Introduction
Mail-in-a-Box is an open source software bundle that makes it easy to turn your Ubuntu server into a full-stack email solution for multiple domains.
For securing the server, Mail-in-a-Box makes use of Fail2ban and an SSL certificate (self-signed by default). It auto-configures a UFW firewall with all the required ports open. Its anti-spam and other security features include graylisting, SPF, DKIM, DMARC, opportunistic TLS, strong ciphers, HSTS, and DNSSEC (with DANE TLSA).
Mail-in-a-Box is designed to handle SMTP, IMAP/POP, spam filtering, webmail, and even DNS as part of its all-in-one solution. Since the server itself is handling your DNS, you’ll get an off-the-shelf DNS solution optimized for mail. Basically, this means you’ll get sophisticated DNS records for your email (including SPF and DKIM records) without having to research and set them up manually. You can tweak your DNS settings afterwards as needed, but the defaults should work very well for most users hosting their own mail.
This tutorial shows how to set up Mail-in-a-Box on a DigitalOcean Droplet running Ubuntu 14.04 x86-64.
Prerequisites
Mail-in-a-Box is very particular about the resources that are available to it. Specifically, it requires:
- An Ubuntu 14.04 x86-64 Droplet
- The server must have at least 768 MB of RAM (1 GB recommended)
- Be sure that the server has been set up along the lines given in this tutorial, including adding a sudo user and disabling password SSH access for the root user (and possibly all users if your SSH keys are set up)
- When setting up the DigitalOcean Droplet, the name should be set to box.example.com. Setting the hostname is discussed later in this tutorial
- We’ll go into more detail later, but your domain registrar needs to support setting custom nameservers and glue records so you can host your own DNS on your Droplet; the term vanity nameservers is frequently used
- (Optional) Purchase an SSL certificate to use in place of the self-signed one; this is recommended for production environments
On the RAM requirement, the installation script will abort with the following output if the RAM requirement is not met:
ErrorYour Mail-in-a-Box needs more memory (RAM) to function properly.
Please provision a machine with at least 768 MB, 1 GB recommended.
This machine has 513 MB memory
Before embarking on this, be sure that you have an Ubuntu server with 1 GB of RAM.
For this article, we’ll assume that the domain for which you are setting up an email server is example.com. You are, of course, expected to replace this with your real domain name.
Step 1 — Configure Hostname
In this step, you’ll learn how to set the hostname properly, if it is not already set. Then you’ll modify the /etc/hosts file to match.
From here on, it is assumed that you’re logged into your DigitalOcean account and also logged into the server as a sudo user via SSH using:
Officially, it is recommended that the hostname of your server be set to box.example.com. This should also be the name of the Droplet as it appears on your DigitalOcean dashboard. If the name of the Droplet is set to just the domain name, rename it by clicking on the name of the Droplet, then Settings > Rename.
After setting the name of the Droplet as recommended, verify that it matches what appears in the /etc/hostname file by typing the command:
The output should read something like this:
Outputbox.example.com
If the output does not match the name as it appears on your DigitalOcean dashboard, correct it by typing:
Step 2 — Modify /etc/hosts File
The /etc/hosts file needs to be modified to associate the hostname with the server’s IP address. To edit it, open it with nano or your favorite editor using:
Modify the IPv4 addresses, so that they read:
127.0.0.1 localhost.localdomain localhost
your_server_ip box.example.com box
You can copy the localhost.localdomain localhost line exactly. Use your own IP and domain on the second line.
Save and close the file.
Step 3 — Create Glue Records
While it’s possible to have an external DNS service, like that provided by your domain registrar, handle all DNS resolutions for the server, it’s strongly recommended to delegate DNS responsibilities to the Mail-in-a-Box server.
That means you’ll need to set up glue records when using Mail-in-a-Box. Using glue records makes it easier to securely and correctly set up the server for email. When using this method, it is very important that all DNS responsibilities be delegated to the Mail-in-a-Box server, even if there’s an active website using the target domain.
If you do have an active website at your domain, make sure to set up the appropriate additional DNS records on your Mail-in-a-Box server. Otherwise, your domain won’t resolve to your website. You can copy your existing DNS records to make sure everything works the same.
Setting up glue records (also called private nameservers, vanity nameservers, and child nameservers) has to be accomplished at your domain registrar.
To set up a glue record, the following tasks have to be completed:
-
Set the glue records themselves. This involves creating custom nameserver addresses that associate the server’s fully-qualified hostname, plus the ns1 and ns2 prefixes, with its IP address. These should be as follows:
- ns1.box.example.com your_server_ip
- ns2.box.example.com your_server_ip
-
Transfer DNS responsibilities to the Mail-in-a-Box server.
- example.com NS ns1.box.example.com
- example.com NS ns2.box.example.com
Note: Both tasks must be completed correctly. Otherwise, the server will not be able to function as a mail server. (Alternately, you can set up all the appropriate MX, SPF, DKIM, etc., records on a different nameserver.)
The exact steps involved in this process vary by domain registrar. If the steps given in this article do not match yours, contact your domain registrar’s tech support team for assistance.
Example: Namecheap
To start, log into your domain registrar’s account. How your domain registrar’s account dashboard looks depends on the domain registrar you’re using. The example uses Namecheap, so the steps and images used in this tutorial are exactly as you’ll find them if you have a Namecheap account. If you’re using a different registrar, call their tech support or go through their knowledgebase to learn how to create a glue record.
After logging in, find a list of the domains that you manage and click on the target domain; that is, the one you’re about to use to set up the mail server.
Look for a menu item that allows you to modify its nameserver address information. On the Namecheap dashboard, that menu item is called Nameserver Registration under the Advanced Options menu category. You should get an interface that looks like the following:
We’re going to set up two glue records for the server:
- ns1.box.example.com
- ns2.box.example.com
Since only one custom field is provided, they’ll have to be configured in sequence. As shown in the image below, type ns1.box where the number 1 appears, then type the IP address of the Mail-in-a-Box server in the IP Address field (indicated by the number 2). Finally, click the Add Nameservers button to add the record (number 3).
Repeat for the other record, making sure to use ns2.box along with the same domain name and IP address.
After both records have been created, look for another menu entry that says Transfer DNS to Webhost. You should get a window that looks just like the one shown in the image below. Select the custom DNS option, then type in the first two fields:
- ns1.box.example.com
- ns2.box.example.com
Click to apply the changes.
Note: The custom DNS servers you type here should be the same as the ones you just specified for the Nameserver Registration.
Changes to DNS take some time to propagate. It could take up to 24 hours, but it took only about 15 minutes for the changes made to the test domain to propagate.
You can verify that the DNS changes have been propagated by visiting whatsmydns.net. Search for the A and MX records of the target domain. If they match what you set in this step, then you may proceed to Step 4. Otherwise go through this step again or contact your registrar for assistance.
Step 4 — Install Mail-in-a-Box
In this step, you’ll run the script to install Mail-in-a-Box on your Droplet. The Mail-in-a-Box installation script installs every package required to run a full-blown email server, so all you need to do is run a simple command and follow the prompts.
Assuming you’re still logged into the server, move to your home directory:
Install Mail-in-a-Box:
The script will prompt you with the introductory message in the following image. Press ENTER.
You’ll now be prompted to create the first email address, which you’ll later use to log in to the system. You could enter contact@example.com or another email address at your domain. Accept or modify the suggested email address, and press ENTER. After that, you’ll be prompted to specify and confirm a password for the email account.
After the email setup, you’ll be prompted to confirm the hostname of the server. It should match the one you set in Step 1, which in this example is box.example.com. Press ENTER.
Next you’ll be prompted to select your country. Select it by scrolling up or down using the arrows keys. Press ENTER after you’ve made the right choice.
At some point, you’ll get this prompt:
OutputOkay. I'm about to set up contact@example.com for you. This account will also have access to the box's control panel.
password:
Specify a password for the default email account, which will also be the default web interface admin account.
After installation has completed successfully, you should see some post-installation output that includes:
Outputmail user added
added alias hostmaster@box.example.com (=> administrator@box.example.com)
added alias postmaster@example.com (=> administrator@box.example.com)
added alias admin@example.com (=> administrator@box.example.com)
updated DNS: example.com
web updated
alias added
added alias admin@box.example.com (=> administrator@box.example.com)
added alias postmaster@box.example.com (=> administrator@box.example.com)
-----------------------------------------------
Your Mail-in-a-Box is running.
Please log in to the control panel for further instructions at:
https://your_server_ip/admin
You will be alerted that the website has an invalid certificate. Check that
the certificate fingerprint matches:
1F:C1:EE:C7:C6:2C:7C:47:E8:EF:AC:5A:82:C1:21:67:17:8B:0C:5B
Then you can confirm the security exception and continue.
Step 5 — Log In to Mail-in-a-Box Dashboard
Now you’ll log in to the administrative interface of Mail-in-a-Box and get to know your new email server. To access the admin interface, use the URL provided in the post-installation output. This should be:
https://your_server_ip/admin#
Because HTTPS and a self-signed certificate were used, you will get a security warning in your browser window. You’ll have to create a security exception. How that’s done depends on the browser you’re using.
If you’re using Firefox, for example, you will get a browser window with the familiar warning shown in the next image.
To accept the certificate, click the I Understand the Risks button, then on the Add Exception button.
On the next screen, you may verify that the certificate fingerprint matches the one in the post-installation output, then click the Confirm Security Exception button.
After the exception has been created, log in using the username and password of the email account created during installation. Note that the username is the complete email address, like contact@example.com.
When you log in, a system status check is initiated. Mail-in-a-Box will check that all aspects of the server, including the glue records, have been configured correctly. If true, you should see a sea of green (and some yellowish green) text, except for the part pertaining to SSL certificates, which will be in red. You might also see a message about a reboot, which you can take care of.
Note: If there are outputs in red about incorrect DNS MX records for the configured domain, then Step 3 was not completed correctly. Revisit that step or contact your registrar’s tech support team for assistance.
If the only red texts you see are because of SSL certificates, congratulations! You have now successfully set up your own mail server using Mail-in-a-Box.
If you want to revisit this section (for example, after waiting for DNS to propagate), it’s under System > Status Checks.
Step 6 — Access Webmail & Send Test Email
To access the webmail interface, click on Mail > Instructions from the top navigation bar, and access the URL provided on that page. It should be something like this:
https://box.example.com/mail
Log in with the email address (include the @example.com part) and password that you set up earlier.
Mail-in-a-box uses Roundcube as its webmail app. Try sending a test email to an external email address. Then, reply or send a new message to the address managed by your Mail-in-a-Box server.
The outgoing email should be received almost immediately, but because graylisting is in effect on the Mail-in-a-Box server, it will take about 15 minutes before incoming email shows up.
This won’t work if DNS is not set up correctly.
If you can both send and receive test messages, you are now running your own email server. Congratulations!
(Optional) Step 7 — Install SSL Certificate
Mail-in-a-box generates its own self-signed certificate by default. If you want to use this server in a production environment, we highly recommend installing an official SSL certificate.
First, purchase your certificate. Or, to learn how to create a free signed SSL certificate, refer to the How To Set Up Apache with a Free Signed SSL Certificate on a VPS tutorial.
Then, from the Mail-in-a-Box admin dashboard, select System > SSL Certificates from the top navigation menu.
From there, use the Install Certificate button next to the appropriate domain or subdomain. Copy and paste your certificate and any chain certificates into the provided text fields. Finally click the Install button.
Now you and your users should be able to acces webmail and the admin panel without browser warnings.
Conclusion
It’s easy to keep adding domains and additional email addresses to your Mail-in-a-Box server. To add a new address at a new or existing domain, just add another email account from Mail > Users in the admin dashboard. If the email address is at a new domain, Mail-in-a-box will automatically add appropriate new settings for it.
If you’re adding a new domain, make sure you set the domain’s nameservers to ns1.box.example.com and ns2.box.example.com (the same ones we set up earlier for the first domain) at your domain registrar. Your Droplet will handle all of the DNS for the new domain.
To see the current DNS settings, visit System > External DNS. To add your own entries, visit System > Custom DNS.
Mail-in-a-Box also provides functionality beyond the scope of this article. It can serve as a hosted contact and calendar manager courtesy of ownCloud. It can also be used to host static websites.
Further information about Mail-in-a-Box is available at the project’s home page.
Thanks for learning with the DigitalOcean Community. Check out our offerings for compute, storage, networking, and managed databases.
About the author(s)
Jack of all trades, master of a few
Technical Editor, DigitalOcean
Still looking for an answer?
This textbox defaults to using Markdown to format your answer.
You can type !ref in this text area to quickly search our full set of tutorials, documentation & marketplace offerings and insert the link!
Excellent tutorial… Thanks a lot for that!
- Just note Namecheap.com domain registrar does not support DNSSEC DS Record yet… Then if you wish to fully test Mail-in-a-Box you may wish to use Gandi.net domain registrar that already supports it. Hope this may help others!
Thanks for the tutorial. I have a question: Why do you need to change server’s hostname? What’s going to happen if I leave it without “box.”?
Does this affect if I also have a web server running?
I hope you can help me
This comment has been deleted
Howdy, you have subscribers that claim the tutorial worked perfectly. I wish I could agree. The part of the configuration/install about changing the hostname to box.example.com is failing for the error condition: permission denied. Attempts to rectify including becoming the root user and using chmod 777 do not lessen the restrictions on the file: hostname. Therefore I am unable to complete the tutorial as prescribed. Please advise.
Can anyone speak from experience as to whether this is better than using iRedMail ?
Ahhh! Good to know, thanks. Yes I will definitely compare the 2 thoroughly before choosing the setup I’ll use to get going.
This comment has been deleted
I have a domain registered with 123-Reg.co.uk, though the Nameservers are with DO.
They won’t let me add subdomains in the Nameserver box - ‘ns1.box.mydomain.tld’ - it only lets me add ‘ns1.mydomain.tld’.
Does this mean that I can’t do this?
I don’t think a domain registrar will deny you the right of adding subdomains. Call their tech support and let them show you how.
If they say, you can’t, then its time to find another registrar.
I’d like to try this but I have some questions before I get started concerning Step 3 Create Glue Records. I have my own domain through domains by proxy (godaddy). I edited my zone file there to use DO’s name servers. Since I did that I can’t make any other changes there. Since then I’ve been using the DNS link at the top of my DO account page. Currently my DNS looks like this:
A @ xx.xx.xx.xx CNAME www example.com NS ns1.digitalocean.com. NS ns2.digitalocean.com. NS ns3.digitalocean.com.
Do I edit the DO DNS NS records to show:
ns1.box.example.com my-server-ip
ns2.box.example.com my-server-ip
and drop the 3rd NS record? Or do I need to make the change somewhere else?
Also you state I need to Transfer DNS responsibilities to the Mail-in-a-Box server. How do I do that unless that’s what I’m doing in the step above? Sorry for what are probably some stupid questions but I haven’t worked with DNS much and never with glue records.
Thanks for your patience.
For Encryption, What should I used? TLS or SSL? Same port 587?
Can I host my whole DNS to Cloudflare Free so that I can have a free wildcard SSL.
Thanks!
Is anyone able to comment on the DNS setup?
I have my domain with NameCheap like the example, but when I try to finish step 3 (Entering the custom name servers on the domain), NameCheap gives me an error:
We encountered some issues when setting nameservers. The reported problem is: 3031166 Updating nameservers failed. Please try again. 541
I am with godaddy:
Every time I try to change my nameservers to the two new glue records, my changes are reverted by the system. I am emailed an error :
The modifications you requested for the domain MYDOMAIN have failed.
Error: Data management policy violation; 8008
After some googleing I have found out that godaddy does not allow multiple nameservers to point to the same ip address. Has anyone got a workaround for this?
During the part of the installation that installs ownCloud I get a checksum error:
Download of https://download.owncloud.org/community/owncloud-8.0.3.zip did not match expected checksum.
Found:
625b1c561ea51426047a3e79eda51ca05e9f978a /tmp/owncloud.zip
Expected:
3192f3d783f81247eaf2914df63afdd593def4e5 /tmp/owncloud.zip
Then the install just stops.
I spun up a new droplet for this, what a waste of time and money.
At the very beginning:
Officially, it is recommended that the hostname of your server be set to box.example.com. This should also be the name of the Droplet as it appears on your DigitalOcean dashboard. If the name of the Droplet is set to just the domain name, rename it by clicking on the name of the Droplet, then Settings > Rename.
What if you have more than one domain on a single server?
My registrar (1 and 1) will not let me use the same IP address for NS1 & NS2. Any suggestions?
It says I have to have two nameservers with different IPs. I can use their ns for the second but this shows as an error/misconfiguration in system check?
Please see https://mailinabox.email/ for the most up-to-date setup guide and links to other resources where you can get help setting up Mail-in-a-Box.
Hello, I have been planning to run my own mail server for a while and am glad that I finally found this guide! Unfortunately I don’t know my way around all the terminology and was wondering if anyone could help me get through the tutorial ;/ Thanks anyway for the detailed explanation!!
It would seem that I had to restart my Droplet to get the hostname to update.
This tutorial gives no warning that the MiaB installer will automatically uninstall Apache, instead forcing you to use nginx. This is going to make it difficult and/or expensive to run a mail server along with my Apache-configured website.
I’m annoyed.
So, have I unserstood correctly?
- For installing MiaB I need to create new droplet, but not use my current with nginx+php5-fpm installed and sites running?
- Should I have separate domains that only be used for main email?
And didn’t understand, what to write in DNS lines at domain registar panel: after fields with “ns1/2/3.digitalocean.com” should I write ns1/2.box.example.com yourserverip. If so, where should I write “example.com NS ns1/2.box.example.com”?
What The Actual F…
This removed my Apache and installed nginx…all my websites are down now…PLEASE WARN THIS AT THE TOP of the article…
would be a good idea to update images of namecheap… thats where im at now and i am having a hell of a time cuz it doesn’t exactly specify… there are 2 places to add it in… register and just type in what you want. i.e. ns1.digitalocean.com.
I need help! I unfortunately lost my domain and was forced to create a new one. As a result I can no longer access the “cloud” module as it still references the previous domain and ask to trust the new domain and the box that I was presented
"the “trusted_domain” setting in config/config.php. An example configuration is provided in config/config.sample.php. "
I looked but I can not find it.
The idea at this point it would be to start from scratch and I need to get the Calendar and Contact off the box.
Is the Owncloud.db under /home/user-data/owncloud sufficient to copy and start over.
I have had no problems with the setup, but the domain change cause some headaches. And I already ran the setup and put the newer domain
thanks
Hello All,
This is my first time here after Installing Mail in a box. I am very Impressed with how the Installation went. The problem I have is that I need to Install a few small php applications on my main domain. but the php is not working … I have tried to Implement the various methods but I haven’t had any success as yet. I wonder if anyone else has any ideas. Using a different server is not an option for me as funds are limited. Any help would be much appreciated.
Thank you.
Notice that Mail-In-A-Box requires a dedicated server machine, with no other server related software on it. It will UNINSTALL apache if found.
Hello Team,
How to avoid spam while sending email from Mail-in-a-Box server?
I am using mail-in-a-box service. All my emails are labelled as spam.
Kindly help me!!
Hello! Is this setup possible to let me handle the email of my sites while my sites are hosted elsewhere? I’m asking because my sites are using their own nameservers which is actually my hosting server ns, if I change them over to the mail server ns then sites will stop working.
Thank you so much for the tutorials. I set it up & it’s working. But how can I send email using SMTP when the other domain using Cloudflare?
On step 3 it says that “You can verify that the DNS changes have been propagated by visiting whatsmydns.net. Search for the A and MX records of the target domain. If they match what you set in this step, then you may proceed to Step 4. Otherwise go through this step again or contact your registrar for assistance.” I wasted almost three days figuring out why it didn’t match what I had set. It only gave errors. I finally proceeded to install mail in a box anyway which is step 4 of the tutorial. Well, after the installation, my A records and MX records worked like a charm. This instruction should be removed it has been such a time waster for me.
Great - I should’ve read thru all comments re: how to add personal nameserver @ namecheap instead of wasting 2 days with tech support.
I understand that updating tutorial with recent images in a thankless job - but it would be good to mention this at the screenshots for namecheap - read comment of chivingtoninc April 7, 2016 for update…
Thx again - trying out now
Now that DO uses volumes, how would you approach using a Volume with mailinabox? That would be very useful.
Today this post teach me a lesson that you should see what the introduction points are saying. Well, i tried to install on a multi domain magento server and it pretty much messed up. Anyways thanks for the tutorial. I tried on a bare server and it worked
This work is licensed under a Creative Commons Attribution-NonCommercial- ShareAlike 4.0 International License.
Become a contributor for community
Get paid to write technical tutorials and select a tech-focused charity to receive a matching donation.
DigitalOcean Documentation
Full documentation for every DigitalOcean product.
Resources for startups and SMBs
The Wave has everything you need to know about building a business, from raising funding to marketing your product.
The developer cloud
Scale up as you grow — whether you're running one virtual machine or ten thousand.
Get started for free
Sign up and get $200 in credit for your first 60 days with DigitalOcean.*
*This promotional offer applies to new accounts only.