acheron.zhu.codes

Welcome to your Mail-in-a-Box control panel.

System Status Checks

Backup Status

The box makes an incremental backup each night. By default the backup is stored on the machine itself, but you can also store it on S3-compatible services like Amazon Web Services (AWS).

Configuration

Backups are stored on this machine’s own hard disk. You are responsible for periodically using SFTP (FTP over SSH) to copy the backup files from to a safe location. These files are encrypted, so they are safe to store anywhere.

Separately copy the encryption password from to a safe and secure location. You will need this file to decrypt backup files.

Backups synced to a remote machine using rsync over SSH, with local copies in . These files are encrypted, so they are safe to store anywhere.

Separately copy the encryption password from to a safe and secure location. You will need this file to decrypt backup files.

Copy the Public SSH Key above, and paste it within the ~/.ssh/authorized_keys of target user on the backup server specified above. That way you'll enable secure and passwordless authentication from your mail-in-a-box server and your backup server.

Backups are stored in an S3-compatible bucket. You must have an AWS or other S3 service account already.

You MUST manually copy the encryption password from to a safe and secure location. You will need this file to decrypt backup files. It is NOT stored in your S3 bucket.

Backups are stored in a Backblaze B2 bucket. You must have a Backblaze account already.

You MUST manually copy the encryption password from to a safe and secure location. You will need this file to decrypt backup files. It is NOT stored in your Backblaze B2 bucket.

This is the minimum time backup data is kept for. The box makes an incremental backup most nights, which requires that previous backups back to the most recent full backup be preserved, so backup data is often kept much longer than this setting. Full backups are made periodically when the incremental backup data size exceeds a limit.

Available backups

The backup location currently contains the backups listed below. The total size of the backups is currently .

When Type Size Deleted in...

External DNS

This is an advanced configuration page.

Although your box is configured to serve its own DNS, it is possible to host your DNS elsewhere — such as in the DNS control panel provided by your domain name registrar or virtual cloud provider — by copying the DNS zone information shown in the table below into your external DNS server’s control panel.

If you do so, you are responsible for keeping your DNS entries up to date! If you previously enabled DNSSEC on your domain name by setting a DS record at your registrar, you will likely have to turn it off before changing nameservers.

Download zonefile

You can download your zonefiles here or use the table of records below.

Records

QName Type Value

Custom DNS

This is an advanced configuration page.

It is possible to set custom DNS records on domains hosted here.

Set custom DNS records

You can set additional DNS records, such as if you have a website running on another server, to add DKIM records for external mail providers, or for various confirmation-of-ownership tests.

.
Leave the left field blank to set a record on the chosen domain name, or enter a subdomain.
sort by: domain name | created

Using a secondary nameserver

If your TLD requires you to have two separate nameservers, you can either set up external DNS and ignore the DNS server on this box entirely, or use the DNS server on this box but add a secondary (aka “slave”) nameserver.

If you choose to use a secondary nameserver, you must find a secondary nameserver service provider. Your domain name registrar or virtual cloud provider may provide this service for you. Once you set up the secondary nameserver service, enter the hostname (not the IP address) of their secondary nameserver in the box below.

Multiple secondary servers can be separated with commas or spaces (i.e., ns2.hostingcompany.com ns3.hostingcompany.com). To enable zone transfers to additional servers without listing them as secondary nameservers, add an IP address or subnet using xfr:10.20.30.40 or xfr:10.0.0.0/8.

Custom DNS API

Use your box’s DNS API to set custom DNS records on domains hosted here. For instance, you can create your own dynamic DNS service.

Usage:

curl -X VERB [-d "value"] --user {email}:{password} https://acheron.zhu.codes/admin/dns/custom[/qname[/rtype]]

(Brackets denote an optional argument.)

Verbs

Verb Usage
GET Returns matching custom DNS records as a JSON array of objects. Each object has the keys qname, rtype, and value. The optional qname and rtype parameters in the request URL filter the records returned in the response. The request body (-d "...") must be omitted.
PUT Sets a custom DNS record replacing any existing records with the same qname and rtype. Use PUT (instead of POST) when you only have one value for a qname and rtype, such as typical A records (without round-robin).
POST Adds a new custom DNS record. Use POST when you have multiple TXT records or round-robin A records. (PUT would delete previously added records.)
DELETE Deletes custom DNS records. If the request body (-d "...") is empty or omitted, deletes all records matching the qname and rtype. If the request body is present, deletes only the record matching the qname, rtype and value.

Parameters

Parameter Value
email The email address of any administrative user here.
password That user’s password.
qname The fully qualified domain name for the record you are trying to set. It must be one of the domain names or a subdomain of one of the domain names hosted on this box. (Add mail users or aliases to add new domains.)
rtype The resource type. Defaults to A if omitted. Possible values: A (an IPv4 address), AAAA (an IPv6 address), TXT (a text string), CNAME (an alias, which is a fully qualified domain name — don’t forget the final period), MX, SRV, SSHFP, CAA or NS.
value For PUT, POST, and DELETE, the record’s value. If the rtype is A or AAAA and value is empty or omitted, the IPv4 or IPv6 address of the remote host is used (be sure to use the -4 or -6 options to curl). This is handy for dynamic DNS!

Strict SPF and DMARC records will be added to all custom domains unless you override them.

Examples:

Try these examples. For simplicity the examples omit the --user me@mydomain.com:yourpassword command line argument which you must fill in with your email address and password.

# sets laptop.mydomain.com to point to the IP address of the machine you are executing curl on
curl -X PUT https://acheron.zhu.codes/admin/dns/custom/laptop.mydomain.com

# deletes that record and all A records for that domain name
curl -X DELETE https://acheron.zhu.codes/admin/dns/custom/laptop.mydomain.com

# sets a CNAME alias
curl -X PUT -d "bar.mydomain.com." https://acheron.zhu.codes/admin/dns/custom/foo.mydomain.com/cname

# deletes that CNAME and all CNAME records for that domain name
curl -X DELETE https://acheron.zhu.codes/admin/dns/custom/foo.mydomain.com/cname

# adds a TXT record using POST to preserve any previous TXT records
curl -X POST -d "some text here" https://acheron.zhu.codes/admin/dns/custom/foo.mydomain.com/txt

# deletes that one TXT record while preserving other TXT records
curl -X DELETE -d "some text here" https://acheron.zhu.codes/admin/dns/custom/foo.mydomain.com/txt

Two-Factor Authentication

When two-factor authentication is enabled, you will be prompted to enter a six digit code from an authenticator app (usually on your phone) when you log into this control panel.

Enabling two-factor authentication does not protect access to your email
Enabling two-factor authentication on this page only limits access to this control panel. Remember that most websites allow you to reset your password by checking your email, so anyone with access to your email can typically take over your other accounts. Additionally, if your email address or any alias that forwards to your email address is a typical domain control validation address (e.g admin@, administrator@, postmaster@, hostmaster@, webmaster@, abuse@), extra care should be taken to protect the account. Always use a strong password, and ensure every administrator account for this control panel does the same.
Loading...

Setup Instructions

1. Install FreeOTP or any other two-factor authentication app that supports TOTP.

2. Scan the QR code in the app or directly enter the secret into the app:

When you click Enable Two-Factor Authentication, you will be logged out of the control panel and will have to log in again, now using your two-factor authentication app.

Two-factor authentication is active for your account.

You will have to log into the admin panel again after disabling two-factor authentication.

acheron.zhu.codes

Log in here for your Mail-in-a-Box control panel.

Checking and Sending Mail

Webmail

Webmail lets you check your email from any web browser. Your webmail site is:

https://acheron.zhu.codes/mail

Your username is your whole email address.

Mobile/desktop apps

Automatic configuration

iOS and OS X only: Open this configuration link on your iOS device or on your Mac desktop to easily set up mail (IMAP/SMTP), Contacts, and Calendar. Your username is your whole email address.

Manual configuration

Use the following settings when you set up your email on your phone, desktop, or other device:

Option Value
Protocol/Method IMAP
Mail server acheron.zhu.codes
IMAP Port 993
IMAP Security SSL or TLS
SMTP Port 465
SMTP Security SSL or TLS
Username: Your whole email address.
Password: Your mail password.

In addition to setting up your email, you’ll also need to set up contacts and calendar synchronization separately.

As an alternative to IMAP you can also use the POP protocol: choose POP as the protocol, port 995, and SSL or TLS security in your mail client. The SMTP settings and usernames and passwords remain the same. However, we recommend you use IMAP instead.

Exchange/ActiveSync settings

On iOS devices, devices on this compatibility list, or using Outlook 2007 or later on Windows 7 and later, you may set up your mail as an Exchange or ActiveSync server. However, we’ve found this to be more buggy than using IMAP as described above. If you encounter any problems, please use the manual settings above.

Server acheron.zhu.codes
Options Secure Connection

Your device should also provide a contacts list and calendar that syncs to this box when you use this method.

Other information about mail on your box

Greylisting

Your box uses a technique called greylisting to cut down on spam. Greylisting works by initially rejecting mail from people you haven’t received mail from before. Legitimate mail servers will attempt redelivery shortly afterwards, but the vast majority of spam gets tricked by this. If you are waiting for an email from someone new, such as if you are registering on a new website and are waiting for an email confirmation, please be aware there will be a minimum of 3 minutes delay, depending how soon the remote server attempts redelivery.

+tag addresses

Every incoming email address also receives mail for +tag addresses. If your email address is you@yourdomain.com, you’ll also automatically get mail sent to you+anythinghere@yourdomain.com. Use this as a fast way to segment incoming mail for your own filtering rules without having to create aliases in this control panel.

Use only this box to send as you

Your box sets strict email sending policies for your domain names to make it harder for spam and other fraudulent mail to claim to be you. Only this machine is authorized to send email on behalf of your domain names. If you use any other service to send email as you, it will likely get spam filtered by recipients.

Users

Add a mail user

Add an email address to this system. This will create a new login username/password.

Existing mail users

Email Address Actions
set password | archive account
To restore account, create a new account with this email address. Or to permanently delete the mailbox, delete the directory on the machine.

Mail user API (advanced)

Use your box’s mail user API to add/change/remove users from the command-line or custom services you build.

Usage:

curl -X VERB [-d "parameters"] --user {email}:{password} https://acheron.zhu.codes/admin/mail/users[action]

Brackets denote an optional argument. Please note that the POST body parameters must be URL-encoded.

The email and password given to the --user option must be an administrative user on this system.

Verbs

Verb Action
GET(none) Returns a list of existing mail users. Adding ?format=json to the URL will give JSON-encoded results.
POST/add Adds a new mail user. Required POST-body parameters are email and password.
POST/remove Removes a mail user. Required POST-body parameter is email.
POST/privileges/add Used to make a mail user an admin. Required POST-body parameters are email and privilege=admin.
POST/privileges/remove Used to remove the admin privilege from a mail user. Required POST-body parameter is email.

Examples:

Try these examples. For simplicity the examples omit the --user me@mydomain.com:yourpassword command line argument which you must fill in with your administrative email address and password.

# Gives a JSON-encoded list of all mail users
curl -X GET https://acheron.zhu.codes/admin/mail/users?format=json

# Adds a new email user
curl -X POST -d "email=new_user@mydomail.com" -d "password=s3curE_pa5Sw0rD" https://acheron.zhu.codes/admin/mail/users/add

# Removes a email user
curl -X POST -d "email=new_user@mydomail.com" https://acheron.zhu.codes/admin/mail/users/remove

# Adds admin privilege to an email user
curl -X POST -d "email=new_user@mydomail.com" -d "privilege=admin" https://acheron.zhu.codes/admin/mail/users/privileges/add

# Removes admin privilege from an email user
curl -X POST -d "email=new_user@mydomail.com" https://acheron.zhu.codes/admin/mail/users/privileges/remove

Aliases

Add a mail alias

Aliases are email forwarders. An alias can forward email to a mail user or to any email address.

To use an alias or any address besides your own login username in outbound mail, the sending user must be included as a permitted sender for the alias.

Enter just the part of an email address starting with the @-sign. You may use international (non-ASCII) characters for the domain part of the email address only.
Enter just the part of an email address starting with the @-sign. Only forward mail to addresses handled by this Mail-in-a-Box, since mail forwarded by aliases to other domains may be rejected or filtered by the receiver. To forward mail to other domains, create a mail user and then log into webmail for the user and create a filter rule to forward mail.

Existing mail aliases

Alias
Forwards To Permitted Senders

hostmaster@, postmaster@, admin@ and abuse@ email addresses are required on some domains.

Mail aliases API (advanced)

Use your box’s mail aliases API to add and remove mail aliases from the command-line or custom services you build.

Usage:

curl -X VERB [-d "parameters"] --user {email}:{password} https://acheron.zhu.codes/admin/mail/aliases[action]

Brackets denote an optional argument. Please note that the POST body parameters must be URL-encoded.

The email and password given to the --user option must be an administrative user on this system.

Verbs

Verb Action
GET(none) Returns a list of existing mail aliases. Adding ?format=json to the URL will give JSON-encoded results.
POST/add Adds a new mail alias. Required POST-body parameters are address and forwards_to.
POST/remove Removes a mail alias. Required POST-body parameter is address.

Examples:

Try these examples. For simplicity the examples omit the --user me@mydomain.com:yourpassword command line argument which you must fill in with your email address and password.

# Gives a JSON-encoded list of all mail aliases
curl -X GET https://acheron.zhu.codes/admin/mail/aliases?format=json

# Adds a new alias
curl -X POST -d "address=new_alias@mydomail.com" -d "forwards_to=my_email@mydomain.com" https://acheron.zhu.codes/admin/mail/aliases/add

# Removes an alias
curl -X POST -d "address=new_alias@mydomail.com" https://acheron.zhu.codes/admin/mail/aliases/remove

Contacts & Calendar Synchronization

This box can hold your contacts and calendar, just like it holds your email.


In your browser

You can edit your contacts and calendar from your web browser.

For... Visit this URL
Contacts https://acheron.zhu.codes/cloud/contacts
Calendar https://acheron.zhu.codes/cloud/calendar

Log in settings are the same as with mail: your complete email address and your mail password.

On your mobile device

If you set up your mail using Exchange/ActiveSync, your contacts and calendar may already appear on your device.

Otherwise, here are some apps that can synchronize your contacts and calendar to your Android phone.

For... Use...
Contacts and Calendar DAVx⁵ ($5.99; free here)
Only Contacts CardDAV-Sync free (free)
Only Calendar CalDAV-Sync ($2.99)

Use the following settings:

Account Type CardDAV or CalDAV
Server Name acheron.zhu.codes
Use SSL Yes
Username Your complete email address.
Password Your mail password.

Static Web Hosting

This machine is serving a simple, static website at https://acheron.zhu.codes and at all domain names that you set up an email user or alias for.

Uploading web files

You can replace the default website with your own HTML pages and other static files. This control panel won’t help you design a website, but once you have .html files you can upload them following these instructions:

  1. Ensure that any domains you are publishing a website for have no problems on the Status Checks page.
  2. On your personal computer, install an SSH file transfer program such as FileZilla or scp.
  3. Log in to this machine with the file transfer program. The server is acheron.zhu.codes, the protocol is SSH or SFTP, and use the SSH login credentials that you used when you originally created this machine at your cloud host provider. This is not what you use to log in either for email or this control panel. Your SSH credentials probably involves a private key file.
  4. Upload your .html or other files to the directory /home/user-data/www/default on this machine. They will appear directly and immediately on the web.
  5. The websites set up on this machine are listed in the table below with where to put the files for each website.
  6. Site Directory for Files

    To add a domain to this table, create a dummy mail user or alias on the domain first and see the setup guide for adding nameserver records to the new domain at your registrar (but not glue records).

TLS (SSL) Certificates

A TLS (formerly called SSL) certificate is a cryptographic file that proves to anyone connecting to a web address that the connection is secure between you and the owner of that address.

You need a TLS certificate for this box’s hostname (acheron.zhu.codes) and every other domain name and subdomain that this box is hosting a website for (see the list below).

Provision certificates

Certificate status

Certificates expire after a period of time. All certificates will be automatically renewed through Let’s Encrypt 14 days prior to expiration.

Install certificate

If you don't want to use our automatic Let's Encrypt integration, you can give any other certificate provider a try. You can generate the needed CSR below.

Which domain are you getting a certificate for?

(A multi-domain or wildcard certificate will be automatically applied to any domains it is valid for besides the one you choose above.)

What country are you in? This is required by some TLS certificate providers. You may leave this blank if you know your TLS certificate provider doesn't require it.

Munin Monitoring

Opening munin in a new tab... You may need to allow pop-ups for this site.