Before getting started with this guide you will need to already own and have access to managing a domain name. We will be using
example.com as our domain name and
18.104.22.168 as our instance's IP address throughout this learn guide but you will need to replace them with your chosen domain name and instance's IP address every time you see them.
Firstly you will need to create a Civo instance with the following details:
- Operating system:
Ubuntu 14.04(make sure you select 14.04, Civo's default is 16.04 and Mail-in-a-box requires 14.04 at this time)
- Initial user:
Civo will automatically setup the reverse DNS for you, but you will need to setup your other DNS records manually - if you're using Civo to serve your DNS records.
The Mail-in-a-Box script will automatically create a software firewall using
ufw, but if your machine is behind a hardware firewall then you will need to ensure these ports are open.
You can creating a new firewall via the Civo dashboard for an extra layer of security, but
ufw by itself is fine (0.0.0.0/0 is correct to open the ports for everyone).
| Protocol | Port | CIDR | Label | |----------|------|-----------|-----------------| | ICMP | N/A | 0.0.0.0/0 | Ping | | TCP | 22 | 0.0.0.0/0 | SSH | | TCP | 25 | 0.0.0.0/0 | SMTP | | TCP/UDP | 53 | 0.0.0.0/0 | Public DNS | | TCP | 80 | 0.0.0.0/0 | HTTP | | TCP | 443 | 0.0.0.0/0 | HTTPS | | TCP | 587 | 0.0.0.0/0 | SMTP Submission | | TCP | 993 | 0.0.0.0/0 | IMAP Secure | | TCP | 995 | 0.0.0.0/0 | POP3 Secure | | TCP | 1490 | 0.0.0.0/0 | Mail Filters |
Once you have added all of the rules you will then need to update your instance to use this firewall. You can do this by going to the instance's details page and selecting the firewall from the dropdown as shown below.
Mail-in-a-Box's setup guide suggests opening additional ports, adding glue records and pointing your domain's nameservers to your instance IP address to supporting their DNS and HTTP services but as this guide is not going to cover that we have not listed them.
Your instance should now be ready to actually install Mail-in-a-Box.
First we need to SSH into the instance:
Next we just need to install Mail-in-a-Box:
curl -s https://mailinabox.email/setup.sh | sudo bash
You will then be prompted a few times. Start by pressing OK (enter on your keyboard) to dismiss the initial message.
Your email address
Type the first email address you want to setup on this box and press enter; we used
firstname.lastname@example.org, this is also the email you will use to log in to the admin control panel later.
You should then be prompted for the hostname of this box which should match your instance's hostname, we used
mail.example.com. Mail-in-a-Box might have correctly guessed your hostname, if not change it and press enter.
Next select your country by using the arrow keys and pressing enter.
Then select your city or region and press enter to continue to the final step.
Please note that there will be a wait of about 5 minutes after this step whilst everything is installed and configured.
Initializing system random number generator... Creating SSH key for backup… Firewall is active and enabled on system startup Creating initial SSL certificate and perfect forward secrecy Diffie-Hellman parameters... Generating DH parameters, 2048 bit long safe prime, generator 2 This is going to take a long time .....................................+.......................................................
Okay. I'm about to set up email@example.com for you. This account will also have access to the box's control panel.
You'll then be required to type a new password for this account, type your password, press enter, confirm the password and one last time press enter. As mentioned earlier this is the password you will use to log in to the admin control panel as well as webmail and to access your email on all of your devices (mail clients).
When the script completes it will output a message similar to the following:
Your Mail-in-a-Box is running. Please log in to the control panel for further instructions at: https://22.214.171.124/admin You will be alerted that the website has an invalid certificate. Check that the certificate fingerprint matches: XX:XX:XX:XX:XX:XX:XX:XX:XX:XX:XX:XX:XX:XX:XX:XX:XX:XX:XX:XX Then you can confirm the security exception and continue.
Note: Re-running the script
It is always safe to run the script again, so if you entered incorrect information or something failed you can run the previous curl command command or just run
Admin Control Panel
Following on from the post-install output message, to access your Mail-in-a-Box admin control panel you will need to visit the supplied URL.
Don't panic but you should see a warning at this point as it is currently using a self-signed TLS (SSL) certificate which we will bypass to start with and then fix later on (optional but recommended).
To accept the self-signed TLS (SSL) certificate (steps slightly differ per browser):
- Click "Advanced".
- Then click "Add Exception…".
- Click View and check the certificate fingerprint (SHA-256 fingerprint) matches that of the post-install message.
- Click "Confirm Security Exception".
You should now be able to log in to the admin control panel using the email address and password you provided earlier during the Mail-in-a-Box installation prompts.
Once you have logged in you should see the system status checks but if you do not click on the "System" dropdown and select "Status Checks" to ensure everything has been setup correctly - including but not limited to the DNS config. If you see anything in red, apart from TLS (SSL) related messages, you will need to follow the on-screen instructions to try to fix it.
Add DNS Records
If you are managing your DNS records via Civo your final set of records (for this guide) should look something like the below image; if you are not using Civo to manage your DNS records then you just need to ensure you add the correct record types and values to wherever it is you manage them.
TLS (SSL) certificate (optional but recommended)
If you would like to use the built-in automatic Let's Encrypt integration to obtain a free TLS (SSL) certificate you can navigate to "System" -> "TLS (SSL) Certificates" inside the admin control panel. Once here simple click the "Install Certificate" button next to your instance's hostname
This certificate will automatically renew 14 days before it expires and can also be replaced on request by clicking the "Replace Certificate" button, but please be careful as Let's Encrypt is a rate-limited service which could stop you from requesting and obtaining a new certificate for a period of time if you click it to many times in quick succession.
If you do not want to use the Let's Encrypt free TLS (SSL) certificate or you already have your own then Mail-in-a-Box also allows you to import any other certificate, just follow the instructions within the admin control panel under "TLS (SSL) Certificates".
Webmail, Apps and Clients
You can access your actual email inbox via the webmail interface, for us this is
For further instructions on how to configure specific email clients on your desktop or apps on your devices you can click on the "Mail" dropdown and select "Instructions" within the admin control panel. There is even a really useful configuration link which can be used to automatically configure your iOS and Mac desktop devices.
You will receive weekly email updates about the status of your Mail-in-a-Box and when something needs updating you will need to SSH into your instance (the same way we did earlier in this guide) to suppress these messages.
System Software (Ubuntu)
To update Ubuntu's packages type the following and press enter:
sudo apt-get update && sudo apt-get upgrade
Not all but some updates will require a reboot of the instance, to do this either use Civo's dashboard, your new Mail-in-a-Box admin control panel ("Reboot Box" button) or run the following command:
Please note: Rebooting your instance will take your Mail-in-a-Box offline and you will not be able to send or receive email whilst it is rebooting. It shouldn't take long but please aware of this if you are doing it during business hours.
To upgrade Mail-in-a-Box you just need to run the same command as when we installed it.
curl -s https://mailinabox.email/setup.sh | sudo bash
Mail-in-a-Box automatically creates an incremental backup each night which is stored locally on the instance at
/home/user-data/backup/encrypted, but ideally you should store or transfer the backups to somewhere external. The way we like to do that here at Civo is to attach a volume to the instance and mount it at the aforementioned location; the size of the volume will depend entirely on how many email accounts you plan on using and how much mail you tend to store but 1GB should be fine to start with.
Please check the official Mail-in-a-Box website for additional instructions and tips.