Difference between revisions of "Email Server"

From Sector Alpha Wiki
Jump to: navigation, search
(Full List of Config files)
m (User Settings for Sector Alpha's email servers)
Line 2: Line 2:
 
== User Settings for Sector Alpha's email servers ==
 
== User Settings for Sector Alpha's email servers ==
  
All the settings are below. We recommend using IMAP for inbound as it leaves your emails on the server so can be accessed by multiple clients including the webmail. For desktop clients We recommend [http://www.mozilla.org/en-GB/thunderbird/ Thunderbird] but any client should work. All the options available are secure, and work well. If you have problems try googling and if that doesn't work the admins may be able to help.
+
All the settings are below. We recommend using IMAP for inbound as it leaves your emails on the server so can be accessed by multiple clients including the webmail. For desktop clients we recommend [http://www.mozilla.org/en-GB/thunderbird/ Thunderbird] but any client should work. All the options available are secure, and work well. If you have problems try googling and if that doesn't work the admins may be able to help.
  
 
=== Inbound Server Settings ===
 
=== Inbound Server Settings ===

Revision as of 13:17, 19 September 2013

User Settings for Sector Alpha's email servers

All the settings are below. We recommend using IMAP for inbound as it leaves your emails on the server so can be accessed by multiple clients including the webmail. For desktop clients we recommend Thunderbird but any client should work. All the options available are secure, and work well. If you have problems try googling and if that doesn't work the admins may be able to help.

Inbound Server Settings

We have a few options for settings that can be used so I have formatted them as a table

Protocol IMAP POP3
Server Address sector-alpha.net (or alessa.sector-alpha.net)
Port 143 993 110 995
Encryption StartTLS SSL/TLS StartTLS SSL/TLS
Username Your full email address e.g. username@sector-alpha.net
Password Your email password (see #Webmail to change)
Authentication Method Normal password (PLAIN)

NOTE: The email certificate is currently self signed

A unencrypted connection can be made for ports 143 and 110 but authentication isn't available until a secure connection is established and therefore neither is access to emails.

A few clients may have problems with all folders appearing inside their INBOX when connecting using IMAP this is a problem with you email client that can be worked around by setting the IMAP NAMESPACE TO to INBOX. see http://www.courier-mta.org/FAQ.html#namespace for more details

Outbound Email Settings

SMTP settings are

Server Address sector-alpha.net (or alessa.sector-alpha.net)
Port 25 6669
Encryption StartTLS
Username Your full email address e.g. username@sector-alpha.net
Password Your email password (see #Webmail to change)
Authentication Method Normal password (PLAIN)
Standard SMTP port Extra port to allow access if port 25 is blocked

NOTE: The email certificate is currently self signed

I may be persuadable to enable submission (port 587) or the historic SMPTS (SMTP over SSL/TLS, port 465) but will need a good reason. Please talk to a server admin.

Both ports are unencrypted connections to start with that don't allow authentication.

  • The server will accept email for local targets without authentication or encryption
  • If StartTLS is used the connection is encrypted and then authentication becomes available and the server can be used to relay emails.
    • Authenticated users can send emails with any from address and to any address but an invisible header is added to mark which user was authenticated to the server

Webmail

We run a webmail client at https://alessa.sector-alpha.net/webmail/. To login use your full email address and email password.

There is also the facility to change your password on the webmail client.

NOTE: The server certificate is currently self signed

Anti-Span/Virus settings

We have anti-spam and anti-virus on inbound emails using SpamAssassin and ClamAV. ClamAV is regularly updated. We also run a shared Bayes filter for SpamAssassin. To teach spam and ham (not spam) messages to the filter create folders called Learn/Spam and Learn/Ham (case sensitive) in your imap Inbox and place emails in them. Spam emails will be automatically deleted after learning. Ham will be left for you to remove at a later point. The filter learns at 3:23 Europe/London. If you have any problems please talk to a server admin.

Advanced Features

If you don't want a seperate email account we can instead setup the server to forward emails to another (external or internal) address. Our email server also has options to forward "tagged" emails to specific folders in your inbox. For either of these options please talk to a server admin.

Server Setup for Admins

For terms see https://en.wikipedia.org/wiki/Message_transfer_agent

Our setup is based off of Postfix as the MTA/MSA and Courier as the MUA, with virtual user accounts stored in a special designated user account. The user accounts are stored in a MySQL database.

Advanced Features

We have a feature called "sub accounts" that allows address of the form username-tag@domain to go to a configured subfolder in the username@domain accounts Inbox. This currently has to be configured directly in the DB but will be included in any administration tool developed

The columns want:

  1. the email address of the account - e.g. username@domain
  2. the tag portion (without - ) - e.g. tag
  3. the folder within the accounts inbox to place the email in - e.g. folder.subfolder (no initial . is required as it is added automatically)

To Migrate the Server

  1. Install the requires packages
    1. postfix
    2. postfix-mysql
    3. sasl2-bin
    4. libsasl2-modules-sq
    5. libpam-mysql
    6. courier-imap
    7. courier-pop
    8. courier-imap-ssl
    9. courier-pop-ssl
    10. amavisd-new
    11. spamassasin
    12. clamac
    13. pyzor
    14. razor
    15. squirrelmail
  2. Do the actual migration
    1. Shutdown Postfix and Courier
    2. Shutdown AmavisNew, ClamAV and SpamAssassin
    3. Shutdown MySQL
    4. Copy MySQL data and settings to new server
    5. Reactivate MySQL
    6. Copy AmavisNew, ClamAC and SpamAssasin settings
      • Make sure to remember the bayes DB and learning script
      • Make sure to add the amavis user to the clamav group
    7. Copy Mail folders over
    8. Copy Postfix and Courier settings
      • Make sure to update if DB or vmail user details have changed
      • Make sure to copy the PAM and sasl settings for Postfix and Courier over
      • Make sure to add the postfix user to the sasl group
    9. Reactivate Postfix and check emails are being delivered
    10. Reactivate Courier and check can be accessed
    11. Only now update DNS if required

Full List of Config files

  • /etc/postfix/mysql-*.cf to same
  • /etc/postfix/sasl/* to same
  • /etc/postfix/master.cf and /etc/postfix/main.cf with a suffix (i.e. name then /etc/postfix/master.cf.new and the like)
  • /etc/courier/authdaemonrc /etc/courier/authmysqlrc /etc/courier/imapd /etc/courier/pop3 /etc/courier/imapd-ssl /etc/courier/pop3d-ssl all with a suffix
  • /root/sa-learnfolders.sh /var/lib/amavis/.spamassassin to same folder
  • /etc/amavis/conf.d/50-user to same
  • /etc/pam.d/imap /etc/pam.d/pop3 /etc/pam.d/smtp with suffix
  • /etc/defaults/saslauthd with suffix
  • /etc/aliases and /etc/aliases.db
  • /etc/postfix/smtpd.* (the ssl key and certificate)