Programster's Blog

Tutorials focusing on Linux, programming, and open-source

Deploying Own Mail Server With Mail-in-a-Box

Mail-in-a-Box is a solution to make it much easier to run your own mail server for both sending, and receiving emails. I wouldn't say its so easy that a complete novice could deploy a mailserver, but have to say that after having spent hours configuring Dovecot and Postfix myself, this is a fantastic solution that is a lot easier.

I was always put off from deploying it, because the instructions tell you to make it your nameserver so that it can manage the records. Luckily you don't need to do this, as you can find out the records it needs, and plug them into your own DNS provider. This tutorial assumes you are going to do just that.

Steps

Deploy Ubuntu 22.04 Server

Deploy a minimal Ubuntu 22.04 server. I recommend using DigitalOcean because their small $6 per month instance will do the job, and they don't block outgoing mail, unlike some other providers. They are what I used originally (before I started using Hetzner).

This tutorial is not sponsored* by any person/organization.

Run Installation Script

Copy, paste, and run the following script on the server and run it as root:

You may wish to "fix" pasting in vim in Ubuntu first.

The script is from the curl command that I saw on their instructions. I just think this is slightly safer than piping a URL into bash.

#!/bin/bash
#########################################################
# This script is intended to be run like this:
#
#   curl https://mailinabox.email/setup.sh | sudo bash
#
#########################################################

if [ -z "$TAG" ]; then
    # If a version to install isn't explicitly given as an environment
    # variable, then install the latest version. But the latest version
    # depends on the machine's version of Ubuntu. Existing users need to
    # be able to upgrade to the latest version available for that version
    # of Ubuntu to satisfy the migration requirements.
    #
    # Also, the system status checks read this script for TAG = (without the
    # space, but if we put it in a comment it would confuse the status checks!)
    # to get the latest version, so the first such line must be the one that we
    # want to display in status checks.
    #
    # Allow point-release versions of the major releases, e.g. 22.04.1 is OK.
    UBUNTU_VERSION=$( lsb_release -d | sed 's/.*:\s*//' | sed 's/\([0-9]*\.[0-9]*\)\.[0-9]/\1/' )
    if [ "$UBUNTU_VERSION" == "Ubuntu 22.04 LTS" ]; then
        # This machine is running Ubuntu 22.04, which is supported by
        # Mail-in-a-Box versions 60 and later.
        TAG=v60.1
    elif [ "$UBUNTU_VERSION" == "Ubuntu 18.04 LTS" ]; then
        # This machine is running Ubuntu 18.04, which is supported by
        # Mail-in-a-Box versions 0.40 through 5x.
        echo "Support is ending for Ubuntu 18.04."
        echo "Please immediately begin to migrate your data to"
        echo "a new machine running Ubuntu 22.04. See:"
        echo "https://mailinabox.email/maintenance.html#upgrade"
        TAG=v57a
    elif [ "$UBUNTU_VERSION" == "Ubuntu 14.04 LTS" ]; then
        # This machine is running Ubuntu 14.04, which is supported by
        # Mail-in-a-Box versions 1 through v0.30.
        echo "Ubuntu 14.04 is no longer supported."
        echo "The last version of Mail-in-a-Box supporting Ubuntu 14.04 will be installed."
        TAG=v0.30
    else
        echo "This script may be used only on a machine running Ubuntu 14.04, 18.04, or 22.04."
        exit 1
    fi
fi

# Are we running as root?
if [[ $EUID -ne 0 ]]; then
    echo "This script must be run as root. Did you leave out sudo?"
    exit 1
fi

# Clone the Mail-in-a-Box repository if it doesn't exist.
if [ ! -d $HOME/mailinabox ]; then
    if [ ! -f /usr/bin/git ]; then
        echo Installing git . . .
        apt-get -q -q update
        DEBIAN_FRONTEND=noninteractive apt-get -q -q install -y git < /dev/null
        echo
    fi

    echo Downloading Mail-in-a-Box $TAG. . .
    git clone \
        -b $TAG --depth 1 \
        https://github.com/mail-in-a-box/mailinabox \
        $HOME/mailinabox \
        < /dev/null 2> /dev/null

    echo
fi

# Change directory to it.
cd $HOME/mailinabox

# Update it.
if [ "$TAG" != $(git describe) ]; then
    echo Updating Mail-in-a-Box to $TAG . . .
    git fetch --depth 1 --force --prune origin tag $TAG
    if ! git checkout -q $TAG; then
        echo "Update failed. Did you modify something in $(pwd)?"
        exit 1
    fi
    echo
fi

# Start setup script.
setup/start.sh

Whilst the script is running, I saw that it adds swap to the system by creating a swapfile.

At one point it will ask you to configure your timezone. Be sure to enter the correct details.

Here is some of the output that shows you all the things it is installing.

Installing nsd (DNS server)...
Generating DNSSEC signing keys...
Installing Postfix (SMTP server)...
Installing Dovecot (IMAP server)...
Creating new user database: /home/user-data/mail/users.sqlite
Installing OpenDKIM/OpenDMARC...
Installing SpamAssassin...
Installing Nginx (web server)...
Installing Roundcube (webmail)...
Installing Nextcloud (contacts/calendar)...

Upgrading to Nextcloud version 15.0.8

Nextcloud is already latest version
Installing Z-Push (Exchange/ActiveSync server)...
Installing Mail-in-a-Box system management daemon...
Installing Munin (system monitoring)...

You will be prompted to enter a password. Remember this for later as you will need it at the first login screen later!

Eventually, you will be given output similar to:

Your Mail-in-a-Box is running.

Please log in to the control panel for further instructions at:

https://178.xxx.32.xxx/admin

You will be alerted that the website has an invalid certificate. Check that
the certificate fingerprint matches:

XX:A2:XX:E4:DD:19:FF:XX:02:32:3B:XX:1D:58:XX:BF:8C:59:XX:F1:1B:E4:XX:2C:E8:F1:XX:CD:3E:38:30:XX

Then you can confirm the security exception and continue.

Log In With Your Browser

In your browser, navigate to the URL that was given (the IP of the box you are setting up). When you go there, you will be shown a warning message about the invalid certificate for that IP. That's okay. Click Advanced...

... and then click Accept the Risk and Continue.

You will be prompted for a login. Use the email address that you were asked you were setting up for, and the password you were asked for a second ago.

Setting Nameserver Records

You will probably see a bunch of warnings about Nameserver glue records are incorrect., and This domain must resolve to your box's IP address. Don't worry about these for now as we are going to resolve them by updating the DNS records with our own DNS provider.

Go to System > External DNS

You will see a bunch of DNS records. Add them all to your own DNS provider for everything to work.

Fix for Sendmail Issue

I have a server configured with postfix for sending emails through using the php mail() function because the PHPbb forum does not support STARTTLS SMTP authentication.

To get this to work, I had to hard-code the sendmail path in the apache php.ini file with -f dffdfd@domain.co.uk for it to work. Otherwise it would think the from address was www-data@mydomain.com because the webserver was running as the www-data user locally.

References

Last updated: 5th December 2022
First published: 13th October 2019