Please, note the Stretch version will receive only bug fixes and security updates. all the developments are now focused on the Next version.
A set of Ansible scripts to setup a secure email and personal files server. This project is for you if:
- You are interested to host your emails yourself, for privacy, security or any other reason.
- You want your server to be secure against both physical and remote intrusion.
- You want a low maintenance box that keep itself updated automatically.
- You trust the Debian community to publish security updates.
Official documentation and user's guide
Thanks to Framasoft, two mailing lists have been created, one for general questions, suggestions and support, and another one dedicated for development.
- General questions: https://framalistes.org/sympa/info/homebox-general
- Development: https://framalistes.org/sympa/info/homebox-dev
Continuous Integration Status
The continuous integration jobs are based on Jenkins pipelines. The server is accessible at jenkins.homebox.space.
|Job||Development branch||Master branch|
Current project status
Current status and supported features
For a complete list of features, see the features page in the official documentation.
System installation and features
- Custom Debian installer generation with full disk encryption and fully automatic installation.
- Unlock the system upon boot by entering the passphrase through SSH or with a Yubikey.
- Install packages only from Debian stable (Stretch) or officially maintained repositories (rspamd).
- Automatic SSL Certificates generation with letsencrypt.
- Automatic security updates (optional).
- Centralised authentication with an LDAP users database, SSL certificate, password policies, PAM integration.
- AppArmor activated by default, profiles for all daemons.
- Automatic backup of the deployment data to replay the installation with the same data.
- Can be used at home, on a dedicated or virtual server hosted online.
- Flexible IP address support: IPv4, IPv6, IPv4+IPv4, IPv4+IPv6.
- Embedded DNS server, with CAA, DNSSEC and SSHFP (SSH fingerprint) support.
- Grade A https sites, HSTS implemented by default.
- Postfix configuration and installation, with LDAP lookups, internationalised email aliases, fully SSL compliant.
- Generate DKIM keys, SPF and DMARC DNS records.
- Automatic copy of sent emails into the sent folder.
- Automatic creation of the postmaster account and special email addresses using RFC 2142 specifications.
- Dovecot configuration, IMAPS, POP3S, Quotas, ManageSieve, simple spam and ham learning by moving emails in and out the Junk folder, sieve and vacation scripts.
- Virtual folders for server search: unread messages, conversations view, all messages, flagged and messages labelled as "important".
- Email addresses with recipient delimiter included, e.g. email@example.com.
- Optional master user creation, e.g. for families with children or moderated communities.
- Server side full text search inside emails, attached documents and files and compressed archives, with better results than GMail.
- Detailed weekly, monthly and yearly access report per country, ISP, IP addresses, etc.
- Optional Roundcube webmail with sieve filters management, password change form, automatic identity creation, master account access, etc.
- Optional SOGo webmail with sieve filters management, password change form, Calendar and Address book management, GUI to import other account emails.
- Automatic import emails from Google Mail, Yahoo, Outlook.com or any other standard IMAP account.
- Powerful and light antispam system with rspamd and optional access to the web interface.
- Antivirus for inbound and outbound emails with clamav.
- Automatic configuration for Thunderbird and Outlook using published XML and other clients with special DNS records (RFC 6186).
- Automatic detection of unusual behaviour, with real time warning using XMPP and email to external address.
Calendar and Address book
- Install and configure a CalDAV / CardDAV server, with automatic discovery (RFC 6186).
- Groupware functionality in a web interface, with SOGo.
- Recurring events, email alerts, shared address books and calendars.
- Mobile devices compatibility: Android, Apple iOS, BlackBerry 10 and Windows mobile through Microsoft ActiveSync.
Other optional features
- Incremental backups, encrypted, on multiple destination (SFTP, S3, Samba share or USB drive), with email and Jabber reporting.
- Jabber server, using ejabberd, with LDAP authentication, direct or offline file transfer and optional server to server communication.
- Tor installation out of the box with possible customisation.
- Privoxy easy installation, with adblock rules daily synchronisation, and optional tor chaining.
- Static web site skeleton configuration, with https certificates and A+ security grade by default.
- Personal backup server for each user, using borgbackup.
- Transmission daemon, accessible over https, public or private over your LAN. Files can be downloaded directly with a web browser, using LDAP credentials for authentication or whitelisted IP addresses (e.g. LAN).
- Monitoring with Zabbix, with email and Jabber alerts.
- Hide the SSH server with Single Packet Authorization, using fwknop.
- YAML files validation on each commit, using travis-ci.
- Continuous Integration using Jenkins.
- End to end integration tests for the majority of components.
- Playbooks to facilitate the installation or removal of development packages.
- Global debug flag to activate the debug mode of all components.
- Fully open source Ansible scripts licensed under GPLv3.