More power to Mail-in-a-box (fork showcase)

davness · September 27, 2020, 1:43am

Update Notice

If anyone reading this is using this - be aware. This update contains breaking changes (somewhat)

v0.50.POWER.1 (Full Release Notes)

The “dot-nginx.conf” feature has been reverted. This is due to two reasons:

The architecture of the system was faulty to the point where we delegated to the user things that should have been delegated to the machine. This meant that, for example, public certificate paths had to be updated manually.
Moreover, the “vanilla” Mail-in-a-Box already has a similar system (even though it’s very poorly or not documented at all), on which we will fall back on.
- Custom nginx directives for a domain example.com are stored in /home/user-data/www/example.com.conf - the difference between MiaB and Power-MiaB is that this file will always exist.
We still keep the changes that make it so that the Webmail (on the /mail path) will now be served on the primary directory only.

Preparing the transition

This means that files on /home/user-data/www/example.com/.nginx.conf will no longer be read.

You will no longer have access to:

Server headers like HSTS that are handled by MiaB;
MTA-STS files, Z-Push, robots.txt;
Mobile configuration files;
The “root” of the domain is now fixed by MiaB, too.
etc. - you get the idea!

You’ll still be able to control all other pages, and enable PHP for them.
The Roundcube webmail, served /mail will now only be served by default on your primary domain (as opposed to the “vanilla” MiaB where it is always served in ALL your domains)

davness · November 15, 2020, 7:37pm

Hey all!
Been two months of being crushed by the college semester (+ a job that I recently found), so here’s how things are going so far:

I’ve imported the changes done by v0.51 into Power-Mail-in-a-Box (there were merge conflicts everywhere ) - v0.51.POWER.0 is now available!
At the moment, my focus is on doing something useful with the PGP keyring before pushing it to master. Here’s the list of features that I’m planning to add at release:
- Roundcube will come with the enigma plugin enabled;
- The daemon will start to sign the emails sent to the administrator;
- You’ll be able to manage a WKD server so that your peers can locate and get your public keys;
- - I’m holding this off for a while, because at the moment WKD is, technically, still a draft, expiring within 15 days. I’m waiting to see if there will be changes to this draft before continuing coding this part.
- - I’m also planning to eventually do a PR to roundcube webmail so that the enigma plugin is able to query for WKD keys.
While WKD is stalled, I might work on some of the privacy features you guys have been asking for - depending on my time.

Stay tuned!

eeeee · December 16, 2020, 11:41am

some great app pimping done on your side!

I launched a new Ubuntu 20.10 , reusing the IP of a working MiaB installation, which worked perfectly.
Meaning I got 10 out of 10 score at mail-tester.com effortlessly !

This is usually impossible while using any external services or forwarders like tempr.email because the tester gets miffed about settings of the external service, over which you - obviously - have no control.

I shut down the MiaB. In the new Ubu 20.10 the new fork worked less than perfectly, however.
I reused all DNS settings, so I didnt have to alter anything at desec.io save 1 DS record.

the new roundcube et cetera is nice but the status checks fail a lot where they worked like a charm in stock MiaB. smtp relay page was nice to see.

I reran “mailinabox” to do some pimping up of the DS record , but many DNS tests looked bothersome.
plus NS entries and a lot of stuff there looked kinda unconvincing to me.

So I went back to the regular MiaB, where stuff just works right out of the box.
Or so I thought. Turns out, neither re-associating the IP nor setting rDNS properly was possible any longer.

So, by violating the “never change a running system” rule, I had wrecked my perfectly working MiaB, which is now a steaming pile of … . Great! exactly what I had predicted. The fork is posted under “unsupported” for a reason.

It was absolutely worth the effort though! great work by @davness (David) .

that smtp relay is a breakthru to run on cheap rental VM’s. There used to be a € 1,50 VM IPv6-only from Hungary but they raised prices by a ton now. So its hard to get below $ 3.50 per month.

davness · January 2, 2021, 12:38am

Hi there, and thanks for chiming in! So addressing the issues you encountered:

You mentioned using Ubuntu 20.10 - are you sure? The fork is for Ubuntu 20.04 LTS (you can also use Debian 10 if you want), and in an ideal world the setup would just stop right there.
I have been running this fork for my personal domain in a production-ish environment (as in, I don’t depend on it just yet) and it’s been running just fine. You mentioned a lot of status check errors, possibly due to DNS:
- How is DNS configured in your end?
- Did you change the primary hostname when swapping the vanilla MiaB to this fork (so that you needed new glue records)?
- Is the DNS at desec.io used as a primary or secondary server?
- Because you did a clean installation again, DNSSEC keys changed. Did you update your DNSSEC in your registrar?
- And if you double checked everything, did you wait a reasonable amount of time until everything propagated properly? Usually >1h suffices, but it can go as long as 24h.
- For what is worth, my configuration involves using the box as a primary DNS server, but I have several secondary servers hosted at Hurricane Electric.

The stock MiaB project and this fork use the same webmail version (1.4.9 at the time of writing this). What changed was the admin panel, and it is functionally the same as the stock MiaB (it is essentially just a reskin - you’ll notice that the interface layout is mostly similar)

Oracle has a free VPS tier if you want to toy around with it - here’s a topic about this. It lacks important stuff like rDNS and IPv6 (it’s IPv4 only, for some reason) and it’s not too powerful (the internet connection doesn’t go further than 50Mbps), but it works for very light loads (if the most you do is receive mail).

It’s more about the fact that the fork is not maintained by the people who maintain the official project. I can give basic support on a best-effort basis. Other issue is identifying what issues are due to modifications I introduced (does it work on stock MiaB but not here?) and which issues should be resolved on upstream. You get the idea.

MIAB-lover · January 4, 2021, 12:04am

I also tried to find a pretty cheap way to have a working MIAB. I ended up trying to set up an account with OracleCloud. Seemed excellent and …free! Well, it turned out to be a nightmare just trying to open the account. Exactly like described in the topic Davness linked to: Impossible to receive the confirmation SMS on my perfectly good phone (ALWAYS worked EVERYWHERE. Not a single problem, not once. Simply impossible with them. After loosing time trying again and again hoping it would propose a voice calling option at one moment, I used a temporary number found online, which turned out to work fine). After, it refused my debit card, which it isn’t supposed to charge anyway.

They advertise on they frontpage how their offer is much better than AWS (amazon). In the end, I opened an account … with AWS 5 minutes, no problem whatsoever. Oracle can be as great as they want, and say it as much as they want, but if it’s nearly impossible to open the account, what’s the use? Oracle’s experience was irritating. Just after this, i was pretty happy to be with AWS where everything went smooth.

Anyway, I now have a working MIAB on AWS, free for 1 year. But I looked around for cheap (paid) alternatives in the meantime, and I found these 2, which seemed pretty good to me. I opened an account, but didn’t subscribe yet. So, I cannot say anything about how it actually works (to be transparent, the links include a referral link I got at account opening. But it’s indeed the two best offers I found, I’m not mentioning them because of this):

HostVDS has a:
1 Gb of RAM offer with 10 Gb HD for $0.79 per month
2 Gb of RAM offer with 20 Gb HD for $1.59 per month
4 Gb of RAM offer with 40 Gb HD for $3.19 per month
You can choose to have the VPS in the US, EU (NL), RU, IN, or HK.

Alternatively, there is a provider in eastern Europe, in Lithuania. You can get good prices if you subscribe for 3 years and use their coupon which gives you -50% on your first order. It would give you a very attractive solution for 3 years (but would become ore expensive after that):
It’s Hostika and if you subscribe for 3 years with the coupon, it gives you:
3 Gb of RAM offer with 25 Gb HD for 2.20 EUR per month (=$2.64 with EUR/USD=1.20)
8 Gb of RAM offer with 50 Gb HD for 2.76 EUR per month (=$3.31 with EUR/USD=1.20)

Both also offer higher specs VPS, but the above should be far enough for MIAB. Both offer a wide range of payment options, including cryptos. I looked around pretty well, and to me, this seems among the best offers you can get (except Oracle )

I plan to set up a second MIAB later, and will probably use one of them myself. I will appreciate any use of the above links which will maybe pay for a very little portion of it.

davness · February 1, 2021, 2:44am

Update Notice

If anyone reading this is using this, read the warning below. If you do not use NextCloud, feel free to ignore it.

v0.52.POWER.0 (Full Release Notes)

This update is mostly to follow the upstream release of the “main” Mail-in-a-Box (v0.52). Apart from these updates, I also updated all NextCloud and admin panel dependencies.

I also introduced a small development update - if the setup detects a mailinabox-ca.crt file (of course inserted manually), it will install that file as a CA certificate. This will not matter to most users, but this is cool for testing HTTPS in development/local/internal environments, where Let’s Encrypt is not an option.

Warning

This update DISABLES some NextCloud functionality, in line with what was done upstream (dashboard, photos and activity apps). If you depend on those I’d suggest to put off upgrading for a while, or re-enable these apps after upgrading (at your own risk):

sudo -u www-data php /usr/local/lib/owncloud/occ app:enable photos dashboard activity

Because I don’t know how NextCloud operates when toggling apps on and off it is possible that data is discarded - as such I recommend taking a backup before the upgrade, if said data is important to you.

davness · March 30, 2021, 7:54pm

Due to some issues I had to release an hotfix version (v0.52.POWER.3) to fix some regressions. Please install that version instead.

v0.52.POWER.2 (Full Release Notes)

(I know I skipped v0.52.POWER.1, it’s release notes can be read here)

Good morning/afternoon/evening everyone!

This is probably the largest update I’ve shipped so far to Power Mail-in-a-Box (considering that this product already has an user base… ) - this update spent quite a few weeks in the oven and in live staging servers to make sure nothing was left undone. Here’s a rundown of the most important stuff that was changed:

For those of you who are into GnuPG:

I added a panel for you to add your own (public) PGP keys to PMIAB. Right now you’re able to publish those keys in WKD;
- WKD (Web Key Directory) is a direct-ish replacement to the public keyservers. The main advantage here is that the WKD server (the box is the WKD server) is authoritative for the domain;
System emails/alerts/reports will now be partially PGP-signed (the plaintext part only, so that non-GnuPG users don’t get annoyed);
For convenience, I also enabled the Roundcube enigma plugin for you;
Soon I’ll be looking into a way of encrypting the backups using a public PGP key from the keyring;

A new subdomain is added openpgpkey.example.com. Make sure to reprovision the certificates or the server will not work!

Mailbox quotas

I was requested to add this feature, so I decided to tuck this in while I was finishing the feature above;
This feature was merged from @jrsupplee’s fork that implemented this feature. No further functional changes were made

Other Changes

System messages/reports will now be sent from noreply-daemon@<primary_hostname>. This should lower the spam score of these emails.
For new users, the default HTML page will no longer redirect to the webmail endpoint, but rather a welcome page (feel free to delete it, of course). Here’s a picture of it:

mauve-twerp · April 1, 2021, 9:49am

@davness some nice additions thank you. I am just trying to configure my email clients to use WKD (if I have understood correctly how it works )

davness · April 13, 2021, 10:13pm

v0.53.POWER.0 (Full Release Notes)

Not much was done here apart from importing the changes from upstream (v0.53). The most notable additions are:

Support for Backblaze B2 (to backup data);
Custom DNS entries are now sorted by domain/QNAME by default;
The box will now send DMARC reports to the senders that request them;

I also fixed a bug that led to the nginx config file being changed at random (because domains were not being sorted). This led to potentially some annoying emails about TLS Certs provision sent to the admin account. Hope this silences that.

elliryc · May 2, 2021, 8:13pm

hi,
on a fresh install Ubuntu 20.04 from online dedicated server:

Installing nsd (DNS server)…

FAILED: apt-get -y -o Dpkg::Options::=–force-confdef -o Dpkg::Options::=–force-confnew install l dnsutils openssh-client

Reading package lists…
Building dependency tree…
Reading state information…
openssh-client is already the newest version (1:8.2p1-4ubuntu0.2).
The following NEW packages will be installed:
ldnsutils libldns2
0 upgraded, 2 newly installed, 0 to remove and 0 not upgraded.
Need to get 278 kB of archives.
After this operation, 1,142 kB of additional disk space will be used.
Err:1 mirrors.online.net/ubuntu focal/universe amd64 libldns2 amd64 1.7.0-4.1ubuntu1
Temporary failure resolving ‘mirrors.online.net’

the local DNS server is not running yet and the /etc/resolv.conf change
to nameserver 127.0.0.1

davness · May 2, 2021, 11:36pm

Weird. If you try to ping mirrors.online.net or even google.com from the machine, what do you get?

If it works normally, maybe it was a DNS hiccup and you should be fine rerunning the setup.

elliryc · May 4, 2021, 11:11am

hi,
error for resolving.

with the local IP 127.0.0.1 SERVER FAIL

elliryc · May 4, 2021, 11:13am

Generating DH parameters, 2048 bit long safe prime, generator 2
This is going to take a long time
...............................................+....+........................................................                                                                               .............................................................+...............................................                                                                               .............................................................................................................                                                                               .....................................+...................................+...................................                                                                               .............................................................................................................                                                                               ..........................+........................+......+..................................................                                                                               .....................................................+........+...........................................+..                                                                               ...........+...................................................+.............................................                                                                               ......................................+......................................................................                                                                               ......................................................................................+.............+.+......                                                                               .............................................................................................................                                                                               .....+.......................................................................................+..++*++*++*++*
Installing nsd (DNS server)...

FAILED: apt-get -y -o Dpkg::Options::=--force-confdef -o Dpkg::Options::=--force-confnew install ldnsutils op                                                                               enssh-client
-----------------------------------------
Reading package lists...
Building dependency tree...
Reading state information...
openssh-client is already the newest version (1:8.2p1-4ubuntu0.2).
The following NEW packages will be installed:
  ldnsutils libldns2
0 upgraded, 2 newly installed, 0 to remove and 0 not upgraded.
Need to get 278 kB of archives.
After this operation, 1,142 kB of additional disk space will be used.
Err:1 http://mirrors.online.net/ubuntu focal/universe amd64 libldns2 amd64 1.7.0-4.1ubuntu1
  Temporary failure resolving 'mirrors.online.net'
Err:2 http://mirrors.online.net/ubuntu focal/universe amd64 ldnsutils amd64 1.7.0-4.1ubuntu1
  Temporary failure resolving 'mirrors.online.net'
E: Failed to fetch http://mirrors.online.net/ubuntu/pool/universe/l/ldns/libldns2_1.7.0-4.1ubuntu1_amd64.deb                                                                                 Temporary failure resolving 'mirrors.online.net'
E: Failed to fetch http://mirrors.online.net/ubuntu/pool/universe/l/ldns/ldnsutils_1.7.0-4.1ubuntu1_amd64.deb                                                                                 Temporary failure resolving 'mirrors.online.net'
E: Unable to fetch some archives, maybe run apt-get update or try with --fix-missing?




$ nslookup toto.com
Server:         127.0.0.1
Address:        127.0.0.1#53

** server can't find toto.com: SERVFAIL

elliryc · May 4, 2021, 11:22am

i think and i don’t know where exactly but the installation script install DNS server, and chnage the nameserver in resolv.conf before dns service is configure and operationnal.

Just an idea of the problem.

davness · June 27, 2021, 11:48pm

v0.54.POWER.0 (Full Release Notes)

Not a lot to tell here apart from the goodies that came from upstream (v0.54). These are mostly security upgrades (Roundcube now uses “stronger” cookies, and DNSSEC has now better algorithms).

Besides that, I’m currently reworking the SMTP relay feature to be more direct and more customizable to your needs.

Happy e-mailing!

gregwbrooks · July 3, 2021, 1:19am

Hi, and thanks for your work on this excellent fork!

Probably a dumb question but: Is the proper upgrade path for v.054.POWER.0 to reinstall (git/bootstrap.sh/etc.) or simply to run the MIAB installer script?

davness · July 3, 2021, 9:42pm

Use the bootstrap script (the same way you install MIAB on a fresh machine), i.e.

curl https://raw.githubusercontent.com/ddavness/power-mailinabox/master/setup/bootstrap.sh | sudo bash

You’re welcome, and hopefully it suits you good! ^-^

davness · July 3, 2021, 9:47pm

Update Notice

If you’re using B2 to store your backups, please upgrade whenever you can. It’s likely they have been failing for a while.

Update: I screwed up the setup script somewhere and had to release an hotfix version (v0.54.POWER.2).

Update 2: Found out I missed something else and now I broke B2 backups on Ubuntu for good. Hotfix coming shortly (v0.54.POWER.3). Sorry about that!

v0.54.POWER.1 (Full Release Notes)

Essentially backups via Backblaze B2 were broken on Debian since forever, and started recently breaking on Ubuntu too. This version brings a patch to both. Alert me if there are issues on other methods.

Other than that, setup scripts output slightly less garbage now. That’s essentially it for today’s package.

gkbaby · September 8, 2021, 8:51am

I updated to power miab from miab and used miab’s backup and it worked fine(incld 2FA) - had to delete an existing certificate while restoring backup. Thank you @davness

davness · October 19, 2021, 8:28pm

v55.0 (Full Release Notes)

Got to admit this is a big update, likely the largest I’ve shipped in a while

So, a very quick recap of the goodies: (including some imported from upstream - v55)

Debian 11 is now supported!
Roundcube Webmail is now at version 1.5.0 - among many things, it supports dark mode!
I have revamped the entire SMTP Relay section - it should now be much more complete;
You should be able to specify the port for rsync targets - some products use different ports, or maybe you’re just paranoid and want to dodge those looking for low-hanging fruit;
Custom DNS entries can now have a specific TTL value;
Munin now works even with 2FA enabled;
Non-admin users can now login to the admin panel to view the mail/contacts sync guides;

No breaking changes that I noticed from testing - but please report any bug you find. Thank you!