Mail-in-a-box (MiaB) takes care of all the complicated configurations required to avoid security problems, provides a solid spam detection system and gives you monitoring, reporting and backup mechanisms. It can also set up and automatically renew a Let’s Encrypt certificate for your email domains, as well as configuring the detailed DNS configurations needed to ensure your mail server’s IP address is trusted by other servers, and less likely to be blacklisted.
Mail-in-a-box also incorporates Nextcloud, in order to provide calendar (CalDAV) and contacts (CardDAV) servers.
- A fresh Ubuntu 18.04 server
- At least 1GB RAM
- An IPv4 address. Hosting email behind only an IPv6 address is not yet a viable option for numerous reasons.
MiaB needs the entire VPS, so you will always need to start with a fresh VPS. MiaB is designed specifically for Ubuntu 18.04. It’s a “long term support” version, meaning in this case it will be supported until April 2028.
Choose a hostname for your email server. MiaB recommends a
box. sub-domain of your primary domain. You can host email on multiple domains using MiaB, but your MiaB box itself will have just one hostname. If you’re not sure, go with
example.com with your own domain.
You’ll use this hostname to access MiaB’s configuration UI in your browser, SSH into your VPS and access your web-mail. Once your VPS has been set up, take a note of its IPv4 address, for example
203.0.113.0. You’ll need this several times throughout this tutorial.
Configure your domain’s nameservers at your domain registrar
The simplest (and expected) way to configure your DNS correctly for MiaB is to allow it to take complete control of your domain’s DNS. To this end your MiaB install provides two nameservers, for you to point your domain at. These will take the following form:
You will need to use the control panel at your domain registrar to assign the MiaB-provided nameservers as the nameservers for your domain. You also need to register your MiaB-provided nameservers with your domain registrar (sometimes called “glue records”). This process differs depending on the registrar you are with. Essentially you should be asked to enter your name servers (
ns2.box.example.com) and the IP address they should point at, which is the IP address of your hostfactor VPS.
SSH into your new VPS. Use the IP address that you took note of earlier.
$ ssh firstname.lastname@example.org
Copy and paste the following into your terminal.
$ curl -s https://mailinabox.email/setup.sh | sudo bash
Several Ubuntu packages will now be installed for you. Eventually, you’ll be asked a few installation questions:
- Your email address This will default to something like
email@example.com. Change that to whatever you prefer.
- Hostname This should default to the hostname that you have already set up for your VPS, for example
box.example.com. Leave this as-is.
- Configuring tzdata Select your timezone.
- Password Finally, you’ll be asked to enter a new password. This will be used for your new email account, as well as logging into the admin interface.
Once installation is complete, you’ll be presented with a success message, and a website link to the admin interface.
Your Mail-in-a-Box is running. Please log in to the control panel for further instructions at: https://203.0.113.0/admin You will be alerted that the website has an invalid certificate. Check that the certificate fingerprint matches: C0:9B:FF:04:2B:2D:8F:47:5A:BF:82:E9:F2:2A:E8:CB:51:F3:12:88:48:6B:9E:72:7C:33:8B:D5:88:B7:05:D3:4B:6C:22:80:5F
Logging in for the first time
When you log into MiaB for the first time in your browser, you will use the address given at the end of the installation process. This will use your VPS’s IP address instead of the domain name.
The SSL certificate has not been generated at this point, so your box will use a self-signed certificate. Your web browser will almost certainly warn you, suggesting this is dangerous. Accept the self-signed certificate. This is only used during first-run.
Log into MiaB using the email address and password you configured during installation.
System Status Checks
Your MiaB has a very helpful section called
Status Checks. You will arrive at this page when you first log in, and can visit it later at
Status Checks to check if there are any issues that need to be resolved.
If MiaB shows a button asking you to reboot your VPS (“Reboot Box”), you should do so.
Some issues are not absolutely essential to resolve immediately. For example, the password-based login warning, or software packages that need updating. Do be sure to fix these later though.
Confirm that the following items are correct, and if not, resolve them before moving on:
- Nameserver glue records
- This domain must resolve to your box’s IP address
You may need to wait for your earlier DNS changes to propagate, which can take some hours. Just reload the page a little later on to see if the changes have taken effect.
Provision and Install TLS (SSL) Certificate
You should get MiaB to configure a valid SSL certificate for you. Visit
TLS (SSL) Certificates and click “Install Certificate” beside each domain.
You will now be able to log into your MiaB using the domain, for example
https://box.example.com/admin, and your web browser will not present any certificate warnings as it did earlier.
Next, go to
Users and add as many email accounts as you would like. Be aware that MiaB implements an anti-spam feature called “greylisting”. Essentially this means the first time an account on your box receives email from someone it hasn’t seen before, it will be delayed; anything from 2 minutes to an hour depending on the sending server. This cuts down on spam enormously, but does mean your first email tests may take some time to come through.
To update MiaB, use the exact same two steps as you used when first installing it. The same script both installs and updates MiaB.
curl -s https://mailinabox.email/setup.sh | sudo bash
Using an external DNS service such as Cloudflare
By default, MiaB is set up to handle all your DNS, and is able to configure the complex DKIM and SPI records for your email domains automatically. To do this, you point the name servers for your domains directly at the nameservers provided by MiaB as you did earlier. However, you might need to manage the DNS for your domains elsewhere. This is entirely possible, but more difficult.
To use Cloudflare, for example, the setup is as follows:
- Point your domains’ nameservers to the two which Cloudflare specifies
- In your Cloudflare dashboard you will add DNS records as needed to ensure your MiaB server takes charge of your email. You can copy these records from the
External DNSpage of MiaB’s admin interface.
Be very careful, and test your work with a site such as mail-tester. A simple oversight in this type of scenario may mean your email will be sent straight to the spam folder of your recipients.