Before this install, I had never installed mail-in-a-box, but I’m am not new to linux. I knew it needed ubuntu 18.04 and a properly sized system all to itself. Simple enough requirements.
In addition to the mail-in-a-box constraints, I wanted a VPS provider in Switzerland (a country with good privacy laws and doesn’t participate in 14 eyes [government intelligence and surveillance sharing]).
I picked COIN.HOST which met all the criteria (it was a better than average system for a lower than average price). The underlying provider is Solar Communications GmbH, so I’m sure what I post here is relevant for SWISSMADE.HOST or any other reseller of Solar Communications GmbH service.
So, if you picked this provider (or are considering it)… read on. I want to save you some frustration. It is, indeed, possible to get mail-in-a-box working on their VPS (with the caveat you have to serve the DNS records elsewhere).
There are two main issues to solve. I’ll explain both problems and then describe the solutions.
First, COIN.HOST filters UDP port 53 on their network which is DNS. (They also filter NTP, UDP 123, but this was inconsequential).
So, if you just fire up mail-in-abox using curl it gets through a few modules and then craps out about the time it installs NSD and rewrites “/etc/resolv.conf.” From that moment forward you can’t resolve anything. The host is pretty much hosed if you didn’t record the default DNS servers beforehand.
The second issue is that IPv6 is not enabled on the loopback interface and this is a dependency for NSD which isn’t quite enough to stop most of the installation, but it makes a mess of late installation phases (e.g. system status and ssl certs).
Here is a general guide on how to install mail-in-a-box on this VPS. I used nano in my example but substitute your favorite editor.
Provision the VPS and ssh in as root. (this is the account they give you)
get the base packages up to date
apt-get update
apt-get upgrade
replace the ssh keys
rm -v /etc/ssh/ssh_host_*
dpkg-reconfigure openssh-server
systemctl restart ssh
set the hostname with your IP address to whatever you plan to use
nano /etc/hosts
95.1.2.3 box.yourdomain.com
add ipv6 to lo
sysctl -w net.ipv6.conf.all.disable_ipv6=0
sysctl -w net.ipv6.conf.default.disable_ipv6=0
to make this persistent on reboots edit this file (you will see the previous commands… change the 1 to a 0)
nano /etc/sysctl.conf
You need to know what DNS the current system is using
systemd-resolve --status
You will eventually see something like this… just jot these numbers down
DNS Servers: 46.28.201.21
46.28.201.22
At this point we need mail-in-a-box scripts. so…
cd /root/
curl -s https://mailinabox.email/setup.sh | sudo bash
CTRL-C at very first dialog box. Don’t type anything in. Don’t continue with the install. You just want to get right back to a command prompt after the scripts are acquired
now you edit a script you just downloaded
cd /root/mailinabox/setup
nano system.sh
look for
echo "nameserver 127.0.0.1" > /etc/resolv.conf
add two lines after it with the DNS servers you jotted down earlier… it will look something like this…
echo "nameserver 127.0.0.1" > /etc/resolv.conf
echo "nameserver 46.28.201.21" > /etc/resolv.conf
echo "nameserver 46.28.201.22" >> /etc/resolv.conf
I did mean to use a single “>” to overwrite the file on the first new DNS and # a double “>>” to add the second.
At this point the machine is ready to run and it will look like an ordinary mail-in-a-box installation. Except you will have to replicate your DNS records elsewhere. So… install…
cd /root/
mailinabox
Everything should run to completion
I hate rebooting linux machines (my patron Saint is St Uptime), but I recommend it in this case to ensure all the services start as expected.
reboot
use the web administrative interface for your remaining configuration
good for troubleshooting
root@host:~# /root/mailinabox/management/status_checks.py
root@host:~# service nsd status
root@host:~# service nsd restart
At this point you have a working mail-in-a-box server BUT you need to copy the records from the admin console external DNS section to another DNS server. I just used my registrar, but giving DNS advice is really beyond the scope of this post and particular to your circumstances.
Cheers