Port 465 with "implicit" (i.e. always-on) TLS is a more secure approach than port 587 with explicit (i.e. optional and only on with STARTTLS). Although we reject credentials on port 587 without STARTTLS, by that point credentials have already been sent.
|1 year ago|
|api||2 years ago|
|conf||1 year ago|
|management||1 year ago|
|setup||1 year ago|
|tests||1 year ago|
|tools||2 years ago|
|.editorconfig||3 years ago|
|.gitignore||2 years ago|
|CHANGELOG.md||1 year ago|
|CODE_OF_CONDUCT.md||6 years ago|
|CONTRIBUTING.md||5 years ago|
|LICENSE||9 years ago|
|README.md||1 year ago|
|Vagrantfile||4 years ago|
|security.md||1 year ago|
Mail-in-a-Box helps individuals take back control of their email by defining a one-click, easy-to-deploy SMTP+everything else server: a mail server in a box.
Please see https://mailinabox.email for the project's website and setup guide!
Our goals are to:
- Make deploying a good mail server easy.
- Promote decentralization, innovation, and privacy on the web.
- Have automated, auditable, and idempotent configuration.
- Not make a totally unhackable, NSA-proof server.
- Not make something customizable by power users.
Additionally, this project has a Code of Conduct, which supersedes the goals above. Please review it when joining our community.
In The Box
Mail-in-a-Box turns a fresh Ubuntu 18.04 LTS 64-bit machine into a working mail server by installing and configuring various components.
It is a one-click email appliance. There are no user-configurable setup options. It "just works."
The components installed are:
- SMTP (postfix), IMAP (Dovecot), CardDAV/CalDAV (Nextcloud), and Exchange ActiveSync (z-push) servers
- Webmail (Roundcube), mail filter rules (thanks to Roundcube and Dovecot), and email client autoconfig settings (served by nginx)
- Spam filtering (spamassassin) and greylisting (postgrey)
- DNS (nsd4) with SPF, DKIM (OpenDKIM), DMARC, DNSSEC, DANE TLSA, MTA-STS, and SSHFP policy records automatically set
- TLS certificates are automatically provisioned using Let's Encrypt for protecting https and all of the other services on the box
- Backups (duplicity), firewall (ufw), intrusion protection (fail2ban), and basic system monitoring (munin)
It also includes system management tools:
- Comprehensive health monitoring that checks each day that services are running, ports are open, TLS certificates are valid, and DNS records are correct
- A control panel for adding/removing mail users, aliases, custom DNS records, configuring backups, etc.
- An API for all of the actions on the control panel
It also supports static website hosting since the box is serving HTTPS anyway. (To serve a website for your domains elsewhere, just add a custom DNS "A" record in you Mail-in-a-Box's control panel to point domains to another server.)
For more information on how Mail-in-a-Box handles your privacy, see the security details page.
See the setup guide for detailed, user-friendly instructions.
For experts, start with a completely fresh (really, I mean it) Ubuntu 18.04 LTS 64-bit machine. On the machine...
Clone this repository and checkout the tag corresponding to the most recent release:
$ git clone https://github.com/mail-in-a-box/mailinabox $ cd mailinabox $ git checkout v0.53a
Begin the installation.
$ sudo setup/start.sh
The installation will install, uninstall, and configure packages to turn the machine into a working, good mail server.
For help, DO NOT contact Josh directly --- I don't do tech support by email or tweet (no exceptions).
Post your question on the discussion forum instead, where maintainers and Mail-in-a-Box users may be able to help you.
Note that while we want everything to "just work," we can't control the rest of the Internet. Other mail services might block or spam-filter email sent from your Mail-in-a-Box. This is a challenge faced by everyone who runs their own mail server, with or without Mail-in-a-Box. See our discussion forum for tips about that.
Contributing and Development
Mail-in-a-Box is an open source project. Your contributions and pull requests are welcome. See CONTRIBUTING to get started.
- In 2007 I wrote a relatively popular Mozilla Thunderbird extension that added client-side SPF and DKIM checks to mail to warn users about possible phishing: add-on page, source.
- In August 2013 I began Mail-in-a-Box by combining my own mail server configuration with the setup in "NSA-proof your email in 2 hours" and making the setup steps reproducible with bash scripts.
- Mail-in-a-Box was a semifinalist in the 2014 Knight News Challenge, but it was not selected as a winner.
- Mail-in-a-Box hit the front page of Hacker News in April 2014, September 2014, May 2015, and November 2016.
- FastCompany mentioned Mail-in-a-Box a roundup of privacy projects on June 26, 2015.