This is the home documentation for “Homebox”, a set of Ansible scripts to deploy a fully functional and secure mail server at home or online.

The source code is on GitHub.

This project is for you if:

  • You are interested to host your emails yourself, for privacy, security or any other reason.
  • You want your server to be secure against both physical and remote intrusion.
  • You want a low maintanance box that keep itself updated automatically.
  • You prefer security and stability over latest features.
  • You trust the Debian community to push security updates.


  • You should be able to upgrade anything installed via the apt command. No git clone / wget / curl here, ever.
  • If you are using your own hardware, the disk can be fully encrypted using LUKS. Nobody will be able to steal your hardware and your information.
  • AppArmor is activated on the first boot, and all the services are configured to support it. This makes your server very safe against remote intrusion, even when using 0-day vulnerabilities.
  • You can set up multiple backup destination, local and remote, all encrypted.
  • A lot of default choices made towards simplicity, KISS principle, and safety.
  • Attention to details, keep focused on the nitty-gritty features of self hosting, like full IPv6 support and DNSSEC.

Main components

  • Operating System: Debian Bullseye
  • Authentication: OpenLDAP
  • DNS: PowerDNS
  • Firewall: nftables
  • Mail transfer agent: Postfix
  • Mail delivery agent: Dovecot
  • Antispam: RSpamd
  • Antivirus: ClamAV
  • Groupware: SOGo
  • Jabber: ejabberd

Other projects to mention

If you are interested in self-hosting, you will find a lot of interesting projects on the internet, for instance:

  • Sovereign: A different target, but a similar deployment approach using Ansible.
  • yunohost: Contains a lot of plugins and features, not all of them are stable, but it is worth testing.
  • mailinabox, more oriented towards online hosting, but very good as well.
  • and many others…

All have plenty of features, but maybe a different approach to self-hosting, though.