Mail-in-a-Box helps individuals take back control of their email by defining a one-click, easy-to-deploy SMTP+everything else server: a mail server in a box.
Home Page: https://mailinabox.email/
License: Creative Commons Zero v1.0 Universal
Hi,
The mail server works fine but I have a question about DKIM. When I send a message from my server via mail command line, the DKIM signature is added. When I send via SMTP (from my mail client), the signature is missing. Is this normal?
Thanks for your help.
It would be nice to know that your mailboxes are safely encrypted instead of lying around in plaintext.
It would be nice to have command line switch to disable some functionality. For example if I dont want to have webmail support installed I can use parameter '--without-webmail', or disable own dns support '--without-dns'.
I've been looking through the files and finally think i've found the location of the DKIM public key for adding to my own DNS. It would be great if this was added to the documentation.
It's located in /home/user-data/mail/dkim/mail.txt if anyone wants to know.
Where are the SpamAssassin parameters set? It appears that the current installation is not using URIBLs (right-hand-side BLs, domain name based BLs) for message analysis, and that's often a dead ringer in spam. It would be helpful to be able to do that.
Would it be possible to run Mail-in-a-box on Ubuntu 12.04? I've got a DigitalOcean droplet that I'd like to run it off of.
Dear Josh,
I'm getting some errors with mailinabox.
When using the deafult setting, I was facing this error in my mail.log:
postfix/smtpd[2657]: fatal: parameter "smtpd_recipient_restrictions": specify at least one working instance of: check_relay_domains, reject_unauth_destination, reject, defer or defer_if_permit
To try to fix that I changed to my main.conf to:
smtpd_recipient_restrictions=permit_sasl_authenticated,permit_mynetworks,reject_rbl_client,reject_unauth_destination zen.spamhaus.org,check_policy_service inet:127.0.0.1:10023
At this time, no error at mail.log:
postfix/master[2842]: daemon started -- version 2.9.6, configuration /etc/postfix
But when sending an e-mail from my GMail account to my own mail server I'm getting:
connect from mail-yh0-f50.google.com[209.85.213.50]
Dec 13 10:31:48 ip-172-31-40-169 postfix/smtpd[2875]: warning: unknown smtpd restriction: "zen.spamhaus.org"
Dec 13 10:31:48 ip-172-31-40-169 postfix/smtpd[2875]: NOQUEUE: reject: RCPT from mail-yh0-f50.google.com[209.85.213.50]: 451 4.3.5 Server configuration error; from=[email protected] to=XXX@XXX proto=ESMTP helo=<mail-yh0-f50.google.com>
Dec 13 10:31:48 ip-172-31-40-169 postfix/cleanup[2879]: 79194160D38: message-id=[email protected]
Dec 13 10:31:48 ip-172-31-40-169 postfix/qmgr[2846]: 79194160D38: from=[email protected], size=1352, nrcpt=1 (queue active)
Dec 13 10:31:48 ip-172-31-40-169 postfix/smtpd[2875]: disconnect from mail-yh0-f50.google.com[209.85.213.50]
Dec 13 10:31:48 ip-172-31-40-169 postfix/smtp[2880]: initializing the client-side TLS engine
Dec 13 10:31:48 ip-172-31-40-169 postfix/smtp[2880]: 79194160D38: to=[email protected], orig_to=, relay=none, delay=0.05, delays=0.03/0.01/0/0, dsn=5.4.6, status=bounced (mail for ip-172-31-40-169.ec2.internal loops back to myself)
Dec 13 10:31:48 ip-172-31-40-169 postfix/bounce[2881]: warning: 79194160D38: undeliverable postmaster notification discarded
Dec 13 10:31:48 ip-172-31-40-169 postfix/qmgr[2846]: 79194160D38: removed
Do you know how to fix it?
Thanks in advanced,
best regards and congrats!
Once a mail account or alias is created for a domain, dns_update.sh must be run to get the DNS to actually work for that domain and, also, to get DKIM to be applied on outgoing messages (regardless of whether the box is actually a DNS server).
We're not running dns_update at the right time now.
see #39
After a clean install it seems I can send email just fine, but receiving is a problem.
Checking /var/log/syslog I see this:
Invalid settings: postmaster_address setting not given
Here's the full block of the incoming email:
Apr 24 00:27:56 mail postfix/smtpd[24841]: connect from mail-vc0-f171.google.com[209.85.220.171]
Apr 24 00:27:56 mail postgrey[7956]: action=pass, reason=client whitelist, client_name=mail-vc0-f171.google.com, client_address=209.85.220.171, [email protected], recipient=NAME@DOMAIN
Apr 24 00:27:56 mail postfix/smtpd[24841]: 689491610F0: client=mail-vc0-f171.google.com[209.85.220.171]
Apr 24 00:27:56 mail postfix/cleanup[24844]: 689491610F0: message-id=<CAH=oei_D8NrJ5T_zwSasKzfJwLh0a7uf=W-1Vx-T2PqhozryzQ@mail.gmail.com>
Apr 24 00:27:56 mail opendkim[15755]: 689491610F0: s=20120113 d=gmail.com SSL
Apr 24 00:27:56 mail postfix/qmgr[9306]: 689491610F0: from=<[email protected]>, size=1851, nrcpt=1 (queue active)
Apr 24 00:27:56 mail dovecot: lmtp(24846): Fatal: Error reading configuration: Invalid settings: postmaster_address setting not given
I had to add:
postmaster_address=postmaster at DOMAIN
Change DOMAIN with your actual domain obviously.
to
/etc/dovecot/dovecot.conf
and then
service dovecot restart
All good now.
A new error:
scripts/web.sh: line 26: conf/php-fcgid: No such file or directory
I tried this project out today and everything worked like a charm. The only thing keeping me from switching over currently is the lack of ability to administer mailing lists. Would it be possible to consider adding installing/setting-up mailman (perhaps as an optional step?) onto the roadmap for this project? Or would that be outside of it's scope?
How do you backup/restore your email server ?
Do you have an easy script/application to do so ?
But I'm getting a 502 error when I try to go the webmail site. I suspect that it has something to do with either (1) an outdated roundcube version or (2) the nginx configuration.
I was going to submit a pull request with an updated roundcube version 0.9.5, but I can't get the site working, so I'm a bit hesitant...
Hi,
Some user stories for you to consider:
As the owner of the deployed email system,
I want to be able to backup the email on my server,
So that I can restore it if the disks crash.
As the owner of the deployed email system,
I want to be able to restore my email onto my server,
So that I can recover from data loss.
My assumption is that both of the above would be usable from a "burn the system down and recreate it again" approach which may happen if the box your email is on suffers a hardware failure.
Corollaries to this might include the ability to restore only one email user's emails vs the entire box.
Thanks!
Joey
It'd be nice to add a license to the project, so folks understand where and how it can be used. Perhaps something simple and permissive, such as the MIT license?
Make this Dockerized.
Hi,
Feature request.
Please attempt to get a passing score at http://www.allaboutspam.com/
Currently several tests fail on my configuration (BATV and SPF specifically).
Thanks!
It would be awesome if we could get push support working, using d-push (or z-push, which might be more work).
Sadly, I could find a nice tutorial to get it quickly working...
https://datatracker.ietf.org/doc/draft-kucherawy-dmarc-base/?include_text=1
http://www.rfc-archive.org/getrfc.php?rfc=5617
On the 12.04 Precise Box, python3 apparently wasn't installed and things got funky. Once I installed it, things seemed to work.
Adding z-push (http://z-push.org) would give us "Exchange Server style" access to email. Just a suggestion to consider...
Would be great, totally in line with your mission—which is also great.
Hello,
Since few days, I have recurring problems with this script during installation on OpenVZ. In fact, I must comment ufw part of the code because otherwise I "lose" the SSH access on my virtual server.
Also my outgoing mails are not signed by DKIM after the installation (via smtp, port 587). I have to regenerate a key for my domain with opendkim-genkey to make it work. I had this error at installation:
Restarting OpenDKIM: opendkim: / etc / opendkim.conf: refile :/ etc / opendkim / SigningTable: dkimf_db_open (): No such file or directory
opendkim.
* Stopping Postfix Mail Transport Agent postfix [OK]
* Starting Postfix Mail Transport Agent postfix [OK]
Installing spampd razor pyzor dovecot-sieve dovecot-antispam ...
But this script is almost perfect!
Thanks.
I started one, not everything is working yet, must have missed some things but I was able to have roundcube up (v1.0) and successfully send an email.
I couldn't receive one though so I'll investigate it when I have time, dns seems to not really work yet too.
(Playbook is quite messy atm, I'll clean it up next time I work on it).
URL is https://github.com/Keats/playbook-mailinabox if some people are interested, accepting PR of course
In a later iteration, you may want to consider an alternative install method where you keep the servername. For example, if you're hosting on zvenyach.com and want to add mail.zvenyach.com but still have the link to roundcube by "zvenyach.com/mail".
Please have a look at this script:
https://github.com/develersrl/pgl4rbl
I've been using it in production for a few years and I think it's a big improvement over the greylist-everything approach as it lets most emails deliver instantly.
Could you provide documentation on how to pick whichever (combination of) DNSBLs one might want to use?
(Basically this is just entering any number of "reject_rbl_client DNSBL_ZONE.DOMAIN_EXAMPLE," statements in /etc/postfix/main.cf smtpd_recipient_restrictions section, in the order of priority those DNSBLs should be used. The default you've included is to use Spamhaus ZEN, which of course is a very good choice and quite sufficient for the majority of installs.)
Apr 23 xx:xx:xx localhost dovecot: lmtp(xxx): Fatal: Error reading configuration: Invalid settings: postmaster_address setting not given
Might not be necessary for actual usage, but might come in handy someday.
This line: https://github.com/JoshData/mailinabox/blob/afda0405cf7bb768ceb412d75d2f5f193baedd15/conf/nginx.conf#L58, has a reference to "$fastcgi_script_name." But this variable is not defined anywhere. By contrast, in this line, https://github.com/JoshData/mailinabox/blob/2ebd9706ecc8e5fc46e736723749365579c80cee/conf/phpfcgi-initscript#L23, the variable "SCRIPTNAME" is used and only seems to be used to restart the script...
I tried fixing Line 58 in the nginx configuration, but that didn't quite fix it... but it might be a source of the problem.
Add AAAA records: If the system is on an IPv6 network, the DNS should add AAAA records.
And SPF should be tested that it approves the IPv6 address. According to maco_nix, gmail will reject mail if a system has an IPv6 address and SPF doesn't approve it.
(This issue formerly also listed DNSSEC, but I've moved that to #71.)
Could you provide documentation on how to use domain-based DNSBLs / "right-hand-side" BLs?
(Basically just including any number of "reject_rhsbl_sender ZONE.DOMAIN.EXAMPLE" statements in the smtpd_recipient_restrictions section of /etc/postfix/main.cf.)
Hello,
I just installed mailinabox yesterday, and it works great, thanks for the good work.
However, I wanted to check something on my website. And it just disappeared (it makes sense, since both mailinabox an my website's configurations defined the 80 port, but I didn't pay attention to it so far.). I think it would make sense to ask the user whether they want to "override" the current configuration of the website, or use mailinabox on a new port.
What do you think?
How does one restrict delivery to the Mailinabox with a quota? I'd like to make sure that the limiting factor happened earlier than the actual physical disk space in the instance because systems have an annoying tendency to crash if you allow the disk space to become full.
Could you provide a mechanism for running SpamAssassin inline, as a filter during the SMTP conversation (similar to how you use postgrey at the moment) so that messages found to be spam because of their content could be properly rejected before even being queued?
iRedmail is being built for many Distributions and available as an open source free variant developed for years. Yet a bit limited by iRedAdmins free functionalities one can enhance that by just playing around with OpenLDAP (which is quite easy).
I like free and open projects but cant see the benefit!
To promote the use of PGP, we can handle PGP at the server level. This will require a few components:
Sanity check that the scripts are being run on a system with the versions of components that we expect. See #2.
Don't serve anything over HTTP and set the header on HTTPS responses that indicates that only HTTPS is used.
Add Support for Raspbian to turn a Raspberry Pi into a small and easy to use mail server. :)
http://tools.ietf.org/html/draft-levine-mass-batv-02
This allows us to reject non-delivery (mailer daemon) replies that aren't in response to messages we sent for the rare case of blocking backscatter. It's an entirely-local mail policy. But see Wikipedia for limitations: http://en.wikipedia.org/wiki/Bounce_Address_Tag_Validation
This has two parts - rewriting the envelope sender on outgoing mail and validating the tags in recipient addresses of non-delivery (mailer daemon) emails.
Since this is a local policy, there's no particular need to follow that recommendation exactly I don't think...
see #50
Hello,
https://github.com/JoshData/mailinabox/blob/master/scripts/dns_update.sh#L123
As far as I can see there is no nsd rebuild option so that line is not needed.
I might be wrong but I can't find it in the man pages
Hi,
I have installed mail-in-a-box with only one modification. I have changed /etc/nginx/conf.d/local.conf to the following: (I made this change so I can later use Apache2 with a ProxyPass to access roundcube from my website)
# The secure HTTPS server.
server {
listen 8090 ssl;
server_name 127.0.0.1;
ssl_certificate /home/user-data/ssl/ssl_certificate.pem;
ssl_certificate_key /home/user-data/ssl/ssl_private_key.pem;
include /etc/nginx/nginx-ssl.conf;
# We'll expose the same static directory under https.
root /home/user-data/www/static;
index index.html index.htm;
# Roundcube Webmail configuration.
rewrite ^/mail$ /mail/ redirect;
rewrite ^/mail/$ /mail/index.php;
location /mail/ {
index index.php;
alias /var/lib/roundcube/;
}
location ~ /mail/.*\.php {
include fastcgi_params;
fastcgi_split_path_info ^/mail(/.*)()$;
fastcgi_index index.php;
fastcgi_param SCRIPT_FILENAME /var/lib/roundcube/$fastcgi_script_name;
fastcgi_pass unix:/tmp/php-fastcgi.www-data.sock;
client_max_body_size 20M;
}
}
But for now I am loged into my server and when I go (in firefox) to https://127.0.0.1:8090/mail/ I get a white page and the following error in /var/log/roundcube/errors:
[25-Apr-2014 13:13:11 +1100]: DB Error: Configuration error. Unsupported database driver: in /usr/share/roundcube/program/lib/Roundcube/rcube_db.php on line 76 (GET /mail/)
My first thought would be just to reinstall mail-in-a-box but I couldn't find a way to reverse start.sh (or at least a list of packages to remove and directories to delete).
Thanks,
JamesStewy
I was wondering about keeping previous maininabox installs up to date as improvements continue to be made. Are any of the updates coming into the repo security issues or misconfigurations that have been addressed that previous installs should consider implementing? For example, I have an install that's been purring along for about a month but have done some customization and don't really want to reinstall again to pick up the goodness. Maybe a best-practices checklist document or script that could be run periodically to alert you to known issues? I'm just thinking six months will go by before we know it and maybe by then there will be some recommended changes for all those six-month-old installs.
Add a web-based control panel for:
Add monitoring for:
apt-get -qq update && apt-get -qq --simulate upgrade or https://wiki.debian.org/UnattendedUpgrades)Thanks for making this possible.
For incoming mails, do I need to add MX entries, also, are there any other configuration needed to make things work?
React
A declarative, efficient, and flexible JavaScript library for building user interfaces.
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
Typescript
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
An Open Source Machine Learning Framework for Everyone
Django
The Web framework for perfectionists with deadlines.
Laravel
A PHP framework for web artisans
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
Some thing interesting about web. New door for the world.
A server is a program made to process requests and deliver data to clients.
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
Some thing interesting about visualization, use data art
Some thing interesting about game, make everyone happy.
Facebook
We are working to build community through open source technology. NB: members must have two-factor auth.
Microsoft
Open source projects and samples from Microsoft.
Google
Google ❤️ Open Source for everyone.
Alibaba
Alibaba Open Source for everyone
D3
Data-Driven Documents codes.
Tencent
China tencent open source team.