How to Install Mail-in-a-box on Ubuntu 18.04
Introduction
Mail-in-a-box (MiaB) takes care of all the complicated configurations required to avoid security problems, provides a solid spam detection system and gives you monitoring, reporting and backup mechanisms. It can also set up and automatically renew a Let's Encrypt certificate for your email domains, as well as configuring the detailed DNS configurations needed to ensure your mail server's IP address is trusted by other servers, and less likely to be blacklisted.
Mail-in-a-box also incorporates Nextcloud, in order to provide calendar (CalDAV) and contacts (CardDAV) servers.
Prerequisites
- A fresh Ubuntu 18.04 server
- At least 1GB RAM
- An IPv4 address. Hosting email behind only an IPv6 address is not yet a viable option for numerous reasons.
- Verify the server's outbound port status.
Getting started
MiaB needs the entire VPS, so you will always need to start with a fresh VPS. MiaB is designed specifically for Ubuntu 18.04. It's a "long term support" version, meaning in this case it will be supported until April 2028.
Choose a hostname for your email server. MiaB recommends a box.
sub-domain of your primary domain. You can host email on multiple domains using MiaB, but your MiaB box itself will have just one hostname. If you're not sure, go with box.example.com
, replacing example.com
with your own domain.
You'll use this hostname to access MiaB's configuration UI in your browser, SSH into your VPS and access your web-mail. Once your VPS has been set up, take a note of its IPv4 address, for example 203.0.113.0
. You'll need this several times throughout this tutorial.
Set the Reverse DNS on your new VPS
- In your Vultr control panel, select your server, and go to the
Settings
page. - There you will see a configuration called Reverse DNS. It will be set by default to something like
203.0.113.0.vultr.com
. - Change this to match the hostname you chose for your VPS above, for example
203.0.113.0.box.example.com
. - Click the "tick" icon to save your changes.
Configure your domain's nameservers at your domain registrar
The simplest (and expected) way to configure your DNS correctly for MiaB is to allow it to take complete control of your domain's DNS. To this end your MiaB install provides two nameservers, for you to point your domain at. These will take the following form:
ns1.box.example.com
ns2.box.example.com
You will need to use the control panel at your domain registrar to assign the MiaB-provided nameservers as the nameservers for your domain. You also need to register your MiaB-provided nameservers with your domain registrar (sometimes called "glue records"). This process differs depending on the registrar you are with. Essentially you should be asked to enter your name servers (ns1.box.example.com
and ns2.box.example.com
) and the IP address they should point at, which is the IP address of your Vultr VPS.
Installation
SSH into your new VPS. Use the IP address that you took note of earlier.
$ ssh root@203.0.113.0
Your root user password can be found in the Vultr control panel, in the Overview
section.
Copy and paste the following into your terminal.
$ curl -s https://mailinabox.email/setup.sh | sudo bash
Several Ubuntu packages will now be installed for you. Eventually, you'll be asked a few installation questions:
- Your email address This will default to something like
me@example.com
. Change that to whatever you prefer. - Hostname This should default to the hostname that you have already set up for your VPS, for example
box.example.com
. Leave this as-is. - Configuring tzdata Select your timezone.
- Password Finally, you'll be asked to enter a new password. This will be used for your new email account, as well as logging into the admin interface.
Once installation is complete, you'll be presented with a success message, and a website link to the admin interface.
Your Mail-in-a-Box is running.
Please log in to the control panel for further instructions at:
https://203.0.113.0/admin
You will be alerted that the website has an invalid certificate. Check that
the certificate fingerprint matches:
C0:9B:FF:04:2B:2D:8F:47:5A:BF:82:E9:F2:2A:E8:CB:51:F3:12:88:48:6B:9E:72:7C:33:8B:D5:88:B7:05:D3:4B:6C:22:80:5F
Logging in for the first time
When you log into MiaB for the first time in your browser, you will use the address given at the end of the installation process. This will use your VPS's IP address instead of the domain name.
The SSL certificate has not been generated at this point, so your box will use a self-signed certificate. Your web browser will almost certainly warn you, suggesting this is dangerous. Accept the self-signed certificate. This is only used during first-run.
Log into MiaB using the email address and password you configured during installation.
System Status Checks
Your MiaB has a very helpful section called Status Checks
. You will arrive at this page when you first log in, and can visit it later at System
> Status Checks
to check if there are any issues that need to be resolved.
If MiaB shows a button asking you to reboot your VPS ("Reboot Box"), you should do so. If the automated attempt to reboot the VPS fails, you can do this through your Vultr control panel, there is an icon on the top-right of the control panel; or via the command-line, using the reboot
command.
Some issues are not absolutely essential to resolve immediately. For example, the password-based login warning, or software packages that need updating. Do be sure to fix these later though.
Confirm that the following items are correct, and if not, resolve them before moving on:
- Nameserver glue records
- This domain must resolve to your box's IP address
You may need to wait for your earlier DNS changes to propagate, which can take some hours. Just reload the page a little later on to see if the changes have taken effect.
Provision and Install TLS (SSL) Certificate
You should get MiaB to configure a valid SSL certificate for you. Visit System
> TLS (SSL) Certificates
and click "Install Certificate" beside each domain.
You will now be able to log into your MiaB using the domain, for example https://box.example.com/admin
, and your web browser will not present any certificate warnings as it did earlier.
Next, go to Mail
> Users
and add as many email accounts as you would like. Be aware that MiaB implements an anti-spam feature called "greylisting". Essentially this means the first time an account on your box receives email from someone it hasn't seen before, it will be delayed; anything from 2 minutes to an hour depending on the sending server. This cuts down on spam enormously, but does mean your first email tests may take some time to come through.
Updating MiaB
To update MiaB, use the exact same two steps as you used when first installing it. The same script both installs and updates MiaB.
curl -s https://mailinabox.email/setup.sh | sudo bash
Using an external DNS service such as Cloudflare
By default, MiaB is set up to handle all your DNS, and is able to configure the complex DKIM and SPI records for your email domains automatically. To do this, you point the name servers for your domains directly at the nameservers provided by MiaB as you did earlier. However, you might need to manage the DNS for your domains elsewhere. This is entirely possible, but more difficult.
To use Cloudflare, for example, the setup is as follows:
- Point your domains' nameservers to the two which Cloudflare specifies
- In your Cloudflare dashboard you will add DNS records as needed to ensure your MiaB server takes charge of your email. You can copy these records from the
System
>External DNS
page of MiaB's admin interface.
Be very careful, and test your work with a site such as mail-tester. A simple oversight in this type of scenario may mean your email will be sent straight to the spam folder of your recipients.