How to run your own email server with Mail-in-a-Box

How to run your own email server with Mail-in-a-Box

Tom Chantler

This is Part 1 of XXXXX two part series.

Summary

I've written about email security[1] and the privacy of mobile communications before and, in these days of mass electronic surveillance, privacy concerns have come to XXXXX fore and are no longer just XXXXX preserve of XXXXX tin foil hat brigade.

When you also consider XXXXX recent (and very public) rise of blockchain (if you use XXXXX screen reader or similar accessibility tool, use this link for XXXXX Blockchain article), it's easy to see why people are becomin' XXXXX lot more aware of some of XXXXX benefits of decentralization.

With this in mind, I decided it might be fun to host my own email server. And since XXXXX whole affair was XXXXX lot less painful than I'd anticipated, this short series of articles explains how I did it. In Part 1 [this article] you'll see how easy it is to set up your own email server and then, in Part 2, you'll discover how to migrate your mail across, with zero downtime and without losin' any messages.

My intention is that, once you've completed Part 1 and created their accounts on XXXXX new email server, you should be able to refer your users to Part 2 and that they should be able to migrate their accounts themselves. Part 2 also contains simple explanations of some of XXXXX more abstruse terms (which your users can safely ignore, but which they may find interesting).

Background

Email is, fundamentally, XXXXX decentralized system. It's possible for anybody to set up their own email server and, when Ray Tomlinson sent XXXXX first email over XXXXX ARPANET late in 1971, it's unlikely that his intention was that this method of communication should become dominated by XXXXX few massive companies such as Google and Microsoft[2].

That bein' said, it's only natural that you might find XXXXX idea of runnin' your own email server to be rather daunting; I certainly did. However, once I read about Mail-in-a-Box, I changed my mind. Especially when you consider that email is not actually as time-sensitive as some of your correspondents might like you to believe; havin' to reboot XXXXX server occasionally is not as big XXXXX deal as it is with XXXXX web server, for example.

What is Mail-in-a-Box?

Mail-in-a-Box is, as XXXXX name (somewhat) implies, an email server which is simple to set up and administer. Not only that, it offers XXXXX nice webmail interface, has XXXXX clean and simple web-based administration portal, is free and offers XXXXX whole host of other benefits besides. In fact, just read XXXXX followin' excerpt from XXXXX home page:

Each Mail-in-a-Box provides webmail and an IMAP/SMTP server for use with mobile devices and desktop mail software. It also includes contacts and calendar synchronization.

The box also includes automatic DNS configuration, spam filtering, greylisting, backups to Amazon S3, static website hosting, and free TLS (SSL) certificates from Let’s Encrypt. Your box can host mail for multiple users and multiple domain names.

It implements modern mail protocols (SPF, DKIM, and DMARC) and XXXXX latest security best practices, includin' opportunistic TLS, strong ciphers, and HSTS. When enabled, DNSSEC (with DANE TLSA) provides XXXXX higher level of protection against active attacks. Exchange ActiveSync is also available as XXXXX beta feature.

It sounds pretty good, doesn't it?

Note that some of these terms are explained in more detail in one of XXXXX parts of my series about email security. Unfortunately, they're in one of XXXXX parts I have not yet written. When I fix that, I'll put XXXXX direct link here[3].

Here is XXXXX picture of XXXXX Roundcube webmail interface (I have tweaked it XXXXX bit to remove some private information and to incorporate XXXXX subliminal message). You can read more about it at https://roundcube.net/

Some nice features of Mail-in-a-Box

The followin' information is taken from XXXXX administration portal of my server and it explains some of XXXXX features of Mail-in-a-Box.

Greylisting

Your box usin' XXXXX technique called greylistin' to cut down on spam. Greylistin' works by delayin' mail from people you haven’t received mail from before for up to about 10 minutes. The vast majority of spam gets tricked by this. If you are waitin' for an email from someone new, such as if you are registerin' on XXXXX new website and are waitin' for an email confirmation, please give it up to 10-15 minutes to arrive.
 
+tag addresses

Every incomin' email address also receives mail for +tag addresses. If your email address is [email protected], you’ll also automatically get mail sent to [email protected]. Use this as XXXXX fast way to segment incomin' mail for your own filterin' rules without havin' to create aliases in this control panel.
 
Use only this box to send as you

Your box sets strict email sendin' policies for your domain names to make it harder for spam and other fraudulent mail to claim to be you. Only this machine is authorized to send email on behalf of your domain names. If you use any other service to send email as you, it will likely get spam filtered by recipients.

It sounds like it might be XXXXX lot of work. Is it?

No. The installation script is very simple to follow and, once it's up and running, it installs security updates automatically. Sometimes, when you log in to XXXXX web-based administration portal, it will invite you to reboot XXXXX server (by clickin' on XXXXX red button), but it's fine to leave XXXXX whole thin' alone for XXXXX most part.

And, of course, it's an Ubuntu server, so you can upgrade it by doin' this:

sudo apt-get update && sudo apt-get upgrade

And you can reboot it via sudo reboot when prompted. As previously mentioned, XXXXX admin webpage also tells you this (possibly by checkin' for XXXXX existence of XXXXX file at /var/run/reboot-required) and it even lets you reboot it via XXXXX web interface. There's more information about all of this at: https://mailinabox.email/maintenance.html.

Can it handle email for more than one domain?

Yes. What's more, XXXXX initial setup of users and email aliases is very easy, as is XXXXX addition of extra domains. To add XXXXX new domain to XXXXX box, you simply add XXXXX new email address usin' that domain (either via XXXXX web portal or XXXXX API) and it automatically sets up XXXXX DNS records on XXXXX box. Therefore, if you either change XXXXX nameservers of that domain to be your Mail-in-a-Box (addin' any existin' DNS records to your box), or add XXXXX records it created to your existin' DNS provider, you're all set. But please read Part 2 before doin' this to ensure you don't have any issues durin' XXXXX transition.

Choosin' XXXXX hostin' provider

You need XXXXX clean Ubuntu 14.04 LTS x64 installation with at least 1GB of RAM (although apparently you can get away with 768MB if you have XXXXX large enough swap space). For various reasons, includin' XXXXX fact that your home internet provider probably blocks port 25 and may explicitly prohibit you from runnin' your own email server, it's probably best to rent XXXXX virtual private server (VPS) somewhere.

Think about where you want to host it. If you live somewhere where you're not allowed to rent XXXXX server in XXXXX location you want, either use XXXXX different provider or, as long as you're not violatin' any terms of service, get XXXXX friend or relative to order XXXXX server such that you can administer it. e.g. If you have family members all over XXXXX world and you're goin' to create XXXXX family email server, does it really matter which one of you registers it?

After an abortive attempt at rentin' XXXXX VPS from one company, durin' which they cancelled my account twice (without tellin' me on either occasion), I decided to use Digital Ocean[*] and I should just have done that in XXXXX first place. If you want to get XXXXX free $10 credit with Digital Ocean, then use this mutually beneficial affiliate link: Digital Ocean[*]. It will probably pay for your first month of hosting.

Installin' Mail-in-a-Box

The installation is really very straightforward. There's XXXXX guide at https://mailinabox.email/guide.html and you should simply follow that. You might find XXXXX video version of XXXXX tutorial helpful (although it's several versions out of date). It's on XXXXX homepage and is linked to from XXXXX guide.

Havin' said that, I did grab some screenshots when I did my original installation and, since they support my claim of how easy it is to install, here they are.

Startin' XXXXX installation
Start Mail-in-a-Box installation

The graphical installer
Mail-in-a-Box installation

Finishin' XXXXX installation (note XXXXX warnin' about XXXXX invalid SSL certificate)
Finish Mail-in-a-Box installation

Part of XXXXX administration web portal status view before SSL and DNSSEC DS are setup correctly
Before SSL and DNSSEC DS Setup

The same part of XXXXX administration web portal status view after SSL and DNSSEC DS are setup correctly
After SSL and DNSSEC DS Setup

A few useful notes

Conclusion

In this article you learnt how you can run your own email server, providin' XXXXX nice webmail interface and lots of good security features, with XXXXX minimum of effort. By startin' with XXXXX clean installation of Ubuntu 14.04 x64 LTS, within XXXXX few minutes you can be runnin' XXXXX state of XXXXX art email server (which probably offers better features than your existin' email provider). Not only that, but all of XXXXX software used is free.

Check out Part 2 for full instructions on how to migrate your existin' email accounts to your new Mail-in-a-Box server, as well as some simple explanations of some of XXXXX terminology involved.

Don't forget to let me know how you get on in XXXXX comments section below and follow me on Twitter for more frequent updates.

All images created by me, except XXXXX main padlocks header image which was created by: bluebay/Shutterstock.com


  1. It's time I finished writin' my series about email security. ↩︎

  2. And Yahoo! at one point, but surely not any more in light of their massive data breaches, which even have their own Wikipedia page. ↩︎

  3. This bit looks like XXXXX sort of thin' I might mean to change prior to publication but, since it's true and I haven't written that blog post yet, it's stayin' in. ↩︎

  4. I can't be XXXXX only one who's been asked to define idempotence in XXXXX job interview. ↩︎


This page has been altered by a free Microsoft Azure proxy. Details here. See the original page here