User Tools

Site Tools


mail_setup50

Settings

The “Settings” module is located in the “Mail” menu. This module is designed for configuring the mail server and contains three tabs: “Settings”, “Spam protection” and “Address book”.

The "Settings" tab.

Network settings.

SMTP/POP3/IMAP port allows you to change the standard ports for receiving and sending emails.

The “SMTP interfaces” and “POP3/IMAP interfaces” fields are intended for specifying the interfaces established on the ICS CUBE, on which the SMTP/POP3/IMAP protocols will work. By default, work is done on all interfaces.

If you select the “Automatically create a permitting rule” flag, the permitting rule will be set in the firewall for SMTP/POP3/IMAP ports. You can go to the list of permitting rules and their settings by clicking on the “Access to the mail server” hyperlink that appears.

Encryption.

The ICS CUBE mail server by default works in the “Not use” mode using the SMTP, POP3/IMAP protocols. We recommend using this mode only on a secure network, since in this mode, hackers can get information about the User's name and password by listening to the channel.

The “May use” mode. If the client software does not support encryption, the password is transmitted over an unencrypted channel, in plain text. If the client software supports encryption, authorization occurs already inside the encrypted connection.

The “Use” mode. In this mode, when users log in via SMTP, POP3/IMAP, or STARTTLS, the password is transmitted only inside the encrypted connection.

Configuration of the “Encryption” block for the “May use” and “Use” modes is described below.

  • The “SMTP certificate” field allows you to select a certificate for the SMTP protocol from the ones set up on the ICS CUBE. It enables the use of an encrypted connection using the STARTTLS method over the use of a normal TCP connection over the SMTP protocol on the standard port 25. This encryption is a compromise. If the remote party does not support encryption, the message will be sent/received over the non-encrypted SMTP protocol.
  • The “POP3/IMAP certificate” field allows you to select a certificate for POP3/IMAP/ protocols from the ones set up on the ICS CUBE. It enables the use of an encrypted connection using the STARTTLS method over the use of a normal TCP connection using the POP3/IMAP protocols on standard ports 143/110, respectively.
  • The “Enable SMTPS” and “Enable POP3S/IMAPS” flags enable encryption for SMTPS, IMAPS, and POP3S protocols on non-classic ports in parallel to ports 25/110/143. The main difference is the mandatory use of encryption; a compromise is not possible. The ICS CUBE mail server uses only the TLSv1, TLSv1.1, and TLSv1.2 cryptographic protocols. SSL2 and SSL3 usage for security purposes is disabled.
  • The “SMTPS port”, “POP3S port”, and “IMAPS port” fields allow you to set port numbers for the SMTPS, IMAPS, and POP3S protocols, respectively.
  • The “DH (Diffie-Hellman) key length” field allows you to set the key length for STARTTLS encryption and for TLS cryptographic protocols of various versions, when using the IMAP/POP3 and IMAPS/POP3S protocols. Please note that the recommended key length is 2048 bits, and by default it is 1024 bits to optimize the first launch of the ICS CUBE.

Mail sending.

The following settings are necessary for setting various restrictions when sending emails:

  • The “Maximum message size” field sets a limit on uploading attachments via web mail (built-in roundcube client).
  • The “Restrict frequent mail sending” flag enables restrictions on sending emails via the ICS CUBE mail server.
  • The “Maximum number of messages from one IP per minute” field sets the maximum number of emails sent per minute from one IP-address. This restriction does not apply to emails sent from the web interface of the pre-installed email client.
  • The “Ignore sending mails from permitted addresses and networks” flag creates an exception in the “Restrict frequent mail sending” restriction for IP-addresses and networks specified in the “Whitelist” section below.

Mail queue.

Mail messages that were not sent are placed in the queue for resending.

The following settings are necessary for setting different time intervals when sending mail messages again:

  • The “Interval between sending queued mails” field allows you to set the time when the daemon starts (the daemon is a program running in the background), after which it will check the time when the message is in the queue (by default, it is 30 minutes).
  • The “Queue delay from … to …” field allows you to set the time interval for a message in the queue, when the daemon will try to re-send this message from the queue (by default, it is from 180 minutes to 300 minutes). For example, an email was not sent, and the daemon starts every 30 minutes by default, which means that the daemon will start after delta time, where delta can take a value from the interval - [0m;30m]. Thus, re-sending will be done after 180+delta. If re-sending did not occur, the message is re-placed in the sending queue, the time counter for the message being in the queue becomes zero, and the lower limit (in our case, 180 minutes) for this message will be shifted automatically, but it will not exceed the upper limit. Attempts to send an email will be repeated until the total time spent in the queue reaches the value specified in the “Maximum queue lifetime” field.
  • The “Maximum queue lifetime” field allows you to specify the maximum total time spent in the queue, after which the sender will be notified that their email was not sent (by default, 5760 minutes).

Sending throuth external SMTP.

In the ICS CUBE you can configure outgoing mail to be sent via a different SMTP server for all messages, except for messages the destination address of which is a local domain or recipient. In order to enable sending of outgoing mail through another SMTP server, it is necessary to enter its address (domain name or IP) in the “Default relay” field and specify the connection port.

The “Use SMTPS” flag is only used for SMTPS connections on port 465. Thus, the flag for sending messages to the destination port 465 is mandatory. When connecting to port 25, the SSL flag should not be set, because encryption of the connection via the STARTTLS extension will be selected automatically, depending on the support of this method for encrypting the connection by the remote party.

If the external SMTP server requires user authentication, you must set the “Use SMTP authentication” flag and specify the user's username and password. Please note that when sending mail messages via SMTP servers yahoo.com / gmail.com and so on, you need to set the “Change sender email” flag, because for these mail servers, the sender's address (FROM header) shall match the user who was logged in, and also set the sender's address in the “Sender email” field.

Restriction lists.

It allows you to add white and black address lists from which incoming correspondence is allowed or forbidden. When you click on the “Whitelist” button, a new dialog box will open, where you can add: IP-address, domain name, network (including the one created in the ICS CUBE), mail server (for example, @google.com), mailbox. ICS CUBE will always accept emails without checking grey lists and checking the correspondence of forward and reverse DNS records, as well as without authorization. Attention! Only senders who are truly trustworthy should be included in this list.

When you click on the “Blacklist” button, a new dialog box will open, where you can add IP-address, domain name, network, mail server (for example, @google.com), mailbox. ICS CUBE will not accept emails from them.

General settings.

Default authorization domain.

This block allows you to select a mail domain that is set up on the ICS CUBE during client authorization. For example, the ICS CUBE has a domain.local mail domain, and the user from this domain receives the “usermail” mailbox name. Then when you select “domain.local”, the user when accessing the ICS CUBE mail server via the mail client or via the web interface in the “User name” field can only specify “usermail”, and not usermail@domain.local.

Drive for keeping mail.

This block allows you to move the mail storage to a separate hard drive. By default, mail is stored in the primary system partition (where the ICS CUBE is installed). If you change the storage location of your mail, all emails will be copied from the current hard drive to the new one. You can track the progress of copying mail from drive to drive in the Menu – Maintenance – System – Tasks. If the new hard drive already contains files with mail, then copying will not be performed (only for ICS CUBE 5.1.7 and higher).

Server name for SMTP HELO when sending email.

It allows you to specify the host name that will be passed in the SMTP HELO or EHLO command to the remote party when sending an email.  

On creating a mailbox automatically create next folders.

It allows you to set a list of standard folders that are created in the mailbox. If necessary, you can change the composition.

Anti-virus attachment check.

This block includes checking incoming and outgoing messages for viruses in them. If the result is positive, the recipient will receive a message about the results of this check instead of the email itself, and the email itself will be attached to the message. Anti-virus check (Clamav, Kaspersky Antivirus, you must perform the appropriate configuration to use the antivirus) is activated by setting the appropriate flag next to the name of the antivirus.

DKIM-signature.

More information about DKIM-signatures can be found here: https://en.wikipedia.org/wiki/DomainKeys_Identified_Mail

  • The “Verify DKIM-signature” flag. It enables checking of incoming emails for the DKIM-signature availability and correctness.
  • The “Add DKIM-signature” flag. It activates the addition of a DKIM-signature to emails sent from ICS CUBE.
  • The “Selector” field. By default, the “default” selector is used in ICS CUBE. Since there can be multiple mail servers for a single domain, you must create your own DKIM selector for each mail server in the same domain.

Miscellaneous.

Use DLP.

When the flag is set, it enables the DLP module checking of emails (by setting the flag in Menu - Security - DLP - Settings - the “Use DLP for mail” flag), provided that the DLP module is correctly configured and that it is working.

Recode subject to UTF-8.

If this flag is set, messages sent from the ICS CUBE mail server will have UTF-8 subject encoding.

SMTPUTF8 support.

This flag enables / disables support of UTF-8 encoding when receiving and sending messages.

Spam protection.

In the “Spam protection” tab, you can configure servers that contain black lists, as well as configure the operation mode of the grey list in the ICS CUBE.

DNSBL blacklists (DNS Blackhole List).

This block allows you to add / remove hosts that contain DNSBL blacklists. These lists are used to fight spam. When receiving an email, the ICS CUBE mail server addresses all the hosts specified in this list and checks them for the IP-address of the sender from which it receives the message. If there is no response at all or at least a positive response from one of the hosts, ICS CUBE considers that an attempt is being made to receive spam messages. The message is not received, and the sender's server gets a 5xx error (fatal error).

Grey lists (Greylisting).

This block is intended for installation of automatic spam blocking system. When you set the “Use grey lists” flag, the ICS CUBE will track the behavior of mail servers that send messages to the ICS CUBE. You can read about the blocking methodology at the following address: https://en.wikipedia.org/wiki/Greylisting_(email)

Grey lists are set up according to three parameters - the “ignore resending” field in seconds (it is assumed that a reliable mail server will not send an email again at this time); the “await resending” field is indicated in hours (it is assumed that the email should arrive not later than the specified time); the “keep in white list” field is indicated in days (it is assumed that the mail server that has passed the scan will not go through it for a certain number of days).

Address book.

The “Address book” tab defines the parameters of the address book of the ICS CUBE mail server for client programs of the users. Here you can define the port on which LDAP is running, configure the Base DN parameter (LDAP search base, you can specify several of them using semicolons), enable or disable the use of the address book, and set the “Use ICS Address Book” flag.

Please note that this flag allows you to send the address book to all mail clients, but if this flag is set, it is possible not to transfer the address book to Roundcube (the corresponding settings are made in the Menu - “Mail” - “Web-mail” - the “Settings” tab).

mail_setup50.txt · Last modified: 2020/06/11 15:45 by zog