{"id":13399426,"url":"https://github.com/mail-in-a-box/mailinabox","last_synced_at":"2026-03-10T23:35:23.126Z","repository":{"id":37791588,"uuid":"12271469","full_name":"mail-in-a-box/mailinabox","owner":"mail-in-a-box","description":"Mail-in-a-Box helps individuals take back control of their email by defining a one-click, easy-to-deploy SMTP+everything else server: a mail server in a box.","archived":false,"fork":false,"pushed_at":"2025-07-28T13:01:05.000Z","size":3806,"stargazers_count":15088,"open_issues_count":591,"forks_count":1524,"subscribers_count":284,"default_branch":"main","last_synced_at":"2025-12-20T10:08:44.540Z","etag":null,"topics":["email","mail","server","smtp"],"latest_commit_sha":null,"homepage":"https://mailinabox.email/","language":"Python","has_issues":true,"has_wiki":null,"has_pages":null,"mirror_url":null,"source_name":null,"license":"cc0-1.0","status":null,"scm":"git","pull_requests_enabled":true,"icon_url":"https://github.com/mail-in-a-box.png","metadata":{"files":{"readme":"README.md","changelog":"CHANGELOG.md","contributing":"CONTRIBUTING.md","funding":null,"license":"LICENSE","code_of_conduct":"CODE_OF_CONDUCT.md","threat_model":null,"audit":null,"citation":null,"codeowners":null,"security":"security.md","support":null,"governance":null,"roadmap":null,"authors":null,"dei":null,"publiccode":null,"codemeta":null,"zenodo":null,"notice":null,"maintainers":null,"copyright":null,"agents":null,"dco":null,"cla":null}},"created_at":"2013-08-21T13:56:50.000Z","updated_at":"2025-12-20T03:54:26.000Z","dependencies_parsed_at":"2026-03-04T01:04:30.712Z","dependency_job_id":null,"html_url":"https://github.com/mail-in-a-box/mailinabox","commit_stats":null,"previous_names":[],"tags_count":87,"template":false,"template_full_name":null,"purl":"pkg:github/mail-in-a-box/mailinabox","repository_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/mail-in-a-box%2Fmailinabox","tags_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/mail-in-a-box%2Fmailinabox/tags","releases_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/mail-in-a-box%2Fmailinabox/releases","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/mail-in-a-box%2Fmailinabox/manifests","owner_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners/mail-in-a-box","download_url":"https://codeload.github.com/mail-in-a-box/mailinabox/tar.gz/refs/heads/main","sbom_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/mail-in-a-box%2Fmailinabox/sbom","scorecard":{"id":612804,"data":{"date":"2025-08-11","repo":{"name":"github.com/mail-in-a-box/mailinabox","commit":"2d0ca67e8581a5ac592486ae1dfe8615224aeafe"},"scorecard":{"version":"v5.2.1-40-gf6ed084d","commit":"f6ed084d17c9236477efd66e5b258b9d4cc7b389"},"score":6.4,"checks":[{"name":"Packaging","score":-1,"reason":"packaging workflow not detected","details":["Warn: no GitHub/GitLab publishing workflow detected."],"documentation":{"short":"Determines if the project is published as a package that others can easily download, install, easily update, and uninstall.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#packaging"}},{"name":"Code-Review","score":6,"reason":"Found 10/15 approved changesets -- score normalized to 6","details":null,"documentation":{"short":"Determines if the project requires human code review before pull requests (aka merge requests) are merged.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#code-review"}},{"name":"Dangerous-Workflow","score":-1,"reason":"no workflows found","details":null,"documentation":{"short":"Determines if the project's GitHub Action workflows avoid dangerous patterns.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#dangerous-workflow"}},{"name":"Token-Permissions","score":-1,"reason":"No tokens found","details":null,"documentation":{"short":"Determines if the project's workflows follow the principle of least privilege.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#token-permissions"}},{"name":"Maintained","score":10,"reason":"30 commit(s) and 3 issue activity found in the last 90 days -- score normalized to 10","details":null,"documentation":{"short":"Determines if the project is \"actively maintained\".","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#maintained"}},{"name":"Security-Policy","score":10,"reason":"security policy file detected","details":["Info: security policy file detected: security.md:1","Info: Found linked content: security.md:1","Info: Found disclosure, vulnerability, and/or timelines in security policy: security.md:1","Info: Found text in security policy: security.md:1"],"documentation":{"short":"Determines if the project has published a security policy.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#security-policy"}},{"name":"Binary-Artifacts","score":10,"reason":"no binaries found in the repo","details":null,"documentation":{"short":"Determines if the project has generated executable (binary) artifacts in the source repository.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#binary-artifacts"}},{"name":"CII-Best-Practices","score":0,"reason":"no effort to earn an OpenSSF best practices badge detected","details":null,"documentation":{"short":"Determines if the project has an OpenSSF (formerly CII) Best Practices Badge.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#cii-best-practices"}},{"name":"Pinned-Dependencies","score":-1,"reason":"no dependencies found","details":null,"documentation":{"short":"Determines if the project has declared and pinned the dependencies of its build process.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#pinned-dependencies"}},{"name":"Fuzzing","score":0,"reason":"project is not fuzzed","details":["Warn: no fuzzer integrations found"],"documentation":{"short":"Determines if the project uses fuzzing.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#fuzzing"}},{"name":"License","score":10,"reason":"license file detected","details":["Info: project has a license file: LICENSE:0","Info: FSF or OSI recognized license: Creative Commons Zero v1.0 Universal: LICENSE:0"],"documentation":{"short":"Determines if the project has defined a license.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#license"}},{"name":"Vulnerabilities","score":10,"reason":"0 existing vulnerabilities detected","details":null,"documentation":{"short":"Determines if the project has open, known unfixed vulnerabilities.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#vulnerabilities"}},{"name":"Signed-Releases","score":-1,"reason":"no releases found","details":null,"documentation":{"short":"Determines if the project cryptographically signs release artifacts.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#signed-releases"}},{"name":"Branch-Protection","score":3,"reason":"branch protection is not maximal on development and all release branches","details":["Info: 'allow deletion' disabled on branch 'main'","Info: 'force pushes' disabled on branch 'main'","Warn: branch 'main' does not require approvers","Warn: codeowners review is not required on branch 'main'","Warn: no status checks found to merge onto branch 'main'"],"documentation":{"short":"Determines if the default and release branches are protected with GitHub's branch protection settings.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#branch-protection"}},{"name":"SAST","score":0,"reason":"SAST tool is not run on all commits -- score normalized to 0","details":["Warn: 0 commits out of 25 are checked with a SAST tool"],"documentation":{"short":"Determines if the project uses static code analysis.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#sast"}}]},"last_synced_at":"2025-08-21T03:04:07.682Z","repository_id":37791588,"created_at":"2025-08-21T03:04:07.682Z","updated_at":"2025-08-21T03:04:07.682Z"},"host":{"name":"GitHub","url":"https://github.com","kind":"github","repositories_count":286080680,"owners_count":30362121,"icon_url":"https://github.com/github.png","version":null,"created_at":"2022-05-30T11:31:42.601Z","updated_at":"2026-03-10T21:41:54.280Z","status":"ssl_error","status_checked_at":"2026-03-10T21:40:59.357Z","response_time":106,"last_error":"SSL_connect returned=1 errno=0 peeraddr=140.82.121.5:443 state=error: unexpected eof while reading","robots_txt_status":"success","robots_txt_updated_at":"2025-07-24T06:49:26.215Z","robots_txt_url":"https://github.com/robots.txt","online":false,"can_crawl_api":true,"host_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub","repositories_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories","repository_names_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repository_names","owners_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners"}},"keywords":["email","mail","server","smtp"],"created_at":"2024-07-30T19:00:37.658Z","updated_at":"2026-03-10T23:35:23.060Z","avatar_url":"https://github.com/mail-in-a-box.png","language":"Python","funding_links":[],"categories":["Pre-Configured Mail-Servers","Python","Mail Services","server","Apps","Sending"],"sub_categories":["Notable Mentions","Self-Hosted","Mail","Complete Email Server"],"readme":"Mail-in-a-Box\n=============\n\nBy [@JoshData](https://github.com/JoshData) and [contributors](https://github.com/mail-in-a-box/mailinabox/graphs/contributors).\n\nMail-in-a-Box helps individuals take back control of their email by defining a one-click, easy-to-deploy SMTP+everything else server: a mail server in a box.\n\n**Please see [https://mailinabox.email](https://mailinabox.email) for the project's website and setup guide!**\n\n* * *\n\nOur goals are to:\n\n* Make deploying a good mail server easy.\n* Promote [decentralization](http://redecentralize.org/), innovation, and privacy on the web.\n* Have automated, auditable, and [idempotent](https://web.archive.org/web/20190518072631/https://sharknet.us/2014/02/01/automated-configuration-management-challenges-with-idempotency/) configuration.\n* **Not** make a totally unhackable, NSA-proof server.\n* **Not** make something customizable by power users.\n\nAdditionally, this project has a [Code of Conduct](CODE_OF_CONDUCT.md), which supersedes the goals above. Please review it when joining our community.\n\n\nIn The Box\n----------\n\nMail-in-a-Box turns a fresh Ubuntu 22.04 LTS 64-bit machine into a working mail server by installing and configuring various components.\n\nIt is a one-click email appliance. There are no user-configurable setup options. It \"just works.\"\n\nThe components installed are:\n\n* SMTP ([postfix](http://www.postfix.org/)), IMAP ([Dovecot](http://dovecot.org/)), CardDAV/CalDAV ([Nextcloud](https://nextcloud.com/)), and Exchange ActiveSync ([z-push](http://z-push.org/)) servers\n* Webmail ([Roundcube](http://roundcube.net/)), mail filter rules (thanks to Roundcube and Dovecot), and email client autoconfig settings (served by [nginx](http://nginx.org/))\n* Spam filtering ([spamassassin](https://spamassassin.apache.org/)) and greylisting ([postgrey](http://postgrey.schweikert.ch/))\n* DNS ([nsd4](https://www.nlnetlabs.nl/projects/nsd/)) with [SPF](https://en.wikipedia.org/wiki/Sender_Policy_Framework), DKIM ([OpenDKIM](http://www.opendkim.org/)), [DMARC](https://en.wikipedia.org/wiki/DMARC), [DNSSEC](https://en.wikipedia.org/wiki/DNSSEC), [DANE TLSA](https://en.wikipedia.org/wiki/DNS-based_Authentication_of_Named_Entities), [MTA-STS](https://tools.ietf.org/html/rfc8461), and [SSHFP](https://tools.ietf.org/html/rfc4255) policy records automatically set\n* TLS certificates are automatically provisioned using [Let's Encrypt](https://letsencrypt.org/) for protecting https and all of the other services on the box\n* Backups ([duplicity](http://duplicity.nongnu.org/)), firewall ([ufw](https://launchpad.net/ufw)), intrusion protection ([fail2ban](http://www.fail2ban.org/wiki/index.php/Main_Page)), and basic system monitoring ([munin](http://munin-monitoring.org/))\n\nIt also includes system management tools:\n\n* Comprehensive health monitoring that checks each day that services are running, ports are open, TLS certificates are valid, and DNS records are correct\n* A control panel for adding/removing mail users, aliases, custom DNS records, configuring backups, etc.\n* An API for all of the actions on the control panel\n\nInternationalized domain names are supported and configured easily (but SMTPUTF8 is not supported, unfortunately).\n\nIt also supports static website hosting since the box is serving HTTPS anyway. (To serve a website for your domains elsewhere, just add a custom DNS \"A\" record in you Mail-in-a-Box's control panel to point domains to another server.)\n\nFor more information on how Mail-in-a-Box handles your privacy, see the [security details page](security.md).\n\n\nInstallation\n------------\n\nSee the [setup guide](https://mailinabox.email/guide.html) for detailed, user-friendly instructions.\n\nFor experts, start with a completely fresh (really, I mean it) Ubuntu 22.04 LTS 64-bit machine. On the machine...\n\nClone this repository and checkout the tag corresponding to the most recent release (which you can find in the tags or releases lists on GitHub):\n\n\t$ git clone https://github.com/mail-in-a-box/mailinabox\n\t$ cd mailinabox\n\t$ git checkout TAGNAME\n\nBegin the installation.\n\n\t$ sudo setup/start.sh\n\nThe installation will install, uninstall, and configure packages to turn the machine into a working, good mail server.\n\nFor help, DO NOT contact Josh directly --- I don't do tech support by email or tweet (no exceptions).\n\nPost your question on the [discussion forum](https://discourse.mailinabox.email/) instead, where maintainers and Mail-in-a-Box users may be able to help you.\n\nNote that while we want everything to \"just work,\" we can't control the rest of the Internet. Other mail services might block or spam-filter email sent from your Mail-in-a-Box.\nThis is a challenge faced by everyone who runs their own mail server, with or without Mail-in-a-Box. See our discussion forum for tips about that.\n\n\nContributing and Development\n----------------------------\n\nMail-in-a-Box is an open source project. Your contributions and pull requests are welcome. See [CONTRIBUTING](CONTRIBUTING.md) to get started. \n\n\nThe Acknowledgements\n--------------------\n\nThis project was inspired in part by the [\"NSA-proof your email in 2 hours\"](http://sealedabstract.com/code/nsa-proof-your-e-mail-in-2-hours/) blog post by Drew Crawford, [Sovereign](https://github.com/sovereign/sovereign) by Alex Payne, and conversations with \u003ca href=\"https://twitter.com/shevski\" target=\"_blank\"\u003e@shevski\u003c/a\u003e, \u003ca href=\"https://github.com/konklone\" target=\"_blank\"\u003e@konklone\u003c/a\u003e, and \u003ca href=\"https://github.com/gregelin\" target=\"_blank\"\u003e@GregElin\u003c/a\u003e.\n\nMail-in-a-Box is similar to [iRedMail](http://www.iredmail.org/) and [Modoboa](https://github.com/tonioo/modoboa).\n\n\nThe History\n-----------\n\n* In 2007 I wrote a relatively popular Mozilla Thunderbird extension that added client-side SPF and DKIM checks to mail to warn users about possible phishing: [add-on page](https://addons.mozilla.org/en-us/thunderbird/addon/sender-verification-anti-phish/), [source](https://github.com/JoshData/thunderbird-spf).\n* In August 2013 I began Mail-in-a-Box by combining my own mail server configuration with the setup in [\"NSA-proof your email in 2 hours\"](http://sealedabstract.com/code/nsa-proof-your-e-mail-in-2-hours/) and making the setup steps reproducible with bash scripts.\n* Mail-in-a-Box was a semifinalist in the 2014 [Knight News Challenge](https://www.newschallenge.org/challenge/2014/submissions/mail-in-a-box), but it was not selected as a winner.\n* Mail-in-a-Box hit the front page of Hacker News in [April](https://news.ycombinator.com/item?id=7634514) 2014, [September](https://news.ycombinator.com/item?id=8276171) 2014, [May](https://news.ycombinator.com/item?id=9624267) 2015, and [November](https://news.ycombinator.com/item?id=13050500) 2016.\n* FastCompany mentioned Mail-in-a-Box a [roundup of privacy projects](http://www.fastcompany.com/3047645/your-own-private-cloud) on June 26, 2015.\n","project_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fmail-in-a-box%2Fmailinabox","html_url":"https://awesome.ecosyste.ms/projects/github.com%2Fmail-in-a-box%2Fmailinabox","lists_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fmail-in-a-box%2Fmailinabox/lists"}