
Mail-in-a-Box – one-click, easy-to-deploy email server - avinassh
https://github.com/mail-in-a-box/mailinabox
======
ariejan
I've been running MiaB for about 6-7 months now. It's one of those things that
'just works', and with 'just works' I mean:

* Well configured, secure email server * Ease of adding/removing domains, aliases, catch-alls and user accounts * Ease of using email, either with the ready-to-go Roundcube webmail or any IMAP/POP client * Batteries included: DNS is included, DKIM, SPF, you name it. DNSSec * Want to host a static HTML site? MiaB's got you covered. * Yes, that included Let's Encrypt SSL certs * Awesome status page to check: version updates, misconfiguration, system health, and for each domain: DNSSEC, nameservers, DNS, TLS/SSL, blacklisting, etc. * Open source! Huzzah!

If you're serious about moving away from Google or any other corporate
mailprovider is feasible, take a look at Mail in a Box.

------
peller
If you're comfortable with command-line Linux, and have a basic understanding
of DNS, setting this up from scratch is actually not all that hard. After
researching the hell out of this a few weekends ago, the best guide I found on
the subject is:
[https://workaround.org/ispmail/jessie](https://workaround.org/ispmail/jessie)

Sure, it's technically for Debian, but if you're comfortable with Linux it's
easily adaptable to other distributions. In order to get Gmail to accept your
email without it going to spam, you need SPF/DKIM and a SSL cert. Let's
Encrypt works, and is a cinch to set up.

~~~
ino
I thought let's encrypt was only for domain names and not for email
encryption. I'm a beginner in self hosted email.

I'm using spf and dkim, ip is not blacklisted, and the domain I'm sending from
has a let's encrypt cert, but my emails still go to gmail spam. (Outlook also,
but yahoo goes to the inbox)

Now that I'm thinking, the emails are sent using postfix through the fqdn
(subdomain.example.com) which is not served by http and hasn't hot a cert.

If this is the case should sending the emails through example.com or add a
cert to host.example.com work?

Or is there another mechanism to use let's encrypt certs for email?

~~~
peller
One of the things that tripped me up at first was the postfix settings.
smtpd_* options are for receiving mail, and smtp_* (no d) are for sending. So
you need

smtp_tls_cert_file = /etc/letsencrypt/live/$domain/fullchain.pem

smtp_tls_key_file = /etc/letsencrypt/live/$domain/privkey.pem

smtp_tls_security_level = may # or encrypt, to force TLS

Also, yes, if I understand you correctly your cert should include
subdomain.example.com even if the web-facing content there doesn't use HTTPS.

~~~
ino
Thank you, I've added a le cert for the fqdn and updated the postfix config
and a test email went straight to gmail inbox!

~~~
peller
No problem, glad to hear you got it working!

------
atemerev
Unfortunately, it requires a fresh Ubuntu installation / separate instance.

I think it would be a perfect use case for Docker-based solution.

~~~
anonymouslee
There's a Vagrantfile that you can just vagrant up:

[https://github.com/mail-in-a-
box/mailinabox/blob/master/Vagr...](https://github.com/mail-in-a-
box/mailinabox/blob/master/Vagrantfile)

I poked a bit and it appears that the setup script is interactive which
complicates playing nicely with Docker somewhat. It installs nsd + postfix,
rewrites config files in /etc and mucks with ufw. Could probably mimic some of
this by mounting locally customized config files into the Docker container.

------
mastazi
This includes Roundcube which, the last time I checked (admittedly, 2-3 years
ago) was basically unusable on a mobile browser. Has this changed in the
meantime? (Not that it matters much, one could always install another webmail
client elsewere).

~~~
TheSmiddy
It still is, unless you install a mobile skin.

This is the skin I installed, it's nothing to write home about but it does the
job: [https://github.com/messagerie-melanie2/Roundcube-Skin-
Melani...](https://github.com/messagerie-melanie2/Roundcube-Skin-
Melanie2-Larry-Mobile)

Having said that I recently migrated to fastmail as it costs me <$5 a month
and just works for all of my domains. I found I was spending more time making
my email work than actually building things in my limited spare time.

~~~
mastazi
Thanks for the link, it seems that skin does the trick!

------
DrPhish
This is good for those without existing infrastructure looking for a non-
customizable mail system. I already run my own DNS, backups, firewalls,
monitoring etc and want something I can hack on, so I run Citadel at home. Cit
is the same idea (complete mail solution including webmail), but has many
mechanisms for maintainably extending its functionality. Runs wonderfully on
Debian with a single apt-get

------
ashleyhindle
This is the exact reason I built Fodor: [https://fodor.xyz](https://fodor.xyz)
\- it lets you easily setup GitHub projects on DigitalOcean so it truly is
one~ click (usually about 4, but hey pretty good?)

You add a fodor.json file, add a link to Fodor and it makes it super easy to
get it setup for yourself

------
mnutt
I run a pretty similar setup, but could never get z-push to work properly with
iOS exchange sync. I spent a few days tinkering with it and trying to fix php
bugs, but to this day I can't get search to work properly from my iPhone. Are
there any alternatives to z-push out there, or has someone had success with
this setup?

------
peterburkimsher
I'd like a mail server for jailbroken iPhones. I tried to install one from
Cydia, but it was designed for Apple TV and sent my iPhone into a boot loop
and I had to restore.

Having a local mail server would be useful for making local P2P WiFi links,
and emailing photos/music/etc directly between phones without Internet access.

~~~
neurostimulant
Perhaps using an email server that's written in a scripting language would
work? For example,
[https://github.com/zedshaw/lamson](https://github.com/zedshaw/lamson) is
written in python. Perhaps you could get it running on your jailbroken device
if you could get python and pip installed.

------
benbristow
Been using this on a Xen VPS. [http://poste.io/](http://poste.io/). Seems to
work relatively well and easy as pie to install. Even used it for a client and
had no issues from them since.

------
wjd2030
I love that I found this the day after I finished getting iRedMail setup and
configured with all the SPF, DKIM and SMTP forwarding services.

I went with MailJet for SMTP forwarding, 600 emails a month for free.

------
TheArcane
A good alternative would be sovereign
([https://github.com/sovereign/sovereign](https://github.com/sovereign/sovereign))

------
ForFreedom
What would be a good web email client to customize like placing logos, font
style, etc?

------
alexkavon
This is going to make spammers so happy.

~~~
voltagex_
Why?

~~~
viraptor
Gmail and other really big providers are in a unique position for spam
filtering. They have so many users that they get a continuously trained filter
pretty much for free. They can instantly classify never-seen-before kind of
spam in minutes because someone gets push notification on their phone and
clicks "this is spam".

Nobody with purely-technical solution to this problem can be better in
practice. (although we're pretty close) This means you're more likely to get
actual spam in your custom deployment.

~~~
insertnickname
I run my own mail server, and I get very little spam. Sometimes I go for days
without a single spam message even getting through to my spam folder, much
less my inbox. The last spam mail that got through to my spam folder was on
November 25th. And it's not because spammers don't try, my server has rejected
206 mails in the last ~24 hours (and that's not counting the attempted open
relay abuse).

My setup consists of Postfix with postscreen and SpamAssassin. Postscreen
blocks clients on a certain type of protocol error that spammers are prone to
(speaking out of turn) and based on DNSBLs[1], notably zen.spamhaus.org, which
blocks most spammers.

SpamAssassin, in addition to the standard rules and bayes filtering, is
configured with Pyzor, Razor2, DCC, and iXhash, and I have some custom rules
as well.

I actually get far less spam with my self-hosted setup than I did when I used
a paid e-mail service (although it was not Google).

Public IP reputation (DNSBLs) and spam fingerprint databases (Pyzor, Razor2,
DCC, iXhash) make self-hosted spam filtering very feasible.

1: [https://en.wikipedia.org/wiki/DNSBL](https://en.wikipedia.org/wiki/DNSBL)

~~~
eps
May want to throw postgrey in a mix.

Incredulously, asking first-time senders to retry in a bit still filters out
the vast majority of spam.

~~~
insertnickname
I intend to switch to rspamd soon, which has built-in greylisting. However, in
my test run with rspamd I did not get good enough results because my current
SpamAssassin setup relies heavily on rejecting spam that hits two or more
content filters (bayes, pyzor, etc.). I will need to implement at least a
pyzor plugin for rspamd before I can switch.

rspamd, in addition to bayes filtering, has it's own fuzzy fingerprinting
system. You can use your own fingerprint db and/or a public one. The public
one that is configured in rspamd by default didn't seem to catch any of the
spam I get though.

~~~
eps
Don't know about rspamd, but SpamAssassin used to be way too aggressive in its
stock config. E.g., it had a default rule for some "MS-Outlook" headers that
just happen to be in every email sent from Outlook via a non-Exchnage mail
server. That created a ton of false positives - wasn't hard to fix, but still
it was a hassle.

------
mr_blobs
I setup my own mail server last year and shortly gave up on the idea. Setting
the server up isn't the problem. The problem is keeping your IP off of all the
major blacklists.

I wasn't even sending out mass emails and 30%+ of my email would never be
delivered. I had to constantly check to see if my IP addresses were on the
various spam lists (and fight to get my IPs off) and I just got tired of it.

Companies like Google have entrenched themselves in many things like email and
are slowly becoming the only option out there. A large amount of email
addresses are @gmail.com or run through one of their servers and they
ultimately control whether the recipient receives/sees your email.

The 'promotions' tab in gmail also made things worse for many small
businesses. Google doesn't want you competing for their advertising space and
pushes any emails it deems a 'promotion' off to the side, so users don't
actually see it. I'm not even talking about actual spam emails here, but
emails users knowingly signup for and are expecting.

Many people don't realize just how much a handful of companies controls the
Internet and your ability to make a living online.

~~~
eikenberry
Once you have SPF/DKIM in place and make sure your IP isn't already on a
blacklist for some past (previous users) infractions you should be good to go.
I've run my own mail server for years and have only had to remove it from a
blacklist once. So once you get past some initial blacklist monitoring work,
you are good to go.

That does bring up the point of how to do blacklist monitoring. There are
various commercial services out there that will allow you to check for free
and monitor 1 host or something (eg.
[https://mxtoolbox.com/](https://mxtoolbox.com/)). I'd prefer to run my own
though, does anyone know of a good setup for this?

~~~
bigiain
Question: where's your IP address come from? I'd have guessed that common
cloud VM IP pools are likely all trashed permanently already? I somehow doubt
AWS or DO or Linode or Rackspace et al are worthwhile places to host an
outbound mail server? I'd also guess ISP pools of home IP addresses are
probably just as poisoned. Is proper SPF/DKIM setup "enough" to overcome that?
(Or are my suspicions about pools of IP addresses unfounded?)

~~~
eikenberry
Cloud providers are not as bad as you'd think. I've tested several DO IPs
using various checkers, as I've been thinking about moving my server there
(currently at prgmr.com), and they have all been clean. SPF and not being an
open relay seem to be the 2 important things to keep you off the blacklists. I
still don't have DKIM (been on my TODO for a while... but lazy) and haven't
been put on a blacklist in many years.

~~~
startling
I used Digital Ocean for a year. No problems, never sent spam. Then my mail
started being spamfiltered, apparently because a neighbor was spamming.
Seriously don't recommend using cloud hosts if you care about people receiving
your email.

