mirror of
https://github.com/mjl-/mox.git
synced 2024-12-27 08:53:48 +03:00
3fb41ff073
we match messages to their parents based on the "references" and "in-reply-to" headers (requiring the same base subject), and in absense of those headers we also by only base subject (against messages received max 4 weeks ago). we store a threadid with messages. all messages in a thread have the same threadid. messages also have a "thread parent ids", which holds all id's of parent messages up to the thread root. then there is "thread missing link", which is set when a referenced immediate parent wasn't found (but possibly earlier ancestors can still be found and will be in thread parent ids". threads can be muted: newly delivered messages are automatically marked as read/seen. threads can be marked as collapsed: if set, the webmail collapses the thread to a single item in the basic threading view (default is to expand threads). the muted and collapsed fields are copied from their parent on message delivery. the threading is implemented in the webmail. the non-threading mode still works as before. the new default threading mode "unread" automatically expands only the threads with at least one unread (not seen) meessage. the basic threading mode "on" expands all threads except when explicitly collapsed (as saved in the thread collapsed field). new shortcuts for navigation/interaction threads have been added, e.g. go to previous/next thread root, toggle collapse/expand of thread (or double click), toggle mute of thread. some previous shortcuts have changed, see the help for details. the message threading are added with an explicit account upgrade step, automatically started when an account is opened. the upgrade is done in the background because it will take too long for large mailboxes to block account operations. the upgrade takes two steps: 1. updating all message records in the database to add a normalized message-id and thread base subject (with "re:", "fwd:" and several other schemes stripped). 2. going through all messages in the database again, reading the "references" and "in-reply-to" headers from disk, and matching against their parents. this second step is also done at the end of each import of mbox/maildir mailboxes. new deliveries are matched immediately against other existing messages, currently no attempt is made to rematch previously delivered messages (which could be useful for related messages being delivered out of order). the threading is not yet exposed over imap.
380 lines
17 KiB
Markdown
380 lines
17 KiB
Markdown
Mox is a modern full-featured open source secure mail server for low-maintenance self-hosted email.
|
|
|
|
See Quickstart below to get started.
|
|
|
|
## Features
|
|
|
|
- Quick and easy to start/maintain mail server, for your own domain(s).
|
|
- SMTP (with extensions) for receiving, submitting and delivering email.
|
|
- IMAP4 (with extensions) for giving email clients access to email.
|
|
- Automatic TLS with ACME, for use with Let's Encrypt and other CA's.
|
|
- SPF, verifying that a remote host is allowed to send email for a domain.
|
|
- DKIM, verifying that a message is signed by the claimed sender domain,
|
|
and for signing emails sent by mox for others to verify.
|
|
- DMARC, for enforcing SPF/DKIM policies set by domains. Incoming DMARC
|
|
aggregate reports are analyzed.
|
|
- Reputation tracking, learning (per user) host- and domain-based reputation from
|
|
(Non-)Junk email.
|
|
- Bayesian spam filtering that learns (per user) from (Non-)Junk email.
|
|
- Slowing down senders with no/low reputation or questionable email content
|
|
(similar to greylisting). Rejected emails are stored in a mailbox called Rejects
|
|
for a short period, helping with misclassified legitimate synchronous
|
|
signup/login/transactional emails.
|
|
- Internationalized email, with unicode names in domains and usernames
|
|
("localparts").
|
|
- TLSRPT, parsing reports about TLS usage and issues.
|
|
- MTA-STS, for ensuring TLS is used whenever it is required. Both serving of
|
|
policies, and tracking and applying policies of remote servers.
|
|
- Web admin interface that helps you set up your domains and accounts
|
|
(instructions to create DNS records, configure
|
|
SPF/DKIM/DMARC/TLSRPT/MTA-STS), for status information, managing
|
|
accounts/domains, and modifying the configuration file.
|
|
- Autodiscovery (with SRV records, Microsoft-style and Thunderbird-style) for
|
|
easy account setup (though not many clients support it).
|
|
- Webmail for reading/sending email from the browser.
|
|
- Webserver with serving static files and forwarding requests (reverse
|
|
proxy), so port 443 can also be used to serve websites.
|
|
- Prometheus metrics and structured logging for operational insight.
|
|
- "localserve" subcommand for running mox locally for email-related
|
|
testing/developing, including pedantic mode.
|
|
|
|
Mox is available under the MIT-license and was created by Mechiel Lukkien,
|
|
mechiel@ueber.net. Mox includes the Public Suffix List by Mozilla, under Mozilla
|
|
Public License, v2.0.
|
|
|
|
|
|
# Download
|
|
|
|
You can easily (cross) compile mox if you have a recent Go toolchain installed
|
|
(see "go version", it must be >= 1.19; otherwise, see https://go.dev/dl/ or
|
|
https://go.dev/doc/manage-install and $HOME/go/bin):
|
|
|
|
GOBIN=$PWD CGO_ENABLED=0 go install github.com/mjl-/mox@latest
|
|
|
|
Or you can download a binary built with the latest Go toolchain from
|
|
https://beta.gobuilds.org/github.com/mjl-/mox@latest/linux-amd64-latest/, and
|
|
symlink or rename it to "mox".
|
|
|
|
Verify you have a working mox binary:
|
|
|
|
./mox version
|
|
|
|
Note: Mox only compiles for/works on unix systems, not on Plan 9 or Windows.
|
|
|
|
You can also run mox with docker image `r.xmox.nl/mox`, with tags like `v0.0.1`
|
|
and `v0.0.1-go1.20.1-alpine3.17.2`, see https://r.xmox.nl/r/mox/. See
|
|
docker-compose.yml in this repository for instructions on starting. You must run
|
|
docker with host networking, because mox needs to find your actual public IP's
|
|
and get the remote IPs for incoming connections, not a local/internal NAT IP.
|
|
|
|
|
|
# Quickstart
|
|
|
|
The easiest way to get started with serving email for your domain is to get a
|
|
vm/machine dedicated to serving email, name it [host].[domain] (e.g.
|
|
mail.example.com), login as root, and run:
|
|
|
|
# Create mox user and homedir (or pick another name or homedir):
|
|
useradd -m -d /home/mox mox
|
|
|
|
cd /home/mox
|
|
... compile or download mox to this directory, see above ...
|
|
|
|
# Generate config files for your address/domain:
|
|
./mox quickstart you@example.com
|
|
|
|
The quickstart creates an account, generates a password and configuration
|
|
files, prints the DNS records you need to manually create and prints commands
|
|
to start mox and optionally install mox as a service.
|
|
|
|
A dedicated machine is highly recommended because modern email requires HTTPS,
|
|
and mox currently needs it for automatic TLS. You could combine mox with an
|
|
existing webserver, but it requires more configuration. If you want to serve
|
|
websites on the same machine, consider using the webserver built into mox. If
|
|
you want to run an existing webserver on port 443/80, see "mox help quickstart",
|
|
it'll tell you to run "./mox quickstart -existing-webserver you@example.com".
|
|
|
|
After starting, you can access the admin web interface on internal IPs.
|
|
|
|
|
|
# Future/development
|
|
|
|
Mox has automated tests, including for interoperability with Postfix for SMTP.
|
|
Mox is manually tested with email clients: Mozilla Thunderbird, mutt, iOS Mail,
|
|
macOS Mail, Android Mail, Microsoft Outlook. Mox is also manually tested to
|
|
interoperate with popular cloud providers: gmail.com, outlook.com, yahoo.com,
|
|
proton.me.
|
|
|
|
The code is heavily cross-referenced with the RFCs for readability/maintainability.
|
|
|
|
## Roadmap
|
|
|
|
- DANE and DNSSEC
|
|
- Sending DMARC and TLS reports (currently only receiving)
|
|
- Require TLS SMTP extension (RFC 8689)
|
|
- Prepare data storage for JMAP
|
|
- Calendaring
|
|
- Add special IMAP mailbox ("Queue?") that contains queued but
|
|
not-yet-delivered messages
|
|
- OAUTH2 support, for single sign on
|
|
- Sieve for filtering (for now see Rulesets in the account config)
|
|
- Expose threading through IMAP extension
|
|
- Privilege separation, isolating parts of the application to more restricted
|
|
sandbox (e.g. new unauthenticated connections)
|
|
- Using mox as backup MX
|
|
- ARC, with forwarded email from trusted source
|
|
- JMAP
|
|
- Autoresponder (out of office/vacation)
|
|
- HTTP-based API for sending messages and receiving delivery feedback
|
|
- Milter support, for integration with external tools
|
|
|
|
There are many smaller improvements to make as well, search for "todo" in the code.
|
|
|
|
## Not supported
|
|
|
|
But perhaps in the future...
|
|
|
|
- Functioning as SMTP relay
|
|
- Forwarding (to an external address)
|
|
- POP3
|
|
- Delivery to (unix) OS system users
|
|
- Mailing list manager
|
|
- Support for pluggable delivery mechanisms
|
|
- iOS Mail push notifications (with XAPPLEPUSHSERVICE undocumented imap
|
|
extension and hard to get APNS certificate)
|
|
|
|
|
|
# FAQ - Frequently Asked Questions
|
|
|
|
## Why a new mail server implementation?
|
|
|
|
Mox aims to make "running a mail server" easy and nearly effortless. Excellent
|
|
quality mail server software exists, but getting a working setup typically
|
|
requires you configure half a dozen services (SMTP, IMAP, SPF/DKIM/DMARC, spam
|
|
filtering). That seems to lead to people no longer running their own mail
|
|
servers, instead switching to one of the few centralized email providers. Email
|
|
with SMTP is a long-time decentralized messaging protocol. To keep it
|
|
decentralized, people need to run their own mail server. Mox aims to make that
|
|
easy.
|
|
|
|
## Where is the documentation?
|
|
|
|
See all commands and help text at https://pkg.go.dev/github.com/mjl-/mox/, and
|
|
example config files at https://pkg.go.dev/github.com/mjl-/mox/config/.
|
|
|
|
You can get the same information by running "mox" without arguments to list its
|
|
subcommands and usage, and "mox help [subcommand]" for more details.
|
|
|
|
The example config files are printed by "mox config describe-static" and "mox
|
|
config describe-dynamic".
|
|
|
|
Mox is still in early stages, and documentation is still limited. Please create
|
|
an issue describing what is unclear or confusing, and we'll try to improve the
|
|
documentation.
|
|
|
|
## How do I import/export email?
|
|
|
|
Use the import functionality on the accounts web page to import a zip/tgz with
|
|
maildirs/mbox files, or use the "mox import maildir" or "mox import mbox"
|
|
subcommands. You could also use your IMAP email client, add your mox account,
|
|
and copy or move messages from one account to the other.
|
|
|
|
Similarly, see the export functionality on the accounts web page and the "mox
|
|
export maildir" and "mox export mbox" subcommands to export email.
|
|
|
|
Importing large mailboxes may require a lot of memory (a limitation of the
|
|
current database). Splitting up mailboxes in smaller parts would help.
|
|
|
|
## How can I help?
|
|
|
|
Mox needs users and testing in real-life setups! So just give it a try, send
|
|
and receive emails through it with your favourite email clients, and file an
|
|
issue if you encounter a problem or would like to see a feature/functionality
|
|
implemented.
|
|
|
|
Instead of switching email for your domain over to mox, you could simply
|
|
configure mox for a subdomain, e.g. [you]@moxtest.[yourdomain].
|
|
|
|
If you have experience with how the email protocols are used in the wild, e.g.
|
|
compatibility issues, limitations, anti-spam measures, specification
|
|
violations, that would be interesting to hear about.
|
|
|
|
Pull requests for bug fixes and new code are welcome too. If the changes are
|
|
large, it helps to start a discussion (create a ticket) before doing all the
|
|
work.
|
|
|
|
By contributing (e.g. code), you agree your contributions are licensed under the
|
|
MIT license (like mox), and have the rights to do so.
|
|
|
|
## Where can I discuss mox?
|
|
|
|
Join #mox on irc.oftc.net, or #mox on the "Gopher slack".
|
|
|
|
For bug reports, please file an issue at https://github.com/mjl-/mox/issues/new.
|
|
|
|
## How do I change my password?
|
|
|
|
Regular users (doing IMAP/SMTP with authentication) can change their password
|
|
at the account page, e.g. http://localhost/. Or you can set a password with "mox
|
|
setaccountpassword".
|
|
|
|
The admin can change the password of any account through the admin page, at
|
|
http://localhost/admin/ by default (leave username empty when logging in).
|
|
|
|
The account and admin pages are served on localhost on your mail server.
|
|
To access these from your browser, run
|
|
`ssh -L 8080:localhost:80 you@yourmachine` locally and open
|
|
http://localhost:8080/[...].
|
|
|
|
The admin password can be changed with "mox setadminpassword".
|
|
|
|
## How do I configure a second mox instance as a backup MX?
|
|
|
|
Unfortunately, mox does not yet provide an option for that. Mox does spam
|
|
filtering based on reputation of received messages. It will take a good amount
|
|
of work to share that information with a backup MX. Without that information,
|
|
spammers could use a backup MX to get their spam accepted. Until mox has a
|
|
proper solution, you can simply run a single SMTP server.
|
|
|
|
## How do I stay up to date?
|
|
|
|
Please set "CheckUpdates: true" in mox.conf. Mox will check for a new version
|
|
through a DNS TXT request for `_updates.xmox.nl` once per 24h. Only if a new
|
|
version is published will the changelog be fetched and delivered to the
|
|
postmaster mailbox.
|
|
|
|
The changelog, including latest update instructions, is at
|
|
https://updates.xmox.nl/changelog.
|
|
|
|
You can also monitor newly added releases on this repository with the github
|
|
"watch" feature, or use the github RSS feed for tags
|
|
(https://github.com/mjl-/mox/tags.atom) or releases
|
|
(https://github.com/mjl-/mox/releases.atom), or monitor the docker images.
|
|
|
|
Keep in mind you have a responsibility to keep the internect-connected software
|
|
you run up to date and secure.
|
|
|
|
## How do I upgrade my mox installation?
|
|
|
|
We try to make upgrades effortless and you can typically just put a new binary
|
|
in place and restart. If manual actions are required, the release notes mention
|
|
them. Check the release notes of all version between your current installation
|
|
and the release you're upgrading to.
|
|
|
|
Before upgrading, make a backup of the data directory with `mox backup
|
|
<destdir>`. This writes consistent snapshots of the database files, and
|
|
duplicates message files from the queue and accounts. Using the new mox
|
|
binary, run `mox verifydata <backupdir>` (do NOT use the "live" data
|
|
directory!) for a dry run. If this fails, an upgrade will probably fail too.
|
|
Important: verifydata with the new mox binary can modify the database files
|
|
(due to automatic schema upgrades). So make a fresh backup again before the
|
|
actual upgrade. See the help output of the "backup" and "verifydata" commands
|
|
for more details.
|
|
|
|
During backup, message files are hardlinked if possible. Using a destination
|
|
directory like `data/tmp/backup` increases the odds hardlinking succeeds: the
|
|
default systemd service file specifically mounts the data directory, causing
|
|
attempts to outside it to fail with an error about cross-device linking.
|
|
|
|
If an upgrade fails and you have to restore (parts) of the data directory, you
|
|
should run `mox verifydata <datadir>` (with the original binary) on the
|
|
restored directory before starting mox again. If problematic files are found,
|
|
for example queue or account message files that are not in the database, run
|
|
`mox verifydata -fix <datadir>` to move away those files. After a restore, you may
|
|
also want to run `mox bumpuidvalidity <account>` for each account for which
|
|
messages in a mailbox changed, to force IMAP clients to synchronize mailbox
|
|
state.
|
|
|
|
## How secure is mox?
|
|
|
|
Security is high on the priority list for mox. Mox is young, so don't expect no
|
|
bugs at all. Mox does have automated tests for some security aspects, e.g. for
|
|
login, and uses fuzzing. Mox is written in Go, so some classes of bugs such as
|
|
buffer mishandling do not typically result in privilege escalation. Of course
|
|
logic bugs will still exist. If you find any security issues, please email them
|
|
to mechiel@ueber.net.
|
|
|
|
## I'm now running an email server, but how does email work?
|
|
|
|
Congrats and welcome to the club! Running an email server on the internet comes
|
|
with some responsibilities so you should understand how it works. See
|
|
https://explained-from-first-principles.com/email/ for a thorough explanation.
|
|
|
|
## What are the minimum requirements to run mox?
|
|
|
|
Mox does not need much. Nowadays most machines are larger than mox needs. You
|
|
can start with a machine with 512MB RAM, any CPU will do. For storage you
|
|
should account for the size of the email messages (no compression currently),
|
|
an additional 15% overhead for the meta data, and add some more headroom.
|
|
Expand as necessary.
|
|
|
|
## Can I see some screenshots?
|
|
|
|
Yes, see https://www.xmox.nl/screenshots/.
|
|
|
|
Mox has a webmail for reading/writing messages.
|
|
|
|
Mox also has an "account" web interface where users can view their account and
|
|
manage their address configuration, such as rules for automatically delivering
|
|
certain incoming messages to a specific mailbox.
|
|
|
|
And mox has an "admin" web interface where the administrator can make changes,
|
|
e.g. add/remove/modify domains/accounts/addresses.
|
|
|
|
## Won't the big email providers block my email?
|
|
|
|
It is a common misconception that it is impossible to run your own email server
|
|
nowadays. The claim is that the handful big email providers will simply block
|
|
your email. However, you can run your own email server just fine, and your
|
|
email will be accepted, provided you are doing it right.
|
|
|
|
If your email is rejected, it is often because your IP address has a bad email
|
|
sending reputation. Email servers often use IP blocklists to reject email
|
|
networks with a bad email sending reputation. These blocklists often work at
|
|
the level of whole network ranges. So if you try to run an email server from a
|
|
hosting provider with a bad reputation (which happens if they don't monitor
|
|
their network or don't act on abuse/spam reports), your IP too will have a bad
|
|
reputation and other mail servers (both large and small) may reject messages
|
|
coming from you. During the quickstart, mox checks if your IPs are on a few
|
|
often-used blocklists. It's typically not a good idea to host an email server
|
|
on the cheapest or largest cloud providers: They often don't spend the
|
|
resources necessary for a good reputation, or they simply block all outgoing
|
|
SMTP traffic. It's better to look for a technically-focused local provider.
|
|
They too may initially block outgoing SMTP connections on new machines to
|
|
prevent spam from their networks. But they will either automatically open up
|
|
outgoing SMTP traffic after a cool down period (e.g. 24 hours), or after you've
|
|
contacted their support.
|
|
|
|
After you get past the IP blocklist checks, email servers use many more signals
|
|
to determine if your email message could be spam and should be rejected. Mox
|
|
helps you set up a system that doesn't trigger most of the technical signals
|
|
(e.g. with SPF/DKIM/DMARC). But there are more signals, for example: Sending to
|
|
a mail server or address for the first time. Sending from a newly registered
|
|
domain. Sending messages with content that resembles known spam messages.
|
|
|
|
Should your email be rejected, you will typically get an error message that
|
|
explains why. In the case of big email providers the error message often has
|
|
instructions on how to prove to them you are a legimate sender.
|
|
|
|
## Can I use existing TLS certificates/keys?
|
|
|
|
Yes. The quickstart command creates a config that uses ACME with Let's Encrypt,
|
|
but you can change the config file to use existing certificate and key files.
|
|
|
|
You'll see "ACME: letsencrypt" in the "TLS" section of the "public" Listener.
|
|
Remove or comment out the ACME-line, and add a "KeyCerts" section like in the
|
|
example config file in
|
|
https://pkg.go.dev/github.com/mjl-/mox/config#hdr-mox_conf. You can have
|
|
multiple certificates and keys: The line with the "-" (dash) is the start of a
|
|
list item. Duplicate that line up to and including the line with KeyFile for
|
|
each certificate/key you have. Mox makes a TLS config that holds all specified
|
|
certificates/keys, and uses it for all services for that Listener (including a
|
|
webserver), choosing the correct certificate for incoming requests.
|
|
|
|
Keep in mind that for each email domain you host, you will need a certificate
|
|
for `mta-sts.<domain>` and `autoconfig.<domain>`, unless you disable MTA-STS
|
|
and autoconfig for that domain.
|
|
|
|
Mox opens the key and certificate files during initial startup, as root (and
|
|
passes file descriptors to the unprivileged process). No special permissions
|
|
are needed on the key and certificate files.
|