Difference between revisions of "Email"

From SME Server
Jump to navigationJump to search
m (Email top heading)
m (Reverting Back)
Line 1: Line 1:
==Email==
+
====Spam====
===Spam===
+
=====Spamassassin=====
====Spamassassin====
 
 
Set spamassassin for automatically delete junkmail.
 
Set spamassassin for automatically delete junkmail.
 
You can change the "days" that spamassassin sets to automatically delete junkmail, to delete after two months  
 
You can change the "days" that spamassassin sets to automatically delete junkmail, to delete after two months  
Line 17: Line 16:
 
This happens because by default, no mail (except for viruses) gets rejected without the admin doing something first.
 
This happens because by default, no mail (except for viruses) gets rejected without the admin doing something first.
  
====Real-time Blackhole List (RBL)====
+
=====Real-time Blackhole List (RBL)=====
 
Enabling RBL's <br>
 
Enabling RBL's <br>
 
RBL's are disabled by default to allow maximum accommodation (your ISP may be on a RBL & you may not know it). You can enable RBL's by:
 
RBL's are disabled by default to allow maximum accommodation (your ISP may be on a RBL & you may not know it). You can enable RBL's by:
Line 34: Line 33:
 
  signal-event email-update
 
  signal-event email-update
  
====Server Only====
+
=====Server Only=====
 
Some of the spam filter rules cannot work unless the SMESERVER knows the external IP of the box. If you put a SMESERVER in server-only mode behind other firewalls, it will lose some of the anti-spam rules.  For example, the rule that blocks attempts where spammers try "HELO a.b.c.d" where a.b.c.d is your external IP address.
 
Some of the spam filter rules cannot work unless the SMESERVER knows the external IP of the box. If you put a SMESERVER in server-only mode behind other firewalls, it will lose some of the anti-spam rules.  For example, the rule that blocks attempts where spammers try "HELO a.b.c.d" where a.b.c.d is your external IP address.
  
Line 40: Line 39:
  
  
====I want to enable GreyListing====
+
=====I want to enable GreyListing=====
 
GreyListing support is under the covers and can easily be enabled for those who know what they are doing. However, many experienced users found that they spent more time looking after the greylisting configuration than they received in benefit.
 
GreyListing support is under the covers and can easily be enabled for those who know what they are doing. However, many experienced users found that they spent more time looking after the greylisting configuration than they received in benefit.
  
===Email Clients===
+
====Email Clients====
===="concurrency limit reached" when using IMAP====
+
====="concurrency limit reached" when using IMAP=====
 
Sometime shows as Thunderbird giving this error message,
 
Sometime shows as Thunderbird giving this error message,
 
''This Mail-server is not a imap4 mail-server''
 
''This Mail-server is not a imap4 mail-server''
Line 63: Line 62:
 
More detail can be found  [http://forums.contribs.org/index.php?topic=33124.0 here].
 
More detail can be found  [http://forums.contribs.org/index.php?topic=33124.0 here].
  
====Mail server is not an IMAP4 mail server====
+
=====Mail server is not an IMAP4 mail server=====
 
This is a bug in Thunderbird, the previous tips may help
 
This is a bug in Thunderbird, the previous tips may help
  
====The Bat====
+
=====The Bat=====
 
The gives this error message, but they are wrong.<br>
 
The gives this error message, but they are wrong.<br>
 
"This server uses TLS v3.0 which is considered to be obsolete and insecure.  
 
"This server uses TLS v3.0 which is considered to be obsolete and insecure.  
Line 72: Line 71:
  
  
====Outlook/Outlook Express give error 10060/0x800CCC90====
+
=====Outlook/Outlook Express give error 10060/0x800CCC90=====
 
Most likely OUTLOOK (EXPRESS) isn't configured correctly.
 
Most likely OUTLOOK (EXPRESS) isn't configured correctly.
 
   
 
   
Line 92: Line 91:
 
  -you're finished, your email should work now
 
  -you're finished, your email should work now
  
====Outlook test message doesn't come through====
+
=====Outlook test message doesn't come through=====
 
You clicked the TEST ACCOUNT SETTINGS in OUTLOOK didn't you? This is a bug in OUTLOOK. The test message sends a test email with 'no Date header'. As the name suggests, this means a message without any date. Since the server doesn't accept mail with 'no Date header' (because it's required) the message is rejected. To test, send an actual message from OUTLOOK.
 
You clicked the TEST ACCOUNT SETTINGS in OUTLOOK didn't you? This is a bug in OUTLOOK. The test message sends a test email with 'no Date header'. As the name suggests, this means a message without any date. Since the server doesn't accept mail with 'no Date header' (because it's required) the message is rejected. To test, send an actual message from OUTLOOK.
  
 
If you want, you can try THUNDERBIRD. It's like OUTLOOK but made by a different company. It's completely free and works very well at home and at the office.
 
If you want, you can try THUNDERBIRD. It's like OUTLOOK but made by a different company. It's completely free and works very well at home and at the office.
  
====I can't receive/send email from my application (ACT!, vTiger, MS Outlook, etc)====
+
=====I can't receive/send email from my application (ACT!, vTiger, MS Outlook, etc)=====
 
Most likely, this is a bug the application you're using and not a problem with the SMESERVER. The application sends an email with 'no Date header'. As the name suggests, this means a message without any date. Since the server doesn't accept mail with 'no Date header' (because it's required) the message is rejected.  
 
Most likely, this is a bug the application you're using and not a problem with the SMESERVER. The application sends an email with 'no Date header'. As the name suggests, this means a message without any date. Since the server doesn't accept mail with 'no Date header' (because it's required) the message is rejected.  
  
Line 115: Line 114:
 
  signal-event email-update
 
  signal-event email-update
  
====After I upgrade my SMESERVER, my email folders have disappeared when using IMAP====
+
=====After I upgrade my SMESERVER, my email folders have disappeared when using IMAP=====
 
After upgrade, if there are missing IMAP folders, the client may need to re-subscribe to folders.
 
After upgrade, if there are missing IMAP folders, the client may need to re-subscribe to folders.
  
===Server Settings===
+
====Server Settings====
====Delete double bounce====
+
=====Delete double bounce=====
 
To stop getting double bounce messages
 
To stop getting double bounce messages
  
Line 127: Line 126:
 
see a longer explaination [[Email_delete_double-bounce_messages | here]]
 
see a longer explaination [[Email_delete_double-bounce_messages | here]]
  
====Keep a copy of all emails====
+
=====Keep a copy of all emails=====
 
You may need to keep a copy of all emails sent to or from your email server.
 
You may need to keep a copy of all emails sent to or from your email server.
 
This may be for legal, or other reasons.
 
This may be for legal, or other reasons.
Line 146: Line 145:
 
If you want to view the emails, point your email client at the SME and log on as maillog.
 
If you want to view the emails, point your email client at the SME and log on as maillog.
  
====Set max email size====
+
=====Set max email size=====
 
Restrict the size of email messages that can pass through your mail server
 
Restrict the size of email messages that can pass through your mail server
 
  config setprop qmail MaxMessageSize x
 
  config setprop qmail MaxMessageSize x
Line 153: Line 152:
 
where x is in bytes, eg 6000000 = 6 MB
 
where x is in bytes, eg 6000000 = 6 MB
  
====add the admin user as an administrator for Horde====
+
=====add the admin user as an administrator for Horde=====
  
 
  config setprop horde Administration enabled  
 
  config setprop horde Administration enabled  
 
  signal-event email-update
 
  signal-event email-update
  
====Disable mail to a user from an external network====
+
=====Disable mail to a user from an external network=====
 
Can be either a user, pseudonym or group
 
Can be either a user, pseudonym or group
 
  db accounts setprop groupname/username Visible internal
 
  db accounts setprop groupname/username Visible internal
 
  signal-event email-update
 
  signal-event email-update
  
====I can't receive mail at: user@mail.domain.tld====
+
=====I can't receive mail at: user@mail.domain.tld=====
 
Add mail.domain.tld as a virtualdomain.
 
Add mail.domain.tld as a virtualdomain.
 
  -login to SERVER-MANAGER
 
  -login to SERVER-MANAGER
Line 171: Line 170:
  
  
====How do I find out who is logged into webmail and what IP number.====
+
=====How do I find out who is logged into webmail and what IP number.=====
 
This is logged is in /var/log/messages.
 
This is logged is in /var/log/messages.
  
===External Access===
+
====External Access====
====Allow external IMAP mail access====
+
=====Allow external IMAP mail access=====
 
There was a deliberate decision to remove non-SSL protected username/password
 
There was a deliberate decision to remove non-SSL protected username/password
 
services from the external interface.
 
services from the external interface.
Line 187: Line 186:
 
fixme: explain how
 
fixme: explain how
  
====POP3 & webmail HTTP====
+
=====POP3 & webmail HTTP=====
 
I want to set my SMESERVER to allow POP3 (or webmail HTTP) but it's not an option, I only see POP3S (or webmail HTTPS).
 
I want to set my SMESERVER to allow POP3 (or webmail HTTP) but it's not an option, I only see POP3S (or webmail HTTPS).
  
Line 196: Line 195:
 
  signal-event email-update
 
  signal-event email-update
  
====Allow external pop3 access====
+
=====Allow external pop3 access=====
  
 
Email settings > POP3 server access in SME 7.1 server-manager allows only pop3s protocol for clients outside the LAN.  Some email clients (eg The Bat! v3.98.4) won't allow pop3s connections to SME 7.1 because of ssl version conflict.  Until this is sorted out, a workaround is to hack SME to allow regular pop3 on the external interface using the following commands.  
 
Email settings > POP3 server access in SME 7.1 server-manager allows only pop3s protocol for clients outside the LAN.  Some email clients (eg The Bat! v3.98.4) won't allow pop3s connections to SME 7.1 because of ssl version conflict.  Until this is sorted out, a workaround is to hack SME to allow regular pop3 on the external interface using the following commands.  
Line 206: Line 205:
 
more information [[bugzilla:2620]]
 
more information [[bugzilla:2620]]
  
===Imap===
+
====Imap====
====Folders with a dot in name====
+
=====Folders with a dot in name=====
 
Email folder names that have a period ('.') in the folder name, will be split into sub-folders.
 
Email folder names that have a period ('.') in the folder name, will be split into sub-folders.
 
e.g. folder name 'www.contribs.org' is created as
 
e.g. folder name 'www.contribs.org' is created as

Revision as of 15:10, 11 July 2007

Spam

Spamassassin

Set spamassassin for automatically delete junkmail. You can change the "days" that spamassassin sets to automatically delete junkmail, to delete after two months

db configuration setprop spamassassin MessageRetentionTime 60  
signal-event email-update 


The "Custom spam rejection level" will only work when "Spam sensitivity" is set to CUSTOM.

-go to SERVER-MANAGER
-click EMAIL (on left-hand side)
-click CHANGE EMAIL FILTERING SETTINGS
-change "Spam sensitivity" to CUSTOM

This happens because by default, no mail (except for viruses) gets rejected without the admin doing something first.

Real-time Blackhole List (RBL)

Enabling RBL's
RBL's are disabled by default to allow maximum accommodation (your ISP may be on a RBL & you may not know it). You can enable RBL's by:

config setprop qpsmtpd DNSBL enabled RHSBL enabled
signal-event email-update

You can see your RBL's by:

config show qpsmtpd

You can add to your RBL's by:

config setprop qpsmtpd RBLList <rbl-list-name>
signal-event email-update

Many will argue what's best but most would agree that you can set best-practice recommended settings by:

config setprop qpsmtpd RBLList sbl-xbl.spamhaus.org:whois.rfc-ignorant.org:dnsbl.njabl.org
signal-event email-update
Server Only

Some of the spam filter rules cannot work unless the SMESERVER knows the external IP of the box. If you put a SMESERVER in server-only mode behind other firewalls, it will lose some of the anti-spam rules. For example, the rule that blocks attempts where spammers try "HELO a.b.c.d" where a.b.c.d is your external IP address.

Unfortunately, many admins believe that port-forwarding SMTP provides additional security. It doesn't, it limits the SMESERVER's ability to apply some rules.


I want to enable GreyListing

GreyListing support is under the covers and can easily be enabled for those who know what they are doing. However, many experienced users found that they spent more time looking after the greylisting configuration than they received in benefit.

Email Clients

"concurrency limit reached" when using IMAP

Sometime shows as Thunderbird giving this error message, This Mail-server is not a imap4 mail-server

To workaround thunderbirds limitations change, this thunderbird setting to false

  • Preferences, Advanced, Config editor (aka about:config): filter on tls.
  • set security.enable_tls to false

You can also increase the ConcurrencyLimitPerIP and/or ConcurrencyLimit value for imap and/or imaps (secure)

config setprop imap ConcurrencyLimitPerIP 20
config setprop imaps ConcurrencyLimitPerIP 20
signal-event post-upgrade; signal-event reboot

check

config show imap
tail -f /var/log/imap/current | tai64nlocal

More detail can be found here.

Mail server is not an IMAP4 mail server

This is a bug in Thunderbird, the previous tips may help

The Bat

The gives this error message, but they are wrong.
"This server uses TLS v3.0 which is considered to be obsolete and insecure. The server must use TLS v3.1 or above."


Outlook/Outlook Express give error 10060/0x800CCC90

Most likely OUTLOOK (EXPRESS) isn't configured correctly.

-open OUTLOOK
-click TOOLS > ACCOUNTS
-click CHANGE (on the right-hand side)
-find INCOMING MAIL SERVER & OUTGOING MAIL SERVER (on right-hand side)
-type: mail.yourdomain.tld (in both places)
-click MORE SETTINGS (on bottom-right)
-click OUTGOING SERVER tab (at the top)
-checkmark "MY OUTGOING SERVER REQUIRES AUTHENTICATION"
-bullet "USE SAME SETTINGS AS INCOMING MAIL SERVER"
-click ADVANCED tab (at the top)
-find OUTGOING SERVER
-checkmark "THIS SERVER REQUIRES A SECURE CONNECTION" (under outgoing server)
-change 25 to 465
-[possibly required, secure IMAP is 993]
-click OK > NEXT > FINISHED
-you're finished, your email should work now
Outlook test message doesn't come through

You clicked the TEST ACCOUNT SETTINGS in OUTLOOK didn't you? This is a bug in OUTLOOK. The test message sends a test email with 'no Date header'. As the name suggests, this means a message without any date. Since the server doesn't accept mail with 'no Date header' (because it's required) the message is rejected. To test, send an actual message from OUTLOOK.

If you want, you can try THUNDERBIRD. It's like OUTLOOK but made by a different company. It's completely free and works very well at home and at the office.

I can't receive/send email from my application (ACT!, vTiger, MS Outlook, etc)

Most likely, this is a bug the application you're using and not a problem with the SMESERVER. The application sends an email with 'no Date header'. As the name suggests, this means a message without any date. Since the server doesn't accept mail with 'no Date header' (because it's required) the message is rejected.

As a workaround you can disable the check for the 'Date header'. To disable this check on the internal interface:

mkdir -p /etc/e-smith/templates-custom/var/service/qpsmtpd/config/peers/local
cd /etc/e-smith/templates-custom/var/service/qpsmtpd/config/peers/local
echo "# 17check_basicheaders disabled by custom template" > \
17check_basicheaders
signal-event email-update

To disable this check for the external interface:

mkdir -p /etc/e-smith/templates-custom/var/service/qpsmtpd/config/peers/0
cd /etc/e-smith/templates-custom/var/service/qpsmtpd/config/peers/0
echo "# 17check_basicheaders disabled by custom template" > \
17check_basicheaders
signal-event email-update
After I upgrade my SMESERVER, my email folders have disappeared when using IMAP

After upgrade, if there are missing IMAP folders, the client may need to re-subscribe to folders.

Server Settings

Delete double bounce

To stop getting double bounce messages

config setprop qmail DoubleBounceTo devnull
signal-event email-update

see a longer explaination here

Keep a copy of all emails

You may need to keep a copy of all emails sent to or from your email server. This may be for legal, or other reasons.

The following instructions will create a new user account (maillog) and forward every email that goes through your SME server to it.

First, log onto the server-manager and create the user maillog

Go to the SME Command Line (logon as root) and issue the following commands:

config setprop qpsmtpd Bcc enabled
signal-event email-update

Optionally make the forwarding of the emails invisible to the end user. Without it, there will be an X-Copied-To: header in each email. Run this command before the signal-event

config setprop qpsmtpd BccMode bcc

If you want to view the emails, point your email client at the SME and log on as maillog.

Set max email size

Restrict the size of email messages that can pass through your mail server

config setprop qmail MaxMessageSize x
signal-event email-update

where x is in bytes, eg 6000000 = 6 MB

add the admin user as an administrator for Horde
config setprop horde Administration enabled 
signal-event email-update
Disable mail to a user from an external network

Can be either a user, pseudonym or group

db accounts setprop groupname/username Visible internal
signal-event email-update
I can't receive mail at: user@mail.domain.tld

Add mail.domain.tld as a virtualdomain.

-login to SERVER-MANAGER
-click DOMAINS (on the left)
-click ADD
-type: mail.domain.tld


How do I find out who is logged into webmail and what IP number.

This is logged is in /var/log/messages.

External Access

Allow external IMAP mail access

There was a deliberate decision to remove non-SSL protected username/password services from the external interface.

to allow unsecure IMAP access

config setprop imap access public
signal-event email-update

But before you do this try to use secure IMAP
fixme: explain how

POP3 & webmail HTTP

I want to set my SMESERVER to allow POP3 (or webmail HTTP) but it's not an option, I only see POP3S (or webmail HTTPS).

The SMESERVER is secure by design. POP3 (or webmail HTTP) is viewed as inadequate security and removed as an option from a standard installation to encourage unknowing administrators to select the 'best practice' option -a secure connection with POP3S, IMAPS, or HTTPS.

You can still set your SMESERVER to allow POP3 settings by:

config setprop pop3 access public
signal-event email-update
Allow external pop3 access

Email settings > POP3 server access in SME 7.1 server-manager allows only pop3s protocol for clients outside the LAN. Some email clients (eg The Bat! v3.98.4) won't allow pop3s connections to SME 7.1 because of ssl version conflict. Until this is sorted out, a workaround is to hack SME to allow regular pop3 on the external interface using the following commands.

config setprop pop3 access public
signal-event email-update
svc -t /service/pop3s  

more information bugzilla:2620

Imap

Folders with a dot in name

Email folder names that have a period ('.') in the folder name, will be split into sub-folders. e.g. folder name 'www.contribs.org' is created as

www
  contribs
        org