Differences between revisions 18 and 19
Revision 18 as of 2021-08-09 08:29:26
Size: 11003
Editor: fioddor
Comment: Minor improvements
Revision 19 as of 2021-08-09 09:59:19
Size: 11103
Editor: ?FliuFBX
Comment: new screenshot
Deletions are marked like this. Additions are marked like this.
Line 117: Line 117:
 {{attachment:EmailServerMkhome.png|Creating your home folder from the web interface|width=500}}

English - (+)

Email Server

available since: STILL UNDER CONSTRUCTION!

About the Email Server

You only achieve full privacy if you trust the whole communication chain end-to-end. With this Email Server you can:

  • Offer your friends an e-mail account in your FreedomBox so they can communicate with each other within a controlled (by you) environment.

    • This scenario isn't perfect but provides good privacy. Yet they still need to trust each other and you.
    • Accessing FreedomBox webclient though Tor or a virtual private network, etc improves it.

    • End-to-end encryption in capable local clients connecting to your FreedomBox might fix their need to trust you.

  • Connect to other trusted FreedomBoxes and their users.

    • In this case you still need to trust the network interconnecting both FreedomBoxes. Some improvements are planned but still pending.

FreedomBox Email Server can be currently used via IMAP clients and provides both spam and antivirus filtering features.

Unlike other apps in FreedomBox this custom application integrates many Debian packages and quite a lot of glue code to make them all work together for a complete, secure, maintainable solution.

Installing

First of all you need to go to the Apps menu.

If already installed, the Email Server will be shown above the Disabled line. This is likely not your case, but if it is, that means that the Email Server is already installed, so this chapter isn't for you and you ought to jump to the next one.

  • Email Server enabled

If the Email Server is shown among the icons below the Disabled line, it is either not yet installed or it is currently disabled. This is the usual starting status.

  • Email Server disabled

Select the Email Server app. You are presented with the Email Server app page. If not installed yet you'll be shown the Install button. Click on it!

Due to a known bug you might get this error

  • Error installing application: Error during installation E: Error, pkgProblemResolver::Resolve generated breaks, this may be caused by held packages.

Despite the message suggesting held packages, another usual cause is that there's already another email server installed in the system, usually exim4 in Debian systems. Usually it is there by default but you don't need it so you can just uninstall it. This can be done accessing your FreedomBox via SSH and running

  •  sudo apt remove exim4-config exim4-daemon-light 

Then you can try again

  • Email Server app page

This will trigger the installation process.

  • Installation installing sw packages Installation running post-processes

After installing all needed software packages, configuring them, etc FreedomBox will tell you that the installation is successful and the app page will show additional content like the port information and several feature configuration forms organized by means of tabs.

  • Email Server page as just installed

Next time you go to the Apps Menu it will show the Email Server enabled (above the disabled line).

Configuring the Email Server

  1. Log into FreedomBox web interface as an admin. Server configuration forms are hidden to regular users.

  2. Go to Email Server app.

  3. The minimal configuration needed is at the Domains tab.

  4. Edit the variables as shown in the snapshot below.
  5. Click Update

    Domains tab at Email Server app page

Recommended domain settings:

/etc/mailname

The automatically appended domain part for locally submitted mails. Setting it to localhost should be okay.

$mydomain
A fully-qualified domain name for your email addresses. It is the domain after the @ sign.
$myhostname

Typically hostname.$mydomain - the internet hostname of this mail system. Its value appears in SMTP banners and email headers.

$mydestination

The list of accepted domains for inbound mails. It must contain the value of $mydomain (dollar sign notation may be used). If you mess up this variable, Postfix may try to relay internal mails to the public internet which will be dangerous.

Now as admin you can:

  • Add new users to your FreedomBox. Make sure they belong to the users group. Email users need a home folder. Due to a known bug FreedomBox doesn't create a home directory automatically for new users, so they need to be created manually.

  • Override user-defined email aliases by specifying them in /etc/aliases (don't forget to run sudo newaliases after editing the file)

Additional configurations in your FreedomBox and in your domain name registry are needed to meet current security standards.

Caution

For the moment USE THIS SERVER ONLY FOR INTERNAL EMAILS (among FreedomBox users within the same machine) or in controlled testing environments. Attempts of sending e-mail to regular services may get your IP address blacklisted due to unmet security measures.

Using the Email Server

Caution

This app is still under construction. USE THIS SERVER ONLY FOR INTERNAL EMAILS (among FreedomBox users within the same machine) or in controlled testing environments. Attempts of sending e-mail to regular services may get your FreedomBox blacklisted due to unmet security measures.

As a user you can:

  • Create a home folder from the web interface to start receiving emails.
  • Once you have created a home folder, start sending and getting email within your local network using IMAP-enabled email clients.
  • Create and/or manage your email aliases in the Aliases tab of the Email Server app page in FreedomBox web interface.

Once an admin has set up RoundCube configuration for it to work with the FreedomBox Email server you can log into RoundCube and start sending emails to your fellow FreedomBox users without the need for other email clients.

  • Creating your home folder from the web interface

With FreedomBox Webmail Client (RoundCube)

RoundCube email client is provided by FreedomBox so once both are installed, you can host a complete webmail setup for you and your friends.

The following ought to be solved out of the box fairly soon, but currently we still need to tweek a text-file (/etc/roundcube/config.inc.php) to make it work with FreedomBox as email server. The file is restricted so you need to access it as admin user. Fix these settings:

$config['default_host'] = 'ssl://freedombox';
$config['smtp_server'] = 'ssl://freedombox';
$config['smtp_port'] = 465;

Notes:

  • You can edit the file with nano text editor: sudo nano /etc/roundcube/config.inc.php.

  • ssl:// is required;

  • Replace freedombox with the server's domain name, if you have set another one. It must match your TLS certificate.

With Thunderbird

Open Thunderbird. Go to hamburger menu → New → Existing Mail Account. Enter a display name, your FreedomBox email address, and your FreedomBox password. Click continue.

FreedomBox implements the Automatic Account Configuration endpoint which Thunderbird will make use of.

  • Thunderbird configuration

Manual Configuration

Tell your email client to use these parameters:

  • Username: your FreedomBox login name (without the @domain part)

  • Incoming mail: IMAPS, port 993, forced SSL, normal password authentication

  • Outgoing mail: SMTPS, port 465, forced SSL, normal password authentication

STARTTLS on the SMTP submission port is also supported.

  • Email client parameters

Email Aliases

As a user, you can create, modify, and delete email aliases from the My Aliases tab of the Email Server page in FreedomBox web interface.

  • Email alias management page

Mails to non-existent users, non-existent aliases, or system users will be rejected at the SMTP connection level. Disabled aliases work like a "no reply" address: mails to those aliases will be dropped; the sender will not receive a failure code or bounce notification.

Troubleshooting

How to debug an action script failure? How to access the system log?

Open a secure shell connection to your FreedomBox. Type sudo journalctl -b -o short-monotonic --no-pager

  • -b show journal entries since boot

  • -o short-monotonic use short timestamp format

  • --no-pager make it easier to copy and paste

Why does the server say "relay access denied"?

This is because Postfix was not aware of the email domain. To add an email domain,

  • Log into the Plinth web interface as an admin
  • Go to Email Server → Domains

  • Edit $mydestination (make sure your email domain is listed in the variable; dollar sign notation is supported)

  • Click Update

Cannot send anything from Roundcube. It says "SMTP Error (250): Authentication failed".

Root cause: Roundcube tried to submit your email from an unencrypted connection. It did not try to initiate STARTTLS so Postfix chose not to announce authentication support.

Solution: Enforce SSL or STARTTLS usage by the email client. For RoundCube, follow the configuration guide above.

Technical info and feedback discussion

There are drafts for a video and its slides for a technical presentation at Debconf21.

This salsa issue is driving the implementation. Feel free to join discussions and provide technical ideas.

Providing user feedback

Please provide your feedback on usage on this forum thread.

Back to Features introduction or manual pages.


Intro

Information

Support

Contribute

Reports

Promote

Vision

Hardware

Live Help

Where To Start

Translate

Calls

Talks

Overview

Download

Q&A

To Do

Design

Releases

Press

Features

Manual

Contributors

Code

Blog

FreedomBox for Communities

FreedomBox Developer Manual

HELP & DISCUSSIONS: Discussion Forum - Matrix - Mailing List - #freedombox irc.debian.org | CONTACT Foundation | JOIN Project

Next call: Saturday, April 13 at 14:00 UTC

This page is copyright its contributors and is licensed under the Creative Commons Attribution-ShareAlike 4.0 International (CC BY-SA 4.0) license.


CategoryFreedomBox