Add the glue records on your domain’s registrar. Replace watchmail.com with the domain name you wish to use. Each glue record should point to the public IPv4 address of the Virtual Machine which will deploy Mail-in-a-Box.
After you log in to your server with an SSH client, update all the software packages on your server:
sudo apt update && sudo apt upgrade
To start the install process, run the following command:
curl -s https://mailinabox.email/setup.sh | sudo bash
It will start a text-based wizard.
Install Wizard Steps
Delete the pre-filled value and replace it.
In the next step, the hostname should look like this:
Now, the install wizard should continue to download and configure software packages.
Select the time zone based on your location.
Mail-in-a-Box will continue to pull in required packages and auto-configure them.
Now the script will prompt you to choose a password for the administrative account.
This will be the password to the email account you set up earlier.
Your Mail-in-a-Box is running. Please log in to the control panel for further instructions at: https://box.watchmail.com/admin If you have a DNS problem put the box's IP address in the URL (https://10.17.15.13/admin) but then check the TLS fingerprint: 5E EA 66 C5 7F AB 0A E1 16 54 CD 22 04 23 E7 A7 42 41 DA E5 91 41 BD 30 31 E3 63 FC 63 1A D1 06
Now, you can access the control panel in your web browser. After logging in, you’ll be greeted with a page showing you status checks. It centralizes all the information you need and describes how you can resolve possible problems.
The Admin console Control Panel provides following options for administration:
- Status Checks
- TLS (SSL) Certificates
- Backup Status
- Advanced Pages
- Custom DNS
- External DNS
- Munin Monitoring
Mail & Users
- Your Account
- Two-Factor Authentication
Log in to the console and run the status check script.
root@watchmail:~/mailinabox/management# ./status_checks.py System ====== ✓ All system services are running. ✓ SSH disallows password-based login. ✖ There are 9 software packages that can be updated. libc-devtools (2.35-0ubuntu3.4) libc6-dev (2.35-0ubuntu3.4) libc-dev-bin (2.35-0ubuntu3.4) linux-libc-dev (5.15.0-86.96) libc6 (2.35-0ubuntu3.4) libc-bin (2.35-0ubuntu3.4) locales (2.35-0ubuntu3.4) grub-efi-amd64-signed (1.187.6+2.06-2ubuntu14.4) grub-efi-amd64-bin (2.06-2ubuntu14.4) ? You are running version Mail-in-a-Box v63. Mail-in-a-Box version check disabled by privacy setting. ✓ System administrator address exists as a mail alias. [email@example.com ↦ firstname.lastname@example.org] ✓ The disk has 27.81 GB space remaining. ✓ System memory is 72% free. Network ======= ✓ Firewall is active. ✓ Outbound mail (SMTP port 25) is not blocked. ✓ IP address is not blacklisted by zen.spamhaus.org. mail.watchmail.com ================ ✓ Nameserver glue records are correct at registrar. [ns1/ns2.mail.watchmail.com ↦ 10.17.15.13] ✓ Domain resolves to box's IP address. [mail.watchmail.com ↦ 10.17.15.13] ✓ Reverse DNS is set correctly at ISP. [10.17.15.13 ↦ mail.watchmail.com] ✓ Hostmaster contact address exists as a mail alias. [email@example.com ↦ firstname.lastname@example.org] ✓ Domain's email is directed to this domain. [mail.watchmail.com has no MX record, which is ok] ✓ Postmaster contact address exists as a mail alias. [email@example.com ↦ firstname.lastname@example.org] ✓ Domain is not blacklisted by dbl.spamhaus.org. ✓ TLS (SSL) certificate is signed & valid. The certificate expires in 81 days on 2023-11-20. watchmail.com =========== ? The nameservers set on this domain at your domain name registrar should be ns1.mail.watchmail.com; ns2.mail.watchmail.com. They are currently ns-1446.opendns-52.org; ns-309.opendns-38.com; ns-544.opendns-04.net. If you are using External DNS, this may be OK. ✓ Domain's email is directed to this domain. [watchmail.com ↦ 10 mail.watchmail.com] ✖ MTA-STS policy is missing: STSFetchResult.NONE ✓ Postmaster contact address exists as a mail alias. [email@example.com ↦ firstname.lastname@example.org] ✓ Domain is not blacklisted by dbl.spamhaus.org. ✓ Domain resolves to this box's IP address. [watchmail.com ↦ 10.17.15.13] ✓ TLS (SSL) certificate is signed & valid. The certificate expires in 67 days on 2023-12-10. ? This domain's DNSSEC DS record is not set. The DS record is optional. The DS record activates DNSSEC. See below for instructions. Follow the instructions provided by your domain name registrar to set a DS record. Registrars support different sorts of DS records. Use the first option that works: Option 1: ---------- Key Tag: 37894 Key Flags: KSK / 257 Algorithm: 13 / ECDSAP256SHA256 Digest Type: 2 / SHA-256 Digest: c7a8e82c15ef66a5a8c5b8972343b87a6c712b707d38d73edf8e452512d08 Public Key: lxi+lUSBz4j7X7Wj7SxfXM5Q66XlQ7SAHDjkahdoi87293SKCOwRfhauv8IPyl+g69q7N3w== Bulk/Record Format: watchmail.com. 3600 IN DS 37894 13 2 c7a8e82c15ef66a5a8c5b85704389b6b87a6c712b707d38d73edf8e452512d08 Bulk/Record Format: watchmail.com. 3600 IN DS 3735 7 2 8430dc6073bc240f0b65bc192696655e333442dc9c7ed8644c7fc0c9558fa25e ✓ www.watchmail.com: Domain resolves to this box's IP address. [www.watchmail.com ↦ 10.17.15.13] ✓ www.watchmail.com: TLS (SSL) certificate is signed & valid. The certificate expires in 67 days on 2023-12-10. ✓ autoconfig.watchmail.com: Domain resolves to this box's IP address. [autoconfig.watchmail.com ↦ 10.17.15.13] ✓ autoconfig.watchmail.com: TLS (SSL) certificate is signed & valid. The certificate expires in 81 days on 2023-12-24. ✓ autodiscover.watchmail.com: Domain resolves to this box's IP address. [autodiscover.watchmail.com ↦ 10.17.15.13] ✓ autodiscover.watchmail.com: TLS (SSL) certificate is signed & valid. The certificate expires in 81 days on 2023-12-24. root@watchmail:~/mailinabox/management#
Mail In a Box is now installed and configured for your domain.