It's a great idea except that for one person it's going to cost a lot more than buying an account on FastMail (disclaimer: I work there) or any of the other hosting sites (even before you start start thinking redundancy and backups - we have about 10Tb of disk for every 1Tb of pure email quota, by the time you count search indexes and RAID and 3x replication redundancy - two local one offsite)
For more than one person it can get cheaper, but you're going to be on call to fix it every time it breaks - because those other people aren't going to like waiting until you need it. Have fun with that (and I say this after being paged at 3:30am last night to fix a problem that was only affecting redundency for about 1% of our userbase - no user visible problems - most issues are solved without user visible outages)
If you want to give someone else the access and control for your correspondence, there are many cheaper alternatives than being personal responsible for it.
Personally however, I am willing to pay to keep my private communication private. In my professional role, I consider it a requirement.
I have deployed Sovereign (https://github.com/al3x/sovereign) on a VPS at OVH. It costs me about 2.5 EUR a month and I also use it for purposes other than email.
As a current user of Mailinabox I would recommend Sovereign instead of Mailinabox for the HN crowd. Mailinabox is extremely frustrating to customize - in fact Josh strictly advises against it.
I love these "illuminated by last night's glitch" posts, and I'm a happy FastMail user, but I'd like to point out that if you're doing it yourself you might be willing to relax some of the constraints that FastMail or the market imposes on itself.
Especially in high availability, you might be willing to have a time to recovery that's measured in hours or at worst case days in case of a natural disaster.
One thing worth noting if you consider running any mail server yourself - is checking the IP address / range that your VPS provides you. I've had outbound email blocked or blacklisted with IPs from DigitalOcean - especially on Yahoo, whereas Linode or AWS give you better reputation.
It was virtually impossible to get unlisted on Yahoo for IPs that are owned by the hosting provider, and I'm not sure all providers would make the effort of doing this on your behalf.
I suspect lower-end VPS providers are even worst in that respect.
That's cool. I just had a look, and noticed a couple of rbl checks. Very smart idea.
However, I have to say, I had occasions where the IP was not listed on any RBL, but Yahoo was still flagging my IP.
I don't remember the exact error Yahoo were returning, but I think it was basically blocking all email... Perhaps even from the entire network range, since it was listed as residential or something of that sort (apologies, but I really don't remember the exact details, it was quite a while ago)
Sovereign is awesome, I run the VPS for my product off a customised version of it. Highly recommended. I especially like that you can run the unit tests locally against Vagrant, it's great.
Love the idea, I do wish it was based on Debian and not Ubuntu though. Ubuntu's package testing team leaves a lot to be desired and I've found Debian in general a lot more stable and secure over the years.
Finally! As someone who has been running his own email server for many years, I've been waiting for this to happen, so that I can tell my friends to do the same thing.
Best of luck to this project. It is very, very needed.
Also, for those of you with mobiles that have ActiveSync clients, Francisco Biete's fork of the Zarafa ActiveSync (Z-Push) implementation is really stable, it will do calendar and contact syncing with ownCloud, and it supports remote wipe from your own CLI. https://github.com/fmbiete/Z-Push-contrib
Great project, thank you Josh. I am donating to your project and will also offer $100 to help fund the creation of an apt-get deb package, if you or anyone here would like to commit to creating it.
I run mail servers with Postfix and much of the same setup, to enable custom domains, scriptable responders, message tagging, and the like. Using apt-get to install Mail-in-a-Box would be wonderful.
I will look into creating a .deb package. No $100 necessary for me. My email address is in my profile, I'd anyone wants to connect before I can put together a pull request.
Hey. Please start an issue on github sooner rather than later so you don't do lots of work and then I end up rejecting the PR. :) Communication! [I'm the guy behind the project.]
I have a Linode VPS and am happy to fire up another VPS to handle email exclusively. In fact, I already did and installed Mail in a Box as mail.mydomain.com.
I have to say (being a developer with enough Linux knowledge to handle hosting and simple stuff) that nameserver setup is completely confusing. I should stop using Linode nameservers? If so, I should set up glue records and place that into NameCheap domain specification instead? And then set up www CNAME to point to original website server?
Very confusing... Why not having a section in the guide titled something along: "Adding Mail-in-a-Box as additional server to your existing website"? I am not sure if that defeats security/reliability, as External DNS section message is kind of scary:
"Although your box is configured to serve its own DNS, it is possible to host your DNS elsewhere. We do not recommend this.
If you do so, you are responsible for keeping your DNS entries up to date. In particular DNSSEC entries must be re-signed periodically. Do not set a DS record at your registrar or publish DNSSEC entries in your DNS zones if you do not intend to keep them up to date."
It sounds scary to set up glue records, but so is setting up all of the DNS records manually that you'd need for really good mail: MX, SPF, DKIM, and DMARC, and if you want secure DNS and/or mandatory encryption on the wire you'll want DANE records and zone signing.
Mail-in-a-Box wants to take over your DNS because it wants to take care of all of this for you. If you run your own DNS, it's still secure. An alternative is to use a new domain name.
I had the same problem. Also, I had some DKIM and SPF already configured to external SMTP server.
I understand your message, but it is not clear in Mail-in-a-Box interface. What exactly is the problem with my own DNS server? If I want to work without DANE, I can just add all these new records to my DNS and it works out of the box?
I started to setup a personal email server several times and abandoned it because it is just too difficult. This time, it was easy. Thanks!
The situation we really want to get to is a single streamlined sign up and set up for email alongside owncloud, with contacts, file storage, calendar, bookmarks and webmail. That would make it an attractive proposition for quite a large section of the population.
What service would the more experienced out there recommend run this on? AWS seems rather expensive, but Digital Ocean wouldn't provide much storage space. Also, what about reliability? Any advice on not getting blacklisted for sharing a subnet with spammers? Or do people generally run setup like this old school: on a server in their bedroom?
TransIP offers VPS with SSD at comparable prices to DO, and more disk space. It's also not an US company, if that makes any difference. No affiliation, just a happy customer.
Regarding blacklists, I run my outbound email through Mandrill. I know it cuts down on the privacy aspect, but I send very few emails anyway compared to what I receive.
Why would users need to store all old mail on server? You can auto archive it or simply delete about 95% of mail which you won't ever need later again.
what you need: A completely fresh Ubuntu 14.04 machine
Bummer. I already have a server running and don't plan on paying for an extra instance just for mail. Has anyone tried this with VirtualBox or some other virtualization? Should work if the correct ports are forwarded, no?
Unless you have very long downtimes, a backup server shouldn't be needed. SMTP is designed to handle such problems and keep trying for at least four or five days.
One thing I particularly like about this: managesieve support. I am only aware of one major email service that uses sieve as its filter language to begin with (FastMail), and none that provides a managesieve interface to the filter rules. Since these are supposed to be the Internet standards for email filtering, it seems very surprising that practically nobody actually uses them.
As corv mentioned in another comment, the goal of Mail-in-a-Box is a little different from iRedMail. I'm trying to build something closer to a one-click email appliance that eventually anyone might be able to use, rather than a setup for sysadmins. [I'm the guy behind the project.]
I'm curious why you didn't base this on Kolab [0]? It looks like you share a lot of common components [1], but they've already done the integration work and added additional features.
I'm trying to build a system that is simple and auditable. Mail-in-a-Box is also really a system configuration project and not a project to build a better UI. So the goals are very different.
For instance on auditing, from looking at Kolab's source code I have no idea what kind of security settings are used. In Mail-in-a-Box I try to make these sorts of things clear and highly commented in the setup script.
iRedMail has been around much longer. Mailinabox has a simple admin web-interface to add users whereas iRedMail charges $400 for a web-interface. iRedMail also doesn't include z-push (i.e. push mail). Edit: Mailinabox does support multiple domains, by default it will only use itself as DNS which currently does not support backup DNS.
To add to the fray: https://yunohost.org/ is an option too for easy install and setup of a mail server - there was a recent HN item on them a while back. Been using it for a month or two and it's worked great so far. Needs Debian. Supports multiple domains.
I had good experience with Citadel for an internal mail solution. It's a little old fashioned, but good enough for our needs. The setup was especially easy with the default ubuntu packages.
I'm also testing citadel for a small team, the issue is that I can't get thunderbird/lightning to sync the calendar with citadel, email works fine, will be checking kolab soon
Just checked out the [system architecture diagram][1]... We really need to fix email. A modern system would never get away with proposing such a design.
It's fine. It's a loosely coupled system that uses quite a few components. It's also a complicated problem to solve.
This is trivial compared to our product for example which is an integration hub for financial services companies. There are over 300 of those little boxes.
The problem is not setting up an email server; the problem is in ensuring you email is delivered/visible. I set up an email server vps with my domain and domain keys etc but my test emails to my family ,who use Yahaoo and Gmail, would not get delivered. I gave up !
Deliverability is more of a problem than if you use something like Gmail (it's easy for them when they control both ends of the email!), but I've been running my email off of Mail-in-a-Box for more than a year and those sorts of issues haven't been more than a rare inconvenience. [I'm the guy behind the project.]
I have another problem.. my ISP blocks incoming traffic on smtp. For no good reason. I'd have to upgrade to a business class connection ($$$). Unfiltered end to end connectivity would be nice. Preferrably on a symmetric line. I'd call that Internet access.
I'm not running a mailserver anymore, but I use smtp-as-a-service for things that need to send email notifications.
I've been using mandrillapp.com for over 2 years now, completely free. Other people like mailgun.com. Anytime I need to setup a nas or monitoring system that needs to send out notifications, I create a new api key then add that into whatever device needs to send email.
I also for a brief period used the service as a "smarthost" for a shared mail server (not mine directly). This technically worked fine, but became an issue as end-users would get viruses and start sending spam. However, mandrill would notify you of this issue and you'd see high rejection rates. I could even view the rejected message (privacy concerns aside) to see headers of who was sending them. So while I wouldn't recommend it for a shared server, it would be fine for a personal server.
Setting up my own mail server a couple years ago i had this problem. The "best" solution seemed to be routing through a service like gmail, which defeated the purpose.
I am trying to set up an email server for an Asian non-profit (about 1000 accounts) on a hertzner server.
They do not need all the bells and whistles however?
Is this good enough for that many number of users?
no, but the linked product (mail-in-a-box) uses ownCloud's webDAV/calDAV implementation rather than providing a separate means.
in my experience if ownCloud is supplied with a self-signed cert, the webDAV module throw errors but still works correctly. It's really obnoxious and causes a nag-window at the top of the main settings UI until either you comment out the nag window or buy a signed cert.
For more than one person it can get cheaper, but you're going to be on call to fix it every time it breaks - because those other people aren't going to like waiting until you need it. Have fun with that (and I say this after being paged at 3:30am last night to fix a problem that was only affecting redundency for about 1% of our userbase - no user visible problems - most issues are solved without user visible outages)