image/svg+xml
passwordchange
Mail-in-a-Box Systems Architecture
A diagram of services running on the box.
OpenDKIMlocalhost:8891OpenDMARClocalhost:8893(milter services)
nsd4non-recursiveDNS server
cron.daily* Re-sign DNSSEC zones.* Incremental backup.* Status checks.
Dovecotimappop3sieve
Dovecot LDAlocalhost:10026
Managesieve(also Dovecot)
Postfixsmtpdsubmission
authentication(for submission)
user databasemail/users.sqlite
authentication
destinationvalidation& aliases
Managementlocalhost:10222
Spamassassinlocalhost:10025(spampd)
bind9localhost:53
mailboxesmail/mailboxes
maildelivery
Publicly Accessible
Local-Only Services
Filesystem
nginxhttphttps
static siteswww/{default,...}
php7-fpm(FastCGI host)
DANE TLSA VERIFICATION
(resolving nameserver,DNSSEC-aware)
Roundcube(webmail)
Z-Push
(ExchangeActiveSync)
Nextcloud(CardDAV, CalDAV)
postgreylocalhost:10023(check_policy_service)
cron.hourlyNextcloud job
ufw(firewall)
fail2ban(intrusion)
port 587STARTTLS
port 25STARTTLS
port 4190STARTTLS
port 993TLS
port 995TLS
port 80cleartext
port 443TLS
port 53 (TCP/UDP)DNSSEC optional