Mail configuration

General information

Mail services in ISPmanager 5 are managed are by both POP3-server Dovecot (only v2) and by one of SMTP-servers (sendmail, exim and postfix). All domain names and mailboxes created in the control panel are virtual and do not require real users in the users. Email storing format is Maildir (http://en.wikipedia.org/wiki/Maildir). SMTP-authentication is performed by sasldb2 or through the socket dovecot, for sendmail - only by sasldb2. Mail delivery and quota counting is performed by dovecot.

Installing mail services

If during installation of ISPmanager from COREmanager you select "custom installation" (ISPmanager installation guide), you will be able to select "Mail services" check box.

File:Ispmgr5-install-useropt1.jpg
Setup Wizard, Step 1

You will be prompted to select SMTP-server and optionally install the following:

File:Ispmgr5-install-smtpconf1.jpg
ISPmanager installation, SMTP configuration

Next you will be prompted to install Dovecot POP3-server and sieve (http://en.wikipedia.org/wiki/Sieve) as an option.

File:Ispmgr5-install-pop3conf1.jpg
ISPmanager installation, POP3 configuration

If you select Postfix or Exim as an SMTP-server, you will be prompted to select an SMTP-authentication method. Selecting the check box "Authentication through sasldb" wil linstall sasldb2 and utilities for their management. Otherwise, SMTP-authentication will be be performed through Dovecot. For sendmail only sasldb2 is used.

File:Ispmgr5-install-mtaconf1.jpg
ISPmanager installation, configuration of smtp authentication

General notes about Exim

For mail server configuration the configuration file template is used. используется шаблон конфигурационного файла. It is copied from etc/templates/exim.config into the Exim directory.

For more details about the configuration file please read the articles Exim configuration file

ОMain files

Following is a list of files that used if the Exim mail server is used (the paths can be found in the ISPmanager configuration file etc/ispmgr.conf):

  • exim-passwd - the file containing the mailboxes, paths, uid/gid of real users who own those mailboxes, and mailbox redirects.
  • exim-domains - contains the mail domains created by the panel, redirects and and default actions.
  • exim-aliases - contains aliases for mailboxes.
  • exim-whitelist - whitlist of the mail server, domains, IP addresses, and mailboxes from which email is allowed.
  • exim-blacklist - blacklist of the mail server, domains, IP-addresses, and mailboxes, from which email will be denied.
  • exim-domainips - mail domains and IP addresses from which email will be redirected.

Format of default actions for domains

In the exim-domains files:

 company.me:company.me::no  -  "Default action" is set to "Error message"
 company.me:company.me:/dev/null:no  - "Default action" is set to  "Игнорировать и удалить"
 company.me:company.me:[email protected]:no  -  "Default action" is set to  "Перенаправить"

Creating a mailbox

Once the "[email protected]" mailbox is created, the following records will be specified in the configuration:

in exim-passwd:

 [email protected]:500:500:160:/var/www/user/data/email/test.dom/aaa:no
  • [email protected] - mailbox name
  • 500:500 - uid:gid of the user-owner
  • 160 - quota in MB
  • /var/www/user/data/email/test.dom/aaa - path to the mailbox directory
  • no - active/suspended

in exim-aliases:

 [email protected]:[email protected]:fwd
 [email protected]:[email protected],[email protected]:user
  • [email protected] - aalias
  • [email protected] - send copies to

General notes about Sendmail

For Sendmail smtp-authentication is performed only through sasldb2. Sendmail cannot work with IP addresses. The configuration files directory is always /etc/mail If you run FreeBSD, the Sendmail configuration file is named after the server hostname - <hostname>.mc, if you run Linux - sendmail.mc. The file sendmail.cf will be created based on it. (execute the command 'make -C /etc/mail' or 'make -C /etc/mail install' for FreeBSD) For more details please read the article Sendmail configuration file

Main files

Following is a list of files that used if the Sendmail server is used (the paths can be found in the ISPmanager configuration file etc/ispmgr.conf):

  • sendmail-aliases - contains information about active auto-responders and mailbox redirects.
  • sendmail-accessdb - contains access details, suspended mailboxes and domains, whitelists and blacklists.
  • sendmail-virtusertable - contains mailboxes, their aliases, and default actions for domains.
  • sendmail-localhostnames - contains all the domain names created by the control panel.

Format for default actions for domains

 @company.me error:nouser No such user here - error message 
 @company.me devnull - ignore and drop 
 @company.me [email protected] - redirect to address [email protected] 
 @company.me [email protected] - redirect to domain me.ispvds.com

Creating a mailbox

Once the mailbox "[email protected]" is created, the following records will be specified in the configuration:

in sendmail-virtusertable:

 [email protected]	[email protected]
 [email protected]	aaa+test.dom
 @test.dom	error:nouser No such user here
  • [email protected] - alias
  • aaa+test.dom - correspondence of this record from virtusertable to the record in aliases
  • @test.dom - all mailboxes must be specified before the default action for that domain

in sendmail-aliases:

 aaa+test.dom:	[email protected],aaa\@test.dom
  • [email protected] - send copies to
  • aaa\@test.dom - undocumented sendmail feature is used that enables to use sendmail-aliases and sendmail-virtusertable together

General notes about Postfix

It is very similar to Sendmail, has similar format for default actions. тот же формат действий по умолчанию и схожие However Postfix cannot work with IP addresses and use authentication through Dovecot. For more details please read the article Postfix configuration file

Mail files

Following is a list of files that are used if Postfix is used (the paths can be found in the ISPmanager configuration file etc/ispmgr.conf):

  • postfix-master - master.cf Postfix, in the control panel it is used for associating a domain with IP address
  • postfix-aliases - contains active auto-reposnders and mailbox redirects
  • postfix-localhostnames - contains mail domains created by the control panel
  • postfix-domainips - is used for associating a domain with IP address
  • postfix-accessdb - contains access details, mailboxes and domains, whitelists and blacklists
  • postfix-virtusertable - contains mailboxes, their aliases and default actions for domains.


Creating a mailbox

Once the mailbox "[email protected]" is created the following records will be specified in the configuration:

in postfix-virtusertable:

 [email protected]	[email protected]
 [email protected]	[email protected] aaa+test.dom
 @test.dom	postfix_err_nouser
  • [email protected] - alias
  • aaa+test.dom - correspondence of this record from virtusertable to the record in aliases
  • @test.dom - all mailboxes must be specified before the default action for that domain

in postfix-aliases:

 aaa+test.dom:	[email protected]
  • [email protected] - send copies to

Correspondence of domain to IP address

Once the mail domain test.dom with IP address 1.2.3.4 is created, the following will be specified in the configuration:

in postfix-domainips:

 [email protected]\.dom$/	smtp_test_dom

in postfix-master:

 smtp_test_dom   unix - - n - - smtp -o syslog_name=postfix-1_2_3_4 -o smtp_bind_address=1.2.3.4

General information about Dovecot

Dovecot v2 can only be used. The dovecot-lda utility is used for email delivery into maildir of mailboxes. Mail quotas and a mail filter based on sieve (http://en.wikipedia.org/wiki/Sieve) are activated as dovecot-lda plug-ins. For more details please refer to the article Dovecot configuration files

The main file is dovecot-passwd containing the information about mailbox and passwords. The dovecot-doveadm utility is used for generating passwords.(the paths can be found in the ISPmanager configuration files etc/ispmgr.conf)

Creating a mailbox Once the mailbox "[email protected]" is created, the following will be added into dovecot-passwd:

 [email protected]:[email protected]10692480b:500:500::/var/www/user/data/email/test.dom/aaa:::maildir:~/.maildir  userdb_quota_rule=*:bytes=160M
  • [email protected] - mailbox name
  • {CRAM-MD5}59e8dc33b05d7e84fb49cf28bc20b7d55a2392631d8e16a9c522b6510692480b - CRAM-MD5 encrypted password
  • 500:500 - uid/gid of the mailbox owner
  • /var/www/user/data/email/test.dom/aaa - path to the mailbox directory
  • maildir:~/.maildir - Maildir storage format
  • userdb_quota_rule=*:bytes=160M - quota is 160 MB, dovecot-lda will check it when delivering mail

the password is generated by:

 /usr/bin/doveadm pw -s CRAM-MD5 -u [email protected]
 Enter new password:

The dovecot-lda utility

The dovecot-lda utility is included into the Dovecot distribution. It is specified for the SMTP-server as the default mail delivery agent.

Once the message is sent from the SMTP-server, dovecot-lda takes data from the file dovecot-passwd, set setuid for the mailbox owner.

If sieve is activated, dovecot-lda will search a sieve script file (by default - .dovecot.sieve) and start it.

For Postfix, suid and sgid bit, as well as the mgrsecure group containing all the control panel's users are set for dovecot-lda. (See http://wiki2.dovecot.org/LDA#multipleuids for details)

 chmod 06750 /usr/lib/dovecot/dovecot-lda
 chgrp mgrsecure /usr/lib/dovecot/dovecot-lda

Mail quotas

The <mailbox directory>/.maildir/ contains the maildirsize file. When delivering email, dovecot-lda specifies there the letter size and total size. The total size is compared wшер quota specified in dovecot-passwd, if the quota is exceeded, the email message will be denied. While deleting email through the POP3 protocol, Dovecot will also calculate the size in the maidirsize file taking into account deleted messages.

The dovecot-doveadm utility can be used for viewing mailbox quota usage:

 /usr/bin/doveadm quota get -A

Auto-responders

In the <domain directory>/<mailbox name>/ .vacation.db and .vacation.msg are created The mailbox and the auto-responder associated with that mailbox are specified into aliases.

 aaa+test.dom:  [email protected],"|/usr/local/mgr5/sbin/responder -f /home/user/data/email/test.dom/mail/.vacation.db -m /home/user/data/email/test.dom/mail/.vacation.msg"
  • .vacation.msg - aut-responder message
  • .vacation.db - log file containing information on when and to whom a response was sent. It response once a day to one addressee.

Greylisting

The receiving mail server rejects a message, informs a sender that the message cannot be delivered immediately and asks to try again later. Mail servers are put on the grey lists. If they are not spammers, thy will store the message and try sending it again during 5 days.

For Exim and Postfix Postgrey is used, For Sendmail - milter-greylist.

Greylisting can be activated for both domain name and mailbox. If it is not activated for a domain, it cannot be used for its mailboxes. If it is on for the domain, Greylisting can be on/off for its mailboxes.

There is a whitelist for Greylisting to which domains, IP addresses and mailboxes can be added.

Postgrey

All the domains and mailboxes with Greylisting activated, are specified in the file whitelist_recipients, Greylisting whitelist - the file whitelist_clients.

Paths for FreeBSD:

 /usr/local/etc/postfix/postgrey_whitelist_clients
 /usr/local/etc/postfix/postgrey_whitelist_recipients

Paths for Linux:

Postfix:

 /etc/postfix/postgrey_whitelist_clients
 /etc/postfix/postgrey_whitelist_recipients

Sendmail or exim:

 /etc/postgrey/whitelist_clients
 /etc/postgrey/whitelist_recipients

Record format:

whitelist_clients:

 example.com
 1.2.3.4
 aaa.example.com

whitelist_recipients:

 test.dom
 [email protected]
 

Milter-Greylist

Whitelist, mail domains, mailboxes with disabled Greylisting are saved in the file greylist-conf (the path is specified etc/ispmgr.conf, for Debian - /etc/milter-greylist/greylist.conf)

Record format:

  • Greylisting is off for the domains:
 racl whitelist rcpt [email protected]/
  • Greylisting is off for the mailbox:
 racl whitelist rcpt [email protected]
  • whitelist for the domain:
 racl whitelist domain example.com
  • whitelist for the mailbox:
 racl whitelist from [email protected]
  • whitelist for IP address:
 racl whitelist addr 1.2.3.4

SpamAssassin

SpamAssasin (SA) enables to analyse the email message content. Corresponding records are added into message headings so that a user can filter email messages into different directories of the mail program.

SpamAssasin can be activated for both mail domain and mailbox. If it is off for the domain, it cannot be used for its mailboxes, if it is on for the domain, SpamAssasin can be on/off for the mailboxes.

Mail domains, mailboxes (with spam verification disabled) and SpamAssasin settings are saved in the file spamassassin-localcf (the path is specified in etc/ispmgr.conf, for Debian - /etc/spamassassin/local.cf)

Record format:

  • Is off for the domain:
 all_spam_to     [email protected]
  • is off for the mailbox:
 all_spam_to     [email protected]

Settings:

  • Required score (SpamAssassin will define a score, it should be a number 0 to 100)
 required_score  5
  • Add to the "Theme" field (if the email is defined as spam, it will be added into the heading):
 rewrite_header  Subject ****SPAM*****
  • Report type (how to attach the spam report):
 report_safe     1
  • Contact email (in the spam report):
 report_contact  [email protected]

OpenDkim

Dkim-filter adds a special signature into the message heading that can be used for identifying a domain from which mail was sent, if its DNS records contain a corresponding TXT-record. For each domain private/public key is created. Opendkim is activated for Sendmail and Postfix through milter-интерфейс (http://en.wikipedia.org/wiki/Milter), Exim 4.7 and later can be integrated with Dkim, in this case Opendkim is used only for generating passwords.

Path (in etc/ispmgr.conf):

  • opendkim-keyspath - directory containing the keys
  • opendkim-genkey - utility for password generation

Activating DKIM for the domain

Activating DKIM for the domain will create the following files in the opendkim-keyspath directory:

 test.dom.private
 test.dom.txt

The TXT record will be added for the domain name:

 dkim._domainkey	IN	TXT	"v=DKIM1\; k=rsa\; p=MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDF0zQdEjbWdIkor9Qm9zelAZAUrHJfft7Rmf/dvFXZsllBMUhkZiaP44II2Q2ROJGIUywR3abakw2UWR5loHeIYByh7VqiobUWSz+RGaQrKj9svjXguZGf+YbYwYZGMNxNyWifUg7+XPse+WedRTNkDlt+iMXEBjtOxE3kSOshPwIDAQAB"

Sendmail or Postfix:

The KeyTable, SigningTable files are also used (Debian - in the /etc/opendkim/ directory) The following records will be added for test.dom:

KeyTable:

 dkim._domainkey.test.dom test.dom:dkim:/etc/opendkim/keys/test.dom.private
  • test.dom - domain name
  • dkim - selector (any information, in ISPmanager you may leave the default value dkim)
  • /etc/opendkim/keys/test.dom.private - path to the private key
  • dkim._domainkey.test.dom - identifier, is specified in the TXT record and in SigningTable

SigningTable:

 test.dom dkim._domainkey.test.dom
  • dkim._domainkey.test.dom - identifier, is specified in the TXT record and in KeyTable
  • test.dom - domain name

Clamav

Clamav antivirus is used for checking incoming email. Letters with viruses are rejected. For other email messages a heading is added.

Domains for which virus scanning is not active, are specified in clamav-whitelist (the path in etc/ispmgr.conf, for Debian - /etc/clamav.whitelist)

Following is a record for disabled domain in clamav-whitelist:

Postfix or Sendmail:

 To:.[email protected]

Exim works with clamav without milter-interface and views the clamav-whitelist itself:

 test.dom

Sieve

Sieve is used as a mail filter (http://en.wikipedia.org/wiki/Sieve)

The mailbox directory contains the file .dovecot.sieve containing scripts files (in each condition and corresponding action) from the directory .sieve/ and in the mailbox directory.

Into each script into the heading the instruction for activating all the commands that are added in the control panel, is specified:

 require ["fileinto","reject","vacation","regex","envelope","relational","body","copy"]

Example

The "testscript" script for the [email protected] mailbox of the user checks the following: If in the message headings "Header" or "Subject" "AAA", "BBB", "ССС" are not found or the message size is more than 1 MB, the message will be sent to [email protected], and do not save it in [email protected]

Once the filter script is created in the control panel, the file will contain the following:

/var/www/user/data/email/test.dom/aaa/.dovecot.sieve:

 require ["include"];
 include :personal "testscript";
  • require - specify that the include directive is used for activating the scripts
  • include - activate the testscript script

/var/www/user/data/email/test.dom/aaa/.sieve/testscript.sieve:

 if anyof (	not header :contains ["Header","Subject"]  ["AAA","BBB","CCC"],
 	 size :over 1024K
 ) {	redirect "[email protected]";
 	discard;  
 }
  • anyof - any condition is true

The first condition (each condition starts in a new paragraph comma separated between '(' and ')'):

  • not - inverter
  • header - check email message heading
  •  :contains - contains
  • ["Header","Subject"] - check the headings Header or Subject
  • ["AAA","BBB","CCC"] - check that the heading contain "AAA", "BBB" or "ССС"

The second condition:

  • size - check email message size
  •  :over - more
  • 1024K - 1 MB

The first action (each action are specified in a new paragraph comma separated between '{' and '}'):

  • redirect - redirect to
  • "[email protected]" - address [email protected]

The second action:

  • discard - delete (do not save into the mailbox for which the script is executed)

Was this answer helpful?

 Print this Article

Also Read

Sheduler (cron) (ISPmanager)

ISPmanager allows automatic execution of scheduled jobs using Cron. Cron is a daemon that...

Configuring FTP-server

Supported software Currently ISPmanager supports the following FTP-servers: ProFTPd;...

Dovecot configuration files

Details of the dovecot Following is the example of Dovecot on Debian. You can see the lines that...

Applications (ISPmanager)

In this module you can manage a wide range of server applications available to you and...

How to restore data in ISPmanager 5

Data recovery consists of several steps. Input parameters: version includes the data,...