Difference between revisions of "Email Server"
(→To Migrate the Server) |
(→Full List of Config files) |
||
Line 132: | Line 132: | ||
* /etc/pam.d/imap /etc/pam.d/pop3 /etc/pam.d/smtp with suffix | * /etc/pam.d/imap /etc/pam.d/pop3 /etc/pam.d/smtp with suffix | ||
* /etc/defaults/saslauthd with suffix | * /etc/defaults/saslauthd with suffix | ||
+ | * /etc/aliases and /etc/aliases.db | ||
+ | * /etc/postfix/smtpd.* (the ssl key and certificate) |
Revision as of 13:16, 19 September 2013
Contents
User Settings for Sector Alpha's email servers
All the settings are below. We recommend using IMAP for inbound as it leaves your emails on the server so can be accessed by multiple clients including the webmail. For desktop clients We recommend Thunderbird but any client should work. All the options available are secure, and work well. If you have problems try googling and if that doesn't work the admins may be able to help.
Inbound Server Settings
We have a few options for settings that can be used so I have formatted them as a table
Protocol | IMAP | POP3 | ||
---|---|---|---|---|
Server Address | sector-alpha.net (or alessa.sector-alpha.net) | |||
Port | 143 | 993 | 110 | 995 |
Encryption | StartTLS | SSL/TLS | StartTLS | SSL/TLS |
Username | Your full email address e.g. username@sector-alpha.net | |||
Password | Your email password (see #Webmail to change) | |||
Authentication Method | Normal password (PLAIN) |
NOTE: The email certificate is currently self signed
A unencrypted connection can be made for ports 143 and 110 but authentication isn't available until a secure connection is established and therefore neither is access to emails.
A few clients may have problems with all folders appearing inside their INBOX when connecting using IMAP this is a problem with you email client that can be worked around by setting the IMAP NAMESPACE TO to INBOX. see http://www.courier-mta.org/FAQ.html#namespace for more details
Outbound Email Settings
SMTP settings are
Server Address | sector-alpha.net (or alessa.sector-alpha.net) | |
Port | 25 | 6669 |
Encryption | StartTLS | |
Username | Your full email address e.g. username@sector-alpha.net | |
Password | Your email password (see #Webmail to change) | |
Authentication Method | Normal password (PLAIN) | |
Standard SMTP port | Extra port to allow access if port 25 is blocked |
NOTE: The email certificate is currently self signed
I may be persuadable to enable submission (port 587) or the historic SMPTS (SMTP over SSL/TLS, port 465) but will need a good reason. Please talk to a server admin.
Both ports are unencrypted connections to start with that don't allow authentication.
- The server will accept email for local targets without authentication or encryption
- If StartTLS is used the connection is encrypted and then authentication becomes available and the server can be used to relay emails.
- Authenticated users can send emails with any from address and to any address but an invisible header is added to mark which user was authenticated to the server
Webmail
We run a webmail client at https://alessa.sector-alpha.net/webmail/. To login use your full email address and email password.
There is also the facility to change your password on the webmail client.
NOTE: The server certificate is currently self signed
Anti-Span/Virus settings
We have anti-spam and anti-virus on inbound emails using SpamAssassin and ClamAV. ClamAV is regularly updated. We also run a shared Bayes filter for SpamAssassin. To teach spam and ham (not spam) messages to the filter create folders called Learn/Spam and Learn/Ham (case sensitive) in your imap Inbox and place emails in them. Spam emails will be automatically deleted after learning. Ham will be left for you to remove at a later point. The filter learns at 3:23 Europe/London. If you have any problems please talk to a server admin.
Advanced Features
If you don't want a seperate email account we can instead setup the server to forward emails to another (external or internal) address. Our email server also has options to forward "tagged" emails to specific folders in your inbox. For either of these options please talk to a server admin.
Server Setup for Admins
For terms see https://en.wikipedia.org/wiki/Message_transfer_agent
Our setup is based off of Postfix as the MTA/MSA and Courier as the MUA, with virtual user accounts stored in a special designated user account. The user accounts are stored in a MySQL database.
Advanced Features
We have a feature called "sub accounts" that allows address of the form username-tag@domain to go to a configured subfolder in the username@domain accounts Inbox. This currently has to be configured directly in the DB but will be included in any administration tool developed
The columns want:
- the email address of the account - e.g. username@domain
- the tag portion (without - ) - e.g. tag
- the folder within the accounts inbox to place the email in - e.g. folder.subfolder (no initial . is required as it is added automatically)
To Migrate the Server
- Install the requires packages
- postfix
- postfix-mysql
- sasl2-bin
- libsasl2-modules-sq
- libpam-mysql
- courier-imap
- courier-pop
- courier-imap-ssl
- courier-pop-ssl
- amavisd-new
- spamassasin
- clamac
- pyzor
- razor
- squirrelmail
- Do the actual migration
- Shutdown Postfix and Courier
- Shutdown AmavisNew, ClamAV and SpamAssassin
- Shutdown MySQL
- Copy MySQL data and settings to new server
- Reactivate MySQL
- Copy AmavisNew, ClamAC and SpamAssasin settings
- Make sure to remember the bayes DB and learning script
- Make sure to add the amavis user to the clamav group
- Copy Mail folders over
- Copy Postfix and Courier settings
- Make sure to update if DB or vmail user details have changed
- Make sure to copy the PAM and sasl settings for Postfix and Courier over
- Make sure to add the postfix user to the sasl group
- Reactivate Postfix and check emails are being delivered
- Reactivate Courier and check can be accessed
- Only now update DNS if required
Full List of Config files
- /etc/postfix/mysql-*.cf to same
- /etc/postfix/sasl/* to same
- /etc/postfix/master.cf and /etc/postfix/main.cf with a suffix (i.e. name then /etc/postfix/master.cf.new and the like)
- /etc/courier/authdaemonrc /etc/courier/authmysqlrc /etc/courier/imapd /etc/courier/pop3 /etc/courier/imapd-ssl /etc/courier/pop3d-ssl all with a suffix
- /root/sa-learnfolders.sh /var/lib/amavis/.spamassassin to same folder
- /etc/amavis/conf.d/50-user to same
- /etc/pam.d/imap /etc/pam.d/pop3 /etc/pam.d/smtp with suffix
- /etc/defaults/saslauthd with suffix
- /etc/aliases and /etc/aliases.db
- /etc/postfix/smtpd.* (the ssl key and certificate)