User Tools

Site Tools


mail_setup50

Mailserver settings

The “Settings” module is located in the “Mail” menu. This module allows to set up the mail server and contains three tabs: “Settings”, “Antispam” and “Address book”.

"Settings" tab

The network settings part.

The SMTP/POP3/IMAP port allows to change ports of receiving and sending mail from standars. The SMTP/POP3/IMAP interfaces allow to choose server's interfaces, that are used for send and receive mail. By default all interfaces are used. When you mark the checkbox “Create allow rule automatically”, the allow rule for SMTP/POP3/IMAP ports will be created. You can navigate to the rule list and theirs settings using the hyperlink “Mail server access”.

The sending mail part.

The following settings are nesessary for setting up restrictions for mail sending:

- The “Maximum size” field - sets the restriction for attachments in webmail (built-in roundcube client).

- The “Restrict frequent mail sending” sets restrictions for mail sending using ICS CUBE mail server.

- The “Maximum amount of mails allowed from one IP-address per minute” sets the maximum amount of mail that can be sent from one IP-address per minute. This restriction doesn't affect mail, sent from web-interface of preset e-mail client.

- The “Ignore when sending mail from addresses and networks from white list” sets an exception in the “Restrict frequent mail sending” restriction for IP-addresses and networks that are specified in the “White list” below.

The mail queue part.

Mail messages, that weren't sent, are placed in the mail queue for re-sending.

The following settings are nesessary for setting up different frequency when re-sending mail messages:

- The “Inverval between sending attempt” sets the time of daemon launch (daemon is the program, that works in background), which it will use to check the amount of time mail message spends in the queue (by default - 30 minutes).

- The “Waiting queue time” field allows to set amount of time for a mail message in queue, while daemon will try to re-send this message from queue (by default from 180 to 300 minutes). For example, the message wasn't sent, and daemon is launched by default every 30 minutes, which means, than daemon will be launched in “delta” time when delta can be between 0 and 30 minnutes. So, the re-sending will be performed in 180+delta. If re-sending hasn't happened, the mail message will return to the queue, the queue timer for this message becomes 0 and the minimum value (in our case, 180 minutes) for this letter will change automatically, but will not be above maximum. Attempts will follow until the general time of mail message being in the queue will not reach the value set for “Maximum amount of time for mail to be in queue”.

- The “Maximum amount of time for mail to be in queue” field - allows to set the maximum time that mail message will be kept in the queue, after which the sender will receive a notification that the message wasn't sent (by default, 5760 minutes).

The sending using external SMTP part.

In ICS CUBE you can set up the mail sending via different SMTP-server for all messages except the ones meant for local domain or receiver. To turn on sending via different SMTP-server, you need to set its address (domain name or IP-address) in the “default relay” field and set the port for the connection. The “SSL” checkbox is used only for SMTPS connection via 465 port. So, to send mail to the 465 port, this checkbox is mandatory. For connecting via 25 port, the SSL checkbox shouldn't be marked because connection encryption using STARTTLS will be set by default, if the remote side supports it. If the external SMTP-server requires user authentication, then the checkbox “Use SMTP-authorization” should be marked and the login and password should be set. Please note that for sending mail messages via SMTP servers mail.ru / yandex.ru / gmail.com etc the “Switch the sender's name” checkbox should be marked, because for these mail servers it is nessesary that the sender's address (the FROM header) matches the user that passed authorization, and also set the sender address in the “Sender address” field.

Whitelist part.

Allows to add a list of IP-addresses and domains, from which ICS CUBE will receive mail without checking it with grey lists and DNS reverse zone check.

- The “Allowed networks” field allows to set networks, that are specified in ICS CUBE network interfaces settings. To send mail from this networks, sender doesn't have to authorize via SMTP on ICS CUBE, and ICS CUBE will always process mail from these networks without checking it with grey lists and DNS reverse zone check.

- The “Addresses from which sending is allowed” field is the list of allowed IP-addresses, mailsersers (for example, @gmail.com), domains and mailboxes.

Blacklist part (addresses from which sending is denied).

Allows you to add a list of IP-addresses, mail servers (for example, @gmail.com), domains and mailboxes, from which ICS CUBE will always deny mail.

RBL (Real time Blackhole List) black lists part.

This block allows to add/delete hosts that contain RBL black lists. These lists are used for spam protection. When ICS CUBE receive mail, it request information from all the hosts from the list and checks whether sender's IP-address is in black list. If ICS CUBE gets positive response or none at all, the mail is considered to be spam. Then it drops the message and the reveiver gets bulked message 5xx (unmanagable error).

Default authorization domain part.

This block allows to choose a domain placed in ICS CUBE for client authorization. For example, you have a domain.local domain on ICS CUBE, and User has a mailbox with “usermail” name. Then, if the “domain.local” is specified in this field, user can access ICS CUBE mail server via client or web-interface using just “usermail” and don't have to type “usermail@domain.local”.

The "automatically create folders when mailbox is created" part.

Allows to set a list of standart folders, that will be created in the mailbox. You can change this list if necessary.

Antivirus scan part.

This block enables antivirus scan for income and outcome mail messages. If the result is positive, the receiver will get a message from the antivirus with the result instead of the letter itself, and the letter will be attached in it. Antivirus scan (for ClamAV, DrWeb, Kaspersky to be used, the appropriate setup should be performed) is activated by checkbox near the antivirus name.

The greylisting part. This part is meant for automate spam blockiration. When the checkbox “Use ICS CUBE's greylisting” is marked, ICS CUBE will track the activity of mailservers that send messages to ICS CUBE. You can find more about this method in the https://ru.wikipedia.org/wiki/%D0%A1%D0%B5%D1%80%D1%8B%D0%B9_%D1%81%D0%BF%D0%B8%D1%81%D0%BE%D0%BA.

The greylisting setup contains three parameters - the “igore resending” field in seconds (it's supposed that a valid mail server will not send a double mail message so soon); the “wait for resending” field in hours (it's supposed that the letter should be received before this time will exceed) the “contain in the white list” field in days (it's supposed that the mail server that passed the test, will not be inspected again for this amount of days).

The SMTP server name part.

Allows to set a hostname that will be sent in the SMTP HELO and EHLO commands to the remote server when the mail is being sent.

The ciphering part.

By default ICS CUBE mail server doesn't use ciphering. You can set it up if you want to increase the level of mail security.

- The “SMTP certificate” field - allows to choose a certificate for SMTP protocol from the ones uploaded to ICS. It enables using ciphered connection via STARTTLS method over the ordinary tcp SMTP connection on 25 port. Thiw ciphering is a compromise. If the remote side doesn't support the ciphering, mail will be sent and received via unciphered SMTP connection.

- The “IMAP/POP3 certificate” - allows to choose a certificate for IMAP/POP3 protocol from the ones uploaded to ICS. It enables using ciphered connection via STARTTLS method over the ordinary tcp IMAP/POP3 connection on 143/110 accordingly.

- The “Enable SSL/TLS ciphering (SMTPS, IMAPS, POP3S)» checkbox allows to enable ciphering for SMTPS, IMAPS, POP3S protocols using non-typical ports in parallel with 25/110/143 ports. The main difference is that ciphering becomes mandatory and there can be no compromise. In ICS CUBE's mail server only TLSv1, TLSv1.1, TLSv1.2 protocols are used. The SSL2 and SSL3 using is disabled for security reasons.

- The «SMTPS port», «POP3S port», «IMAPS port» fields allow to set port numbers for SMTPS, IMAPS, POP3S protocols respectively.

Use DLP part.

When enabled, turn on the DLP check for mail messages (when the flag Menu - Security - DLP - Settings - “Use DLP for mail” is set), if the DLP module is correctly set up and running.

The "hard drive for mail storage" part.

This part allows to move mail storage to a separate hard drive. By default, mail is stored in the main system partition (where the ICS CUBE is installed). If the mail storage path will be changed, all stored mail will be copied from old drive to new. You can track the progress of the process in the Menu - Service - System - Tasks. If the new hard drive already contains mail files, then copying will not be performed (ICS CUBE 5.1.7 and newer only).

Using signature part.

Allows to set the signature automatically when the mail is created. It works only for Roundcube. Should be noted, that the signature will be automatically created only for the accounts that are added after this option is set. The changes in the signature will also be applied only to the mailboxes added after the changes were performed.

You can use variables in the signature as [varname]. Possible variable values: cn (username), ou (group user is into), mail (mail address), description (the user's “description” field), notes (user's “notes” field), telephonenumber (the user's “phone” field), title (the user's “title” field), url (the user's “web-site” field), postaladdress (the user's “address” field), pager (the user's “icq” field), ounotes (the user's group “description” field). The values for the variables are taken from the user's description.

To insert images you can use the data:url encoding. This is done as following: using the service http://dataurl.net/#dataurlmaker (or a similar one) the image is converted to the <img src=«data:image/png;…» …> format, and then the text is insert in the html-code of the signature.

The Roundcube part.

Allows to upload and change the logo, icon and background of the roundcube interface.

The DKIM-signature part.

You can find more information about DKIM-signatures in the https://ru.wikipedia.org/wiki/DomainKeys_Identified_Mail.

- The “check DKIM-signature” checkbox turnes on the scan of incoming on ICS CUBE mail for the presence and correctness of DKIM-signature.

- The “Create DKIM-signature” checkbox activates adding DKIM-signature to mail messages sent via ICS CUBE.

- The “Selector” field. By default, ICS uses the “default” selector. Since for one domain there can be several mail servers, for each mail server in the domain its own DKIM-selector should be created.

Theme transcoding part.

Allows to set “transcode theme to UTF-8” parameter. When this checkbox is marked, mail sent from ICS CUBE mail server, will have UTF-8 encoding.

Anti-spam tab

In the anti-spam tab you can perform setup of mail filtering system, including turning on/off anti-spam filters, such as: SpamAssassin, Rspamd or Kaspersky. You can enable all three at once. SpamAssassin (https://wiki.apache.org/spamassassin/RoundingIssues) allows to set a threshold for mail to be considered spam. If a mail is marked as spam, it will add an according text in the mail header. When threshold value is set to zero, all mail is considered to be spam.

Rspamd (https://rspamd.com/doc/) allows to set a threshold for mail to be considered spam and also a threshold to deny mail. If a mail is marked as spam, it will add an according text in the mail header. When threshold value is set to zero, all mail is considered to be spam.

For Kaspersky Antispam to work correctly you need to set this filter up. For using additional checking, like::

  • DKIM-signature test;
  • SPF test;
  • SURBL test

you need to mark the appropriate checkboxes.

The "Address book" tab

The “Address book” tab is a list of settings for ICS mail server address book and for the user's mail clients. You can set the LDAP threshold here, set up the Base DN parameter (the LDAP search base, you can set several using semicolon), turn using address books in Roundcube web-interface on or off (the “Use ICS address book” checkbox).

mail_setup50.txt · Last modified: 2019/02/13 10:23 by root