11048
Comment: How to tell RoundCube to use port 25.
|
12244
More info on features.
|
Deletions are marked like this. | Additions are marked like this. |
Line 13: | Line 13: |
'''available since''': STILL UNDER CONSTRUCTION! | '''available since''': STILL UNDER CONSTRUCTION! (DISABLED) |
Line 17: | Line 17: |
You only achieve full privacy if you trust the whole communication chain end-to-end. With this Email Server you can: | Once enabled, !FreedomBox Email Server can be currently used via IMAP clients and provides spam filtering features. Spam learning is not yet implemented and antivirus are currently held, though. This is just the beginning. More e-mail related features and utilities are planned. ==== Ease ==== The interfaces for admin and non-admin users are very simple for an email server. Unlike other apps in !FreedomBox this custom application integrates many Debian packages and quite a lot of glue code to make them all work together for a user-friendly, complete, secure, maintainable solution. * If RounCube client is installed in !FreedomBox the installation of the Email Server automatically reconfigures it to work through !FreedomBox Email Server. This is convenient but intrusive and needs to be tweeked a bit to avoid smashing existing working RoundCube setups. * ==== E-mail privacy ==== You only achieve full privacy if you trust the whole communication chain end-to-end. By owning your Email Server you can: |
Line 21: | Line 33: |
* End-to-end encryption in capable local clients connecting to your !FreedomBox might fix their need to trust you. * Connect to other trusted !FreedomBoxes and their users. * In this case you still need to trust the network interconnecting both !FreedomBoxes. Some improvements are planned but still pending. !FreedomBox Email Server can be currently used via IMAP clients and provides both spam and antivirus filtering features. Unlike other apps in !FreedomBox this custom application integrates many Debian packages and quite a lot of glue code to make them all work together for a complete, secure, maintainable solution. |
* Their need to trust you can be fixed via end-to-end encryption. See the last bullet below for more details. * Connect to other trusted !FreedomBoxes and email providers and their users. * In this case you still need to trust the network interconnecting both servers. Some improvements are planned but still pending. * After proper configuration you'll be able to send and receive emails to/from standard email providers, but be aware that then your privacy depends on those providers, and the popular ones spy on you. * End-to-end encryption in capable clients is the final solution for use cases requiring the highest privacy level. Check Free Software Foundation's [https://emailselfdefense.fsf.org|E-mail Defense Guide]. |
Line 149: | Line 159: |
As a user, you can create, modify, and delete email aliases from the ''My Aliases'' tab of the ''Email Server'' page in !FreedomBox web interface. | Email aliases are very useful for privacy. Now as !FreedomBox email user (don't even need to be an admin) you can have temporary throw-away and specific email addresses under your control. You can create, modify, and delete email aliases from the ''My Aliases'' tab of the ''Email Server'' page in !FreedomBox web interface. |
Line 193: | Line 205: |
=== Technical info and feedback discussion === | === Providing user feedback === Please provide your feedback on usage on [[https://discuss.freedombox.org/t/email-server-progress/1330|this forum thread]]. === Technical info and discussion === |
Line 200: | Line 216: |
=== Providing user feedback === Please provide your feedback on usage on [[https://discuss.freedombox.org/t/email-server-progress/1330|this forum thread]]. |
Contents
Email Server
available since: STILL UNDER CONSTRUCTION! (DISABLED)
About the Email Server
Once enabled, FreedomBox Email Server can be currently used via IMAP clients and provides spam filtering features. Spam learning is not yet implemented and antivirus are currently held, though.
This is just the beginning. More e-mail related features and utilities are planned.
Ease
The interfaces for admin and non-admin users are very simple for an email server. Unlike other apps in FreedomBox this custom application integrates many Debian packages and quite a lot of glue code to make them all work together for a user-friendly, complete, secure, maintainable solution.
If ?RounCube client is installed in FreedomBox the installation of the Email Server automatically reconfigures it to work through FreedomBox Email Server. This is convenient but intrusive and needs to be tweeked a bit to avoid smashing existing working ?RoundCube setups.
E-mail privacy
You only achieve full privacy if you trust the whole communication chain end-to-end. By owning your Email Server you can:
Offer your friends an e-mail account in your FreedomBox so they can communicate with each other within a controlled (by you) environment.
- This scenario isn't perfect but provides good privacy. Yet they still need to trust each other and you.
Accessing FreedomBox webclient though Tor or a virtual private network, etc improves it.
- Their need to trust you can be fixed via end-to-end encryption. See the last bullet below for more details.
Connect to other trusted FreedomBoxes and email providers and their users.
- In this case you still need to trust the network interconnecting both servers. Some improvements are planned but still pending.
- After proper configuration you'll be able to send and receive emails to/from standard email providers, but be aware that then your privacy depends on those providers, and the popular ones spy on you.
End-to-end encryption in capable clients is the final solution for use cases requiring the highest privacy level. Check Free Software Foundation's [https://emailselfdefense.fsf.org|E-mail Defense Guide].
Installing
First of all you need to go to the Apps menu.
If already installed, the Email Server will be shown above the Disabled line. This is likely not your case, but if it is, that means that the Email Server is already installed, so this chapter isn't for you and you ought to jump to the next one.
If the Email Server is shown among the icons below the Disabled line, it is either not yet installed or it is currently disabled. This is the usual starting status.
Select the Email Server app. You are presented with the Email Server app page. If not installed yet you'll be shown the Install button. Click on it!
Due to a known bug you might get this error
- Error installing application: Error during installation E: Error, pkgProblemResolver::Resolve generated breaks, this may be caused by held packages.
Despite the message suggesting held packages, another usual cause is that there's already another email server installed in the system, usually exim4 in Debian systems. Usually it is there by default but you don't need it so you can just uninstall it. This can be done accessing your FreedomBox via SSH and running
sudo apt remove exim4-config exim4-daemon-light
Then you can try again
This will trigger the installation process.
After installing all needed software packages, configuring them, etc FreedomBox will tell you that the installation is successful and the app page will show additional content like the port information and several feature configuration forms organized by means of tabs.
Next time you go to the Apps Menu it will show the Email Server enabled (above the disabled line).
Configuring the Email Server
Log into FreedomBox web interface as an admin. Server configuration forms are hidden to regular users.
Go to Email Server app.
The minimal configuration needed is at the Domains tab.
- Edit the variables as shown in the snapshot below.
Click Update
Recommended domain settings:
- /etc/mailname
The automatically appended domain part for locally submitted mails. Setting it to localhost should be okay.
- $mydomain
- A fully-qualified domain name for your email addresses. It is the domain after the @ sign.
- $myhostname
Typically hostname.$mydomain or just $mydomain - the internet hostname of this mail system. NOTE: Provide a reachable domain name to avoid email bouncing. If you don't have a domain name, use localhost
- $mydestination
The list of accepted domains for inbound mails. It must contain the value of $mydomain (dollar sign notation may be used). If you mess up this variable, Postfix may try to relay internal mails to the public internet which will be dangerous.
Now as admin you can:
Add new users to your FreedomBox. Make sure they belong to the users group. Email users need a home folder. Due to a known bug FreedomBox doesn't create a home directory automatically for new users, so they need to be created manually.
Override user-defined email aliases by specifying them in /etc/aliases (don't forget to run sudo newaliases after editing the file)
Additional configurations in your FreedomBox and in your domain name registry are needed to meet current security standards.
Caution
For the moment USE THIS SERVER ONLY FOR INTERNAL EMAILS (among FreedomBox users within the same machine) or in controlled testing environments. Attempts of sending e-mail to regular services may get your IP address blacklisted due to unmet security measures.
Using the Email Server
Caution
This app is still under construction. USE THIS SERVER ONLY FOR INTERNAL EMAILS (among FreedomBox users within the same machine) or in controlled testing environments. Attempts of sending e-mail to regular services may get your FreedomBox blacklisted due to unmet security measures.
As a user you can:
- Create a home folder from the web interface to start receiving emails.
- Once you have created a home folder, start sending and getting email within your local network using IMAP-enabled email clients.
Create and/or manage your email aliases in the Aliases tab of the Email Server app page in FreedomBox web interface.
Once an admin has set up RoundCube configuration for it to work with the FreedomBox Email server you can log into RoundCube and start sending emails to your fellow FreedomBox users without the need for other email clients.
With FreedomBox Webmail Client (RoundCube)
RoundCube email client is provided by FreedomBox as an optional app. If RoundCube has been installed before the email server, setup will tell RoundCube to use the FreedomBox email service. Once both apps are installed, you have a complete webmail setup for you and your friends.
With Thunderbird
Open Thunderbird. Go to hamburger menu → New → Existing Mail Account. Enter a display name, your FreedomBox email address, and your FreedomBox password. Click continue.
FreedomBox implements the Automatic Account Configuration endpoint which Thunderbird will make use of.
Manual Configuration
Tell your email client to use these parameters:
Username: your FreedomBox login name (without the @domain part)
Incoming mail: IMAPS, port 993, forced SSL, normal password authentication
Outgoing mail: SMTPS, port 465, forced SSL, normal password authentication
STARTTLS on the SMTP submission port is also supported.
Email Aliases
Email aliases are very useful for privacy. Now as FreedomBox email user (don't even need to be an admin) you can have temporary throw-away and specific email addresses under your control. You can create, modify, and delete email aliases from the My Aliases tab of the Email Server page in FreedomBox web interface.
Mails to non-existent users, non-existent aliases, or system users will be rejected at the SMTP connection level. Disabled aliases work like a "no reply" address: mails to those aliases will be dropped; the sender will not receive a failure code or bounce notification.
Troubleshooting
How to debug an action script failure? How to access the system log?
Open a secure shell connection to your FreedomBox. Type sudo journalctl -b -o short-monotonic --no-pager
-b show journal entries since boot
-o short-monotonic use short timestamp format
--no-pager make it easier to copy and paste
Why does the server say "relay access denied"?
This is because Postfix was not aware of the email domain. To add an email domain,
- Log into the Plinth web interface as an admin
Go to Email Server → Domains
Edit $mydestination (make sure your email domain is listed in the variable; dollar sign notation is supported)
Click Update
Cannot send anything from Roundcube. It says "SMTP Error (250): Authentication failed".
Root cause: Roundcube tried to submit your email from an unencrypted connection, but ports 465 and 587 required SSL and STARTTLS encryption, respectively.
Solutions:
For RoundCube, edit the /etc/roundcube/config.inc.php file to make it use port 25 (unencrypted). Fix these settings:
$config['smtp_server'] = 'smtp://localhost'; $config['smtp_port'] = 25;
Notes:
Access your FreedomBox via SSH.
You can edit the file with nano text editor. The file is restricted, so you need to access it as superuser: sudo nano /etc/roundcube/config.inc.php.
If using another email client like Thunderbird, enforce SSL or STARTTLS usage by the email client.
Providing user feedback
Please provide your feedback on usage on this forum thread.
Technical info and discussion
There are drafts for a video and its slides for a technical presentation at Debconf21.
This salsa issue is driving the implementation. Feel free to join discussions and provide technical ideas.
Back to Features introduction or manual pages.
External links
- Upstream websites:
Intro |
Information |
Support |
Contribute |
Reports |
Promote |
|
|
|
|||||
|
|
|
HELP & DISCUSSIONS: Discussion Forum - Matrix - Mailing List - #freedombox irc.debian.org | CONTACT Foundation | JOIN Project
Next call: Saturday, April 13 at 14:00 UTC
This page is copyright its contributors and is licensed under the Creative Commons Attribution-ShareAlike 4.0 International (CC BY-SA 4.0) license.