User:Paul/sandbox/Install Mail-in-a-Box to local server on residential ISP
The Mail-in-a-Box (MiaB) project automatically installs and configures a robust and modern mail server while remaining very easy to configure for users already familiar with the command line and Ubuntu Server. The project is most commonly used in a VPS server, and can be used on local hardware, which this article covers.
Hardware can be very light. This admin has installed MiaB to an Atom D510 with 4GB RAM.
Download Ubuntu Server 18.04 and write the ISO to your preferred install media and boot to the target hardware.
Since the server will be used exclusively for MiaB, using the default options suggested by Ubuntu will be suitable for most applications.
The server name should not include any domains (e.g., just servername, not servername.com).
Since the Ubuntu project now prefers users download the 'Live' installation ISO, be sure the server is connected to the Internet, but make sure it is securely behind a firewall.
Near the end of the options selection, the installer offers the option to install SSH public keys from Launchpad or GitHub user profiles by entering the username.
Update packages:
user@servername:~$ sudo apt update && sudo apt upgrade user@servername:~$ sudo reboot
Enable SSH password login:
user@servername:~$ sudo nano /etc/ssh/sshd_config
Uncomment:
PasswordAuthentication yes
Log into Ubuntu using the password login.
Follow the instructions to configure SSH in the article Initialize VPS UNPM Server - Change login method section. It is not necessary to add a public key if that was performed during installation.
The ureadahead package currently generates an enormous number of log entries to the point of nearly being a malware. Check syslog for ureadahead entries:
user@servername:~$ grep ureadahead /var/log/syslog Jan 19 22:10:18 servername systemd[1]: Starting Stop ureadahead data collection... Jan 19 22:10:18 servername systemd[1]: Stopping Read required files in advance... Jan 19 22:10:18 servername systemd[1]: Started Stop ureadahead data collection. Jan 19 22:10:18 servername ureadahead[391]: ureadahead:: Ignored relative path Jan 19 22:10:18 servername ureadahead[391]: ureadahead:dev: Ignored relative path Jan 19 22:10:18 servername ureadahead[391]: ureadahead:: Ignored relative path Jan 19 22:10:18 servername ureadahead[391]: ureadahead:etc: Ignored relative path Jan 19 22:10:18 servername ureadahead[391]: ureadahead:modules-load.d: Ignored relative path Jan 19 22:10:18 servername ureadahead[391]: ureadahead:: Ignored relative path Jan 19 22:10:18 servername ureadahead[391]: ureadahead:run: Ignored relative path Jan 19 22:10:18 servername ureadahead[391]: ureadahead:: Ignored relative path Jan 19 22:10:18 servername ureadahead[391]: ureadahead:usr: Ignored relative path Jan 19 22:10:18 servername ureadahead[391]: ureadahead:local: Ignored relative path Jan 19 22:10:18 servername ureadahead[391]: ureadahead:lib: Ignored relative path Jan 19 22:10:18 servername ureadahead[391]: ureadahead:: Ignored relative path Jan 19 22:10:18 servername ureadahead[391]: ureadahead:usr: Ignored relative path Jan 19 22:10:18 servername ureadahead[391]: ureadahead:lib: Ignored relative path Jan 19 22:10:18 servername ureadahead[391]: ureadahead:modules-load.d: Ignored relative path Jan 19 22:10:18 servername ureadahead[391]: ureadahead:: Ignored relative path Jan 19 22:10:18 servername ureadahead[391]: ureadahead:lib: Ignored relative path Jan 19 22:10:18 servername ureadahead[391]: ureadahead:modules-load.d: Ignored relative path Jan 19 22:10:18 servername ureadahead[391]: ureadahead:: Ignored relative path Jan 19 22:10:18 servername ureadahead[391]: ureadahead:sys: Ignored relative path Jan 19 22:10:18 servername ureadahead[391]: ureadahead:module: Ignored relative path Jan 19 22:10:18 servername ureadahead[391]: ureadahead:thermal: Ignored relative path Jan 19 22:10:18 servername ureadahead[391]: ureadahead:: Ignored relative path Jan 19 22:10:18 servername ureadahead[391]: ureadahead:sys: Ignored relative path Jan 19 22:10:18 servername ureadahead[391]: ureadahead:module: Ignored relative path Jan 19 22:10:18 servername ureadahead[391]: ureadahead:r8169: Ignored relative path Jan 19 22:10:18 servername ureadahead[391]: ureadahead:: Ignored relative path Jan 19 22:10:18 servername ureadahead[391]: ureadahead:sys: Ignored relative path Jan 19 22:10:18 servername ureadahead[391]: ureadahead:module: Ignored relative path Jan 19 22:10:18 servername ureadahead[391]: ureadahead:cpuidle: Ignored relative path Jan 19 22:10:18 servername ureadahead[391]: ureadahead:: Ignored relative path Jan 19 22:10:18 servername ureadahead[391]: ureadahead:sys: Ignored relative path Jan 19 22:10:18 servername ureadahead[391]: ureadahead:module: Ignored relative path
If something similar to the above is printed, run the following:
user@servername:~$ sudo systemctl stop ureadahead.service user@servername:~$ sudo systemctl disable ureadahead.service user@servername:~$ sudo apt-get purge ureadahead.service user@servername:~$ sudo reboot
The cloud-init package is default installed though used only for supporting cloud-related services. It can generate log noise and disabling it does not impact MiaB.
user@servername:~$ sudo touch /etc/cloud/cloud-init.disabled
Download and install MiaB. Note that the DH parameter, currently set for 2048 bits by the MiaB project, may take a while to calculate depending on hardware, though it is performed as part of the final, unattended steps of the installation.
user@servername:~$ curl -s https://mailinabox.email/setup.sh | sudo -E bash
Set the email address as user@example.net, rather than whatever it recommends. Due to a bug, only use the letter, number, right arrow, left arrow, and backspace keys or else the installation will crash. If a subdomain besides box is preferred, be sure to change that in the hostname option.
UFW, which stands for "Uncomplicated Firewall," is a service that makes it much easier to manage iptables. However, this service tends to generate a lot of noise in various logs even though it also logs to /var/logs/ufw.log. To prevent ufw from logging to other logs, make the following change:
username@servername:~$ sudo nano /etc/rsyslog.d/20-ufw.conf
Uncomment the last line:
& stop
username@servername:~$ sudo service rsyslog restart
The rsyslog service manages logging to /var/log/syslog, which can get really noisy, and elsewhere. Logging too much information to /var/log/syslog can make it difficult to diagnose problems. To reduce noise, some logs can be kept elsewhere:
username@servername:~$ sudo nano /etc/rsyslog.d/50-default.conf
Change:
cron.* /var/log/cron.log
*.*;auth,authpriv,cron.none -/var/log/syslog
username@servername:~$ sudo service rsyslog restart
There are additional options to change or add based on what kind of noise is observed in /var/log/syslog.
Run logrotate to initiate rotations:
user@servername:~$ sudo logrotate -f /etc/logrotate.conf