Mox - modern full-featured open source secure mail server for low-maintenance self-hosted email

Check this box to affirm you have no conflict of interest.

on

Website

https://www.xmox.nl/

Short description

Mox is real easy to set up. Get a machine, download the mox binary, run the quickstart, add the printed DNS records, and you’ve got a working modern mail server for sending and receiving email. With support for IMAP4, SMTP, SPF, DKIM, DMARC, MTA-STS, DANE and DNSSEC, reputation-based and content-based junk filtering, Internationalization (IDNA), automatic TLS with ACME and Let’s Encrypt, account autoconfiguration, webmail.

Why I think this tool should be added

It is written in Go and is more lightweight than services recommended at https://www.privacyguides.org/en/email/#self-hosting-email, it might not include all features they have but it will certainly will in the future. But it can run a very secure email server.

Section on Privacy Guides

Email, self-hosting-email

2 Likes

How does is it compare to mailcow?

Hi all, I’m the author of mox and stumbled on this page (and site, good cause). If there are specific questions, I can probably help answer. I’m not here to promote mox or get it on a recommendation list, just to provide some context, help out with questions and discuss.

I consider myself relatively privacy-aware, and I wrote mox because I wanted to keep running my own mail server to stay in control of my data. Existing solutions (including mailcow) are made up of many software components configured to work together (complex/fragile) most of which are aging (e.g. written in C, where small mistakes have big consequences; though indeed the code bases are often of high quality). Mox is a single consistent code base in a modern language (Go) that provides an integrated modern email stack. It is aimed at folks wanting to run their own small-scale mail server.

There’s a good chance mox doesn’t pass all requirements privacyguides has for email services. E.g. mox doesn’t yet itself encrypt data at rest. You could configure a VPS to do that at the disk-level. I intend to add builtin encryption at rest in the future, making it easy to use. Another is 2FA. It would be relatively easy to implement in the web interfaces, but not with SMTP (submission) and IMAP. Most clients can at most do cram-md5 for authentication mechanism (old). I don’t know any clients doing the safer scram-sha-256-plus properly (with mutual verification and TLS channel binding, mox implements it). Interested in hearing what the thoughts are on these topics.

2 Likes