1
0
mirror of https://github.com/mail-in-a-box/mailinabox.git synced 2024-11-23 02:27:05 +00:00
Go to file
Michael Kropat d904feb399 Filter privacy-sensitive headers on outgoing mail
By default, Postfix adds a Received header — on all mail that you send —
that lists the IP of the device you sent the mail from.  This feature is
great if you're a mail provider and you need to debug why one user is
having sending issues.  This feature is not so great if you run your own
mail server and you don't want every recipient of every email you send
to know the device and IP you sent the email from.

To limit this filtering to outgoing mail only, we apply the filters just
to the submission port.  See these guides [1] [2] for more context.

I have taken care to make the configuration logic be **idempotent**.
Unfortunately, due to the syntax of `master.cf`, this requires a small
amount of `sed` and `perl` wizardry :(

In addition to filtering the Received header, the
`submission_header_checks` file is currently configured to filter other,
privacy-sensitive headers.  If people object, we can remove those
filters.  The important thing is that the IP be filtered or masked.

  [1] http://askubuntu.com/a/78168/11259
  [2] http://www.void.gr/kargig/blog/2013/11/24/anonymize-headers-in-postfix/
2014-06-08 15:38:49 -04:00
conf Filter privacy-sensitive headers on outgoing mail 2014-06-08 15:38:49 -04:00
docs rename the scripts directory to setup 2014-06-03 11:12:38 +00:00
management allow dashes in emails during validation, and for aliases allow a much wider range of characters, fixes #64 2014-06-06 10:51:36 -04:00
notes notes for setting up dspam, but it crashed a lot so I'm not using it 2013-08-23 12:03:26 -04:00
setup Filter privacy-sensitive headers on outgoing mail 2014-06-08 15:38:49 -04:00
tests test_dns: more error handling 2014-06-04 19:31:55 -04:00
tools Mask password input on stdin 2014-06-06 17:07:30 -04:00
.gitignore move management into a daemon service running as root 2014-06-03 13:56:40 +00:00
CONTRIBUTING.md adding CONTRIBUTING.md, see #23 2014-04-23 15:52:49 -04:00
LICENSE add CC0 1.0 Universal in LICENSE 2014-04-23 15:49:23 -04:00
README.md rename the scripts directory to setup 2014-06-03 11:12:38 +00:00
Vagrantfile add comments to the new get_default_hostname etc. functions, and simplify the logic in the Vagrantfile and start.sh so that we always call into the same two functions 2014-06-07 14:57:03 -04:00

Mail-in-a-Box

Mail-in-a-Box helps individuals take back control of their email by defining a one-click, easy-to-deploy SMTP+everything else server: a mail server in a box.

This is a work in progress. I work on this in my limited free time.

Why build this? Mass electronic surveillance by governments revealed over the last year has spurred a new movement to re-decentralize the web, that is, to empower netizens to be their own service providers again. SMTP, the protocol of email, is decentralized in principle but highly centralized in practice due to the high cost of implementing all of the modern protocols that surround it. As a result, most individuals trade their independence for access to a “free” email service.

The Box

Mail-in-a-Box turns a fresh Ubuntu 14.04 LTS 64-bit machine into a working mail server, including:

  • An SMTP server for sending/receiving mail, with STARTTLS required for authentication, and greylisting to cut down on spam (postfix, postgrey).
  • An IMAP server for checking your mail, with SSL required (dovecot).
  • A webmail client over SSL so you can check your email from a web browser (roundcube, nginx).
  • Spam filtering with spam automatically going to your Spam folder (spamassassin).
  • DKIM signing on outgoing messages (opendkim).
  • The machine acts as its own DNS server and is automatically configured for SPF and DKIM (nsd).
  • Configuration of mailboxes and mail aliases is done using a command-line tool.
  • Basic system services like a firewall, intrusion protection, and setting the system clock are automatically configured (ufw, fail2ban, ntp).

This setup is what has been powering my own personal email since September 2013.

Please see the initial and very barebones Documentation for more information on how to set up a Mail-in-a-Box. But in short, it's like this:

# do this on a fresh install of Ubuntu 14.04 only!
sudo apt-get install -y git
git clone https://github.com/joshdata/mailinabox
cd mailinabox
sudo setup/start.sh

Status: This is a work in progress. It works for what it is, but it is missing such things as quotas, backup/restore, etc.

The Goals

  • Create a push-button "Email Appliance" for everyday users.
  • Promote decentralization, innovation, and privacy on the web.
  • Have automated, auditable, and idempotent configuration.

For more background, see The Rationale.

What I am not trying to do:

  • Not to be a mail server that the NSA cannot hack.
  • Not to be customizable by power users.

The Acknowledgements

This project was inspired in part by the "NSA-proof your email in 2 hours" blog post by Drew Crawford, Sovereign by Alex Payne, and conversations with @shevski, @konklone, and @GregElin.

Mail-in-a-Box is similar to iRedMail.

The History

  • In 2007 I wrote a relatively popular Mozilla Thunderbird extension that added client-side SPF and DKIM checks to mail to warn users about possible phishing: add-on page, source.
  • On March 13, 2014 I submitted Mail-in-a-Box to the Knight News Challenge.