|
Size: 3156
Comment: Imap.ifh.de first version
|
← Revision 56 as of 2017-08-18 14:26:58 ⇥
Size: 10796
Comment:
|
| Deletions are marked like this. | Additions are marked like this. |
| Line 1: | Line 1: |
| <<TableOfContents>> == Important note == '''The text below is obsolete for users. All accounts have an INBOX on the mail server in Hamburg.''' Please see [[http://it.desy.de/services/e_mail/index_eng.html]] for more information and especially [[http://it.desy.de/services/e_mail/mail_programs_configurations/index_eng.html]] for the configuration of the email clients |
|
| Line 2: | Line 9: |
| At the Zeuthen site mail for users is stored on the IMAP server '''imap.ifh.de'''. There are no other IMAP servers on site. IMAP is the protocol for accessing the mail stored on that server. | |
| Line 3: | Line 11: |
| There is a new IMAP server '''imap.ifh.de''' which is now in a testing phase. It does provide all the features the old IMAP servers on mail.ifh.de and mail1.ifh.de were having. According to limited testing by a few users the server seems to be '''fully operational'''. | For sending and receiving mail another protocol, SMTP, is used. Consequently we have chosen the name '''smtp.ifh.de''' for the SMTP server, which is also known as outgoing mail server. The name '''mail.ifh.de''' is an alias for smtp.ifh.de. |
| Line 5: | Line 13: |
| === Using the new IMAP server === | The name mail.ifh.de should however not be used for the SMTP server, as the SSL certificate for the SMTP server is issued for smtp.ifh.de and not mail.ifh.de. This is important for delivering mail using TLS or SMTP Auth. |
| Line 7: | Line 15: |
| The new server can be used in addition to the old one by '''adding''' mail forwarding to ''<username>''@imap.ifh.de. Then mail is received in the old INBOX and in addition on the imap.ifh.de INBOX | Information on that topic is contained in the talks on email given on Oct. 6 2009 and is still mostly valid: [[http://www-zeuthen.desy.de/technisches_seminar/texte/mail2_okt09.pdf|deutsche]] and [[http://www-zeuthen.desy.de/technisches_seminar/texte/mail4_okt09.pdf|english]] version |
| Line 9: | Line 17: |
| The new server can also be used exclusively by changing the mail routing information from the current maildrop (typically ''<username>''@mail.ifh.de) to ''<username>''@imap.ifh.de. This is currently '''not recommended''' |
=== Quick links === * [[#mailfilter|Mail filtering]] using the [[https://www-zeuthen.desy.de/dv-bin/imap/manage.pl|manage.pl]] or [[https://imap.ifh.de/webmail|squirrelmail]] web interfaces see also * [[MailReaderConfiguration|Mail Reader Configuration]] * [[MailReaderConfiguration#cert|Installing certificates for mail clients]] * [[http://dv-zeuthen.desy.de/services/mail/|Email in Zeuthen]] |
| Line 12: | Line 24: |
| === Alpine === | === Main characteristics of the IMAP server === The IMAP server is based on a recent release of '''dovecot''' (2.2.18 as of June 23, 2015). It has been built with support for the '''sieve''' language (dovecot-pigeonhole, mail filtering for dovecot, version 0.4.8) and also implements the '''managesieve''' protocol to manipulate sieve scripts (see below). The following features are compiled in and are configured respectively: |
| Line 14: | Line 27: |
| ==== Configuring alpine by editing .pinerc ==== | * Authentication using GSSAPI (Kerberos5) or Username/Password in combination with TLS/SSL * INBOXes are stored in the /var/spool/mail/<username> directories using the mdbox format * Mail Quota is activated * Mail folders on the server can only be accessed using IMAP, there is '''no AFS access''' possible. * Mail is delivered by default to the INBOXes using dovecot's deliver program * deliver is using sieve filters (RFC 5228) to influence the mail transfer. A default filter is active. |
| Line 16: | Line 34: |
| add or modify the following lines in .pinerc: | ==== Using the imap.ifh.de IMAP server ==== The following sections describe the use of imap.ifh.de as the primary IMAP mail server. Users reading their mail elsewhere are not affected. ==== The mail stores ==== * '''INBOX''' By default mail is delivered to the INBOX on imap.ifh.de. The folder format used currently is 'mdbox'. That guarantees a fast access of mails and efficient storage of the mail contents. The INBOX is stored on a local file system on imap.ifh.de and is only accessible by IMAP clients. * '''Local folders''' When mail is saved somewhere, all mail clients offer to store mail into local folders. That is typically a subdirectory of the home directory such as ~/mail or ~/Mail. The folder format is the traditional mbox format, which means one file per mail folder. The advantage is local access to the mails, but working with mbox folders is slow and the locking problem exists, if the local folders are in AFS space. * '''Folders on the mail server''' Besides the INBOX users can keep other mail folders on the mail server. The client needs to tell to the mail server only the folder name, then mail is stored (in the default name space) in the folder with the given name. We have configured only one name space for IMAP, this is the default namespace (called #mdbox). There the mdbox format is used as with INBOX. By using folders on the server mails in there are accessible from all mail clients that support IMAP, i.e. basically world wide access after successful authentication. ==== Authentication ==== The recommended way of authenticating is using '''Kerberos5''' by presenting a valid ticket from the IFH.DE realm. If a computer outside DESY Zeuthen is used then a Kerberos 5 ticket should be obtained before starting your mail reader. Under Linux/Unix this can be achieved with the command |
| Line 19: | Line 51: |
| incoming-folders={imap.ifh.de}INBOX, junkmail {mail.ifh.de}#shared/junk folder-collections=mail/[],Inbox on imap {imap.ifh.de}[] feature-list=...,tab-checks-recent |
kinit <username>@IFH.DE |
| Line 23: | Line 53: |
| ==== Configuring alpine by using the configure screen of alpine ==== The configure screen can be accessed from the main menu by selecting the setup menu and then select the configure screen. |
On Windows systems the Network identity manager from [[http://web.mit.edu/Kerberos/dist/|MIT Kerberos for Windows]] has to be used (do not request Keberos4 tickets). Some Clients do need additional configuration options before K5 Auth is working (see below). |
| Line 26: | Line 55: |
| * Search the keyword "Incoming Folders" and add {imap.ifh.de}INBOX * Search the keyword "Folder Collections" and add Inbox on imap {imap.ifh.de}[] * Search the option "Tab Checks for Recent Messages" and activate it |
Access to the imap server is always encrypted. This means the TLS or SSL protocol must be used. This also means on the client side (the computer from where you start the mail reader) the '''Telekom CA certificate''' which is the final certificate authority for our server has to be in place. This should be the case for most recent operating system installations. Please see the mail reader specific sections for details if you have problems related to that. |
| Line 30: | Line 57: |
| ==== Using alpine ==== The preceding step has configured an additional INBOX. To check for new mails in all INBOXes you can do the following: * go in the Index screen to the last mail and press TAB to get the next INBOX with unread mail * or go to the Folder Collection screen (L), select the folder collection "Incoming Folders" and press TAB to display the number of unread and recent messages in a folder |
Authentication using username and password is possible as well. Both authentication methods have successfully been tested with alpine, thunderbird and many more mail clients. In Outlook Kerberos5 authentication is not working yet. |
| Line 35: | Line 59: |
| To move or copy folders from an old IMAP server to the imap.ifh.de server do the following * select all messages in the folder by pressing '''; a''' * copy all messages in the folder to a new destination '''a s {imap.ifh.de}''' ''<foldername>'' * remove the delete mark if you want to copy instead of moving the folder '''a u''' * unselect all messages '''; a''' |
<<Anchor(mailfilter)>> |
| Line 41: | Line 61: |
| === Thunderbird === * Select in the Edit menu "Account Settings" and add a new (email) account * Enter your Name and Email address in the appropriate place * in the next screen select "IMAP " as server type and enter '''imap.ifh.de''' as server name * enter your user name in the field "Incoming User Name" * define an arbitrary account name and press the Finish button Then in the newly created account change some settings: * in the "Server Settings" select '''TLS''' * click on "Advanced..." and unselect "Show only subscribed folders" To avoid security warnings about certificates that cannot be verified: * In the Edit Menu select "Preferences" and there go to "Advanced" * In the "Certificates" Menu select "View Certificates" then "Authorities and click on "Import" * ??? (UNIX SL5 only): Select the certificate /etc/pki/tls/certs/dfnpca.pem |
==== Mail Filtering ==== The IMAP server does have an integrated filter called '''sieve''' that is engaged whenever new mail is delivered to the INBOX on imap.ifh.de. The filter language is described in http://www.ietf.org/rfc/rfc5228.txt. The dovecot documentation comes with [[http://wiki2.dovecot.org/Pigeonhole/Sieve/Examples|Examples]] of sieve filters. More information on sieve and its support in dovecot can be found at [[http://wiki2.dovecot.org/Pigeonhole/Sieve]]. |
| Line 55: | Line 64: |
| Filters can be created or modified only from computers belonging to the DESY (Zeuthen) domain. An interface to manage mail filters is the [[https://www-zeuthen.desy.de/dv-bin/imap/manage.pl|manage.pl web interface]]. Filters get installed on imap.ifh.de in the location /var/spool/sieve/''<username>''.sieve and are not directly accessible to users. | |
| Line 56: | Line 66: |
| Alternatively the [[https://imap.ifh.de/webmail|squirrelmail]] web mail interface can be used to create filter rules. After login go to the "Filters" page. Also squirrelmail is only accessible within DESY. | |
| Line 57: | Line 68: |
| When creating a sieve filter with one of the graphical interfaces meta data are generated to allow further manipulation of the filter rules. These meta data are not compatible between the two web interfaces. Therefore creating a rule with one interface and changing it with another one is not possible. If there is no user defined filter then the global filter default.sieve is engaged: {{{ require "fileinto"; if header :contains "X-Spam-Level" "*****" { fileinto "junk"; } }}} It filters all spam mails into the folder '''junk on the mail server''', i.e.it is not a local folder. More sophisticated mail filters can be created by using the web interface. Using the basic mode (the default) guarantees that syntactically correct filters get created without knowing the sieve language syntax. Advanced users can write their own sieve script. If there is no syntax error a (compiled) .svbin file is generated, otherwise a .sieve.err file is written that contains the error message. As it resides on the mail server, only administrators get access to these files. Therefore usage of the advanced mode is not recommended. Creation of own filter rules should be simple as the web interfaces are fairly intuitive. The complete removal of own filter scripts using the manage.pl web interface is somewhat tricky. It can be achieved selecting "Advanced options", then writing "default" into the "Delete script name" field, selecting the "No" button beneath "Activate Script?" and then click on "Save changes" See also [[MailFilter|mail filter]]. ==== Vacation/Absence message ==== This is most comfortably done using the [[https://imap.ifh.de/webmail|squirrelmail]] web mail interface discussed above. After logging in and having clicked the Filters menu you can add new mail filter rules. It is important to define a first rule to filter away spam in order to not generate vacation messages for spam mails. This is done by having a Condition Message Header X-Spam-Level contains ***** AND an action Move to Folder junk. Save the rule by pressing the 'Add new Rule' button. Then create another rule by clicking on '''Add a new rule''' in the 'Current Mail Filtering Rules' screen. A new screen is displayed. In the '''condition''' part select '''Always''' in the first field instead of 'Message'. If you want to be more specific e.g. with a condition Message Header 'From' or Message Body contains <some string> you can define other conditions. Then in the '''action''' part select '''Vacation/Autoresponder''' and modify at least the field '''Your addresses'''. Please make sure to fill in all addresses on which you receive mail (separated by comma) in the action field. After having saved this rule by pressing the '''Add new rule''' button you can disable it until you really need it or in order to store it for later use. Please note that the order of rules is important and that the spam filter should always be the first rule. ==== Quota ==== Currently there is a global mail quota limit of 2000 MB configured. This is existing for safety reasons only and can be increased for individual users on request. The mail quota setting and its current usage can be displayed using the command {{{ check_inbox [-h imap.ifh.de] }}} If the mail quota for a user has been changed, the mail client has to be restarted, otherwise the changed quota does not become effective. Delivery to the INBOX takes place even if quota is exceeded (up to 1000 MB in addition) but saving to folders would then not be possible. When the quota limit is exceeded and the additional INBOX limit of 1GB more as well then mail delivery is temporarily suspended until the INBOX is cleaned up. If that does not take place for 5 days, mail is bounced back as undeliverable. When the user is over quota, moving mails around is no longer possible, only deleting is still possible. ==== Backup ==== A backup of all the mail folders on the IMAP server is done to tape daily at 11pm. The restore of mails from backup needs operator assistance. In exceptional cases it is even possible to recover deleted mails. For restore requests please contact the Zeuthen user office. |
Contents
Important note
The text below is obsolete for users. All accounts have an INBOX on the mail server in Hamburg.
Please see http://it.desy.de/services/e_mail/index_eng.html for more information and especially http://it.desy.de/services/e_mail/mail_programs_configurations/index_eng.html for the configuration of the email clients
The IMAP Server imap.ifh.de
At the Zeuthen site mail for users is stored on the IMAP server imap.ifh.de. There are no other IMAP servers on site. IMAP is the protocol for accessing the mail stored on that server.
For sending and receiving mail another protocol, SMTP, is used. Consequently we have chosen the name smtp.ifh.de for the SMTP server, which is also known as outgoing mail server. The name mail.ifh.de is an alias for smtp.ifh.de.
The name mail.ifh.de should however not be used for the SMTP server, as the SSL certificate for the SMTP server is issued for smtp.ifh.de and not mail.ifh.de. This is important for delivering mail using TLS or SMTP Auth.
Information on that topic is contained in the talks on email given on Oct. 6 2009 and is still mostly valid: deutsche and english version
Quick links
Mail filtering using the manage.pl or squirrelmail web interfaces
see also
Main characteristics of the IMAP server
The IMAP server is based on a recent release of dovecot (2.2.18 as of June 23, 2015). It has been built with support for the sieve language (dovecot-pigeonhole, mail filtering for dovecot, version 0.4.8) and also implements the managesieve protocol to manipulate sieve scripts (see below). The following features are compiled in and are configured respectively:
- Authentication using GSSAPI (Kerberos5) or Username/Password in combination with TLS/SSL
INBOXes are stored in the /var/spool/mail/<username> directories using the mdbox format
- Mail Quota is activated
Mail folders on the server can only be accessed using IMAP, there is no AFS access possible.
- Mail is delivered by default to the INBOXes using dovecot's deliver program
- deliver is using sieve filters (RFC 5228) to influence the mail transfer. A default filter is active.
Using the imap.ifh.de IMAP server
The following sections describe the use of imap.ifh.de as the primary IMAP mail server. Users reading their mail elsewhere are not affected.
The mail stores
INBOX By default mail is delivered to the INBOX on imap.ifh.de. The folder format used currently is 'mdbox'. That guarantees a fast access of mails and efficient storage of the mail contents. The INBOX is stored on a local file system on imap.ifh.de and is only accessible by IMAP clients.
Local folders When mail is saved somewhere, all mail clients offer to store mail into local folders. That is typically a subdirectory of the home directory such as ~/mail or ~/Mail. The folder format is the traditional mbox format, which means one file per mail folder. The advantage is local access to the mails, but working with mbox folders is slow and the locking problem exists, if the local folders are in AFS space.
Folders on the mail server Besides the INBOX users can keep other mail folders on the mail server.
The client needs to tell to the mail server only the folder name, then mail is stored (in the default name space) in the folder with the given name. We have configured only one name space for IMAP, this is the default namespace (called #mdbox). There the mdbox format is used as with INBOX. By using folders on the server mails in there are accessible from all mail clients that support IMAP, i.e. basically world wide access after successful authentication.
Authentication
The recommended way of authenticating is using Kerberos5 by presenting a valid ticket from the IFH.DE realm. If a computer outside DESY Zeuthen is used then a Kerberos 5 ticket should be obtained before starting your mail reader.
Under Linux/Unix this can be achieved with the command
kinit <username>@IFH.DE
On Windows systems the Network identity manager from MIT Kerberos for Windows has to be used (do not request Keberos4 tickets). Some Clients do need additional configuration options before K5 Auth is working (see below).
Access to the imap server is always encrypted. This means the TLS or SSL protocol must be used. This also means on the client side (the computer from where you start the mail reader) the Telekom CA certificate which is the final certificate authority for our server has to be in place. This should be the case for most recent operating system installations. Please see the mail reader specific sections for details if you have problems related to that.
Authentication using username and password is possible as well. Both authentication methods have successfully been tested with alpine, thunderbird and many more mail clients. In Outlook Kerberos5 authentication is not working yet.
Mail Filtering
The IMAP server does have an integrated filter called sieve that is engaged whenever new mail is delivered to the INBOX on imap.ifh.de. The filter language is described in http://www.ietf.org/rfc/rfc5228.txt. The dovecot documentation comes with Examples of sieve filters. More information on sieve and its support in dovecot can be found at http://wiki2.dovecot.org/Pigeonhole/Sieve.
Filters can be created or modified only from computers belonging to the DESY (Zeuthen) domain. An interface to manage mail filters is the manage.pl web interface. Filters get installed on imap.ifh.de in the location /var/spool/sieve/<username>.sieve and are not directly accessible to users.
Alternatively the squirrelmail web mail interface can be used to create filter rules. After login go to the "Filters" page. Also squirrelmail is only accessible within DESY.
When creating a sieve filter with one of the graphical interfaces meta data are generated to allow further manipulation of the filter rules. These meta data are not compatible between the two web interfaces. Therefore creating a rule with one interface and changing it with another one is not possible.
If there is no user defined filter then the global filter default.sieve is engaged:
require "fileinto";
if header :contains "X-Spam-Level" "*****" {
fileinto "junk";
}It filters all spam mails into the folder junk on the mail server, i.e.it is not a local folder. More sophisticated mail filters can be created by using the web interface. Using the basic mode (the default) guarantees that syntactically correct filters get created without knowing the sieve language syntax. Advanced users can write their own sieve script. If there is no syntax error a (compiled) .svbin file is generated, otherwise a .sieve.err file is written that contains the error message. As it resides on the mail server, only administrators get access to these files. Therefore usage of the advanced mode is not recommended.
Creation of own filter rules should be simple as the web interfaces are fairly intuitive. The complete removal of own filter scripts using the manage.pl web interface is somewhat tricky. It can be achieved selecting "Advanced options", then writing "default" into the "Delete script name" field, selecting the "No" button beneath "Activate Script?" and then click on "Save changes"
See also mail filter.
Vacation/Absence message
This is most comfortably done using the squirrelmail web mail interface discussed above. After logging in and having clicked the Filters menu you can add new mail filter rules. It is important to define a first rule to filter away spam in order to not generate vacation messages for spam mails. This is done by having a Condition Message Header X-Spam-Level contains ***** AND an action Move to Folder junk. Save the rule by pressing the 'Add new Rule' button. Then create another rule by clicking on Add a new rule in the 'Current Mail Filtering Rules' screen.
A new screen is displayed. In the condition part select Always in the first field instead of 'Message'. If you want to be more specific e.g. with a condition Message Header 'From' or Message Body contains <some string> you can define other conditions. Then in the action part select Vacation/Autoresponder and modify at least the field Your addresses. Please make sure to fill in all addresses on which you receive mail (separated by comma) in the action field.
After having saved this rule by pressing the Add new rule button you can disable it until you really need it or in order to store it for later use. Please note that the order of rules is important and that the spam filter should always be the first rule.
Quota
Currently there is a global mail quota limit of 2000 MB configured. This is existing for safety reasons only and can be increased for individual users on request. The mail quota setting and its current usage can be displayed using the command
check_inbox [-h imap.ifh.de]
If the mail quota for a user has been changed, the mail client has to be restarted, otherwise the changed quota does not become effective.
Delivery to the INBOX takes place even if quota is exceeded (up to 1000 MB in addition) but saving to folders would then not be possible. When the quota limit is exceeded and the additional INBOX limit of 1GB more as well then mail delivery is temporarily suspended until the INBOX is cleaned up. If that does not take place for 5 days, mail is bounced back as undeliverable. When the user is over quota, moving mails around is no longer possible, only deleting is still possible.
Backup
A backup of all the mail folders on the IMAP server is done to tape daily at 11pm. The restore of mails from backup needs operator assistance. In exceptional cases it is even possible to recover deleted mails. For restore requests please contact the Zeuthen user office.