Hacker News new | past | comments | ask | show | jobs | submit login
Mail-in-a-Box (mailinabox.email)
250 points by of on Sept 5, 2014 | hide | past | web | favorite | 88 comments

It's a great idea except that for one person it's going to cost a lot more than buying an account on FastMail (disclaimer: I work there) or any of the other hosting sites (even before you start start thinking redundancy and backups - we have about 10Tb of disk for every 1Tb of pure email quota, by the time you count search indexes and RAID and 3x replication redundancy - two local one offsite)

For more than one person it can get cheaper, but you're going to be on call to fix it every time it breaks - because those other people aren't going to like waiting until you need it. Have fun with that (and I say this after being paged at 3:30am last night to fix a problem that was only affecting redundency for about 1% of our userbase - no user visible problems - most issues are solved without user visible outages)

If you want to give someone else the access and control for your correspondence, there are many cheaper alternatives than being personal responsible for it.

Personally however, I am willing to pay to keep my private communication private. In my professional role, I consider it a requirement.

I'm not sure the purpose here is to save people money. It's more about autonomy and privacy, no?

Fastmail costs $40/yr. You can get a half-decent VPS for that with a few bucks to spare on Tarsnap.

Just curious, what's the "half-decent VPS" you're thinking of for ~$3/month?

Whatever you can find at the time on http://lowendbox.com/ http://lowendstock.com/ http://www.lowendtalk.com/ or lowendwhatever from a provider that wasn't started yesterday and has decent reviews.

A couple of weeks ago there was a dedicated server offer from online.net floating around for €1.99/mo http://lowendtalk.com/discussion/33122/1-99-%C2%A0dedicated-...

Definitely a +1 for LowEndSpirit, I've got two boxes with them, one for a blog and another working as a VPN to the US.

They only provide IPv6 though, but it's trivial to set-up forwarding using Cloudflare's v6 to v4 proxy service.

I have deployed Sovereign (https://github.com/al3x/sovereign) on a VPS at OVH. It costs me about 2.5 EUR a month and I also use it for purposes other than email.

As a current user of Mailinabox I would recommend Sovereign instead of Mailinabox for the HN crowd. Mailinabox is extremely frustrating to customize - in fact Josh strictly advises against it.

I'm not spindritf, but I am thinking of BuyVM: http://buyvm.net/

You will probably need to go a little lower on the price than BuyVM to squeeze SpamAssasin in.

They do not have fantastic uptime.

Ramnode has been treating me extremely well considering the price. Their plans are a steal

I love these "illuminated by last night's glitch" posts, and I'm a happy FastMail user, but I'd like to point out that if you're doing it yourself you might be willing to relax some of the constraints that FastMail or the market imposes on itself.

Especially in high availability, you might be willing to have a time to recovery that's measured in hours or at worst case days in case of a natural disaster.

One thing worth noting if you consider running any mail server yourself - is checking the IP address / range that your VPS provides you. I've had outbound email blocked or blacklisted with IPs from DigitalOcean - especially on Yahoo, whereas Linode or AWS give you better reputation.

It was virtually impossible to get unlisted on Yahoo for IPs that are owned by the hosting provider, and I'm not sure all providers would make the effort of doing this on your behalf.

I suspect lower-end VPS providers are even worst in that respect.

Mail-in-a-Box includes a check like this in its setup script, actually. [I'm the guy behind the project.]

That's cool. I just had a look, and noticed a couple of rbl checks. Very smart idea.

However, I have to say, I had occasions where the IP was not listed on any RBL, but Yahoo was still flagging my IP.

I don't remember the exact error Yahoo were returning, but I think it was basically blocking all email... Perhaps even from the entire network range, since it was listed as residential or something of that sort (apologies, but I really don't remember the exact details, it was quite a while ago)

Yup, didn't mean to imply that I had solved the whole problem. :)

wow, that look awesome, thanks for sharing. Especially like that it is a ansible playbook!

Sovereign is awesome, I run the VPS for my product off a customised version of it. Highly recommended. I especially like that you can run the unit tests locally against Vagrant, it's great.

Love the idea, I do wish it was based on Debian and not Ubuntu though. Ubuntu's package testing team leaves a lot to be desired and I've found Debian in general a lot more stable and secure over the years.

> Why build this?

> Mass electronic surveillance by governments revealed [...]

Then why are they suggesting to use DigitalOcean? I think they have to respect the sames laws than Google, right?

Because then you get the warrant or NSL?

Why would you get the warrant or NSL?

They could still give that to DigitalOcean, and simply see your VM's filesystem through the host server, see all your traffic, etc...

Finally! As someone who has been running his own email server for many years, I've been waiting for this to happen, so that I can tell my friends to do the same thing.

Best of luck to this project. It is very, very needed.

If you want to do something similar yet hands-on, I really like Ars Technica's series: http://arstechnica.com/information-technology/2014/02/how-to...

Also, for those of you with mobiles that have ActiveSync clients, Francisco Biete's fork of the Zarafa ActiveSync (Z-Push) implementation is really stable, it will do calendar and contact syncing with ownCloud, and it supports remote wipe from your own CLI. https://github.com/fmbiete/Z-Push-contrib

Great project, thank you Josh. I am donating to your project and will also offer $100 to help fund the creation of an apt-get deb package, if you or anyone here would like to commit to creating it.

I run mail servers with Postfix and much of the same setup, to enable custom domains, scriptable responders, message tagging, and the like. Using apt-get to install Mail-in-a-Box would be wonderful.

I will look into creating a .deb package. No $100 necessary for me. My email address is in my profile, I'd anyone wants to connect before I can put together a pull request.

Hey. Please start an issue on github sooner rather than later so you don't do lots of work and then I end up rejecting the PR. :) Communication! [I'm the guy behind the project.]

Will do. Sorry, I am really short on time this weekend but I will reach our first thing Monday.

I have a use for this at CC if we can get it working on Debian wheezy.

Thanks for releasing this under CC0.

A .deb package sounds like a terrific idea!

I have a Linode VPS and am happy to fire up another VPS to handle email exclusively. In fact, I already did and installed Mail in a Box as mail.mydomain.com. I have to say (being a developer with enough Linux knowledge to handle hosting and simple stuff) that nameserver setup is completely confusing. I should stop using Linode nameservers? If so, I should set up glue records and place that into NameCheap domain specification instead? And then set up www CNAME to point to original website server? Very confusing... Why not having a section in the guide titled something along: "Adding Mail-in-a-Box as additional server to your existing website"? I am not sure if that defeats security/reliability, as External DNS section message is kind of scary:

"Although your box is configured to serve its own DNS, it is possible to host your DNS elsewhere. We do not recommend this.

If you do so, you are responsible for keeping your DNS entries up to date. In particular DNSSEC entries must be re-signed periodically. Do not set a DS record at your registrar or publish DNSSEC entries in your DNS zones if you do not intend to keep them up to date."

Hi, metadata.

It sounds scary to set up glue records, but so is setting up all of the DNS records manually that you'd need for really good mail: MX, SPF, DKIM, and DMARC, and if you want secure DNS and/or mandatory encryption on the wire you'll want DANE records and zone signing.

Mail-in-a-Box wants to take over your DNS because it wants to take care of all of this for you. If you run your own DNS, it's still secure. An alternative is to use a new domain name.

Thanks for the feedback.

[I'm the guy behind the project.]

I had the same problem. Also, I had some DKIM and SPF already configured to external SMTP server.

I understand your message, but it is not clear in Mail-in-a-Box interface. What exactly is the problem with my own DNS server? If I want to work without DANE, I can just add all these new records to my DNS and it works out of the box?

I started to setup a personal email server several times and abandoned it because it is just too difficult. This time, it was easy. Thanks!

I had problems getting Hover to make glue records for the IP address. I just ended up having to manually enter in the DNS information myself.

How does this compare to Kolab.org? For quite some time I want to migrate my emails to my own server and the first contender on my list was Kolab.

Same here, tried citadel and am interested in kolab

ownCloud needs to integrate this kind of easy email setup.

I already run an ownCloud server but deliberately avoided moving my email to it due to the less than ideal state of email on ownCloud

The situation we really want to get to is a single streamlined sign up and set up for email alongside owncloud, with contacts, file storage, calendar, bookmarks and webmail. That would make it an attractive proposition for quite a large section of the population.

I really hope owncloud won't try to reinvent the wheel for email; Kolab already provides those features.


What service would the more experienced out there recommend run this on? AWS seems rather expensive, but Digital Ocean wouldn't provide much storage space. Also, what about reliability? Any advice on not getting blacklisted for sharing a subnet with spammers? Or do people generally run setup like this old school: on a server in their bedroom?

You have pretty cheap VPS's by OVH (http://www.ovh.ie/vps/vps-classic.xml) and if you ever outgrow their offer you can move to SoYouStart (http://www.soyoustart.com/ie/essential-servers/) which is also a brand by OVH.

TransIP offers VPS with SSD at comparable prices to DO, and more disk space. It's also not an US company, if that makes any difference. No affiliation, just a happy customer.

Regarding blacklists, I run my outbound email through Mandrill. I know it cuts down on the privacy aspect, but I send very few emails anyway compared to what I receive.

I think 20GB is certainly reasonable. I use Thunderbird heavily for three accounts and my profile barely exceeds 3GB.

Why would users need to store all old mail on server? You can auto archive it or simply delete about 95% of mail which you won't ever need later again.

what you need: A completely fresh Ubuntu 14.04 machine

Bummer. I already have a server running and don't plan on paying for an extra instance just for mail. Has anyone tried this with VirtualBox or some other virtualization? Should work if the correct ports are forwarded, no?

There's a Vagrantfile in the project. I haven't used it in production this way, but it should work. [I'm the guy behind the project.]

Ah, will try.

What about a backup SMTP server?

I ran my own mail server for a year and found it incredibly stressful. Switched to runbox.com and I couldn't be much happier atm.

Unless you have very long downtimes, a backup server shouldn't be needed. SMTP is designed to handle such problems and keep trying for at least four or five days.

Thanks for the runbox.com mention. That looks like just what I need for my server.

No complaints from me! :)

Any other long-term experience with runbox.com?

Not really. I moved over about a month ago (which was really easy).

A friend of mine recommended them and he's been happy for around six months now.

One thing I particularly like about this: managesieve support. I am only aware of one major email service that uses sieve as its filter language to begin with (FastMail), and none that provides a managesieve interface to the filter rules. Since these are supposed to be the Internet standards for email filtering, it seems very surprising that practically nobody actually uses them.

How does it compare to iRedMail?


Does it support multiple domains?

As corv mentioned in another comment, the goal of Mail-in-a-Box is a little different from iRedMail. I'm trying to build something closer to a one-click email appliance that eventually anyone might be able to use, rather than a setup for sysadmins. [I'm the guy behind the project.]

I'm curious why you didn't base this on Kolab [0]? It looks like you share a lot of common components [1], but they've already done the integration work and added additional features.

[0] http://kolab.org/ [1] http://kolab.org/sites/kolab.org/files/u51/KolabServer-Compo... vs https://mailinabox.email/static/architecture.svg

I'm trying to build a system that is simple and auditable. Mail-in-a-Box is also really a system configuration project and not a project to build a better UI. So the goals are very different.

For instance on auditing, from looking at Kolab's source code I have no idea what kind of security settings are used. In Mail-in-a-Box I try to make these sorts of things clear and highly commented in the setup script.

To add to the fray: https://yunohost.org/ is an option too for easy install and setup of a mail server - there was a recent HN item on them a while back. Been using it for a month or two and it's worked great so far. Needs Debian. Supports multiple domains.

I keep forgetting Yunohost can do that. Is there a guide to setting up email services?

I had good experience with Citadel for an internal mail solution. It's a little old fashioned, but good enough for our needs. The setup was especially easy with the default ubuntu packages.

I'm also testing citadel for a small team, the issue is that I can't get thunderbird/lightning to sync the calendar with citadel, email works fine, will be checking kolab soon

Just FYI, we are not using the calendaring system from Citadel; so can't give any report for that.

iRedMail has been around much longer. Mailinabox has a simple admin web-interface to add users whereas iRedMail charges $400 for a web-interface. iRedMail also doesn't include z-push (i.e. push mail). Edit: Mailinabox does support multiple domains, by default it will only use itself as DNS which currently does not support backup DNS.

iRedMail also provides a simple web interface for user and domain management, the 400$ option is for buying the advanced UI.

This is sort of related. A couple weeks back I wrote some Salt States to install mailpile. My long term plan was to use mailpile as a web client.


Thanks will look at your code!

Just checked out the [system architecture diagram][1]... We really need to fix email. A modern system would never get away with proposing such a design.

[1]: https://mailinabox.email/static/architecture.svg

It's fine. It's a loosely coupled system that uses quite a few components. It's also a complicated problem to solve.

This is trivial compared to our product for example which is an integration hub for financial services companies. There are over 300 of those little boxes.

Going back to the original point though, compare to Exchange 2010: http://www.microsoft.com/en-us/download/details.aspx?id=5764

The problem is not setting up an email server; the problem is in ensuring you email is delivered/visible. I set up an email server vps with my domain and domain keys etc but my test emails to my family ,who use Yahaoo and Gmail, would not get delivered. I gave up !

Deliverability is more of a problem than if you use something like Gmail (it's easy for them when they control both ends of the email!), but I've been running my email off of Mail-in-a-Box for more than a year and those sorts of issues haven't been more than a rare inconvenience. [I'm the guy behind the project.]

I have another problem.. my ISP blocks incoming traffic on smtp. For no good reason. I'd have to upgrade to a business class connection ($$$). Unfiltered end to end connectivity would be nice. Preferrably on a symmetric line. I'd call that Internet access.

I'm not running a mailserver anymore, but I use smtp-as-a-service for things that need to send email notifications.

I've been using mandrillapp.com for over 2 years now, completely free. Other people like mailgun.com. Anytime I need to setup a nas or monitoring system that needs to send out notifications, I create a new api key then add that into whatever device needs to send email.

I also for a brief period used the service as a "smarthost" for a shared mail server (not mine directly). This technically worked fine, but became an issue as end-users would get viruses and start sending spam. However, mandrill would notify you of this issue and you'd see high rejection rates. I could even view the rejected message (privacy concerns aside) to see headers of who was sending them. So while I wouldn't recommend it for a shared server, it would be fine for a personal server.

Setting up my own mail server a couple years ago i had this problem. The "best" solution seemed to be routing through a service like gmail, which defeated the purpose.

It doesn't completely defeat the purpose, because they would only get your outbound emails, not received ones.

I am trying to set up an email server for an Asian non-profit (about 1000 accounts) on a hertzner server. They do not need all the bells and whistles however?

Is this good enough for that many number of users?

Why not find a host in Singapore or Hong Kong, rather than Hetzner that is 300-400ms away? (Nothing wrong with Hetzner, just saying)

It's a pretty cool tool, but I wish that things like this were built atop Debian rather than Ubuntu.

I use roundcube and it (usually) works great. Good choice.

[tangentially related] I love seeing a new TLD in the wild.

does ownCloud still throw webdav errors for self-signed certs?

can owncloud do mail at all? its calendar works, but no support for tasks, I don't even know it does email

no, but the linked product (mail-in-a-box) uses ownCloud's webDAV/calDAV implementation rather than providing a separate means.

in my experience if ownCloud is supplied with a self-signed cert, the webDAV module throw errors but still works correctly. It's really obnoxious and causes a nag-window at the top of the main settings UI until either you comment out the nag window or buy a signed cert.

there is still one touch problem, how can you make sure your outbound mails won't be rejected by other servers?

Does it at least use StartTLS by default?

Yes, it uses STARTTLS, HSTS, modern cipher settings, DNSSEC and many more security best practices! [I'm the guy behind the project.]

Registration is open for Startup School 2019. Classes start July 22nd.

Guidelines | FAQ | Support | API | Security | Lists | Bookmarklet | Legal | Apply to YC | Contact