8519b7fc0e
This PR adds into the admin panel a front-end to manage PGP keys. Possibilities are many. |
||
---|---|---|
conf | ||
management | ||
setup | ||
tests | ||
tools | ||
.editorconfig | ||
.gitignore | ||
CHANGELOG.md | ||
CODE_OF_CONDUCT.md | ||
CONTRIBUTING.md | ||
LICENSE | ||
README.md | ||
security.md | ||
Vagrantfile |
(Power) Mail-in-a-Box
Installation
- PRE-REQUISITES: Debian 10 (Buster) or Ubuntu 20.04 LTS fresh installation
Update packages:
sudo apt update
sudo apt full-upgrade
Make sure that the en_US.UTF-8
locale exists and is set as primary (this depends on the image you use)
sudo apt install locales
sudo dpkg-reconfigure locales
Install Power-Mail-in-a-Box (short link)
curl -L https://dvn.pt/powermiab | sudo bash
If that doesn't work:
curl https://raw.githubusercontent.com/ddavness/power-mailinabox/master/setup/bootstrap.sh | sudo bash
Current Version: v0.47.POWER.0 (Tracking v0.47)
This is a fork of MiaB (duh), hacked and tuned to my needs:
✅ - Done
👨💻 - Not there yet, but soon!
💤 - I did not begin this part yet!
-
✅ Proper support for Debian (I recommend Debian Buster or later, but if it works on your machine, it works!) AND Ubuntu 20.04 LTS;
-
✅ Native support for SMTP relays (For example: SendGrid);
-
✅ Bumped the bootstrap and jQuery dependencies' versions - and we've got a brand new admin panel now!
-
✅ Per-domain
nginx
configuration support. This will allow you to: -
- Use PHP (e.g. host a domain shortener);
-
- Custom pages will no longer have their pages defaulting to the MiaB services (
/admin
,/mail
, etc.);
- Custom pages will no longer have their pages defaulting to the MiaB services (
-
✅ Updated NextCloud to the latest version available;
-
✅ Performing backups immediately from the admin panel (independently from the daily schedule);
-
💤 Encrypting backups using user-provided PGP keys;
-
💤 Ability to download the backups from the admin panel;
Ideas section:
-
💤 Possibility of making some services optional (if they require more software to be installed) on setup?
-
- For example, one might simply not use NextCloud/Munin at all, and they're there... just wasting resources.
-
💤 Restricting access to the admin panel to certain IP's?
-
💤 Customizing MTA names? (because privacy)
-
💤 AXFR Transfers (for secondary DNS) using TSIG?
-
💤 Expand DNS record options?
-
💤 More complete webmail configuration via the admin panel/plugin management?
-
💤 Optional TOTP Two-Factor-Authentication for the admin panel/webmail?
-
- Maybe U2F one day, too, but I don't have a capable device for this just yet...
-
💤 Anything else I might need to use;
All in all, I think I should rename this to something like "Central Clown Computing", since I'm trying to cram as many services as possible into that poor machine (Spending 5$ is better than spending 10$)
Original Documentation
By @JoshData and contributors.
Mail-in-a-Box helps individuals take back control of their email by defining a one-click, easy-to-deploy SMTP+everything else server: a mail server in a box.
Please see https://mailinabox.email for the project's website and setup guide!
Our goals are to:
- Make deploying a good mail server easy.
- Promote decentralization, innovation, and privacy on the web.
- Have automated, auditable, and idempotent configuration.
- Not make a totally unhackable, NSA-proof server.
Not make something customizable by power users.
Additionally, this project has a Code of Conduct, which supersedes the goals above. Please review it when joining our community.
The Box
Mail-in-a-Box turns a fresh Ubuntu 18.04 LTS Debian 10 (Buster) 64-bit machine into a working mail server by installing and configuring various components.
It is a one-click email appliance. There are no user-configurable setup options. It "just works".
The components installed are:
- SMTP (postfix), IMAP (dovecot), CardDAV/CalDAV (Nextcloud), and Exchange ActiveSync (z-push) servers
- Webmail (Roundcube), mail filter rules (also using dovecot), and email client autoconfig settings (served by nginx)
- Spam filtering (spamassassin) and greylisting (postgrey)
- DNS (nsd4) with SPF, DKIM (OpenDKIM), DMARC, DNSSEC, DANE TLSA, MTA-STS, and SSHFP policy records automatically set
- HTTPS TLS certificates are automatically provisioned using Let's Encrypt (needed for webmail, CardDAV/CalDAV, ActiveSync, MTA-STS policy, etc.).
- Backups (duplicity), firewall (ufw), intrusion protection (fail2ban), and basic system monitoring (munin)
It also includes system management tools:
- Comprehensive health monitoring that checks each day that services are running, ports are open, TLS certificates are valid, and DNS records are correct
- A control panel for adding/removing mail users, aliases, custom DNS records, configuring backups, etc.
- An API for all of the actions on the control panel
It also supports static website hosting since the box is serving HTTPS anyway.
For more information on how Mail-in-a-Box handles your privacy, see the security details page.
Installation
See the setup guide for detailed, user-friendly instructions.
For experts, start with a completely fresh (really, I mean it) Ubuntu 18.04 LTS 64-bit machine. On the machine...
Clone this repository:
$ git clone https://github.com/mail-in-a-box/mailinabox
$ cd mailinabox
Optional: Download Josh's PGP key and then verify that the sources were signed by him:
$ curl -s https://keybase.io/joshdata/key.asc | gpg --import
gpg: key C10BDD81: public key "Joshua Tauberer <jt@occams.info>" imported
$ git verify-tag v0.47
gpg: Signature made ..... using RSA key ID C10BDD81
gpg: Good signature from "Joshua Tauberer <jt@occams.info>"
gpg: WARNING: This key is not certified with a trusted signature!
gpg: There is no indication that the signature belongs to the owner.
Primary key fingerprint: 5F4C 0E73 13CC D744 693B 2AEA B920 41F4 C10B DD81
You'll get a lot of warnings, but that's OK. Check that the primary key fingerprint matches the fingerprint in the key details at https://keybase.io/joshdata and on his personal homepage. (Of course, if this repository has been compromised you can't trust these instructions.)
Checkout the tag corresponding to the most recent release:
$ git checkout v0.47
Begin the installation.
$ sudo setup/start.sh
For help, DO NOT contact Josh directly --- I don't do tech support by email or tweet (no exceptions).
Post your question on the discussion forum instead, where maintainers and Mail-in-a-Box users may be able to help you.
Contributing and Development
Mail-in-a-Box is an open source project. Your contributions and pull requests are welcome. See CONTRIBUTING to get started.
The Acknowledgements
This project was inspired in part by the "NSA-proof your email in 2 hours" blog post by Drew Crawford, Sovereign by Alex Payne, and conversations with @shevski, @konklone, and @GregElin.
Mail-in-a-Box is similar to iRedMail and Modoboa.
The History
- In 2007 I wrote a relatively popular Mozilla Thunderbird extension that added client-side SPF and DKIM checks to mail to warn users about possible phishing: add-on page, source.
- In August 2013 I began Mail-in-a-Box by combining my own mail server configuration with the setup in "NSA-proof your email in 2 hours" and making the setup steps reproducible with bash scripts.
- Mail-in-a-Box was a semifinalist in the 2014 Knight News Challenge, but it was not selected as a winner.
- Mail-in-a-Box hit the front page of Hacker News in April 2014, September 2014, May 2015, and November 2016.
- FastCompany mentioned Mail-in-a-Box a roundup of privacy projects on June 26, 2015.