Hello everyone,
Here my present for Christmas: a new version of HomeBox, the self hosted email solution.
Feel free to drop comments, create issues, update the docs, etc.
I released this quickly before going on vacation, so you may find some issues. However, this is mostly stable, and the code is easy to modify.
Also, you can now add and remove components individually, with an Ansible playbook.
https://github.com/progmaticltd/homebox
System installation and features
- Custom Debian installer generation with full disk encryption and fully automatic installation.
- Unlock the system upon boot by entering the passphrase through SSH.
- Install packages only from Debian stable (Bullseye).
- Automatic letsencrypt certificates generation using Lego and DNS challenge.
- Automatic security updates (optional).
- Centralised authentication with an LDAP users database, SSL certificate, password policies, PAM integration.
- AppArmor activated with a profile for all daemons.
- XKCD Random passwords generated and saved into pass (or on file system).
- Can be used at home, on a dedicated or virtual server hosted online.
- Flexible IP address support: IPv4 only, IPv6 only, and IPv4+IPv4 or IPv4+IPv6.
- Embedded DNS server, with CAA, DNSSEC and SSHFP (SSH fingerprint) support.
- Grade A https sites, HSTS implemented by default.
- Automatic configuration of OpenPGP Web Key Directory.
- Automatic firewall rules for inbound, outbound and forwarding traffic, using nftables.
- Restricted outbound web sites access to the minimum.
- Automatic update of DNS keys, DNS servers and glue records on Gandi.
Emails
- Postfix configuration and installation, with LDAP lookups, internationalised email aliases, fully SSL compliant.
- Generate DKIM keys, SPF and DMARC DNS records. The DKIM keys are generated every year.
- Automatic copy of sent emails into the sent folder.
- Automatic creation of the postmaster account and special email addresses using RFC 2142 specifications.
- Dovecot configuration, IMAPS, POP3S, Quotas, ManageSieve.
- Simple spam and ham learning by moving emails in and out the Junk folder
- Sieve and vacation scripts.
- Virtual folders for server search: unread messages, conversations view, all messages, flagged and messages labelled as "important".
- Email addresses with recipient delimiter included, e.g. john.doe+lists@dbcooper.com.
- Optional master user creation, e.g. for families with children or moderated communities.
- Server side full text search inside emails, attached documents and files and compressed archives, with better results than GMail.
- SOGo webmail with sieve filters management, password change form, Calendar and Address book management, GUI to import other account emails.
- Powerful and light antispam system with rspamd and optional access to the web interface.
- Antivirus for inbound and outbound emails with clamav (optional).
- Automatic configuration for Thunderbird and Outlook using published XML and other clients with special DNS records (RFC 6186).
Calendar and Address book
- Install and configure a CalDAV / CardDAV server, with automatic discovery (RFC 6186).
- Groupware functionality in a web interface, with SOGo.
- Recurring events, email alerts, shared address books and calendars.
- Mobile devices compatibility: Android, Apple iOS, BlackBerry 10 and Windows mobile through Microsoft ActiveSync.
Other optional features
- Incremental backups, encrypted, on multiple destination (SFTP, S3, Samba share or USB drive), with email and Jabber reporting.
- Jabber server, using ejabberd, with LDAP authentication, direct or offline file transfer and optional server to server communication.
- Static web site skeleton configuration, with https certificates and A+ security grade by default.
Development
- YAML files validation on each commit, using travis-ci.
- End to end integration tests for the majority of components.
- Playbooks to facilitate the installation or removal of development packages.
- Global debug flag to activate the debug mode of all components.
- Fully open source Ansible scripts licensed under GPLv3.
Merry Christmas, André
Here my present for Christmas: a new version of HomeBox, the self hosted email solution.
Feel free to drop comments, create issues, update the docs, etc.
I released this quickly before going on vacation, so you may find some issues. However, this is mostly stable, and the code is easy to modify.
That is why one should not be interested to much risk of lacking future support. What if your wife gets pregnant and there is no update/release for 9 months? ;) Obviously I admire such open source efforts. It is just such a pity to see so many projects initiated seemingly without first trying to bundle forces. This is especially visible in crm all these individual projects are 'shitty', I do not get why none of them try and work together to create a few good ones.
I used to always state that there is only one real distribution you could use, and that is the centos one. Basically because you could always buy a redhat license and get the support of a billion dollar company (now even IBM), but with their stream direction this all becomes questionable. However most projects do not even have an argument other than 'this is the distribution I know'.
The only long term alternative I see, is using containers that hardly have any os dependency and behave more like micro services. So you focus on the direct updates of suppliers.
I have to support Marc´s question. And also - what makes HomeBox different from Mailcow (https://mailcow.email/)? Thanks, Joachim
-----Ursprüngliche Nachricht----- Von: dovecot dovecot-bounces@dovecot.org Im Auftrag von Marc Gesendet: Dienstag, 27. Dezember 2022 11:25 An: Andre Rodier andre@rodier.me; dovecot@dovecot.org; postfix-users@postfix.org; debian-user@lists.debian.org; users-request@sogo.nu Betreff: RE: Self hosting solution for Christmas
Here my present for Christmas: a new version of HomeBox, the self hosted email solution.
Feel free to drop comments, create issues, update the docs, etc.
I released this quickly before going on vacation, so you may find some issues. However, this is mostly stable, and the code is easy to modify.
That is why one should not be interested to much risk of lacking future support. What if your wife gets pregnant and there is no update/release for 9 months? ;) Obviously I admire such open source efforts. It is just such a pity to see so many projects initiated seemingly without first trying to bundle forces. This is especially visible in crm all these individual projects are 'shitty', I do not get why none of them try and work together to create a few good ones.
I used to always state that there is only one real distribution you could use, and that is the centos one. Basically because you could always buy a redhat license and get the support of a billion dollar company (now even IBM), but with their stream direction this all becomes questionable. However most projects do not even have an argument other than 'this is the distribution I know'.
The only long term alternative I see, is using containers that hardly have any os dependency and behave more like micro services. So you focus on the direct updates of suppliers.
On 27 December 2022 11:39:42 CET, Joachim Lindenberg dovecot@lindenberg.one wrote:
I have to support Marc´s question. And also - what makes HomeBox different from Mailcow (https://mailcow.email/)? Thanks, Joachim
-----Ursprüngliche Nachricht----- Von: dovecot dovecot-bounces@dovecot.org Im Auftrag von Marc Gesendet: Dienstag, 27. Dezember 2022 11:25 An: Andre Rodier andre@rodier.me; dovecot@dovecot.org; postfix-users@postfix.org; debian-user@lists.debian.org; users-request@sogo.nu Betreff: RE: Self hosting solution for Christmas
Here my present for Christmas: a new version of HomeBox, the self hosted email solution.
Feel free to drop comments, create issues, update the docs, etc.
I released this quickly before going on vacation, so you may find some issues. However, this is mostly stable, and the code is easy to modify.
That is why one should not be interested to much risk of lacking future support. What if your wife gets pregnant and there is no update/release for 9 months? ;) Obviously I admire such open source efforts. It is just such a pity to see so many projects initiated seemingly without first trying to bundle forces. This is especially visible in crm all these individual projects are 'shitty', I do not get why none of them try and work together to create a few good ones.
I used to always state that there is only one real distribution you could use, and that is the centos one. Basically because you could always buy a redhat license and get the support of a billion dollar company (now even IBM), but with their stream direction this all becomes questionable. However most projects do not even have an argument other than 'this is the distribution I know'.
The only long term alternative I see, is using containers that hardly have any os dependency and behave more like micro services. So you focus on the direct updates of suppliers.
Hello, Joachim.
Perhaps I need to rewrite the doc, and the readme, so I will clarify a few points.
Homebox is a set of Ansible scripts to install and configure an email stack on Debian. Exactly like you would do it manually, but in an automated way.
Once the play book has been run, you still have a Debian installed, without any custom binary.
Therefore, of you need any support, ask the relevant making lists, like postfix, dovecot, sogo, Debian, clamav, rspamd, etc...
Now, to answer your question, I had a look to mailcow, and I still prefer Homebox to hosts my emails.
The security of my primary concern. If you look the code carefully, you will see a lot of decisions in this direction. From the list of authorised ciphers and the enforced encryption, even internally, to the absence of PHP. Also, the non-free and contrib sections are excluded.
I also offers full disk encryption out of the box using Debian preseed with remote drive unlocking.
You will also see a lot of unit tests to ensure the whole stack is running as expected.
Finally, I trust a lot the Debian community security policies. I prefer to use them than another community, especially with the unattended-upgrades package.
In terms of features, again, we're definitely not on the same line.
Homebox does not support multiple domains, and will never.
However, I use an LDAP server for authentication, which is used for other services, like a Jabber server. The solution includes a Jabber server out of the box, with files upload and server to server communication.
Next year, I will start to include a Prometheus stack, with alerts sent by xmpp.
I am also planning to add more features i think can be useful to personal hosting, still using Debian repositories. For instance, a WebDAV server to share files across multiple devices.
I don't pretend creating a better solution than X or Y, and I may add mailcow in the list of other solutions. However, I think some people, like me, just want to deploy a mail / xmpp server on Debian without third party packages. This is why I created this project.
Kind regards, André.
PS : for Marc's knowledge, I am very happy with the kids I already have. I had a surgery to ensure I won't have more. Maybe an example to follow...
Hello André, thanks for the explanations, appreciated, and for sure publishing a comparison would help users to make a decision, where to "shop", and maybe also for enthusiast the opportunity to join forces on specific topics. I like that you support FDE, but my personal preference is to run *x as virtual machines on Hyper-V with Bitlocker and Bitlocker Network Unlock. I haven´t looked into Clevis & Tang yet in detail, which might be an alternative. I decided for mailcow early 2018 where it met my requirements, but I am also open to alternatives, especially if they are on par or close w.r.t. functionality, ideally offering high availability via two replicating instances (mailcow does this commercially only and didn´t offer a GDPR compliant contract). Thanks, Joachim
-----Ursprüngliche Nachricht----- Von: André Rodier andre@rodier.me Gesendet: Donnerstag, 29. Dezember 2022 08:44 An: dovecot@dovecot.org; Joachim Lindenberg dovecot@lindenberg.one Betreff: Re: Self hosting solution for Christmas
On 27 December 2022 11:39:42 CET, Joachim Lindenberg dovecot@lindenberg.one wrote:
I have to support Marc´s question. And also - what makes HomeBox different from Mailcow (https://mailcow.email/)? Thanks, Joachim
-----Ursprüngliche Nachricht----- Von: dovecot dovecot-bounces@dovecot.org Im Auftrag von Marc Gesendet: Dienstag, 27. Dezember 2022 11:25 An: Andre Rodier andre@rodier.me; dovecot@dovecot.org; postfix-users@postfix.org; debian-user@lists.debian.org; users-request@sogo.nu Betreff: RE: Self hosting solution for Christmas
Here my present for Christmas: a new version of HomeBox, the self hosted email solution.
Feel free to drop comments, create issues, update the docs, etc.
I released this quickly before going on vacation, so you may find some issues. However, this is mostly stable, and the code is easy to modify.
That is why one should not be interested to much risk of lacking future support. What if your wife gets pregnant and there is no update/release for 9 months? ;) Obviously I admire such open source efforts. It is just such a pity to see so many projects initiated seemingly without first trying to bundle forces. This is especially visible in crm all these individual projects are 'shitty', I do not get why none of them try and work together to create a few good ones.
I used to always state that there is only one real distribution you could use, and that is the centos one. Basically because you could always buy a redhat license and get the support of a billion dollar company (now even IBM), but with their stream direction this all becomes questionable. However most projects do not even have an argument other than 'this is the distribution I know'.
The only long term alternative I see, is using containers that hardly have any os dependency and behave more like micro services. So you focus on the direct updates of suppliers.
Hello, Joachim.
Perhaps I need to rewrite the doc, and the readme, so I will clarify a few points.
Homebox is a set of Ansible scripts to install and configure an email stack on Debian. Exactly like you would do it manually, but in an automated way.
Once the play book has been run, you still have a Debian installed, without any custom binary.
Therefore, of you need any support, ask the relevant making lists, like postfix, dovecot, sogo, Debian, clamav, rspamd, etc...
Now, to answer your question, I had a look to mailcow, and I still prefer Homebox to hosts my emails.
The security of my primary concern. If you look the code carefully, you will see a lot of decisions in this direction. From the list of authorised ciphers and the enforced encryption, even internally, to the absence of PHP. Also, the non-free and contrib sections are excluded.
I also offers full disk encryption out of the box using Debian preseed with remote drive unlocking.
You will also see a lot of unit tests to ensure the whole stack is running as expected.
Finally, I trust a lot the Debian community security policies. I prefer to use them than another community, especially with the unattended-upgrades package.
In terms of features, again, we're definitely not on the same line.
Homebox does not support multiple domains, and will never.
However, I use an LDAP server for authentication, which is used for other services, like a Jabber server. The solution includes a Jabber server out of the box, with files upload and server to server communication.
Next year, I will start to include a Prometheus stack, with alerts sent by xmpp.
I am also planning to add more features i think can be useful to personal hosting, still using Debian repositories. For instance, a WebDAV server to share files across multiple devices.
I don't pretend creating a better solution than X or Y, and I may add mailcow in the list of other solutions. However, I think some people, like me, just want to deploy a mail / xmpp server on Debian without third party packages. This is why I created this project.
Kind regards, André.
PS : for Marc's knowledge, I am very happy with the kids I already have. I had a surgery to ensure I won't have more. Maybe an example to follow...
On 29 December 2022 09:10:23 CET, Joachim Lindenberg dovecot@lindenberg.one wrote:
Hello André, thanks for the explanations, appreciated, and for sure publishing a comparison would help users to make a decision, where to "shop", and maybe also for enthusiast the opportunity to join forces on specific topics. I like that you support FDE, but my personal preference is to run *x as virtual machines on Hyper-V with Bitlocker and Bitlocker Network Unlock. I haven´t looked into Clevis & Tang yet in detail, which might be an alternative. I decided for mailcow early 2018 where it met my requirements, but I am also open to alternatives, especially if they are on par or close w.r.t. functionality, ideally offering high availability via two replicating instances (mailcow does this commercially only and didn´t offer a GDPR compliant contract). Thanks, Joachim
-----Ursprüngliche Nachricht----- Von: André Rodier andre@rodier.me Gesendet: Donnerstag, 29. Dezember 2022 08:44 An: dovecot@dovecot.org; Joachim Lindenberg dovecot@lindenberg.one Betreff: Re: Self hosting solution for Christmas
On 27 December 2022 11:39:42 CET, Joachim Lindenberg dovecot@lindenberg.one wrote:
I have to support Marc´s question. And also - what makes HomeBox different from Mailcow (https://mailcow.email/)? Thanks, Joachim
-----Ursprüngliche Nachricht----- Von: dovecot dovecot-bounces@dovecot.org Im Auftrag von Marc Gesendet: Dienstag, 27. Dezember 2022 11:25 An: Andre Rodier andre@rodier.me; dovecot@dovecot.org; postfix-users@postfix.org; debian-user@lists.debian.org; users-request@sogo.nu Betreff: RE: Self hosting solution for Christmas
Here my present for Christmas: a new version of HomeBox, the self hosted email solution.
Feel free to drop comments, create issues, update the docs, etc.
I released this quickly before going on vacation, so you may find some issues. However, this is mostly stable, and the code is easy to modify.
That is why one should not be interested to much risk of lacking future support. What if your wife gets pregnant and there is no update/release for 9 months? ;) Obviously I admire such open source efforts. It is just such a pity to see so many projects initiated seemingly without first trying to bundle forces. This is especially visible in crm all these individual projects are 'shitty', I do not get why none of them try and work together to create a few good ones.
I used to always state that there is only one real distribution you could use, and that is the centos one. Basically because you could always buy a redhat license and get the support of a billion dollar company (now even IBM), but with their stream direction this all becomes questionable. However most projects do not even have an argument other than 'this is the distribution I know'.
The only long term alternative I see, is using containers that hardly have any os dependency and behave more like micro services. So you focus on the direct updates of suppliers.
Hello, Joachim.
Perhaps I need to rewrite the doc, and the readme, so I will clarify a few points.
Homebox is a set of Ansible scripts to install and configure an email stack on Debian. Exactly like you would do it manually, but in an automated way.
Once the play book has been run, you still have a Debian installed, without any custom binary.
Therefore, of you need any support, ask the relevant making lists, like postfix, dovecot, sogo, Debian, clamav, rspamd, etc...
Now, to answer your question, I had a look to mailcow, and I still prefer Homebox to hosts my emails.
The security of my primary concern. If you look the code carefully, you will see a lot of decisions in this direction. From the list of authorised ciphers and the enforced encryption, even internally, to the absence of PHP. Also, the non-free and contrib sections are excluded.
I also offers full disk encryption out of the box using Debian preseed with remote drive unlocking.
You will also see a lot of unit tests to ensure the whole stack is running as expected.
Finally, I trust a lot the Debian community security policies. I prefer to use them than another community, especially with the unattended-upgrades package.
In terms of features, again, we're definitely not on the same line.
Homebox does not support multiple domains, and will never.
However, I use an LDAP server for authentication, which is used for other services, like a Jabber server. The solution includes a Jabber server out of the box, with files upload and server to server communication.
Next year, I will start to include a Prometheus stack, with alerts sent by xmpp.
I am also planning to add more features i think can be useful to personal hosting, still using Debian repositories. For instance, a WebDAV server to share files across multiple devices.
I don't pretend creating a better solution than X or Y, and I may add mailcow in the list of other solutions. However, I think some people, like me, just want to deploy a mail / xmpp server on Debian without third party packages. This is why I created this project.
Kind regards, André.
PS : for Marc's knowledge, I am very happy with the kids I already have. I had a surgery to ensure I won't have more. Maybe an example to follow...
Hello, Joachim.
Yes, two replicating instances would be good, many options are available. I will make a few tests next year, using some components, like drbd and gfs2, to name a few. However, I am also looking into an NFS server.
For emails encryption, I will try to use dovecot native one, but I want to decrypt the key on user login. However, GPG maybe guys as well.
One thing I forgot to mention in the features: DNSSEC is automatically configured as well, using PowerDNS.
Kind regards, André.
(mailcow does this commercially only and didn´t offer a GDPR compliant contract).
Maybe getting a bit of topic, but afaik being gdpr compliant you basically are when you do proper security and are not snooping into peoples data. What are they doing there at mailcow that they can't give you a GDPR contract?
That´s oversimplified, there is a lot more. In the specific case I asked them to offer a contract fulfilling article 28 GDPR and they didn´t. As I have to comply to GDPR, all my subcontractors have to comply as well. Greetings, Joachim
-----Ursprüngliche Nachricht----- Von: Marc Marc@f1-outsourcing.eu Gesendet: Donnerstag, 29. Dezember 2022 10:20 An: Joachim Lindenberg dovecot@lindenberg.one; dovecot@dovecot.org Betreff: RE: Self hosting solution for Christmas
(mailcow does this commercially only and didn´t offer a GDPR compliant contract).
Maybe getting a bit of topic, but afaik being gdpr compliant you basically are when you do proper security and are not snooping into peoples data. What are they doing there at mailcow that they can't give you a GDPR contract?
participants (4)
-
Andre Rodier
-
André Rodier
-
Joachim Lindenberg
-
Marc