v55.0
This commit is contained in:
parent
cb7cbe419e
commit
109267c7b0
3 changed files with 70 additions and 169 deletions
235
README.md
235
README.md
|
@ -1,176 +1,77 @@
|
|||
(Power) Mail-in-a-Box
|
||||
=====================
|
||||
# Power Mail-in-a-Box
|
||||
**[Installation](#installation)** (current version: v55.0)
|
||||
|
||||
## Installation
|
||||
Power Mail-in-a-Box (a fork of [Mail-in-a-Box](https://mailinabox.email/)) is a complete pre-configured mail appliance, quickly deployable in a matter of minutes.
|
||||
|
||||
- **PRE-REQUISITES:** Debian 10 (Buster) or Ubuntu 20.04 LTS fresh installation
|
||||
It's main difference to the main project is focused on ad-hoc, advanced features. While Mail-in-a-Box caters to beginners by providing sane configurations, Power Mail-in-a-Box also attempts to cater to advanced users that want deeper levels of customization.
|
||||
|
||||
Update packages:
|
||||
```sh
|
||||
sudo apt update
|
||||
sudo apt full-upgrade
|
||||
## Features
|
||||
- Configure Power Mail-in-a-Box to use an external SMTP relay;
|
||||
- Brand new admin panel (with up-to-date libraries);
|
||||
- Perform backups right away from the admin panel;
|
||||
- Account quotas support (thanks to **@[jrsupplee](https://github.com/jrsupplee/mailinabox)**!)
|
||||
- Customize TTL's for custom DNS records;
|
||||
- Publish OpenPGP keys authoritatively via a WKD server;
|
||||
- - **In the future:** Allow usage of OpenPGP keys to encrypt backups;
|
||||
- Per-domain nginx configuration;
|
||||
|
||||
## Goals
|
||||
- **Easy of use** - deployment shouldn't take too many technical details to understand. Power Mail-in-a-Box already comes with default configurations which should be good for most users.
|
||||
- **Privacy, security and independence** - keeping your mail safe from the big companies.
|
||||
- **Accessible customizability** - bring the features closer to the people instead of tucking them away in configuration files.
|
||||
- **Customizability potential** - allow for deep customization by power users.
|
||||
- **Concentration** - all the services you need in just one box.
|
||||
- **Support** - support a wide range of operating systems when possible, without compromising the codebase as a whole.
|
||||
- **Lightweight** - should be able to run even with very limited resources.
|
||||
|
||||
## Non-goals
|
||||
- **Scalability** - this appliance is geared towards individuals and small/mid-sized organizations. If your use case is mission-critical it probably is a better idea to shop for a product that provides support.
|
||||
- **Portability** - I didn't figure out yet a way to easily transition from Mail-in-a-Box to Power Mail-in-a-Box.
|
||||
|
||||
# Minimum Pre-requisites
|
||||
The machine this appliance will be installed on needs to have the following specs (or better). Most cloud providers are able to provide VM's that satisfy these specs at relatively low cost.
|
||||
|
||||
<small>_These specs depend on the number of users being served and/or amount of traffic_</small>
|
||||
- 1 CPU core;
|
||||
- 512MB of RAM (**at least 1GB** is recommended);
|
||||
- 10GB of disk;
|
||||
- **One of the following operating systems:**
|
||||
- - Debian GNU/Linux 10 (buster)
|
||||
- - Debian GNU/Linux 11 (bullseye)
|
||||
- - Ubuntu LTS 20.04 (Focal Fossa)
|
||||
- - <small> Ubuntu LTS 18.04 (Bionic Beaver) is not supported</small>
|
||||
|
||||
<small>_These network requirements are usually not provided by residential ISP's. They are not **strictly required** for Power Mail-in-a-Box to install, but it will take more work to get it running as intended._</small>
|
||||
- Static, public IPv4 (most residential connections **do not** provide static addresses);
|
||||
- - If the machine is behind a NAT, manual configuration might be required.
|
||||
- Reverse DNS for that IPv4 address (**Caution:** some cloud providers do not provide this);
|
||||
- You should be able to edit the firewall for that address. **In particular, outbound port 25 should not be blocked.**
|
||||
|
||||
# Firewall
|
||||
If the machine is behind an external firewall or NAT, the following **inbound ports SHOULD** be open to external traffic:
|
||||
|
||||
- `25/tcp`
|
||||
- `53/tcp`
|
||||
- `53/udp`
|
||||
- `80/tcp`
|
||||
- `443/tcp`
|
||||
- `465/tcp`
|
||||
- `587/tcp`
|
||||
- `993/tcp`
|
||||
- `995/tcp`
|
||||
- `4190/tcp`
|
||||
|
||||
# Installation
|
||||
|
||||
1. Power Mail-in-a-Box uses `ufw` to configure it's internal firewall. If your cloud provider requires you to use another tool (usually it does not, but <small>\*cough\* _Oracle Cloud_ \*cough\*</small>), you can follow [these instructions](https://github.com/ddavness/power-mailinabox/discussions/21).
|
||||
|
||||
2. Make sure `curl` is installed and locales are configured correctly - you'll want to make sure the primary locale is set to `en_US.UTF-8`:
|
||||
```
|
||||
|
||||
Make sure that the `en_US.UTF-8` locale exists and is set as primary (this depends on the image you use)
|
||||
```sh
|
||||
sudo apt install locales
|
||||
sudo apt install curl locales
|
||||
sudo dpkg-reconfigure locales
|
||||
```
|
||||
|
||||
**Installing Power-Mail-in-a-Box**
|
||||
```sh
|
||||
3. Run the following command, and then follow the instructions that appear on the screen:
|
||||
```
|
||||
curl https://raw.githubusercontent.com/ddavness/power-mailinabox/master/setup/bootstrap.sh | sudo bash
|
||||
```
|
||||
|
||||
## Current Version: v0.54.POWER.5 (Tracking v0.54)
|
||||
|
||||
This is a fork of MiaB (duh), hacked and tuned to my needs:
|
||||
|
||||
✅ - **Done**
|
||||
|
||||
👨💻 - **Not there yet, but soon!**
|
||||
|
||||
💤 - **I did not begin this part yet!**
|
||||
|
||||
- ✅ Support for Debian AND Ubuntu 20.04 LTS;
|
||||
|
||||
- ✅ Native support for SMTP relays (For example: SendGrid);
|
||||
|
||||
- ✅ Bumped the bootstrap and jQuery dependencies' versions - and we've got a brand new admin panel now!
|
||||
|
||||
- ✅ Per-domain `nginx` configuration: Custom pages will no longer have their pages defaulting to the MiaB services (`/admin`, `/mail`, etc.);
|
||||
|
||||
- ✅ Updated NextCloud to the latest version available;
|
||||
|
||||
- ✅ Performing backups immediately from the admin panel (independently from the daily schedule);
|
||||
|
||||
- 👨💻 Encrypting backups using user-provided PGP keys;
|
||||
|
||||
- ✅ Integrate a WKD server (Web Key Directory) for PGP keys;
|
||||
|
||||
- 💤 Restricting access to the admin panel to certain IP's?
|
||||
|
||||
- 💤 Customizing MTA names? (because privacy)
|
||||
|
||||
### Ideas section:
|
||||
|
||||
- 💤 Ability to download the backups from the admin panel;
|
||||
|
||||
- 💤 Possibility of making some services optional (if they require more software to be installed) on setup?
|
||||
|
||||
- - For example, one might simply not use NextCloud/Munin at all, and they're there... just wasting resources.
|
||||
|
||||
- 💤 AXFR Transfers (for secondary DNS) using TSIG?
|
||||
|
||||
- 💤 Expand DNS record options?
|
||||
|
||||
- 💤 More complete webmail configuration via the admin panel/plugin management?
|
||||
|
||||
- 💤 Expand the TOTP Two-Factor-Authentication for the webmail?
|
||||
|
||||
- - Maybe U2F one day, too, but I don't have a capable device for this just yet...
|
||||
|
||||
- 💤 Anything else I might need to use;
|
||||
|
||||
All in all, I think I should rename this to something like "Central [Clown Computing](https://www.urbandictionary.com/define.php?term=clown%20computing)", since I'm trying to cram as many services as possible into that poor machine (Spending 5$ is better than spending 10$)
|
||||
|
||||
Original Documentation
|
||||
======================
|
||||
|
||||
By [@JoshData](https://github.com/JoshData) and [contributors](https://github.com/mail-in-a-box/mailinabox/graphs/contributors).
|
||||
|
||||
Mail-in-a-Box helps individuals take back control of their email by defining a one-click, easy-to-deploy SMTP+everything else server: a mail server in a box.
|
||||
|
||||
**Please see [https://mailinabox.email](https://mailinabox.email) for the project's website and setup guide!**
|
||||
|
||||
* * *
|
||||
|
||||
Our goals are to:
|
||||
|
||||
* Make deploying a good mail server easy.
|
||||
* Promote [decentralization](http://redecentralize.org/), innovation, and privacy on the web.
|
||||
* Have automated, auditable, and [idempotent](https://web.archive.org/web/20190518072631/https://sharknet.us/2014/02/01/automated-configuration-management-challenges-with-idempotency/) configuration.
|
||||
* **Not** make a totally unhackable, NSA-proof server.
|
||||
* ~~**Not** make something customizable by power users.~~
|
||||
|
||||
Additionally, this project has a [Code of Conduct](CODE_OF_CONDUCT.md), which supersedes the goals above. Please review it when joining our community.
|
||||
|
||||
|
||||
In The Box
|
||||
----------
|
||||
|
||||
Mail-in-a-Box turns a fresh ~~Ubuntu 18.04 LTS~~ Debian 10 (Buster) 64-bit machine into a working mail server by installing and configuring various components.
|
||||
|
||||
It is a one-click email appliance. There are no user-configurable setup options. It "just works."
|
||||
|
||||
The components installed are:
|
||||
|
||||
* SMTP ([postfix](http://www.postfix.org/)), IMAP ([Dovecot](http://dovecot.org/)), CardDAV/CalDAV ([Nextcloud](https://nextcloud.com/)), and Exchange ActiveSync ([z-push](http://z-push.org/)) servers
|
||||
* Webmail ([Roundcube](http://roundcube.net/)), mail filter rules (thanks to Roundcube and Dovecot), and email client autoconfig settings (served by [nginx](http://nginx.org/))
|
||||
* Spam filtering ([spamassassin](https://spamassassin.apache.org/)) and greylisting ([postgrey](http://postgrey.schweikert.ch/))
|
||||
* DNS ([nsd4](https://www.nlnetlabs.nl/projects/nsd/)) with [SPF](https://en.wikipedia.org/wiki/Sender_Policy_Framework), DKIM ([OpenDKIM](http://www.opendkim.org/)), [DMARC](https://en.wikipedia.org/wiki/DMARC), [DNSSEC](https://en.wikipedia.org/wiki/DNSSEC), [DANE TLSA](https://en.wikipedia.org/wiki/DNS-based_Authentication_of_Named_Entities), [MTA-STS](https://tools.ietf.org/html/rfc8461), and [SSHFP](https://tools.ietf.org/html/rfc4255) policy records automatically set
|
||||
* TLS certificates are automatically provisioned using [Let's Encrypt](https://letsencrypt.org/) for protecting https and all of the other services on the box
|
||||
* Backups ([duplicity](http://duplicity.nongnu.org/)), firewall ([ufw](https://launchpad.net/ufw)), intrusion protection ([fail2ban](http://www.fail2ban.org/wiki/index.php/Main_Page)), and basic system monitoring ([munin](http://munin-monitoring.org/))
|
||||
|
||||
It also includes system management tools:
|
||||
|
||||
* Comprehensive health monitoring that checks each day that services are running, ports are open, TLS certificates are valid, and DNS records are correct
|
||||
* A control panel for adding/removing mail users, aliases, custom DNS records, configuring backups, etc.
|
||||
* An API for all of the actions on the control panel
|
||||
|
||||
Internationalized domain names are supported and configured easily (but SMTPUTF8 is not supported, unfortunately).
|
||||
|
||||
It also supports static website hosting since the box is serving HTTPS anyway. (To serve a website for your domains elsewhere, just add a custom DNS "A" record in you Mail-in-a-Box's control panel to point domains to another server.)
|
||||
|
||||
For more information on how Mail-in-a-Box handles your privacy, see the [security details page](security.md).
|
||||
|
||||
|
||||
Installation
|
||||
------------
|
||||
|
||||
See the [setup guide](https://mailinabox.email/guide.html) for detailed, user-friendly instructions.
|
||||
|
||||
For experts, start with a completely fresh (really, I mean it) Ubuntu 18.04 LTS 64-bit machine. On the machine...
|
||||
|
||||
Clone this repository and checkout the tag corresponding to the most recent release:
|
||||
|
||||
$ git clone https://github.com/mail-in-a-box/mailinabox
|
||||
$ cd mailinabox
|
||||
$ git checkout v55
|
||||
|
||||
Begin the installation.
|
||||
|
||||
$ sudo setup/start.sh
|
||||
|
||||
The installation will install, uninstall, and configure packages to turn the machine into a working, good mail server.
|
||||
|
||||
For help, DO NOT contact Josh directly --- I don't do tech support by email or tweet (no exceptions).
|
||||
|
||||
Post your question on the [discussion forum](https://discourse.mailinabox.email/) instead, where maintainers and Mail-in-a-Box users may be able to help you.
|
||||
|
||||
Note that while we want everything to "just work," we can't control the rest of the Internet. Other mail services might block or spam-filter email sent from your Mail-in-a-Box.
|
||||
This is a challenge faced by everyone who runs their own mail server, with or without Mail-in-a-Box. See our discussion forum for tips about that.
|
||||
|
||||
|
||||
Contributing and Development
|
||||
----------------------------
|
||||
|
||||
Mail-in-a-Box is an open source project. Your contributions and pull requests are welcome. See [CONTRIBUTING](CONTRIBUTING.md) to get started.
|
||||
|
||||
|
||||
The Acknowledgements
|
||||
--------------------
|
||||
|
||||
This project was inspired in part by the ["NSA-proof your email in 2 hours"](http://sealedabstract.com/code/nsa-proof-your-e-mail-in-2-hours/) blog post by Drew Crawford, [Sovereign](https://github.com/sovereign/sovereign) by Alex Payne, and conversations with <a href="https://twitter.com/shevski" target="_blank">@shevski</a>, <a href="https://github.com/konklone" target="_blank">@konklone</a>, and <a href="https://github.com/gregelin" target="_blank">@GregElin</a>.
|
||||
|
||||
Mail-in-a-Box is similar to [iRedMail](http://www.iredmail.org/) and [Modoboa](https://github.com/tonioo/modoboa).
|
||||
|
||||
|
||||
The History
|
||||
-----------
|
||||
|
||||
* In 2007 I wrote a relatively popular Mozilla Thunderbird extension that added client-side SPF and DKIM checks to mail to warn users about possible phishing: [add-on page](https://addons.mozilla.org/en-us/thunderbird/addon/sender-verification-anti-phish/), [source](https://github.com/JoshData/thunderbird-spf).
|
||||
* In August 2013 I began Mail-in-a-Box by combining my own mail server configuration with the setup in ["NSA-proof your email in 2 hours"](http://sealedabstract.com/code/nsa-proof-your-e-mail-in-2-hours/) and making the setup steps reproducible with bash scripts.
|
||||
* Mail-in-a-Box was a semifinalist in the 2014 [Knight News Challenge](https://www.newschallenge.org/challenge/2014/submissions/mail-in-a-box), but it was not selected as a winner.
|
||||
* Mail-in-a-Box hit the front page of Hacker News in [April](https://news.ycombinator.com/item?id=7634514) 2014, [September](https://news.ycombinator.com/item?id=8276171) 2014, [May](https://news.ycombinator.com/item?id=9624267) 2015, and [November](https://news.ycombinator.com/item?id=13050500) 2016.
|
||||
* FastCompany mentioned Mail-in-a-Box a [roundup of privacy projects](http://www.fastcompany.com/3047645/your-own-private-cloud) on June 26, 2015.
|
||||
|
|
|
@ -15,7 +15,7 @@ info:
|
|||
license:
|
||||
name: CC0 1.0 Universal
|
||||
url: https://creativecommons.org/publicdomain/zero/1.0/legalcode
|
||||
version: 0.54.5
|
||||
version: 55.0
|
||||
x-logo:
|
||||
url: https://mailinabox.email/static/logo.png
|
||||
altText: Mail-in-a-Box logo
|
||||
|
|
|
@ -35,7 +35,7 @@ if [ -z "$TAG" ]; then
|
|||
[ "$OS" == "Debian GNU/Linux 11 (bullseye)" ] ||
|
||||
[ "$(echo $OS | grep -o 'Ubuntu 20.04')" == "Ubuntu 20.04" ]
|
||||
then
|
||||
TAG=v0.54.POWER.5
|
||||
TAG=v55.0
|
||||
else
|
||||
echo "This script must be run on a system running one of the following OS-es:"
|
||||
echo "* Debian 10 (buster)"
|
||||
|
|
Loading…
Reference in a new issue