Mailinabox Home Server
"Can I run my Mail-in-a-Box at home? No. " more like "Should I run my Mail-in-a-Box at home? No."
The best set-up for Mail-in-a-Box is a dedicated VPS (virtual private server), with a public IP-4 address. However outlined below is how I used Mail-in-a-Box, on my home server.
Tl;DR; It is possible, rDNS means email will be most likely marked as spam by others 1st time received.
The server is Ubuntu 18.04 running LXC (Linux Containers). A virtualization method for running multiple isolated Linux systems (containers) on a control host using a single Linux kernel. My home router has a single IP address, with alas rDNS (reverse DNS resolution) not controlled by myself. My iSP does not block ports.
My home server runs lots of things
I want to add a mailserver, using mail in a box, to this set-up.
Step 1 - Register Domain Name
I choose lxc-mailinabox.co.uk I registered with names.co.uk. This was an error as they do not do glue records), but it did cost £0 for 1st year.
Step 2 - Make new container and install mailinabox
From the server hosting lxc instances, make a new instance and drop into bash.
$ lxc launch ubuntu:18.04 mailinabox
$ lxc exec mailinabox -- /bin/bash
Inside the container:-
root@mailinabox:~# curl -s https://mailinabox.email/setup.sh | sudo -E bash
Let the magic happen, it takes a while. When prompted for enter email/user.
Step 3 - Configure Using Web Browser
Ignore the "Please log in to the control panel for further instructions at: https://92.232.47.67/admin" Instead, find the local IP Address
root@mailinabox:~# hostname -I
192.168.1.134
The fire up a web browser,visit https://192.168.1.134/admin replacing 192.168.1.134 with the correct local IP Address. Logging in I get the following error
Step 4 - Port Forwarding, DNS and Proxy Pass
So it is time to add port forwarding at my router to the local IP Address of the instance.
The same for ports 587 & 993 & 4190
DNS
As the registrar I brought the (free) domain from does not have glue records. I need to go to System -> External DNS and copy these to my registrar dns zone records.
Note external DNS, will take sometime to update - this can be a source of errors. Just double check DNS entries and be patient. Once this is done, head to (replacing 192.168.1.134 with the correct local IP Address.):-
Good time to check DKIM and SPF via : https://dkimvalidator.com
Proxy_pass
Exit mailinabox-lxc and set-up nginx
root@mailinabox:~# exit
$ lxc exec nginx -- /bin/bash
NB: Replace box.lxc-mailinabox.co.uk with you box and domain name e.g. box.exmaple.com
$ sudo cp /etc/nginx/sites-available/default /etc/nginx/sites-available/box.lxc-mailinabox.co.uk
$ sudo nano /etc/nginx/sites-available/box.lxc-mailinabox.co.uk
With the following contents, NB replacing the server names with your domainname and box.domainname and (replacing 192.168.1.134 with the correct local IP Address.) Using IP addresses is ugly, but otherwise you get a redirected loop:
server {
listen 80;
listen [::]:80;
server_name lxc-mailinabox.co.uk box.lxc-mailinabox.co.uk;
root /var/www/html;
index index.html;
location / {
proxy_pass https://192.168.1.134/;
proxy_ssl_server_name on;
}
}
$ sudo ln -s /etc/nginx/sites-available/box.lxc-mailinabox.co.uk /etc/nginx/sites-enabled/
$ sudo nginx -t
nginx: the configuration file /etc/nginx/nginx.conf syntax is ok
nginx: configuration file /etc/nginx/nginx.conf test is successful`
$ sudo systemctl restart nginx
Assuming certbot is already installed
$ sudo certbot --nginx -d lxc-mailinabox.co.uk -d box.lxc-mailinabox.co.uk
Saving debug log to /var/log/letsencrypt/letsencrypt.log
Plugins selected: Authenticator nginx, Installer nginx
Obtaining a new certificate
Performing the following challenges:
http-01 challenge for box.lxc-mailinabox.co.uk
http-01 challenge for lxc-mailinabox.co.uk
Waiting for verification...
Cleaning up challenges
Deploying Certificate to VirtualHost /etc/nginx/sites-enabled/box.lxc-mailinabox.co.uk
Deploying Certificate to VirtualHost /etc/nginx/sites-enabled/box.lxc-mailinabox.co.uk
Please choose whether or not to redirect HTTP traffic to HTTPS, removing HTTP access.
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
1: No redirect - Make no further changes to the webserver configuration.
2: Redirect - Make all requests redirect to secure HTTPS access. Choose this for
new sites, or if you're confident your site works on HTTPS. You can undo this
change by editing your web server's configuration.
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Select the appropriate number [1-2] then [enter] (press 'c' to cancel): 2
Redirecting all traffic on port 80 to ssl in /etc/nginx/sites-enabled/box.lxc-mailinabox.co.uk
Redirecting all traffic on port 80 to ssl in /etc/nginx/sites-enabled/box.lxc-mailinabox.co.uk
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Congratulations! You have successfully enabled https://lxc-mailinabox.co.uk and
https://box.lxc-mailinabox.co.uk
You should test your configuration at:
https://www.ssllabs.com/ssltest/analyze.html?d=lxc-mailinabox.co.uk
https://www.ssllabs.com/ssltest/analyze.html?d=box.lxc-mailinabox.co.uk
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
IMPORTANT NOTES:
- Congratulations! Your certificate and chain have been saved at:
/etc/letsencrypt/live/lxc-mailinabox.co.uk/fullchain.pem
Your key file has been saved at:
/etc/letsencrypt/live/lxc-mailinabox.co.uk/privkey.pem
Your cert will expire on 2020-05-01. To obtain a new or tweaked
version of this certificate in the future, simply run certbot again
with the "certonly" option. To non-interactively renew *all* of
your certificates, run "certbot renew"
- If you like Certbot, please consider supporting our work by:
Donating to ISRG / Let's Encrypt: https://letsencrypt.org/donate
Donating to EFF: https://eff.org/donate-le
Set the hostname in Home Router to point to nginx IP Address
All nicely set-up
Step 5 - Stop Mail-in-a-Box asking for Certificates
The certificate management is handled by nginx proxy. So exit out of mailinabox and enter nginx
$ exit
exit
$ lxc exec mailinabox -- /bin/bash
root@box:~# nano /root/mailinabox/management/daily_tasks.sh
Comment our the line "management/ssl_certificates.py -q"
Step 5 - Optional but Advised
As virgin ISP gives me a static IP address, ask nicely for the IP block to be removed from https://www.spamhaus.org/pbl/removal/ I used one of my fresh new email address. Not that spamhaus_pbl_verify@spamhaus.org will be grey listed, so will take ~10 minutes (well 5m 46s in my case) for the verify email code to arrive.
Enjoy
Thanks to the Mail-in-a-Box team.