Difference between revisions of "Email"
(Added - allow pop3 external access howto) |
(merge some FAQ entries) |
||
| Line 93: | Line 93: | ||
see a longer explaination [[Email_delete_double-bounce_messages | here]] | see a longer explaination [[Email_delete_double-bounce_messages | here]] | ||
| + | |||
| + | ====POP3 & webmail HTTP==== | ||
| + | I want to set my SMESERVER to allow POP3 (or webmail HTTP) but it's not an option, I only see POP3S (or webmail HTTPS). | ||
| + | |||
| + | The SMESERVER is secure by design. POP3 (or webmail HTTP) is viewed as inadequate security and removed as an option from a standard installation to encourage unknowing administrators to select the 'best practice' option -a secure connection with POP3S, IMAPS, or HTTPS. | ||
| + | |||
| + | You can still set your SMESERVER to allow POP3 settings by: | ||
| + | config setprop pop3 access public | ||
| + | signal-event email-update | ||
| + | |||
| + | ====Real-time Blackhole List (RBL)==== | ||
| + | Enabling RBL's <br> | ||
| + | RBL's are disabled by default to allow maximum accommodation (your ISP may be on a RBL & you may not know it). You can enable RBL's by: | ||
| + | config setprop qpsmtpd DNSBL enabled RHSBL enabled | ||
| + | signal-event email-update | ||
| + | |||
| + | |||
| + | ====Spam Filters==== | ||
| + | I seem to get more spam from a SERVER-ONLY box compared to a SERVER-GATEWAY box. | ||
| + | |||
| + | Some of the spam filter rules cannot work unless the SMESERVER knows the external IP of the box. If you put a SMESERVER in server-only mode behind other firewalls, it will lose some of the anti-spam rules. For example, the rule that blocks attempts where spammers try "HELO a.b.c.d" where a.b.c.d is your external IP address. | ||
| + | |||
| + | Unfortunately, many admins believe that port-forwarding SMTP provides additional security. It doesn't, it limits the SMESERVER's ability to apply some rules. | ||
<noinclude>[[Category:Howto]]</noinclude> | <noinclude>[[Category:Howto]]</noinclude> | ||
Revision as of 04:08, 21 June 2007
Change email settings.
Allow external pop3 access
Email settings > POP3 server access in SME 7.1 server-manager allows only pop3s protocol for clients outside the LAN. Some email clients (eg The Bat! v3.98.4) won't allow pop3s connections to SME 7.1 because of ssl version conflict. Until this is sorted out, a workaround is to hack SME to allow regular pop3 on the external interface using the following commands.
config setprop pop3 access public signal-event email-update svc -t /service/pop3s
more information here
"concurrency limit reached" when using IMAP
Sometime shows as Thunderbird giving this error message, This Mail-server is not a imap4 mail-server
To workaround thunderbirds limitations change, this thunderbird setting to false
- Preferences, Advanced, Config editor (aka about:config): filter on tls.
- set security.enable_tls to false
You can also increase the ConcurrencyLimitPerIP and/or ConcurrencyLimit value for imap and/or imaps (secure)
config setprop imap ConcurrencyLimitPerIP 20 config setprop imaps ConcurrencyLimitPerIP 20 signal-event post-upgrade; signal-event reboot
check
config show imap tail -f /var/log/imap/current | tai64nlocal
More detail can be found here.
Spamassassin
Set spamassassin for automatically delete junkmail. You can change the "days" that spamassassin sets to automatically delete junkmail, to delete after two months
db configuration setprop spamassassin MessageRetentionTime 60 signal-event email-update
Keep a copy of all emails
You may need to keep a copy of all emails sent to or from your email server. This may be for legal, or other reasons.
The following instructions will create a new user account (maillog) and forward every email that goes through your SME server to it.
First, log onto the server-manager and create the user maillog
Go to the SME Command Line (logon as root) and issue the following commands:
config setprop qpsmtpd Bcc enabled signal-event email-update
Optionally make the forwarding of the emails invisible to the end user. Without it, there will be an X-Copied-To: header in each email. Run this command before the signal-event
config setprop qpsmtpd BccMode bcc
If you want to view the emails, point your email client at the SME and log on as maillog.
Allow external IMAP mail access
There was a deliberate decision to remove non-SSL protected username/password services from the external interface.
to allow unsecure IMAP access
config setprop imap access public signal-event email-update
But before you do this try to use secure IMAP
fixme: explain how
Set max email size
Restrict the size of email messages that can pass through your mail server
config setprop qmail MaxMessageSize x signal-event email-update
where x is in bytes, eg 6000000 = 6 MB
add the admin user as an administrator for Horde
config setprop horde Administration enabled signal-event email-update
delete double bounce
To stop getting double bounce messages
config setprop qmail DoubleBounceTo devnull signal-event email-update
see a longer explaination here
POP3 & webmail HTTP
I want to set my SMESERVER to allow POP3 (or webmail HTTP) but it's not an option, I only see POP3S (or webmail HTTPS).
The SMESERVER is secure by design. POP3 (or webmail HTTP) is viewed as inadequate security and removed as an option from a standard installation to encourage unknowing administrators to select the 'best practice' option -a secure connection with POP3S, IMAPS, or HTTPS.
You can still set your SMESERVER to allow POP3 settings by:
config setprop pop3 access public signal-event email-update
Real-time Blackhole List (RBL)
Enabling RBL's
RBL's are disabled by default to allow maximum accommodation (your ISP may be on a RBL & you may not know it). You can enable RBL's by:
config setprop qpsmtpd DNSBL enabled RHSBL enabled signal-event email-update
Spam Filters
I seem to get more spam from a SERVER-ONLY box compared to a SERVER-GATEWAY box.
Some of the spam filter rules cannot work unless the SMESERVER knows the external IP of the box. If you put a SMESERVER in server-only mode behind other firewalls, it will lose some of the anti-spam rules. For example, the rule that blocks attempts where spammers try "HELO a.b.c.d" where a.b.c.d is your external IP address.
Unfortunately, many admins believe that port-forwarding SMTP provides additional security. It doesn't, it limits the SMESERVER's ability to apply some rules.
