3,054
edits
Changes
From SME Server
Jump to navigationJump to search
mLine 385:
Line 385: − <ol>+ − <li>Enable bayes database as described in [[Email#Bayesian_Autolearning | Bayesian Autolearning]]</li>+ − <li>Install smeserver-learn as per wiki page [[Learn]]</li>+ − <li>Instruct your users to move any SPAM they find from their Inbox to their LearnAsSpam folder, and to COPY any non-spam (ham) they find in their junkmail folder into their LearnAsHam folder.</li> − </ol> Line 530:
Line 528: − + Line 544:
Line 542: − + − + − − − + Line 922:
Line 918: − + − mkdir -p /etc/e-smith/templates-custom/var/service/qpsmtpd/config/peers/local+ − cd /etc/e-smith/templates-custom/var/service/qpsmtpd/config/peers/local + − cp /etc/e-smith/templates/var/service/qpsmtpd/config/peers/0/05auth_cvm_unix_local .+ + + − (note the "." at the end of the 3rd line)<br> − Authentication for the local network will now follow the setting of config::qpsmtpd::Authentication − ie do+ − config setprop qpsmtpd Authentication enabled + − ===How do I disable SMTP relay for unauthenticated LAN clients===+ − http://forums.contribs.org/index.php?topic=38797.msg176490#msg176490 − − *Enable smtp authentication as shown above − *Disable un-authenticated smtp relay for the local network(s)using: − − + − + + + + + − + − − - change outgoing smtp port to 465 and select SSL<br> − - enable Authentication against the outgoing mail server − − ===Allow SMTP relay of mail without encryption/authentication=== − − Change the configuration of the system from the default, so that it no longer requires encryption/authentication before allowing relaying of mail. − − Line 1,176:
Line 1,162: − + − /etc/init.d/qmail restart
→LearnAsSpam / LearnAsHam (spam/ham training)
To install:
To install:
* Enable bayes database as described in [[Email#Bayesian_Autolearning | Bayesian Autolearning]] (not the best approach, prefer manual learn by user), or
* Install smeserver-learn as per wiki page [[Learn]](and keep auto-learning off), then
* Instruct your users to move any SPAM they find from their Inbox to their LearnAsSpam folder, and to COPY any non-spam (ham) they find in their junkmail folder into their LearnAsHam folder.
This is a really efficient way to reduce impact of SPAM to your particular installation. Do not fear to run again files that are tagged as SPAM, as they will either get ignored if all their patterns are known, or the Bayes might catch one more pattern that could help you to get ride of the next incoming SPAM to even get accepted.
This is a really efficient way to reduce impact of SPAM to your particular installation. Do not fear to run again files that are tagged as SPAM, as they will either get ignored if all their patterns are known, or the Bayes might catch one more pattern that could help you to get ride of the next incoming SPAM to even get accepted.
config setprop imaps ConcurrencyLimitPerIP 20
config setprop imaps ConcurrencyLimitPerIP 20
signal-event post-upgrade; signal-event reboot
signal-event post-upgrade; signal-event reboot
{{Note box| for sme9, only the key imap has properties ConcurrencyLimitPerIP,checkConcurrencyLimit,ProcessMemoryLimit. If you set these properties to the key imaps, a migrate fragment will remove them automatically}}
{{Note box| for sme9, only the key imap has properties ConcurrencyLimitPerIP,checkConcurrencyLimit,ProcessMemoryLimit. If you set these properties to the key imaps, a migrate fragment will remove them automatically.}}
To see configuration:
To see configuration:
config show imap
config show imap
tcpsvd: info: deny 30693 0:10.1.0.21 ::10.1.0.104:49332 ./peers/10.1.0
tcpsvd: info: deny 30693 0:10.1.0.21 ::10.1.0.104:49332 ./peers/10.1.0
}}
}}
{{Tip box|Mobile devices have a tendency to frequently disconnect and connect from the network. When this disconnect happens, the sessions on the server are not always immediately cleaned up (they get cleaned up after a time out of some minutes). When the email client reconnects, they create new network connections and you get into the situation that these new connections get denied because of the concurrency limit. On the mobile device this may be noted as a "Unable to connect to server" message.
{{Tip box|Mobile devices have a tendency to frequently disconnect and connect from the network. When this disconnect happens, the sessions on the server are not always immediately cleaned up (they get cleaned up after a time out of some minutes). When the email client reconnects, they create new network connections and you get into the situation that these new connections get denied because of the concurrency limit. On the mobile device this may be noted as a "Unable to connect to server" message.}}
}}
{{Tip box|Some email clients use a separate connection per imap folder, so the concurrency limits may occur for users that have many imap folders.}}
{{Tip box|Some email clients use a separate connection per imap folder, so the concurrency limits may occur for users that have many imap folders.
}}
===Mail server is not an IMAP4 mail server===
===Mail server is not an IMAP4 mail server===
This is a bug in Thunderbird, the previous tips may help
This is a bug in Thunderbird, the previous tips may help.
===The Bat===
===The Bat===
This is logged is in /var/log/messages.
This is logged is in /var/log/messages.
===How do I enable smtp authentication for users on the internal network===
===Allow SMTP relay of mail without encryption/authentication===
Change the configuration of the system from the default, so that it no longer requires encryption/authentication before allowing relaying of mail.
* For most case, you really want to allow few specific clients on your LAN or trusted networks, this is done by setting a coma separated list of ip this way (replace IP1, IP2, IP3 by valid ips).
config set qpsmtpd UnauthenticatedRelayClients IP1,IP2,IP3
signal-event email-update
signal-event email-update
* In some case you would have a whole dedicated network with appliances needing to send email without auth, this is done this way
db networks setprop {$network} RelayRequiresAuth disabled
signal-event email-update
signal-event email-update
* In case you needs are not fulfilled because you need to accommodate a list of remote IP or a sub network of a larger trusted network, you can create a custom template. Here for reference the accepted formats:
mkdir -p /etc/e-smith/templates-custom/var/service/qpsmtpd/config/relayclients
mkdir -p /etc/e-smith/templates-custom/var/service/qpsmtpd/config/relayclients
echo "# SMTP Relay from local network denied by custom template" >\
# a subnetwork by only using a prefix of full ip
/etc/e-smith/templates-custom/var/service/qpsmtpd/config/relayclients/80relayFromLocalNetwork
echo "10.10.0.">> /etc/e-smith/templates-custom/var/service/qpsmtpd/config/relayclients/80custom
# an external ip
echo "99.10.1.23" >> /etc/e-smith/templates-custom/var/service/qpsmtpd/config/relayclients/80custom
# an external network you control
echo "164.163.12.1/30" >> /etc/e-smith/templates-custom/var/service/qpsmtpd/config/relayclients/80custom
signal-event email-update
signal-event email-update
*Configure your email clients to use smtps with authentication:<br>
* Disable smtp authentication on all local interfaces as shown in [[Bugzilla: 6522]]
Disable smtp authentication as shown in [[Bugzilla: 6522]]
config setprop qpsmtpd RelayRequiresAuth disabled
config setprop qpsmtpd RelayRequiresAuth disabled
db accounts setprop username EveryoneEmail no
db accounts setprop username EveryoneEmail no
signal-event user-modify
signal-event user-modify username
