated said, "Error Provisioning TLS Certificate" even when there was no error. This changes the subject line to "TLS Certificate Provisioning Results", which is more accurate.		2019-11-02 15:29:05 -04:00
conf	fail2ban should watch for managesieve logins too, fixes #1622	2019-08-31 09:04:17 -04:00
management	Change SSL notification email subject (#1653 )	2019-11-02 15:29:05 -04:00
setup	Allow user_external for Nextcloud 16 (and eventually 17) (#1655 )	2019-11-02 15:28:36 -04:00
tests	add a test for fail2ban monitoring managesieve	2019-08-31 09:15:41 -04:00
tools	update to PHP 7.2	2018-10-03 13:00:15 -04:00
.editorconfig	added editorconfig setup (#1037 )	2017-01-15 10:44:13 -05:00
.gitignore	adding a fully qualified domain name for the hostname and ignoring the .vagrant dir (#1027 )	2016-12-20 16:32:06 -05:00
CHANGELOG.md	Fix mailinabox-postgrey-whitelist cron job return code for file over 28 days	2019-10-05 16:27:21 -04:00
CODE_OF_CONDUCT.md	some improvements suggested by the community	2016-08-15 20:09:05 -04:00
CONTRIBUTING.md	Add some development instructions to CONTRIBUTING.md (#1348 )	2018-02-05 08:41:19 -05:00
LICENSE	add CC0 1.0 Universal in LICENSE	2014-04-23 15:49:23 -04:00
README.md	v0.43	2019-09-01 07:43:47 -04:00
Vagrantfile	minimal changeset to get things working on 18.04	2018-10-03 13:00:06 -04:00
security.md	update reference to Ubuntu 14.04 to 18.04 in README.md and security.md and drop mentions of our custom packages that we no longer maintain	2018-10-03 13:00:15 -04:00

README.md

Mail-in-a-Box

By @JoshData and contributors.

Mail-in-a-Box helps individuals take back control of their email by defining a one-click, easy-to-deploy SMTP+everything else server: a mail server in a box.

Please see https://mailinabox.email for the project's website and setup guide!

Our goals are to:

Make deploying a good mail server easy.
Promote decentralization, innovation, and privacy on the web.
Have automated, auditable, and idempotent configuration.
Not make a totally unhackable, NSA-proof server.
Not make something customizable by power users.

Additionally, this project has a Code of Conduct, which supersedes the goals above. Please review it when joining our community.

The Box

Mail-in-a-Box turns a fresh Ubuntu 18.04 LTS 64-bit machine into a working mail server by installing and configuring various components.

It is a one-click email appliance. There are no user-configurable setup options. It "just works".

The components installed are:

SMTP (postfix), IMAP (dovecot), CardDAV/CalDAV (Nextcloud), Exchange ActiveSync (z-push)
Webmail (Roundcube), static website hosting (nginx)
Spam filtering (spamassassin), greylisting (postgrey)
DNS (nsd4) with SPF, DKIM (OpenDKIM), DMARC, DNSSEC, DANE TLSA, and SSHFP records automatically set
Backups (duplicity), firewall (ufw), intrusion protection (fail2ban), system monitoring (munin)

It also includes:

A control panel and API for adding/removing mail users, aliases, custom DNS records, etc. and detailed system monitoring.

For more information on how Mail-in-a-Box handles your privacy, see the security details page.

Installation

See the setup guide for detailed, user-friendly instructions.

For experts, start with a completely fresh (really, I mean it) Ubuntu 18.04 LTS 64-bit machine. On the machine...

Clone this repository:

$ git clone https://github.com/mail-in-a-box/mailinabox
$ cd mailinabox

Optional: Download Josh's PGP key and then verify that the sources were signed by him:

$ curl -s https://keybase.io/joshdata/key.asc | gpg --import
gpg: key C10BDD81: public key "Joshua Tauberer <jt@occams.info>" imported

$ git verify-tag v0.43
gpg: Signature made ..... using RSA key ID C10BDD81
gpg: Good signature from "Joshua Tauberer <jt@occams.info>"
gpg: WARNING: This key is not certified with a trusted signature!
gpg:          There is no indication that the signature belongs to the owner.
Primary key fingerprint: 5F4C 0E73 13CC D744 693B  2AEA B920 41F4 C10B DD81

You'll get a lot of warnings, but that's OK. Check that the primary key fingerprint matches the fingerprint in the key details at https://keybase.io/joshdata and on his personal homepage. (Of course, if this repository has been compromised you can't trust these instructions.)

Checkout the tag corresponding to the most recent release:

$ git checkout v0.43

Begin the installation.

$ sudo setup/start.sh

For help, DO NOT contact Josh directly --- I don't do tech support by email or tweet (no exceptions).

Post your question on the discussion forum instead, where maintainers and Mail-in-a-Box users may be able to help you.

Contributing and Development

Mail-in-a-Box is an open source project. Your contributions and pull requests are welcome. See CONTRIBUTING to get started.

The Acknowledgements

This project was inspired in part by the "NSA-proof your email in 2 hours" blog post by Drew Crawford, Sovereign by Alex Payne, and conversations with @shevski, @konklone, and @GregElin.

Mail-in-a-Box is similar to iRedMail and Modoboa.

The History

In 2007 I wrote a relatively popular Mozilla Thunderbird extension that added client-side SPF and DKIM checks to mail to warn users about possible phishing: add-on page, source.
In August 2013 I began Mail-in-a-Box by combining my own mail server configuration with the setup in "NSA-proof your email in 2 hours" and making the setup steps reproducible with bash scripts.
Mail-in-a-Box was a semifinalist in the 2014 Knight News Challenge, but it was not selected as a winner.
Mail-in-a-Box hit the front page of Hacker News in April 2014, September 2014, May 2015, and November 2016.
FastCompany mentioned Mail-in-a-Box a roundup of privacy projects on June 26, 2015.