I want the security aspects of m-i-a-b but cannot use it directly because I need it for a small association’s server which already has several mission-critical applications (including postfix, dovecot, and apache2, not nginx) and doesn’t run on the required flavor OS. So, I’m trying out mail-in-a-box to plagiarize its tool set and configs. Thank you, and it sure looks like you’ve done your homework.
However, just getting started looking around, I see that /home/user-data/owncloud/root is not world-readable. Since it belongs to root, that might be a good thing. BUT … subordinate to that, you’ve got files/ownCloudUserManual.pdf. Might be a good idea to put that somewhere more easily accesible.
Also, the very old spare box I had kicking around for this was i386 arch, not amd64, but I haven’t stumbled across anything yet that fails due to wrong arch. Unless it’s just biding its time to bite me after I’m deeper into it, you might want to remove that limitation from your prerequisites list.
Again, thanks for the fine work!