Table of Contents
This is a detailed break-down of all the configuration options and
files available when configuring how email is handled for a domain.
Throughout this chapter, the domain my-brilliant-site.com
is used as an
example. Thus all the configuration for my-brilliant-site.com
will be inside
the /srv/my-brilliant-site.com/
directory.
The mail servers have been set up with standard port assignments as follows. These are all the standard ports for the protocols.
Service | Port | Encryption |
---|---|---|
POP3 |
110 |
TLS |
IMAP |
143 |
TLS |
SMTP |
25 or 587 |
TLS |
POP3 |
995 |
SSL |
IMAP |
993 |
SSL |
SMTP |
465 |
SSL |
Sieve |
4190 |
TLS |
In order for a domain to be configured to accept email, one of two
things must be present. Either the domain must have a
mailboxes/
directory present, or one of the files
config/default_forward
or config/aliases
must be present.
For example, if the domain my-brilliant-site.com would like to host
mail normally, i.e. one mailbox per user hosted on the same machine,
then the directory /srv/my-brilliant-site.com/mailboxes/
should be created. Then in there, one directory per user should be
created. If bob@my-brilliant-site.com would like to receive mail,
then /srv/my-brilliant-site.com/mailboxes/bob/
should be
created.
Assuming that this is the only directory inside
/srv/my-brilliant-site.com/mailboxes/
then only mail
addressed to bob@my-brilliant-site.com will be accepted. Any other
mail addressed to my-brilliant-site.com will be rejected.
If you would like to accept all mail for my-brilliant-site.com,
regardless of who it is addressed to, then create the file
/srv/my-brilliant-site.com/config/default_forward
. The contents of
this file should be a single email address, or a comma-separated list
of email addresses. For example, to forward all mail to
bob@my-brilliant-site.com, regardless of who it is addressed to,
then /srv/my-brilliant-site.com/config/default_forward
should
contain bob@my-brilliant-site.com
.
If you would like the domain nomail.my-brilliant-site.com not to
receive any mail at all, then remove the directory
/srv/nomail.my-brilliant-site.com/mailboxes/
and ensure
that the file
/srv/nomail.my-brilliant-site.com/config/default_forward
does not
exist.
The password for a mailbox should be set by the contents of a file
named password
inside a user’s mailbox directory. The contents of
this file may be in plain text, or encrypted.
To encrypt a password on the command line, you can run the following command, substituting "my password" for your password. This encrypts the password using the SHA-512 algorithm.
echo "my password" | symbiosis-encrypt-password > password
This just uses the standard crypt
function available under most
Linux platforms, as well as perl and PHP.
All email addresses can be used with a suffix. This allows people to
filter their email by the To: address. The separator between the
local part and suffix is the +
sign.
For example, Bob signs up to a shopping site at http://example.com. He might use bob+example@my-brilliant-site.com his email address when signing up, such that he can filter all email from that shop.
Symbiosis can enforce users' mailbox size with quotas. This will prevent mail from being delivered to a user if their mailbox grows too large. The user will receive a warning when they have filled up their mailbox to 75% of its size.
A default quota for each individual mailboxes in a domain can be specified in
config/mailbox-quota
. A per-mailbox quota can be defined in a file
named quota
which resides in a user’s mailbox directory.
These files both have the same format, which is just a number of bytes over
which mail should not be delivered. This number can have a suffix of k
, M
,
or, G
which represent kilobytes, megabytes, and gigabytes, or ki
, Mi
, or
Gi
to represent kibibytes, mebibytes, and gibibytes, respectively.
For example, to limit the mailbox size for all mailboxes in
my-brilliant-site.com to 200MB, i.e. 200,000,000 bytes, put 200M
in
/srv/my-brilliant-site.com/config/mailbox-quota
.
To grant bob@my-brilliant-site.com a 1GiB quota, i.e. 1,073,741,824 bytes,
put 1Gi
in /srv/my-brilliant-site.com/mailboxes/bob/quota
.
Quotas in a user’s mailbox directory take precedence over the default quota.
Sieve is a standard language that users can employ to filter their email on the server. Additionally using any one of a number of clients, users can edit their filtering rules without needing shell access to the server.
Each user can create a number of scripts in a directory called
sieve.d/
, with the current script being kept in a file called
sieve
.
There are two methods of forwarding email. The first is a per-mailbox
forwarding service, and the second is a per-domain service. For the
per-user service, a file named forward
should
be put in a user’s mailbox directory. The per-domain service uses the
same file format as the per-user service, but the file should be
uploaded to config/default_forward
instead.
For example, bob@my-brilliant-site.com would set up a file called
/srv/my-brilliant-site.com/mailboxes/bob/forward
.
If all the mail for my-brilliant-site.com needed to be forwarded
elsewhere, then the file would be called
/srv/my-brilliant-site.com/config/default_forward
.
Both of these files can be interpreted in two ways. Firstly they can be a comma separated list of email addresses. For example, if Bob wanted to forward his email onto Charlie and Dave, his forward file might read
charlie@example.com, dave@example.com
The second way these files are interpreted is as an Exim filter file. The full specification is documented at the Exim project site.
Here are some examples of what is possible.
To forward mail on, but keep a copy
# Exim filter unseen deliver charlie@example.org, dave@example.com
To rewrite all mail for a domain to example.com. This is probably
best used in config/default_forward
.
# Exim filter deliver $local_part@example.com
The Exim documentation has further examples of what is possible.
It is possible to set a vacation message for a user by putting a
message in file called vacation
in the user’s mailbox directory.
For example, for bob@my-brilliant-site.com, the message would go in
/srv/my-brilliant-site.com/mailboxes/bob/vacation
. On Bob’s return,
the people who received vacation messages are logged to
/srv/my-brilliant-site.com/mailboxes/bob/vacation.log
. Once he’s
read it, that file, along with
/srv/my-brilliant-site.com/mailboxes/bob/vacation
and
/srv/my-brilliant-site.com/mailboxes/bob/vacation.db
should all be
removed.
Vacation messages can cause irritate other email users by replying to mailing lists, email bounces, and so on. Every effort is made to stop this from happening, but it is by no means fool-proof.
Each domain can have a list of aliases. This is just a file that
contains a list of local parts, and a list of places they should be
sent on to. This file should be in the config/
directory
and is named aliases
.
For example, my-brilliant-site.com has a list of dummy addresses
that should be sent on to Bob. So the aliases file would be kept at
/srv/my-brilliant-site.com/config/aliases
and contains the
following.
webmaster bob@my-brilliant-site.com chairman charlie@example.com staff bob@my-brilliant-site.com, charlie@example.com, dave@example.com
This ensures that webmaster@my-brilliant-site.com is sent to bob@my-brilliant-site.com; chairman@my-brilliant-site.com is sent to charlie@example.com; staff@my-brilliant-site.com is sent to bob@my-brilliant-site.com, charlie@example.com, and dave@example.com.
The configuration for SpamAssassin for the admin user is kept in
/srv/.spamassassin/user_prefs
. Here you can adjust what score is needed to
reject spam, and which tests are used during scanning. This file will only
appear after a mail has been received with spam detection turned on, but
one can be created and configured before this occurs.
The file contains comments and instructions, and further tips can be found on the SpamAssassin wiki.
In brief, to cause more mail to be rejected, you need to reduce the
threshold score. Therefore change the line reading # required_score
5
should be changed to required_score 4
. Notice that the #
has
been removed at the start of the line to un-comment it.
Similarly if mail is being rejected, you can increase the score.
Further instructions can be found on the SpamAssassin wiki.
There is no facility to train the SpamAssassin Bayesian learner yet.
Headers are added to messages when spam or virus scanning is enabled. These can be used by email clients to filter email, for example in to spam or quarantine folders.
With spam scanning enabled, any email that is accepted has the following headers added
X-Spam-Score
X-Spam-Bar
X-Spam-Status
The score is determined by SpamAssassin, and is the basis for acceptance or rejection. The higher the score, the more certain SpamAssassin is that the message is unwanted. The default threshold for rejection is 5.
The bar is a length of pluses or minuses that provide an easy-to-parse
representation of the score. A positive score is given pluses, a
negative score minuses. For example a score of 5.6 would be
represented as ++++++
; a score of -2.2 would be represented as --
.
The status is always either innocent
or spam
, depending on the
score.
When virus scanning is enabled, the header X-Anti-Virus
is added to messages
that have been scanned. This is set to either infected
or clean
.
There are three lists from Spamhaus that can be used to reject email based on the sender’s IP address, namely
These lists are combined to form the Zen list.
The following instructions will enable use of these lists on our example domain my-brilliant-site.com.
Connect to your machine using FileZilla
On the remote directory tree, navigate to
/srv/my-brilliant-site.com/config/
.
In this directory, create another directory called
blacklists/
. This is done by clicking the right mouse
button on the config/
directory, and selecting from the menu that pops up.
On your local machine create a file called zen.spamhaus.org
.
This is just an empty file.
Once this is done, navigate to the blacklists
directory on the
remote file system, and select
zen.spamhaus.org
from the local file system, and upload it. Make
sure that the remote file has the correct name, i.e. no extra
.txt
extension.
That is all that is needed to start using the Spamhaus Zen blacklist. If you’d rather use a combination of lists create one or more of the following files:
sbl.spamhaus.org
to enable the SBL list
xbl.spamhaus.org
to enable the XBL list
pbl.spamhaus.org
to enable the PBL list
sbl-xbl.spamhaus.org
to enable the combined SBL and XBL list
zen.spamhaus.org
to enable the combined SBL, XBL, and PBL list
Here is an example configuration layout for the domain
my-brilliant-site.com
. All the following files are kept in
/srv/my-brilliant-site.com/
.
mailboxes/
my-brilliant-site.com
, unless a
default forwarding address or filter has been set up.
mailboxes/bob/
mailboxes/bob/Maildir/
mailboxes/bob/password
mailboxes/bob/quota
k
, M
, or G
to
specify kibibytes, mebibytes, or gibibytes respectively. For example 100M
would be 100 mebibytes, or 104857600 bytes. See Section 15.5, “Enforcing mailbox size with quotas” for more
information.
mailboxes/bob/forward
mailboxes/bob/vacation
mailboxes/bob/sieve
config/aliases
config/default_forward
config/bytemark-antispam
config/antispam
config/mailbox-quota
k
, M
, or G
to
specify kilobytes, megabytes, or gigabytes respectively. For example 100M
would be 100 megabytes, or 100,000,000 bytes. See Section 15.5, “Enforcing mailbox size with quotas” for more
information.
config/antivirus
config/blacklists/sbl.spamhaus.org
config/blacklists/xbl.spamhaus.org
config/blacklists/pbl.spamhaus.org
config/blacklists/sbl-xbl.spamhaus.org
config/blacklists/zen.spamhaus.org