Clear OS - Alcuni promemoria utili - Parte 3 - Mail

Mail - Autenticazione SMTP provider esterno


n /etc/postfix/main.cf, add the following to enable Postfix's authenticated mail client:
smtp_sasl_auth_enable = yes
smtp_sasl_password_maps = hash:/etc/postfix/sasl_passwd
smtp_sasl_security_options =

Add Username and Password Settings

The ISP's mail server, username, and password are kept in a separate file: /etc/postfix/sasl_passwd. The format is:

[hostname] username:password

For example:

[smtp.broadband.rogers.com]     bob123@rogers.com:hockey

Anytime you add or change the /etc/postfix/sasl_passwd file, run the following command:

postmap /etc/postfix/sasl_passwd

Add Outbound Relay Host

Using the SMTP Mail Server configuration in the web-based configuration tool, add the ISP's mail server. In our example, smtp.broadband.rogers.com is used.

Mail - Retrieval

Configuration

Any number of servers can be added to the mail retrieval list using the “Add Entry” form. The interval polling time can be configured from 1 minute up to 3 hours.
  • Server - The server name. For example, gmail.com.
  • Protocol - The server protocol. Currently, POP3, IMAP and APOP protocols are supported. If you do not know the protocol, you can have the system auto-detect by selecting 'auto'.
  • Username - This is the username on the source server.
  • Password - This is the password on the source server.
  • Local User - This is the username of a mail account configured to receive mail on the server you are configuring.
  • Keep On Server - Enable this checkbox to leave a copy of the mail on the server.
  • Active - Enable this checkbox to start polling the remote server for mail to fetch.


Troubleshooting
Have a look at the system logs if you are having problems. The mail retrieval system (fetchmail) logs information to /var/log/maillog. Ignore any entries you see similar to:
Server CommonName mismatch: localhost.localdomain != mail.clearfoundation.com
This entry is a result of the retrieval system attempting to use SSL for authentication.

Mail - Webmail e Vacation

The webmail system runs on port 83 on the HTTPS protocol. To access the system type https://192.168.1.1:83/ or https://yourdomain.com:83/

The webmail system includes a vacation / auto-reply system. To access this feature:
  • Login to your webmail account
  • Click on Mail Filters in the menu
  • Select the Vacation filter

Mail - Antimalware and Antispam Gateway

ClearOS can be configured to be an antivirus and antispam mail gateway. For example, you can put a ClearOS system between the Internet and a Microsoft Exchange server.
You need the following software packages installed on the system:

  • Antivirus
  • Antispam
  • SMTP Mail Server


Configuring the mail gateway is not much different than configuring a regular mail server. Go to the Antivirus and Antispam sections of the user guide to configure these software modules. The configuration options for these modules are straightforward.

For the SMTP Mail Server, the important option for configuring a mail gateway is the Mail Forward Domain List. If you are running your mail server at 192.168.1.10 for the domain example.com and example.org, the Mail Forward Domain List would be:

  • example.com - 192.168.1.10
  • example.org - 192.168.1.10


That is all there is to it. At this stage, you can double check that everything is in order. Change the outgoing (or SMTP) mail server settings in your mail client – use the IP address of the ClearOS gateway. Send a test message to your target domains (example.com or example.org) to make sure they arrive. You can also send a test spam message and Eicar test virus if you wish.

Firewall
The SMTP mail server port (25) must be open on the firewall. If you were running your ClearOS system as an Internet gateway, then you might have a port forward rule defined for your existing mail system. You want to disable this port forward rule!

Troubleshooting
The Primary Domain field can not be the same as one of the domain entries in the Domain Forward List.

Mail Server - Antimalware


The open source ClamAV solution is the antimalware engine used in ClearOS Enterprise. This software automatically checks for updates several times a day for new antimalware signatures. This is already included in ClearOS Enterprise for free! Antimalware Updates service provides additional daily signature updates to improve the effectiveness of the antimalware system. These signatures are compiled from third party organizations as well as internal engineering resources from ClearCenter. We keep tabs on the latest available updates and fine tune the system so you can focus on more important things.
You can find this feature in the menu system at the following location:
Server Mail Scanning Antispam

Mail Server - Antispam

The open source SpamAssassin solution is the antispam engine used in ClearOS Enterprise. This software automatically checks for base-only updates on a weekly basis. This is already included in ClearOS Enterprise for free!

In addition, the ClearSDN Antispam Updates service provides additional daily signature updates to improve the effectiveness of the antispam system. These signatures are compiled from third party organizations as well as internal engineering resources from ClearCenter. We keep tabs on the latest available updates and fine tune the system so you can focus on more important things.

Mail - Mail disclamer


The Mail Disclaimer allows you to append a message to every outbound mail message going through the ClearOS Mail Server. Typically, this is used to add legal notices.

Server Mail --> Disclaimer

Configuration

To enable the mail disclaimer feature:
  • Check the Enabled checkbox
  • Type in the disclaimer into the Text Disclaimer box
  • Click on Update

Mail - Greylisting


Configuration

Greylisting can dramatically reduce the amount of spam reaching your mailboxes. When the service is enabled, a mail message that is not recognized will be gently rejected. If the mail message is legitimate, the sending mail server will re-attempt subsequent deliveries and the ClearOS server will then accept it. For the most part, spammers do not bother with the second delivery attempt and this results in less spam. The parameters that you can use to fine tune the greylisting engine are described below.

Delay

The amount of time that must pass before a subsequent delivery attempt is allowed.

Data Retention Time

The greylisting engine keeps track of both mail servers and sender e-mail addresses for a specified amount of time (default is 35 days). If messages from validated sender or server arrives, the greylisting engine will accept delivery on the first attempt. For example, if dave@example.com sends an e-mail to one of your users on a weekly basis, only the very first mail message is delayed. All subsequent messages are delivered automatically since dave@example.com has been validated.
Posted by
Labels: