SMTP Relays are third-party services that can deliver email on your behalf. They can be useful when, for example, port 25 is blocked, the cloud provider/ISP doesn't provide Reverse DNS, or the IP address has a low reputation, among other situations where deliverablity isn't great.
These services are governed by their own terms and as such limits can be imposed in the usage of those services.
Here, you can configure an authenticated SMTP relay and authorize it's associated servers to send mail for you.
Welcome to your Power Mail-in-a-Box control panel.
The box makes an incremental backup each night. By default the backup is stored on the machine itself, but you can also store it on S3-compatible services like Amazon Web Services (AWS).
The backup location currently contains the backups listed below. The total size of the backups is currently .
When | Type | Size | Deleted in... |
---|
This is an advanced configuration page.
Although your box is configured to serve its own DNS, it is possible to host your DNS elsewhere — such as in the DNS control panel provided by your domain name registrar or virtual cloud provider — by copying the DNS zone information shown in the table below into your external DNS server’s control panel.
If you do so, you are responsible for keeping your DNS entries up to date! If you previously enabled DNSSEC on your domain name by setting a DS record at your registrar, you will likely have to turn it off before changing nameservers.
You may encounter zone file errors when attempting to create a TXT record with a long string.
RFC 4408 states a TXT record is allowed to contain
multiple strings, and this technique can be used to construct records that would exceed the 255-byte maximum length.
You may need to adopt this technique when adding DomainKeys. Use a tool like named-checkzone
to
validate your zone file.
You can download your zonefiles here or use the table of records below.
QName | Type | Value |
---|
This is an advanced configuration page.
It is possible to set custom DNS records on domains hosted here.
You can set additional DNS records, such as if you have a website running on another server, to add DKIM records for external mail providers, or for various confirmation-of-ownership tests.
If your TLD requires you to have two separate nameservers, you can either set up external DNS and ignore the DNS server on this box entirely, or use the DNS server on this box but add a secondary (aka “slave”) nameserver.
If you choose to use a secondary nameserver, you must find a secondary nameserver service provider. Your domain name registrar or virtual cloud provider may provide this service for you. Once you set up the secondary nameserver service, enter the hostname (not the IP address) of their secondary nameserver in the box below.
Use your box’s DNS API to set custom DNS records on domains hosted here. For instance, you can create your own dynamic DNS service.
Usage:
curl -X VERB [-d "value"] --user {email}:{password} https://orlyra.com/admin/dns/custom[/qname[/rtype]]
(Brackets denote an optional argument.)
Verb | Usage |
---|---|
GET | Returns matching custom DNS records as a JSON array of objects. Each object has the keys qname ,
rtype , and value . The optional qname and rtype
parameters in the request URL filter the records returned in the response. The request body
(-d "..." ) must be omitted. |
PUT | Sets a custom DNS record replacing any existing records with the same qname and
rtype . Use PUT (instead of POST) when you only have one value for a qname and
rtype , such as typical A records (without round-robin). |
POST | Adds a new custom DNS record. Use POST when you have multiple TXT records or round-robin
A records. (PUT would delete previously added records.) |
DELETE | Deletes custom DNS records. If the request body (-d "..." ) is empty or omitted, deletes all
records matching the qname and rtype . If the request body is present, deletes only
the record matching the qname , rtype and value. |
Parameter | Value |
---|---|
The email address of any administrative user here. | |
password | That user’s password. |
qname | The fully qualified domain name for the record you are trying to set. It must be one of the domain names or a subdomain of one of the domain names hosted on this box. (Add mail users or aliases to add new domains.) |
rtype | The resource type. Defaults to A if omitted. Possible values: A (an IPv4 address),
AAAA (an IPv6 address), TXT (a text string), CNAME (an alias, which
is a fully qualified domain name — don’t forget the final period), MX ,
SRV , SSHFP , CAA or NS . |
value | For PUT, POST, and DELETE, the record’s value. If the rtype is A or
AAAA and value is empty or omitted, the IPv4 or IPv6 address of the remote host is
used (be sure to use the -4 or -6 options to curl). This is handy for dynamic DNS!
|
Strict SPF and DMARC records will be added to all custom domains unless you override them.
Try these examples. For simplicity the examples omit the --user me@mydomain.com:yourpassword
command
line argument which you must fill in with your email address and password.
# sets laptop.mydomain.com to point to the IP address of the machine you are executing curl on curl -X PUT https://orlyra.com/admin/dns/custom/laptop.mydomain.com # deletes that record and all A records for that domain name curl -X DELETE https://orlyra.com/admin/dns/custom/laptop.mydomain.com # sets a CNAME alias curl -X PUT -d "bar.mydomain.com." https://orlyra.com/admin/dns/custom/foo.mydomain.com/cname # deletes that CNAME and all CNAME records for that domain name curl -X DELETE https://orlyra.com/admin/dns/custom/foo.mydomain.com/cname # adds a TXT record using POST to preserve any previous TXT records curl -X POST -d "some text here" https://orlyra.com/admin/dns/custom/foo.mydomain.com/txt # deletes that one TXT record while preserving other TXT records curl -X DELETE -d "some text here" https://orlyra.com/admin/dns/custom/foo.mydomain.com/txt
You can upload your public key/keychain here. Keys must be submitted in ASCII-armored format.
If you're using gpg
, you can export your public key by following this example:
# Get all the keys in the ring $ gpg --list-keys /home/you/.gnupg/pubring.kbx ---------------------------- pub rsa4096 1970-01-01 [SC] 247C3553B4B36107BA0490C3CAFCCF3B4965761A uid [ full ] Someone That I Used to Know <someone@example.com> sub rsa2048 2020-01-01 [E] [expires: 2069-12-31] pub rsa4096 1970-01-01 [SC] [expires: 2069-12-31] 52661092E5CD9EEFD7796B19E85F540C9318B69F uid [ultimate] Me, Myself and I <me@example.net> sub rsa2048 2020-05-24 [E] [expires: 2069-12-31] # Let's export the key "Me, Myself and I" $ gpg --export --armor 52661092E5CD9EEFD7796B19E85F540C9318B69F -----BEGIN PGP PUBLIC KEY BLOCK----- copy and paste this block in the area below -----END PGP PUBLIC KEY BLOCK-----
WKD (Web Key Directory) is an experimental feature that allows users to authoratively publish their public PGP keys on the web, via HTTPS.
Unlike other solutions (like public keyservers), WKD has the advantage that the owner of the domain has some degree of control over what keys are published and as such there is more certainity that the key actually belongs to it's owner.
As of this version, there is no support for WKS - This may or may not change in the future.
@some.example.com
keys,
you can add a A, AAAA or CNAME record for openpgpkey.some.example.com
. It will override the box's
records.
0.0.0.0
)
Email Address |
---|
Here you can change your account password. The new password is then valid for both this panel and your email.
If you have client emails configured, you'll then need to update the configuration with the new password. See the Mail Guide for more information about this.
When two-factor authentication is enabled, you will be prompted to enter a six digit code from an authenticator app (usually on your phone) when you log into this control panel.
Log in here for your Mail-in-a-Box control panel.
Webmail lets you check your email from any web browser. Your webmail site is:
Your username is your whole email address.
iOS and OS X only: Open this configuration link on your iOS device or on your Mac desktop to easily set up mail (IMAP/SMTP), Contacts, and Calendar. Your username is your whole email address.
Use the following settings when you set up your email on your phone, desktop, or other device:
Option | Value |
---|---|
Protocol/Method | IMAP |
Mail server | orlyra.com |
IMAP Port | 993 |
IMAP Security | SSL or TLS |
SMTP Port | 465 |
SMTP Security | SSL or TLS |
Username: | Your whole email address. |
Password: | Your mail password. |
In addition to setting up your email, you’ll also need to set up contacts and calendar synchronization separately.
As an alternative to IMAP you can also use the POP protocol: choose POP as the protocol, port 995, and SSL or TLS security in your mail client. The SMTP settings and usernames and passwords remain the same. However, we recommend you use IMAP instead.
On iOS devices, devices on this compatibility list, or using Outlook 2007 or later on Windows 7 and later, you may set up your mail as an Exchange or ActiveSync server. However, we’ve found this to be more buggy than using IMAP as described above. If you encounter any problems, please use the manual settings above.
Server | orlyra.com |
---|---|
Options | Secure Connection |
Your device should also provide a contacts list and calendar that syncs to this box when you use this method.
Your box uses a technique called greylisting to cut down on spam. Greylisting works by initially rejecting mail from people you haven’t received mail from before. Legitimate mail servers will attempt redelivery shortly afterwards, but the vast majority of spam gets tricked by this. If you are waiting for an email from someone new, such as if you are registering on a new website and are waiting for an email confirmation, please be aware there will be a minimum of 3 minutes delay, depending how soon the remote server attempts redelivery.
Every incoming email address also receives mail for +tag
addresses. If your email
address is you@yourdomain.com
, you’ll also automatically get mail sent to
you+anythinghere@yourdomain.com
. Use this as a fast way to segment incoming mail
for your own filtering rules without having to create aliases in this control panel.
Your box sets strict email sending policies for your domain names to make it harder for spam and other fraudulent mail to claim to be you. Only this machine is authorized to send email on behalf of your domain names. If you use any other service to send email as you, it will likely get spam filtered by recipients.
Add an email address to this system. This will create a new login username/password.
Email Address | Messages | Size | Used | Quota | Actions |
---|
Use your box’s mail user API to add/change/remove users from the command-line or custom services you build.
Usage:
curl -X VERB [-d "parameters"] --user {email}:{password} https://orlyra.com/admin/mail/users[action]
Brackets denote an optional argument. Please note that the POST body parameters
must be URL-encoded.
The email and password given to the --user
option must be an administrative user on this system.
Verb | Action | |
---|---|---|
GET | (none) | Returns a list of existing mail users. Adding ?format=json to the URL will give JSON-encoded
results. |
POST | /add | Adds a new mail user. Required POST-body parameters are email and password . Optional
parameters: privilege=admin and quota |
POST | /remove | Removes a mail user. Required POST-by parameter is email . |
POST | /privileges/add | Used to make a mail user an admin. Required POST-body parameters are email and
privilege=admin . |
POST | /privileges/remove | Used to remove the admin privilege from a mail user. Required POST-body parameter is email . |
GET | /quota | Get the quota for a mail user. Required POST-body parameters are email and will return JSON result
|
POST | /quota | Set the quota for a mail user. Required POST-body parameters are email and quota . |
Try these examples. For simplicity the examples omit the --user me@mydomain.com:yourpassword
command
line argument which you must fill in with your administrative email address and password.
# Gives a JSON-encoded list of all mail users curl -X GET https://orlyra.com/admin/mail/users?format=json # Adds a new email user curl -X POST -d "email=new_user@mydomail.com" -d "password=s3curE_pa5Sw0rD" https://orlyra.com/admin/mail/users/add # Removes a email user curl -X POST -d "email=new_user@mydomail.com" https://orlyra.com/admin/mail/users/remove # Adds admin privilege to an email user curl -X POST -d "email=new_user@mydomail.com" -d "privilege=admin" https://orlyra.com/admin/mail/users/privileges/add # Removes admin privilege from an email user curl -X POST -d "email=new_user@mydomail.com" https://orlyra.com/admin/mail/users/privileges/remove
Aliases are email forwarders. An alias can forward email to a mail user or to any email address.
To use an alias or any address besides your own login username in outbound mail, the sending user must be included as a permitted sender for the alias.
Alias |
Forwards To | Permitted Senders |
---|
hostmaster@, postmaster@, admin@ and abuse@ email addresses are required on some domains.
Use your box’s mail aliases API to add and remove mail aliases from the command-line or custom services you build.
Usage:
curl -X VERB [-d "parameters"] --user {email}:{password} https://orlyra.com/admin/mail/aliases[action]
Brackets denote an optional argument. Please note that the POST body parameters
must be URL-encoded.
The email and password given to the --user
option must be an administrative user on this system.
Verb | Action | |
---|---|---|
GET | (none) | Returns a list of existing mail aliases. Adding ?format=json to the URL will give JSON-encoded
results. |
POST | /add | Adds a new mail alias. Required POST-body parameters are address and forwards_to .
|
POST | /remove | Removes a mail alias. Required POST-body parameter is address . |
Try these examples. For simplicity the examples omit the --user me@mydomain.com:yourpassword
command
line argument which you must fill in with your email address and password.
# Gives a JSON-encoded list of all mail aliases curl -X GET https://orlyra.com/admin/mail/aliases?format=json # Adds a new alias curl -X POST -d "address=new_alias@mydomail.com" -d "forwards_to=my_email@mydomain.com" https://orlyra.com/admin/mail/aliases/add # Removes an alias curl -X POST -d "address=new_alias@mydomail.com" https://orlyra.com/admin/mail/aliases/remove
This box can hold your contacts and calendar, just like it holds your email.
You can edit your contacts and calendar from your web browser.
For... | Visit this URL |
---|---|
Contacts | https://orlyra.com/cloud/contacts |
Calendar | https://orlyra.com/cloud/calendar |
Log in settings are the same as with mail: your complete email address and your mail password.
If you set up your mail using Exchange/ActiveSync, your contacts and calendar may already appear on your device.
Otherwise, here are some apps that can synchronize your contacts and calendar to your Android phone.
For... | Use... |
---|---|
Contacts and Calendar | DAVx⁵ ($5.99; free here) |
Only Contacts | CardDAV-Sync free (free) |
Only Calendar | CalDAV-Sync ($2.99) |
Use the following settings:
Account Type | CardDAV or CalDAV |
Server Name | orlyra.com |
Use SSL | Yes |
Username | Your complete email address. |
Password | Your mail password. |
This machine is serving a simple, static website at https://orlyra.com and at all domain names that you set up an email user or alias for.
You can replace the default website with your own HTML pages and other static files. This control panel won’t help you design a website, but once you have .html files you can upload them following these instructions:
Site | Directory for Files |
---|
To add a domain to this table, create a dummy mail user or alias on the domain first and see the setup guide for adding nameserver records to the new domain at your registrar (but not glue records).
A TLS (formerly called SSL) certificate is a cryptographic file that proves to anyone connecting to a web address that the connection is secure between you and the owner of that address.
You need a TLS certificate for this box’s hostname (orlyra.com) and every other domain name and subdomain that this box is hosting a website for (see the list below).
Certificates expire after a period of time. All certificates will be automatically renewed through Let’s Encrypt 14 days prior to expiration.
If you don't want to use our automatic Let's Encrypt integration, you can give any other certificate provider a try. You can generate the needed CSR below.
A multi-domain or wildcard certificate will be automatically applied to any domains it is valid for besides the one you choose above.
This is required by some TLS certificate providers. You may just pick any if you know your TLS certificate provider doesn't require it.
Opening munin in a new tab... You may need to allow pop-ups for this site.