Fork me on GitHub
< Back to Mail-in-a-Box

Mail-in-a-Box Advanced Configuration

This page collects tips for advanced configurations.

Relaying For Other Machines

If you have other machines sending mail using a domain name hosted on your Mail-in-a-Box (e.g. a webserver, or any machine that has cron jobs you want to see the output of) we recommend that you configure those machines to relay their outbound mail via the Mail-in-a-Box. Otherwise those emails may be marked as spam by recipients.

If the sending machine is running Ubuntu 18.04 this can be done as follows. No changes are required on the Mail-in-a-Box itself (other than the creation of a mail account for the remote machine to authenticate with, and optionally the creation of aliases to authorize the remote machine to send from multiple addresses); all commands that follow are to be run on the remote machine.

  1. Run sudo apt-get install postfix and choose “Satellite system” when prompted.
    • It's important to include the SMTP port for the relay host, for example: box.example.com:465

  2. Append the following lines to /etc/postfix/main.cf:

    mydestination =
smtp_tls_wrappermode = yes
smtp_tls_security_level = verify
smtp_tls_CAfile = /etc/ssl/certs/ca-certificates.crt
smtp_sasl_auth_enable = yes
smtp_sasl_password_maps = hash:/etc/postfix/relay_password
smtp_sasl_tls_security_options =
  3. Ensure the relay host is correctly set in /etc/postfix/main.cf: relayhost = [box.example.com]:465

  4. Write credentials in the following form to /etc/postfix/relay_password (substitute the second and third values with credentials for a freshly created account on the Mail-in-a-Box, and the first with the hostname of your Mail-in-a-Box):

    yourmailinabox.yourdomain relayusername:relaypassword

    If the remote machine only needs to be able to send mail from one address you should just use that address as the relay username.

    If the remote machine needs to be able to send mail from multiple addresses, the relay username can be anything, as you will need to separately authorize it to send from those addresses. This is done by creating mail-forward aliases which include the relay username in the alias's permitted senders field (select the "I’ll enter the mail users that can send mail claiming to be from the alias address." option in the aliases UI).

    • Create regular mail-forward aliases for each address that the remote machine needs to be able to send from if you know those addresses in advance.
    • Create catch-all mail-forward aliases for each domain that the remote machine needs to be able to send from if you do not know which addresses on that domain the remote machine will need to send as.
  5. chmod the password file to 600 (sudo chmod 600 /etc/postfix/relay_password), run sudo postmap /etc/postfix/relay_password and then reload postfix (sudo service postfix reload).
  6. If your Mail-in-a-Box is using self-signed certificates, the remote machine will not trust the connection.
    • Copy /home/user-data/ssl/ssl_certificate.pem from your Mail-in-a-Box to the remote machine.
    • Add it to the trusted certificates store (distribution specific). On Debian/Ubuntu, move the certificate to /usr/local/share/ca-certificates/ and rename it so its extension is crt. Run sudo update-ca-certificates to add it to the trusted certificate store.

And that's it. Mail created and dispatched on the remote machine will now be routed via your Mail-in-a-Box.

You can send a test email on the remote machine by running:

echo "relay test" | mail -s "relay test" destinationuser@destinationdomain

Sieve Filtering

Sieve can be used to filter, file, flag, highlight, etc. messages as well as do vacation/auto replies.

Users who wish to do their own Sieve filter scripts may do so by using the filter section of Roundcube mail. Make sure to set one of the scripts as active in Roundcube to enable it. These scripts are placed automatically into /home/user-data/mail/sieve/DOMAIN/USER. You can also manually create a script file with path /home/user-data/mail/sieve/DOMAIN/USER.sieve.

You may also enable server-wide Sieve rules that will be run either before or after the user's sieve script. To so, make a text file with a .sieve extension and place it into /home/user-data/mail/sieve/global_before or /home/user-data/mail/sieve/global_after, depending on if you want the global script run before or after the user's script. You typically would want to use global_before since it is possible for the user's sieve script to stop execution of your global script. At this time, these scripts run for all domains and cannot be specified for only one domain.

Here is an example file in /home/user-data/mail/sieve/global_before/global.sieve that will always place the user's email into a backup mailbox:

require ["fileinto","mailbox"];
fileinto "INBOX";
fileinto :create "backup-mailbox";

Note that Mail-in-a-Box contains a sieve script to filter Spam which cannot be altered. When the header contains X-Spam-Status with value Yes, the email is filed into the Spam mailbox.

For information on what is possible with Dovecot Pigeonhole Sieve, as well as examples, see https://doc.dovecot.org/configuration_manual/sieve/pigeonhole_sieve_interpreter/