859
edits
Changes
From SME Server
Jump to navigationJump to search→How do I enable and configure a disclaimer in email messages
====Spam score Level and Spam score rejection====
====Spam score Level and Spam score rejection====
The "Custom spam rejection level" will only work when "Spam sensitivity" is set to custom.
The "Custom spam rejection level" will only work when "Spam sensitivity" is set to custom.
<ol></li><li>Open server-manager.
<ol><li>Open server-manager.
</li><li>Click e-mail in the navigation pane (left-hand side).
</li><li>Click e-mail in the navigation pane (left-hand side).
</li><li>Click Change e-mail filtering settings.
</li><li>Click Change e-mail filtering settings.
====Learn Contrib====
====Learn Contrib====
The [[Learn]] contrib was intended to install and configure the bayes training tools LearnAsSpam & LarnAsHam but is no longer maintained(?)
The [[Learn]] contrib is intended to install and configure the bayes training tools LearnAsSpam & LarnAsHam.
====Reset the Bayes Database====
====Reset the Bayes Database====
* Preferences, Advanced, Config editor (aka about:config): filter on tls.
* Preferences, Advanced, Config editor (aka about:config): filter on tls.
* set security.enable_tls to false
* set security.enable_tls to false
If the total concurrency limit is reached, it'll look like this in /var/log/dovecot/current:
@400000005a1c2c1f19c9381c master: Warning: service(imap): process_limit (2) reached, client connections are being dropped
@400000005a1c2c291a4712dc imap-login: Error: read(imap) failed: Remote closed connection (destination service { process_limit } reached?)
@400000005a1c2c291a471aac imap-login: Error: read(imap) failed: Remote closed connection (destination service { process_limit } reached?)
For the per IP concurrency limit, it'll be like this:
@400000005a1c2c6214542b94 imap-login: Info: Maximum number of connections from user+IP exceeded (mail_max_userip_connections=2): user=<someone>, method=PLAIN, rip=192.168.x.y, lip=192.168.z.t, TLS, session=<abcdefgh>
@400000005a1c2c6233f1bcb4 imap-login: Info: Maximum number of connections from user+IP exceeded (mail_max_userip_connections=2): user=<someone>, method=PLAIN, rip=192.168.x.y, lip=192.168.z.t, TLS, session=<ijklmnop>
The following commands will give your the current value:
db configuration getprop imap ConcurrencyLimit || echo 400
db configuration getprop imap ConcurrencyLimitPerIP || echo 12
You can also increase the ConcurrencyLimitPerIP and/or ConcurrencyLimit value for imap and/or imaps (secure)
You can also increase the ConcurrencyLimitPerIP and/or ConcurrencyLimit value for imap and/or imaps (secure)
signal-event post-upgrade; signal-event reboot
signal-event post-upgrade; signal-event reboot
{{Note box| for sme9, only the key imap has properties ConcurrencyLimitPerIP,checkConcurrencyLimit,ProcessMemoryLimit. If you set these properties to the key imaps, a migrate fragment will remove them automatically}}
{{Note box| for sme9, only the key imap has properties ConcurrencyLimitPerIP,checkConcurrencyLimit,ProcessMemoryLimit. If you set these properties to the key imaps, a migrate fragment will remove them automatically}}
To see configuration:
config show imap
tail -f /var/log/dovecot/current | tai64nlocal #out of date
tail -f /var/log/imap/current | tai64nlocal
More detail can be found [http://forums.contribs.org/index.php?topic=33124.0 here].
More detail can be found [http://forums.contribs.org/index.php?topic=33124.0 here] or [https://forums.contribs.org/index.php/topic,51872.0 here].
{{Tip box|You can see if you are running out of the number of available connections in your log file /var/log/imaps/current and look for messages like the log extract below where the ConcurrencyLimitPerIP was set to 20. A 21st connection was attempted and was denied.
{{Tip box|You can see if you are running out of the number of available connections in your log file /var/log/imaps/current and look for messages like the log extract below where the ConcurrencyLimitPerIP was set to 20. A 21st connection was attempted and was denied.
-click OK > NEXT > FINISHED
-click OK > NEXT > FINISHED
-you're finished, your email should work now
-you're finished, your email should work now
===Outlook 2013 on Windows 10 gives "An unknown error occurred, error code 0x8004011c" when attempting an IMAP connection for a DOMAIN user===
This is a known issue with the above combination of Windows and Outlook version as of 2015-02-18 (see: [http://bugs.contribs.org/show_bug.cgi?id=9618 Bug 9618]).
The following registry key resolves the issue:
To work around this problem, set the value of the ProtectionPolicy registry entry to 1 to enable local backup of the MasterKey instead of requiring a RWDC in the following registry subkey:
[HKEY_LOCAL_MACHINE\Software\Microsoft\Cryptography\Protect\Providers\df9d8cd0-1501-11d1-8c7a-00c04fc297eb]
"ProtectionPolicy"=dword:00000001
The PortectionPolicy entry may need to be created
===Outlook 2013 on Windows 8.1 gives error 0x800CCC1A when sending over SMTP port 465===
===Outlook 2013 on Windows 8.1 gives error 0x800CCC1A when sending over SMTP port 465===
This may be for legal, or other reasons.
This may be for legal, or other reasons.
The following instructions will create a new user account (maillog) and forward every email that goes through your SME server to it.
The following instructions will create a new user account (default is maillog) and forward every email that goes through your SME server to it.
First, log onto the server-manager and create the user '''maillog'''
First, log onto the server-manager and create the user '''maillog'''
If you want to view the emails, point your email client at the SME and log on as maillog.
If you want to view the emails, point your email client at the SME and log on as maillog.
You can modify the default user:
config setprop qpsmtpd BccUser someuser
====Keep a copy of outgoing emails only====
====Keep a copy of outgoing emails only====
More info:
More info:
perldoc /usr/share/qpsmtpd/plugins/bcc
perldoc /usr/share/qpsmtpd/plugins/bcc
===Set Helo hostname===
===Set Helo hostname===
Be aware that ''email size'' is not the same thing as ''attachment size''. Binary attachments to email are encoded using techniques that result in email sizes that can be as much as 30% larger than the original attachment. Most major email clients (Thunderbird, Apple Mail, Outlook) allow you to enable a "message size" column in the message list that will show you the size of your email messages ([http://forums.contribs.org/index.php/topic,48366.msg241720.html#msg241720 More]).
Be aware that ''email size'' is not the same thing as ''attachment size''. Binary attachments to email are encoded using techniques that result in email sizes that can be as much as 30% larger than the original attachment. Most major email clients (Thunderbird, Apple Mail, Outlook) allow you to enable a "message size" column in the message list that will show you the size of your email messages ([http://forums.contribs.org/index.php/topic,48366.msg241720.html#msg241720 More]).
{| width="100%" border="1" cellpadding="5" cellspacing="0"
{| width="100%" cellspacing="0" cellpadding="5" border="1"
! Subsystem
! Subsystem
! Function
! Function
eg a disclaimer is added to internal to external messages but not internal to internal messages.
eg a disclaimer is added to internal to external messages but not internal to internal messages.
To disable the disclaimer function for all domains on your sme server
To disable the disclaimer function for all domains on your sme server
This behaviour is only available as per e-smith-qmail-2.4.0-7.sme see bug #9540
This behaviour is only available as per e-smith-qmail-2.4.0-7.sme see bug #9540
=== Change the number of logs retained for qpsmtpd and/or sqpsmtpd ===
The normal retention is 5 logs for both qpsmptd and sqpsmtpd. This may or may not fit all installations. This information is pulled from bugzilla.
Check your config to see if any change has been made to the default log retention rules. Note there are different rules for qpsmtpd and sqpsmtpd. You have to make changes to both as you require.
config show qpsmtpd
If the KeepLogFiles property isn't listed, the default rules apply. Determine how many logs you would like to keep and apply that to the following example. In the command below, 15 is used to keep 15 qpsmtpd logs.
db configuration setprop qpsmtpd KeepLogFiles 15
Restart multilog with the following.
sv t /service/qpsmtpd/log
Check that your setting saved.
ps aux | grep qpsmtpd | grep multi
Look for the line that ends with /var/log/qpsmtpd and verify the number after n equals your KeepLogFiles property from above.
==DKIM Setup - qpsmtpd version<0.96==
==DKIM Setup - qpsmtpd version<0.96==
Incoming DKIM checking is also enabled out of the box.
Incoming DKIM checking is also enabled out of the box.
In case you got a problem using the DKIM field provided with your DNS provider /registrar, please first contact them to ensure the problem is not how you try to enter the information. In the likelihood, you got "invalid field" or "too long field" errors and your provider is not able to help you or update its interface, you can generate a shorter DKIM key (with 1024 instead of the default 2048) this way:
cd /home/e-smith/dkim_keys/default
mv private private.long
mv public public.long
openssl genrsa -out private 1024
openssl rsa -in private -pubout -out public
chown qpsmtpd:qpsmtpd private
chown root:qpsmtpd public
chmod 0400 private
signal-event email-update
qpsmtpd-print-dns
=== Outbound DKIM signing / SPF / DMARC policy FOR MULTIPLE DOMAINS ===
The default DKIM key is created in /home/e-smith/dkim_keys/default. To enable DKIM signing for all the domains that you manage:
db configuration setprop qpsmtpd DKIMSigning enabled
signal-event email-update
If you want to disable dkim signing for a domain, you can use:
db domains setprop domain.com DKIMSigning disabled
signal-event email-update
The default behavior is to use the same key pair for all your domains. But you can create other key pairs for specific domain if you want. For example, if you want to use a specific key pair for the domain.net domain:
cd /home/e-smith/dkim_keys
mkdir domain.net
cd domain.net
echo default > selector
openssl genrsa -out private 2048
openssl rsa -in private -out public -pubout
chown qpsmtpd:qpsmtpd private
chmod 400 private
signal-event email-update
Now, the emails using a domain.net sender address will be signed by this new key instead of the default one.
==Domain Keys==
==Domain Keys==
The default configuration of each plugin is indicated in the 'Default Status' column.
The default configuration of each plugin is indicated in the 'Default Status' column.
{| width="100%" border="1" cellpadding="5" cellspacing="0"
{| width="100%" cellspacing="0" cellpadding="5" border="1"
!Plugin
!Plugin
!Purpose
!Purpose
On the other hand, if no '';t=y'' is included, then it means you are intending to use DKIM in production mode. It might be a good idea to publish the DKIM DNS record first in testing mode ('';t=y'' included), check how things go and if everything is alright, remove the '';t=y'' part.
On the other hand, if no '';t=y'' is included, then it means you are intending to use DKIM in production mode. It might be a good idea to publish the DKIM DNS record first in testing mode ('';t=y'' included), check how things go and if everything is alright, remove the '';t=y'' part.
==== Testing ====
You can install spfquery:
yum --enablerepo=epel install libspf2 libspf2-progs
Usage (try -help for help):
spfquery -ip=11.22.33.44 -sender=user@aol.com -helo=spammer.tld
Check record via dig
dig -t TXT +short somedomain.co.uk
==== Load ====
==== Load ====
===Other QPSMTPD Plugins===
===Other QPSMTPD Plugins===
The following qpsmtpd plugins will work on a SME server, but are either not included or are not configured by default.
The following qpsmtpd plugins will work on a SME server, but are either not included or are not configured by default.
{| width="100%" border="1" cellpadding="5" cellspacing="0"
{| width="100%" cellspacing="0" cellpadding="5" border="1"
!Plugin
!Plugin
!Purpose
!Purpose
* The sender's server resends the mail at a later date.
* The sender's server resends the mail at a later date.
''The requirement to re-queue is a fundamental part of the SMTP protocol -
''The requirement to re-queue is a fundamental part of the SMTP protocol - ''
it is not optional. So, if your server is '''offline''' due to a link or ISP
it is not optional. So, if your server is '''offline''' due to a link or ISP
outage, '''the mail just stays at the sender's server until you are once
outage, '''the mail just stays at the sender's server until you are once '''
again reachable'''.
again reachable'''.'''
===='''With''' a backup MX====
===='''With''' a backup MX====
Whether this issue is really a problem to end users, depends on how much you "value" your mail. For a home user having their own mail server, it is probably not a great problem if some messages should happen to go astray, but for all other classes of users, you should really avoid running a mail server on a dynamic IP, without implementing a suitable queueing workaround as suggested. Some ISPs change the IP very infrequently eg yearly, so in those cases it is also not a significant problem. Many/most ISP's will issue a new IP every time a connection is lost & re-established, so these situations are more problematic.
Whether this issue is really a problem to end users, depends on how much you "value" your mail. For a home user having their own mail server, it is probably not a great problem if some messages should happen to go astray, but for all other classes of users, you should really avoid running a mail server on a dynamic IP, without implementing a suitable queueing workaround as suggested. Some ISPs change the IP very infrequently eg yearly, so in those cases it is also not a significant problem. Many/most ISP's will issue a new IP every time a connection is lost & re-established, so these situations are more problematic.
<noinclude>
[[Category:Mail]]
<noinclude>[[Category:Mail]][[Category:Howto]]</noinclude>
[[Category:Howto]]
</noinclude>
