Mail Service

From Tardis
Revision as of 21:28, 1 August 2016 by Kline (talk | contribs) (Add info on updating aliases/virtual hosts)
(diff) ← Older revision | Latest revision (diff) | Newer revision → (diff)
Jump to: navigation, search
This page is out of date and needs rewriting.
The content is likely to be incomplete or incorrect.

Usage Guide

Tardis currently supports the following methods of accessing your email account:

POP3
  • Server: pop.tardis.ed.ac.uk
  • Secure Connection: TLS or SSL
  • Username: Your Tardis username
IMAP
  • Server: imap.tardis.ed.ac.uk,
  • Secure Connection: TLS or SSL
  • Username: Your Tardis username
Webmail
We provide RoundCube Webmail at https://webmail.tardis.ed.ac.uk
Via SSH
mutt and pine are both currently available on the shell server at ssh.tardis.ed.ac.uk.
Mail Submission
You can now send mail via Tardis' SMTP server from the outside world.
Configuration details:
  • Server: mailhost.tardis.ed.ac.uk
  • Secure Connection: TLS
  • Server port: 587
  • Username: Your Tardis username

You may need to install the CAcert Root certificate if you get mail server certificate warnings every time you connect.

Delivery and Filtering

Mail can be delivered by procmail or maildrop, (default) and can be spam filtered by spamassassin. Support documentation for these applications are currently unavailable, but hopefully will be soon. Before contacting us, we ask that you consult the man page and online documentation for each application.

Troubleshooting

  • IMAP can fail to connect if you've deleted your Maildir folder. To recreate it, run maildirmake Maildir in your home directory on Vortis.

Current setup

  • The main mail server is on isolus, a virtual host.
  • We're using postfix as our MTA, and the default MDA is maildrop.
  • We greylist
  • We also use the janet rbl
  • Users have the option to use spamassassin for spam filtering.
  • Lists Service

Admin

To change aliases (eg sysmans): edit /etc/aliases, run `newaliases`

To change virtual lookup tables (eg gamesoc emails): edit /etc/postfix/virtual, run `postmap /etc/postfix/virtual`

Breaking mail loops

(To prevent most of the loops between ecartis and majordomo installations any mail to listar@tardis or majordomo@tardis which came from majordomo-owner@... is now sent to support instead, using a small procmail filter.)

Suppose ecartis gets into a bunfight with majordomo-owner@example.com, replying to each other's automated messages. We can break the loop by instructing postfix to hold messages from majordomo-owner@example.com and delete the offending message. To put the mail on hold, edit /etc/postfix/access on the mail host, adding a line like:

majordomo-owner@example.com HOLD mail loop

The bit after HOLD is just a human-readable reason for putting the mail on hold which gets put in our logs. Then run

postmap access

to get postfix to pick up the change.

When a mail arrives, it gets put in the special hold queue. You can then check that the message isn't legitimate mail with postcat, and delete it with postsuper:

root@mccoy:/etc/postfix# cd /var/spool/postfix/hold/
root@mccoy:/var/spool/postfix/hold# ls -R
  [...]

./8:
886702B036

  [...]
root@mccoy:/var/spool/postfix/hold# postcat 8/886702B036
  [The message, plus a bit of header info...]
root@mccoy:/var/spool/postfix/hold# postsuper -d 886702B036 hold

If it's real mail, you can release it with postsuper -H 886702B036. You can remove the hold from access now, but remember to run postmap so that postfix notices.

Whitelisting and blacklisting

If mail from an external source is being rejected by postfix (say, because they've got themselves listed in the RBL), they can be whitelisted so that we can get mail from them anyway. To whitelist by the claimed sender address, add an entry to /etc/postfix/access. To whitelist by the hostname, IP address and such like, use /etc/postfix/clientaccess. The entry should be followed by OK, and postmap run to recreate the database file. Then postfix will consult the new database file automatically.

You can also blacklist addresses and hosts using these files. Consult the files for details.

Webmail

Webmail (horde2) is available from webmail.tardis.ed.ac.uk. It depends on /etc/init.d/imapproxy running on azal. If IMAP on boe is not functioning, this service will eventually kill itself and webmail will start rejecting logins. In this case, restart it with:

  /etc/init.d/imapproxy restart

Wish list

  • Amongst other things, we really really really need a better mailing list whatnot than ecartis. It occasionally completely garbles emails, and it doesn't seem to support attachments. It'd also be nice to have something that could perhaps pull userlists out of ldap? (Consider allusers, sysmans). See Lists Service
  • Perhaps we should use spamhaus instead of or in addition to RBL+?