User Tools

Site Tools


miab

Introduction

Mail-in-a-Box is a project aiming to give people control of their email with little technical email knowledge required. You buy a VPS from any cloud provider you like, put a late version of Ubuntu on it, and run the MIAB install script. It installs and configures everything it needs to run a mail server, DNS server, and provide web mail access. Add some glue records at your domain registrar and you're ready to go.

It really was that easy to have MIAB replace all the functionality that FastMail was providing for me. I also set up DNS slave zones on the Linode DNS system so that they'd act as high performance secondary DNS servers for me, copying authoritative zone data from my MIAB system.

Advantages of MIAB

These advantages are written from the point of view of having managed my own exim email server on VestaCP.

Mail in a Box adds anti-SPAM DNS records for every domain it manages. For domains without email, it adds SPF and DMARK records to ensure all email claiming to be from that domain will be marked as SPAM. For domains with email, it ensures that all email from any IP address other than its own will be marked as SPAM. All of these extra records can be a pain in the butt to set up by hand for every domain and subdomain you add. MIAB does it automatially.

MIAB also comes preconfigured with a lot of options that are hard to set up if you're doing it from scratch. For example, sieve filter support in dovecot. With MIAB you just go into Roundcube and set up your filters and everything works. This is not part of a standard VestaCP install and requires freelancing to set it up by hand. I didn't get it to work.

Setup Mail in a Box

This is being written long after the install was performed. It's going to document how the current system is set up, not how to install and configure MIAB.

DNS

MIAB acts as the authoritative DNS server for the domains it hosts email for.

Glue Records

You want to tell your registrar to use, in my case, “ns1.box.jtcol.com” as the DNS server. It won't be able to look up an IP address for ns1.box.jtcol.com since we haven't yet established the DNS server for the jtcol.com domain. We need a glue record.

The glue record provides the IP of a DNS server within that same domain. In my case, ns1.box.jtcol.com = 97.107.140.66.

Secondary DNS

Best practice is to have more than one DNS name server. Secondary DNS allows you to keep your MIAB server as your authoritative name server while ensuring other name servers will act as name servers on your behalf.

Since my MIAB VPS is hosted at Linode I also use their DNS system as secondary servers for my MIAB domains.

Navigate to the MIAB Custom DNS page via the menu System → Custom DNS. Scroll down the page to the section labeled Using a secondary nameserver. Add the Linode nameserver names and the IP addresses of the Linode DNS transfer IPs to the text box:

ns1.linode.com ns2.linode.com ns3.linode.com ns4.linode.com ns5.linode.com xfr:104.237.137.10 xfr:65.19.178.10 xfr:75.127.96.10 xfr:207.192.70.10 xfr:109.74.194.10

I tried using only the name server names but the zone info would never appear on the Linode name servers. I then did a little digging and added the linode DNS transfer servers to the text box list using the xfr: prefix (which I learned about on a MIAB forum) and within a few hours all the Linode name servers were serving my domain details.

A little debugging

I looked at traffic on the DNS port using system tool tcpdump -t -i eth0 udp port 53 and discovered some linode servers making requests. The requests looked like this:

IP axfr3.linode.com.36644 > box.jtcol.com.domain: 36213 [1au] SOA? nerderypublic.com. (46)

After adding the IPs of the axfr*.linode.com machines to the MIAB text box, MIAB started responding to those requests like this:

IP box.jtcol.com.domain > axfr3.linode.com.36644: 36213*- 1/6/1 SOA (218)

Local modifications

I've made a change to allow munin-node data to be passed to skoga.jtcol.com to display it along with all my other servers.

The first change was to add a rule to the firewall to give skoga access to port 4949.

ufw allow from 50.116.50.72 to any port 4949

The second was adding a line to /etc/munin/munin-node.conf to allow it to respond to skoga.

# This allows skoga to collect munin data for box.jtcol.com
allow ^50\.116\.50\.72$
miab.txt · Last modified: 2019/10/13 22:11 by jason