Sysadventures: Setting up mail-in-a-box
Another weekend another adventure. This evening I spent well over three hours setting up my own email server. In sum, I can say that even with an automated installer like Mail-in-a-box it still fels a bit like churning your own butter. But all in all the install experience has improved! :) Read on to learn more about my epic tale of almost setting up an email server.
A little known fact is that setting up your own mail server can be surprisingly hard. Especially hard if you want to have any trust in that it’s configured securely.
Just a glance at setup guides such as NSA-proof your e-mail in 2 hours can be enough to leave most people sound asleep. Thankfully there are some brave few souls out there who are trying to create more accessible solutions one of those being Mail-in-a-box.
This nifty open-source software is basically a clever install script that converts a vanilla server (Ubuntu 14.04 Linux) into a mail server configured with sensible defaults. And there’s quite a bit to configure just by the looks of this diagram of the architecture.
What I did was to create a new server on digitalocean.com and fire off the installer. It completed quite well. And when it was done and I logged in I was treated with a nice system diagnostics screen
So far so good. But while it was reasonably easy to setup the e-mail server it proved harder to secure the web connection.
In order to secure a web connection (https://) one needs SSL certificates. And it’s common to either issue your own ssl certificate (self-certify) or better yet buy a certificate from some certificate seller. With a SSL certificate I can basically enable sending email over a secure connection.
So, yes. That’s the goal.
Using startssl.com I was able to get a free ssl certificate but then I discovered that I had done an error in the creation. Afterwards I discovered that deleting (revoking) certificates costs money with that provider. Bah! On to the next one. Next up I tried Ssls.com. I figured I might as well buy a three year certificate. What came next were a number of issues getting the certificate activated with that provider as it didn’t like empty fields nor strange norwegian letters (sadface). It took some time but then I finally got the certificate installed on the mail server. Only thing left now is to literally wait for the Internet to update (the DNS config) and recognize my new web server’s address box.nilsnh.no.
It remains to be seen if the install worked but I’m hopeful. :)
Why own your own mail?
Too much of our digital lives are owned by large multi-billion corporations. And time and again we see services that no one thought would disappear do exactly that disappear.
I shudder to think of all the creative work, all those personal expressions, all those digital yet very real memories that gets killed off each time a firm for some reason decides that it’s time to close down a social media product.
On top of that we off course have the ever present danger of mass-surveillance. If more and more people would self-host more and more of their digital web presence then it would help to secure that the web stays as independent and free as it currently is.
If you want to know more about what we can do to help ensure the freedom of the Internet have a look at this talk about a movement called the IndieWeb.