Mail Configuration Reference: Difference between revisions
No edit summary |
|||
| Line 24: | Line 24: | ||
For this reason, it is generally best to either deliver to a local mailbox which is collected by the user, or to use a [[Sieve Forwarding|Sieve forward rule]] in a local mailbox to ensure delivery. | For this reason, it is generally best to either deliver to a local mailbox which is collected by the user, or to use a [[Sieve Forwarding|Sieve forward rule]] in a local mailbox to ensure delivery. | ||
=== Mail for Local System Users === | ===Mail for Local System Users=== | ||
Sympl also manages email for local system users, however this only applies to mail either addressed to the local domain, or internal mail sent without a destination domain. These are managed slightly differently, and are overridden at a mailbox level by the existence of an individual mailbox. | Sympl also manages email for local system users, however this only applies to mail either addressed to the local domain, or internal mail sent without a destination domain. These are managed slightly differently, and are overridden at a mailbox level by the existence of an individual mailbox. | ||
===Accepting All Mail=== | ===Accepting All Mail=== | ||
The <code>/srv/'''''example.com'''''/config/default_forward</code> file acts as a fallback or catchall for any mail not covered by an existing mailbox or alias | The <code>/srv/'''''example.com'''''/config/default_forward</code> file acts as a fallback or catchall for any mail not covered by an existing mailbox or alias. This will then accept all mail, regardless of addressing. | ||
== Suffixes and Plus Addressing == | See the [[Mail Configuration Reference#Forwarding Mail|Forwarding Mail]] section below for more information. | ||
==Suffixes and Plus Addressing== | |||
Sympl supports '[[Plus Addressing|plus addressing]] suffixes for mailboxes. These are added to the [[Local Part|local part]] of the email address after a plus (+) character, and can be used for filtering incoming email on the <code>To:</code> field or other purposes. | Sympl supports '[[Plus Addressing|plus addressing]] suffixes for mailboxes. These are added to the [[Local Part|local part]] of the email address after a plus (+) character, and can be used for filtering incoming email on the <code>To:</code> field or other purposes. | ||
As an example, to filter all mail from a specific supplier regardless of their sender address, Alice may provide them <code>'''''alice'''''+'''''supplier'''''@'''''example.com'''''</code> as her email address, which will be delivered to the <code>alice@example.com</code> mailbox as normal. | As an example, to filter all mail from a specific supplier regardless of their sender address, Alice may provide them <code>'''''alice'''''+'''''supplier'''''@'''''example.com'''''</code> as her email address, which will be delivered to the <code>alice@example.com</code> mailbox as normal. | ||
== Mailbox Passwords == | ==Mailbox Passwords== | ||
The password for a user mailbox is set by the contents of the individual <code>/srv/'''''example.com'''''/mailboxes/'''''user'''''/password</code> file. The contents of this file can be either encrypted or plain text, which will be automatically encrypted as part of the daily cron jobs. | The password for a user mailbox is set by the contents of the individual <code>/srv/'''''example.com'''''/mailboxes/'''''user'''''/password</code> file. The contents of this file can be either encrypted or plain text, which will be automatically encrypted as part of the daily cron jobs. | ||
| Line 42: | Line 44: | ||
To force immediate encryption of any plain text email passwords, run <code>sudo sympl-mail-encrypt-passwords --verbose</code>. | To force immediate encryption of any plain text email passwords, run <code>sudo sympl-mail-encrypt-passwords --verbose</code>. | ||
=== User Password Change === | ===User Password Change=== | ||
Users are able to change their own passwords via the [[Webmail]] interface. | Users are able to change their own passwords via the [[Webmail]] interface. | ||
# Log into webmail with the current password | #Log into webmail with the current password | ||
# Click 'Settings' in the top right. | #Click 'Settings' in the top right. | ||
# Click 'Password' in the list on the left. | #Click 'Password' in the list on the left. | ||
# Change the password using the web form. | #Change the password using the web form. | ||
Note that the system will perform password strength checks, so attempting to set a weak or short password will fail with a relevant error message. | Note that the system will perform password strength checks, so attempting to set a weak or short password will fail with a relevant error message. | ||
=== Resetting a User Password === | ===Resetting a User Password=== | ||
If the password is not known and needs to be reset, then the <code>/srv/'''''example.com'''''/mailboxes/'''''user'''''/password</code> file can simply be updated with the new password. | If the password is not known and needs to be reset, then the <code>/srv/'''''example.com'''''/mailboxes/'''''user'''''/password</code> file can simply be updated with the new password. | ||
== Server-Side Rules with Sieve Filtering == | ==Server-Side Rules with Sieve Filtering== | ||
[[Sieve]] is a [http://sieve.info/ standardised language] for filtering incoming mail on the server directly on the server without having shell access, either using a [http://sieve.info/clients Sieve client] or through the [[webmail]] interface. | |||
These rules can be used to mark messages read, flag mail, move mail into seperate folders, as well as forward and reply to mail, without a mail client needing to be connected. | |||
Each mailbox can create a number of rule sets in the <code>/srv/'''''example.com'''''/mailboxes/'''''user'''''/sieve.d</code> directory, with the <code>/srv/'''''example.com'''''/mailboxes/'''''user'''''/sieve</code> file being the active file. | |||
Note that only one file may be active at a time for each mailbox, so the user should add to existing rules rather than creating a new set. | |||
Users can access a mailboxes Sieve rules by logging in and going to Settings (top right), then selecting 'Filters' from the list on the left. | |||
==Forwarding Mail== | |||
Mail can be forwarded via two methods, either at a mailbox level, or at the domain level as a catch-all for any addresses which do not otherwise exist. | |||
For individual mailbox forwarding, the file is located at <code>/srv/'''''example.com'''''/mailboxes/'''''user'''''/forward</code>, and to forward all mail which is not already handled via another method, the file is <code>/srv/'''''example.com'''''/config/default_forward</code>. Format of these files is identical, and can be one of two formats. | |||
== Vacation Messages == | <br /> | ||
==Vacation Messages== | |||
== Size Quotas == | ==Size Quotas== | ||
Sympl can enforce mailbox size quotas on user accounts, preventing too much space being used on the server. | Sympl can enforce mailbox size quotas on user accounts, preventing too much space being used on the server. | ||
| Line 97: | Line 114: | ||
|1,073,741,824 | |1,073,741,824 | ||
|} | |} | ||
For example, the text <code>1Gi</code> in <code>/srv/'''''example.com'''''/mailbox-quota</code> limits all mailboxes to a maximum of 1 [[Gibibyte]], and the text <code> | For example, the text <code>1Gi</code> in <code>/srv/'''''example.com'''''/mailbox-quota</code> limits all mailboxes to a maximum of 1 [[Gibibyte]], and the text <code>2Gi</code> in <code>/srv/'''''example.com'''''/mailboxes/'''''bob'''''/quota</code> would allow <code>'''bob'''@'''example.com'''</code> to store twice as much mail. | ||
Alternatively, the value <code>0</code> (zero) is the default and disables any quota, allowing you to set an overall quota, but disable it for specific users. | Alternatively, the value <code>0</code> (zero) is the default and disables any quota, allowing you to set an overall quota, but disable it for specific users. | ||
== Rate Limiting Outbound Mail == | ==Rate Limiting Outbound Mail== | ||
== Anti-Spam and Anti-Virus Scanning == | ==Anti-Spam and Anti-Virus Scanning== | ||
=== Customising SpamAssassin === | ===Customising SpamAssassin=== | ||
=== Filtering Mail Using Headers === | ===Filtering Mail Using Headers=== | ||
=== Using Real-Time Blacklists from Spamhaus === | ===Using Real-Time Blacklists from Spamhaus=== | ||
== Blacklisting Senders == | ==Blacklisting Senders== | ||
== Setting A Specific IP For Sending Email == | ==Setting A Specific IP For Sending Email== | ||
== Local System User Mail == | ==Local System User Mail== | ||
Other than accepting mail for users in a <code>/srv/'''''example.com'''''/mailboxes/</code> directory, Sympl also manages mailboxes for local system users based on their home directories and local users will receive email to <code><username>@<hostname of the server></code>. Mail for these users is stored in the users home directory in a <code>Maildir/</code> directory, and users may use local mail reader apps to access it, negating the need for [[SMTP]]/[[IMAP]].<blockquote>Note: It both a normal mailbox exists as well as a local system user on the same domain, then the mailbox will take precedence.</blockquote> | Other than accepting mail for users in a <code>/srv/'''''example.com'''''/mailboxes/</code> directory, Sympl also manages mailboxes for local system users based on their home directories and local users will receive email to <code><username>@<hostname of the server></code>. Mail for these users is stored in the users home directory in a <code>Maildir/</code> directory, and users may use local mail reader apps to access it, negating the need for [[SMTP]]/[[IMAP]].<blockquote>Note: It both a normal mailbox exists as well as a local system user on the same domain, then the mailbox will take precedence.</blockquote> | ||
=== Webmail === | ===Webmail=== | ||
<br /> | <br /> | ||
==Port Configuration== | ==Port Configuration== | ||
Revision as of 14:08, 15 July 2019
This article is a Stub. You can help the Sympl Project by expanding it.
This page has a breakdown of the configuration options and files used when handling email for a domain.
Accepting Email
To accept email for a domain, one of the below methods must be enabled. Any email sent to an address not covered by one of these will be rejected.
Individual Mailboxes
The /srv/example.com/mailboxes/ directory contains the user mailboxes, so the existence of the directory /srv/example.com/mailboxes/alice would accept mail for the email address alice@example.com, /srv/example.com/mailboxes/bob would accept mail for bob@example.com and so on. Once these directories have been created, the mailbox will receive mail, and can be accessed via IMAP, POP3 or Webmail once a password has been set.
Mailbox Aliases
In some cases you may want to have multiple (internal or external) email addresses attached to the same mailbox. This is done using /srv/example.com/config/aliases, which is a file containing the local part followed by a comma separated list of email addresses. For example:
webmaster charlie@example.com info bob@example.com, alice@example.com alice.smith alice@example.dom bob.jones bob@example.com charlie.williams charlie@example.com staff alice@example.com, bob@example.com, charlie@example.com dave.taylor dave@some-other-email.net dave dave@some-other-email.net
Note that when using external email addresses which are not hosted on the same server, then the mail is forwarded on directly without the sender being rewritten, which may cause delivery issues if the sender or recipient are using any anti-spam measures.
For this reason, it is generally best to either deliver to a local mailbox which is collected by the user, or to use a Sieve forward rule in a local mailbox to ensure delivery.
Mail for Local System Users
Sympl also manages email for local system users, however this only applies to mail either addressed to the local domain, or internal mail sent without a destination domain. These are managed slightly differently, and are overridden at a mailbox level by the existence of an individual mailbox.
Accepting All Mail
The /srv/example.com/config/default_forward file acts as a fallback or catchall for any mail not covered by an existing mailbox or alias. This will then accept all mail, regardless of addressing.
See the Forwarding Mail section below for more information.
Suffixes and Plus Addressing
Sympl supports 'plus addressing suffixes for mailboxes. These are added to the local part of the email address after a plus (+) character, and can be used for filtering incoming email on the To: field or other purposes.
As an example, to filter all mail from a specific supplier regardless of their sender address, Alice may provide them alice+supplier@example.com as her email address, which will be delivered to the alice@example.com mailbox as normal.
Mailbox Passwords
The password for a user mailbox is set by the contents of the individual /srv/example.com/mailboxes/user/password file. The contents of this file can be either encrypted or plain text, which will be automatically encrypted as part of the daily cron jobs.
All passwords should be as long and complex as practical. A password of at least 16 characters with mixed case alphanumeric is suggested as minimum.
To force immediate encryption of any plain text email passwords, run sudo sympl-mail-encrypt-passwords --verbose.
User Password Change
Users are able to change their own passwords via the Webmail interface.
- Log into webmail with the current password
- Click 'Settings' in the top right.
- Click 'Password' in the list on the left.
- Change the password using the web form.
Note that the system will perform password strength checks, so attempting to set a weak or short password will fail with a relevant error message.
Resetting a User Password
If the password is not known and needs to be reset, then the /srv/example.com/mailboxes/user/password file can simply be updated with the new password.
Server-Side Rules with Sieve Filtering
Sieve is a standardised language for filtering incoming mail on the server directly on the server without having shell access, either using a Sieve client or through the webmail interface.
These rules can be used to mark messages read, flag mail, move mail into seperate folders, as well as forward and reply to mail, without a mail client needing to be connected.
Each mailbox can create a number of rule sets in the /srv/example.com/mailboxes/user/sieve.d directory, with the /srv/example.com/mailboxes/user/sieve file being the active file.
Note that only one file may be active at a time for each mailbox, so the user should add to existing rules rather than creating a new set.
Users can access a mailboxes Sieve rules by logging in and going to Settings (top right), then selecting 'Filters' from the list on the left.
Forwarding Mail
Mail can be forwarded via two methods, either at a mailbox level, or at the domain level as a catch-all for any addresses which do not otherwise exist.
For individual mailbox forwarding, the file is located at /srv/example.com/mailboxes/user/forward, and to forward all mail which is not already handled via another method, the file is /srv/example.com/config/default_forward. Format of these files is identical, and can be one of two formats.
Vacation Messages
Size Quotas
Sympl can enforce mailbox size quotas on user accounts, preventing too much space being used on the server.
To set a quota for all mailboxes, create the file /srv/example.com/mailbox-quota, or for a single mailbox, create /srv/example.com/mailboxes/user/quota. Any quota set on a mailbox individually will override a quota at the domain level.
The contents of this file are the maximum size of the mailbox in bytes if no suffix is used, otherwise the following suffixes are available:
| Suffix | Full Name | Bytes |
|---|---|---|
| k | kilobytes | 1,000 |
| M | megabytes | 1,000,000 |
| G | gigabytes | 1,000,000,000 |
| ki | kibibytes | 1,024 |
| Mi | mibibytes | 1,048,576 |
| Gi | gibibytes | 1,073,741,824 |
For example, the text 1Gi in /srv/example.com/mailbox-quota limits all mailboxes to a maximum of 1 Gibibyte, and the text 2Gi in /srv/example.com/mailboxes/bob/quota would allow bob@example.com to store twice as much mail.
Alternatively, the value 0 (zero) is the default and disables any quota, allowing you to set an overall quota, but disable it for specific users.
Rate Limiting Outbound Mail
Anti-Spam and Anti-Virus Scanning
Customising SpamAssassin
Filtering Mail Using Headers
Using Real-Time Blacklists from Spamhaus
Blacklisting Senders
Setting A Specific IP For Sending Email
Local System User Mail
Other than accepting mail for users in a /srv/example.com/mailboxes/ directory, Sympl also manages mailboxes for local system users based on their home directories and local users will receive email to <username>@<hostname of the server>. Mail for these users is stored in the users home directory in a Maildir/ directory, and users may use local mail reader apps to access it, negating the need for SMTP/IMAP.
Note: It both a normal mailbox exists as well as a local system user on the same domain, then the mailbox will take precedence.
Webmail
Port Configuration
Mail is configured to use the default ports, with STARTTLS enabled on legacy ports.
| Service | Port | Encryption | TLS Enabled by |
|---|---|---|---|
| SMTP | 25, 587 | TLS | Using STARTTLS |
| SMTP | 465 | TLS | On connection |
| POP3 | 110 | TLS | Using STARTTLS |
| POP3 | 995 | TLS | On connection |
| IMAP | 143 | TLS | Using STARTTLS |
| IMAP | 993 | TLS | On connection |
| Sieve | 4190 | TLS | On connection |
Configuration Reference
| File or Directory | Used For |
|---|---|
.../config/ip
|
Contains a list of IP addresses which mail will be sent from for the domain. Defaults to the primary IPs (IPv4 and IPv6) of your server. |
.../config/spf
|
Existence of this file will add SPF Records to the automatically generated DNS files. Any content will be used as the SPF record. |
.../config/dkim
|
Enables DKIM record generation and along with dkim.key, will enable signing of outgoing mails. The DKIM 'selector' defaults to the short hostname of your server, otherwise any content in this file will be used as the selector in outgoing mails and automatically generated DNS.
|
.../config/dkim.key
|
This key is used to sign outgoing DKIM mails. Required to be able to sign mails, along with the dkim file.
|
.../config/dmarc
|
This file will create a DMARC record in generated DNS files. If the file is not empty, the content will be used as the new DMARC record. |
See also Configuration Reference for other configuration files.