Giter Site home page Giter Site logo

mail-in-a-box / mailinabox Goto Github PK

View Code? Open in Web Editor NEW
13.2K 291.0 1.4K 3.49 MB

Mail-in-a-Box helps individuals take back control of their email by defining a one-click, easy-to-deploy SMTP+everything else server: a mail server in a box.

Home Page: https://mailinabox.email/

License: Creative Commons Zero v1.0 Universal

Shell 26.24% HTML 19.46% PHP 1.04% Python 53.12% Handlebars 0.15%
smtp email mail server

mailinabox's Introduction

Mail-in-a-Box

By @JoshData and contributors.

Mail-in-a-Box helps individuals take back control of their email by defining a one-click, easy-to-deploy SMTP+everything else server: a mail server in a box.

Please see https://mailinabox.email for the project's website and setup guide!


Our goals are to:

  • Make deploying a good mail server easy.
  • Promote decentralization, innovation, and privacy on the web.
  • Have automated, auditable, and idempotent configuration.
  • Not make a totally unhackable, NSA-proof server.
  • Not make something customizable by power users.

Additionally, this project has a Code of Conduct, which supersedes the goals above. Please review it when joining our community.

In The Box

Mail-in-a-Box turns a fresh Ubuntu 22.04 LTS 64-bit machine into a working mail server by installing and configuring various components.

It is a one-click email appliance. There are no user-configurable setup options. It "just works."

The components installed are:

It also includes system management tools:

  • Comprehensive health monitoring that checks each day that services are running, ports are open, TLS certificates are valid, and DNS records are correct
  • A control panel for adding/removing mail users, aliases, custom DNS records, configuring backups, etc.
  • An API for all of the actions on the control panel

Internationalized domain names are supported and configured easily (but SMTPUTF8 is not supported, unfortunately).

It also supports static website hosting since the box is serving HTTPS anyway. (To serve a website for your domains elsewhere, just add a custom DNS "A" record in you Mail-in-a-Box's control panel to point domains to another server.)

For more information on how Mail-in-a-Box handles your privacy, see the security details page.

Installation

See the setup guide for detailed, user-friendly instructions.

For experts, start with a completely fresh (really, I mean it) Ubuntu 22.04 LTS 64-bit machine. On the machine...

Clone this repository and checkout the tag corresponding to the most recent release:

$ git clone https://github.com/mail-in-a-box/mailinabox
$ cd mailinabox
$ git checkout v67

Begin the installation.

$ sudo setup/start.sh

The installation will install, uninstall, and configure packages to turn the machine into a working, good mail server.

For help, DO NOT contact Josh directly --- I don't do tech support by email or tweet (no exceptions).

Post your question on the discussion forum instead, where maintainers and Mail-in-a-Box users may be able to help you.

Note that while we want everything to "just work," we can't control the rest of the Internet. Other mail services might block or spam-filter email sent from your Mail-in-a-Box. This is a challenge faced by everyone who runs their own mail server, with or without Mail-in-a-Box. See our discussion forum for tips about that.

Contributing and Development

Mail-in-a-Box is an open source project. Your contributions and pull requests are welcome. See CONTRIBUTING to get started.

The Acknowledgements

This project was inspired in part by the "NSA-proof your email in 2 hours" blog post by Drew Crawford, Sovereign by Alex Payne, and conversations with @shevski, @konklone, and @GregElin.

Mail-in-a-Box is similar to iRedMail and Modoboa.

The History

  • In 2007 I wrote a relatively popular Mozilla Thunderbird extension that added client-side SPF and DKIM checks to mail to warn users about possible phishing: add-on page, source.
  • In August 2013 I began Mail-in-a-Box by combining my own mail server configuration with the setup in "NSA-proof your email in 2 hours" and making the setup steps reproducible with bash scripts.
  • Mail-in-a-Box was a semifinalist in the 2014 Knight News Challenge, but it was not selected as a winner.
  • Mail-in-a-Box hit the front page of Hacker News in April 2014, September 2014, May 2015, and November 2016.
  • FastCompany mentioned Mail-in-a-Box a roundup of privacy projects on June 26, 2015.

mailinabox's People

Contributors

0xfelix avatar aspdye avatar badsyntax avatar biermeester avatar binarykitchen avatar brocktice avatar bronson avatar ddavness avatar dhpiggott avatar fspoettel avatar guyzmo avatar h8h avatar hija avatar hjjg avatar hnk avatar hughsw avatar jkaberg avatar joshdata avatar jvolkenant avatar kiekerjan avatar macmedia avatar mariusbluem avatar mkropat avatar nomandera avatar nstanke avatar ponychicken avatar randallsquared avatar tdulcet avatar yeah avatar yodax avatar

Stargazers

 avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar

Watchers

 avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar

mailinabox's Issues

Ensure that python3 is installed

On the 12.04 Precise Box, python3 apparently wasn't installed and things got funky. Once I installed it, things seemed to work.

Few problems with ufw, DKIM...

Hello,

Since few days, I have recurring problems with this script during installation on OpenVZ. In fact, I must comment ufw part of the code because otherwise I "lose" the SSH access on my virtual server.

Also my outgoing mails are not signed by DKIM after the installation (via smtp, port 587). I have to regenerate a key for my domain with opendkim-genkey to make it work. I had this error at installation:

Restarting OpenDKIM: opendkim: / etc / opendkim.conf: refile :/ etc / opendkim / SigningTable: dkimf_db_open (): No such file or directory 
opendkim. 
  * Stopping Postfix Mail Transport Agent postfix [OK] 
  * Starting Postfix Mail Transport Agent postfix [OK] 
Installing spampd razor pyzor dovecot-sieve dovecot-antispam ... 

But this script is almost perfect!

Thanks.

Backup & restore tools

Hi,

Some user stories for you to consider:

As the owner of the deployed email system,
I want to be able to backup the email on my server,
So that I can restore it if the disks crash.

As the owner of the deployed email system,
I want to be able to restore my email onto my server,
So that I can recover from data loss.

My assumption is that both of the above would be usable from a "burn the system down and recreate it again" approach which may happen if the box your email is on suffers a hardware failure.

Corollaries to this might include the ability to restore only one email user's emails vs the entire box.

Thanks!

Joey

Disable HTTP (vs HTTPS)

Don't serve anything over HTTP and set the header on HTTPS responses that indicates that only HTTPS is used.

I *think* I've identified a source of the Roundcube problem

This line: https://github.com/JoshData/mailinabox/blob/afda0405cf7bb768ceb412d75d2f5f193baedd15/conf/nginx.conf#L58, has a reference to "$fastcgi_script_name." But this variable is not defined anywhere. By contrast, in this line, https://github.com/JoshData/mailinabox/blob/2ebd9706ecc8e5fc46e736723749365579c80cee/conf/phpfcgi-initscript#L23, the variable "SCRIPTNAME" is used and only seems to be used to restart the script...

I tried fixing Line 58 in the nginx configuration, but that didn't quite fix it... but it might be a source of the problem.

Add a license file

It'd be nice to add a license to the project, so folks understand where and how it can be used. Perhaps something simple and permissive, such as the MIT license?

Ansible Playbook

I started one, not everything is working yet, must have missed some things but I was able to have roundcube up (v1.0) and successfully send an email.

I couldn't receive one though so I'll investigate it when I have time, dns seems to not really work yet too.

(Playbook is quite messy atm, I'll clean it up next time I work on it).

URL is https://github.com/Keats/playbook-mailinabox if some people are interested, accepting PR of course

Set postmaster_address during setup

Apr 23 xx:xx:xx localhost dovecot: lmtp(xxx): Fatal: Error reading configuration: Invalid settings: postmaster_address setting not given

Might not be necessary for actual usage, but might come in handy someday.

Dockerfile

Would be great, totally in line with your mission—which is also great.

Roundcube does not start

But I'm getting a 502 error when I try to go the webmail site. I suspect that it has something to do with either (1) an outdated roundcube version or (2) the nginx configuration.

I was going to submit a pull request with an updated roundcube version 0.9.5, but I can't get the site working, so I'm a bit hesitant...

dns_update must be run after new mail accounts are created

Once a mail account or alias is created for a domain, dns_update.sh must be run to get the DNS to actually work for that domain and, also, to get DKIM to be applied on outgoing messages (regardless of whether the box is actually a DNS server).

We're not running dns_update at the right time now.

see #39

Switch to disable some services

It would be nice to have command line switch to disable some functionality. For example if I dont want to have webmail support installed I can use parameter '--without-webmail', or disable own dns support '--without-dns'.

Web-based control panel

Add a web-based control panel for:

  • adding/removing mail users and mail aliases
  • blacklisting email senders; whitelisting for graylisting
  • running tests to see if everything is working

Keep the server name

In a later iteration, you may want to consider an alternative install method where you keep the servername. For example, if you're hosting on zvenyach.com and want to add mail.zvenyach.com but still have the link to roundcube by "zvenyach.com/mail".

Unsupported database driver

Hi,

I have installed mail-in-a-box with only one modification. I have changed /etc/nginx/conf.d/local.conf to the following: (I made this change so I can later use Apache2 with a ProxyPass to access roundcube from my website)

# The secure HTTPS server.

server {
    listen 8090 ssl;

    server_name 127.0.0.1;

    ssl_certificate /home/user-data/ssl/ssl_certificate.pem;
    ssl_certificate_key /home/user-data/ssl/ssl_private_key.pem;
    include /etc/nginx/nginx-ssl.conf;

    # We'll expose the same static directory under https.
    root /home/user-data/www/static;

    index index.html index.htm;

    # Roundcube Webmail configuration.
    rewrite ^/mail$ /mail/ redirect;
    rewrite ^/mail/$ /mail/index.php;
    location /mail/ {
        index index.php;
        alias /var/lib/roundcube/;
    }
    location ~ /mail/.*\.php {
        include fastcgi_params;
        fastcgi_split_path_info ^/mail(/.*)()$;
        fastcgi_index index.php;
        fastcgi_param SCRIPT_FILENAME /var/lib/roundcube/$fastcgi_script_name;
        fastcgi_pass unix:/tmp/php-fastcgi.www-data.sock;
        client_max_body_size 20M;
    }

}

But for now I am loged into my server and when I go (in firefox) to https://127.0.0.1:8090/mail/ I get a white page and the following error in /var/log/roundcube/errors:

[25-Apr-2014 13:13:11 +1100]: DB Error: Configuration error. Unsupported database driver:  in /usr/share/roundcube/program/lib/Roundcube/rcube_db.php on line 76 (GET /mail/)

My first thought would be just to reinstall mail-in-a-box but I couldn't find a way to reverse start.sh (or at least a list of packages to remove and directories to delete).

Thanks,
JamesStewy

Keeping previous mailinabox installs up to date security-wise, etc.

I was wondering about keeping previous maininabox installs up to date as improvements continue to be made. Are any of the updates coming into the repo security issues or misconfigurations that have been addressed that previous installs should consider implementing? For example, I have an install that's been purring along for about a month but have done some customization and don't really want to reinstall again to pick up the goodness. Maybe a best-practices checklist document or script that could be run periodically to alert you to known issues? I'm just thinking six months will go by before we know it and maybe by then there will be some recommended changes for all those six-month-old installs.

Server-Level End-to-End PGP

To promote the use of PGP, we can handle PGP at the server level. This will require a few components:

  • intercepting mail submission for encryption
  • knowing for what recipients email should be encrypted for
  • creating an LMTP server to decrypt incoming mail
  • key management

Problem with zen.spamhaus.org

Dear Josh,

I'm getting some errors with mailinabox.

When using the deafult setting, I was facing this error in my mail.log:

postfix/smtpd[2657]: fatal: parameter "smtpd_recipient_restrictions": specify at least one working instance of: check_relay_domains, reject_unauth_destination, reject, defer or defer_if_permit

To try to fix that I changed to my main.conf to:

smtpd_recipient_restrictions=permit_sasl_authenticated,permit_mynetworks,reject_rbl_client,reject_unauth_destination zen.spamhaus.org,check_policy_service inet:127.0.0.1:10023

At this time, no error at mail.log:

postfix/master[2842]: daemon started -- version 2.9.6, configuration /etc/postfix

But when sending an e-mail from my GMail account to my own mail server I'm getting:

connect from mail-yh0-f50.google.com[209.85.213.50]
Dec 13 10:31:48 ip-172-31-40-169 postfix/smtpd[2875]: warning: unknown smtpd restriction: "zen.spamhaus.org"
Dec 13 10:31:48 ip-172-31-40-169 postfix/smtpd[2875]: NOQUEUE: reject: RCPT from mail-yh0-f50.google.com[209.85.213.50]: 451 4.3.5 Server configuration error; from=[email protected] to=XXX@XXX proto=ESMTP helo=<mail-yh0-f50.google.com>
Dec 13 10:31:48 ip-172-31-40-169 postfix/cleanup[2879]: 79194160D38: message-id=[email protected]
Dec 13 10:31:48 ip-172-31-40-169 postfix/qmgr[2846]: 79194160D38: from=[email protected], size=1352, nrcpt=1 (queue active)
Dec 13 10:31:48 ip-172-31-40-169 postfix/smtpd[2875]: disconnect from mail-yh0-f50.google.com[209.85.213.50]
Dec 13 10:31:48 ip-172-31-40-169 postfix/smtp[2880]: initializing the client-side TLS engine
Dec 13 10:31:48 ip-172-31-40-169 postfix/smtp[2880]: 79194160D38: to=[email protected], orig_to=, relay=none, delay=0.05, delays=0.03/0.01/0/0, dsn=5.4.6, status=bounced (mail for ip-172-31-40-169.ec2.internal loops back to myself)
Dec 13 10:31:48 ip-172-31-40-169 postfix/bounce[2881]: warning: 79194160D38: undeliverable postmaster notification discarded
Dec 13 10:31:48 ip-172-31-40-169 postfix/qmgr[2846]: 79194160D38: removed

Do you know how to fix it?

Thanks in advanced,
best regards and congrats!

Adjusting DNSBL settings

Could you provide documentation on how to pick whichever (combination of) DNSBLs one might want to use?

(Basically this is just entering any number of "reject_rbl_client DNSBL_ZONE.DOMAIN_EXAMPLE," statements in /etc/postfix/main.cf smtpd_recipient_restrictions section, in the order of priority those DNSBLs should be used. The default you've included is to use Spamhaus ZEN, which of course is a very good choice and quite sufficient for the majority of installs.)

web.sh

A new error:

scripts/web.sh: line 26: conf/php-fcgid: No such file or directory

Do not override previous website

Hello,

I just installed mailinabox yesterday, and it works great, thanks for the good work.
However, I wanted to check something on my website. And it just disappeared (it makes sense, since both mailinabox an my website's configurations defined the 80 port, but I didn't pay attention to it so far.). I think it would make sense to ask the user whether they want to "override" the current configuration of the website, or use mailinabox on a new port.

What do you think?

Duplicate: Why another All-in-one-Solution when there is iRedmail?

iRedmail is being built for many Distributions and available as an open source free variant developed for years. Yet a bit limited by iRedAdmins free functionalities one can enhance that by just playing around with OpenLDAP (which is quite easy).

I like free and open projects but cant see the benefit!

Incoming mails

Thanks for making this possible.

For incoming mails, do I need to add MX entries, also, are there any other configuration needed to make things work?

Raspbian Support

Add Support for Raspbian to turn a Raspberry Pi into a small and easy to use mail server. :)

AAAA, IPv6 for SPF

Add AAAA records: If the system is on an IPv6 network, the DNS should add AAAA records.

And SPF should be tested that it approves the IPv6 address. According to maco_nix, gmail will reject mail if a system has an IPv6 address and SPF doesn't approve it.

(This issue formerly also listed DNSSEC, but I've moved that to #71.)

BATF - Bounce Address Tag Verification

http://tools.ietf.org/html/draft-levine-mass-batv-02

This allows us to reject non-delivery (mailer daemon) replies that aren't in response to messages we sent for the rare case of blocking backscatter. It's an entirely-local mail policy. But see Wikipedia for limitations: http://en.wikipedia.org/wiki/Bounce_Address_Tag_Validation

This has two parts - rewriting the envelope sender on outgoing mail and validating the tags in recipient addresses of non-delivery (mailer daemon) emails.

Since this is a local policy, there's no particular need to follow that recommendation exactly I don't think...

see #50

DKIM signature is missing from the SMTP sending

Hi,

The mail server works fine but I have a question about DKIM. When I send a message from my server via mail command line, the DKIM signature is added. When I send via SMTP (from my mail client), the signature is missing. Is this normal?

Thanks for your help.

Backup/Restore

How do you backup/restore your email server ?

Do you have an easy script/application to do so ?

Monitoring

Add monitoring for:

  • Free disk space
  • Whether the IP has been blacklisted in common DNSRBLs & whether the domain is in URIBL.
  • General system checks (like, is it actually functioning to receive mail?)
  • Updated packages (apt-get -qq update && apt-get -qq --simulate upgrade or https://wiki.debian.org/UnattendedUpgrades)
  • ...

Dovecot - "Invalid settings: postmaster_address setting not given"

After a clean install it seems I can send email just fine, but receiving is a problem.

Checking /var/log/syslog I see this:

Invalid settings: postmaster_address setting not given

Here's the full block of the incoming email:

Apr 24 00:27:56 mail postfix/smtpd[24841]: connect from mail-vc0-f171.google.com[209.85.220.171]
Apr 24 00:27:56 mail postgrey[7956]: action=pass, reason=client whitelist, client_name=mail-vc0-f171.google.com, client_address=209.85.220.171, [email protected], recipient=NAME@DOMAIN
Apr 24 00:27:56 mail postfix/smtpd[24841]: 689491610F0: client=mail-vc0-f171.google.com[209.85.220.171]
Apr 24 00:27:56 mail postfix/cleanup[24844]: 689491610F0: message-id=<CAH=oei_D8NrJ5T_zwSasKzfJwLh0a7uf=W-1Vx-T2PqhozryzQ@mail.gmail.com>
Apr 24 00:27:56 mail opendkim[15755]: 689491610F0: s=20120113 d=gmail.com SSL
Apr 24 00:27:56 mail postfix/qmgr[9306]: 689491610F0: from=<[email protected]>, size=1851, nrcpt=1 (queue active)
Apr 24 00:27:56 mail dovecot: lmtp(24846): Fatal: Error reading configuration: Invalid settings: postmaster_address setting not given

I had to add:

postmaster_address=postmaster at DOMAIN

Change DOMAIN with your actual domain obviously.

to

/etc/dovecot/dovecot.conf

and then

service dovecot restart

All good now.

Quota

How does one restrict delivery to the Mailinabox with a quota? I'd like to make sure that the limiting factor happened earlier than the actual physical disk space in the instance because systems have an annoying tendency to crash if you allow the disk space to become full.

Adjusting SpamAssassin parameters

Where are the SpamAssassin parameters set? It appears that the current installation is not using URIBLs (right-hand-side BLs, domain name based BLs) for message analysis, and that's often a dead ringer in spam. It would be helpful to be able to do that.

Using domain-based DNSBLs

Could you provide documentation on how to use domain-based DNSBLs / "right-hand-side" BLs?

(Basically just including any number of "reject_rhsbl_sender ZONE.DOMAIN.EXAMPLE" statements in the smtpd_recipient_restrictions section of /etc/postfix/main.cf.)

Mailman

I tried this project out today and everything worked like a charm. The only thing keeping me from switching over currently is the lack of ability to administer mailing lists. Would it be possible to consider adding installing/setting-up mailman (perhaps as an optional step?) onto the roadmap for this project? Or would that be outside of it's scope?

Recommend Projects

  • React photo React

    A declarative, efficient, and flexible JavaScript library for building user interfaces.

  • Vue.js photo Vue.js

    🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.

  • Typescript photo Typescript

    TypeScript is a superset of JavaScript that compiles to clean JavaScript output.

  • TensorFlow photo TensorFlow

    An Open Source Machine Learning Framework for Everyone

  • Django photo Django

    The Web framework for perfectionists with deadlines.

  • D3 photo D3

    Bring data to life with SVG, Canvas and HTML. 📊📈🎉

Recommend Topics

  • javascript

    JavaScript (JS) is a lightweight interpreted programming language with first-class functions.

  • web

    Some thing interesting about web. New door for the world.

  • server

    A server is a program made to process requests and deliver data to clients.

  • Machine learning

    Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.

  • Game

    Some thing interesting about game, make everyone happy.

Recommend Org

  • Facebook photo Facebook

    We are working to build community through open source technology. NB: members must have two-factor auth.

  • Microsoft photo Microsoft

    Open source projects and samples from Microsoft.

  • Google photo Google

    Google ❤️ Open Source for everyone.

  • D3 photo D3

    Data-Driven Documents codes.