#acl DvGroup:read,write,delete,revert,admin All:read <> == Important note == {{{#!wiki warning '''The text below is obsolete for users. All accounts have an INBOX on the mail server in Hamburg.''' Please see [[http://it.desy.de/services/e_mail/index_eng.html]] for more information and especially [[http://it.desy.de/services/e_mail/mail_programs_configurations/index_eng.html]] for the configuration of the email clients }}} == Configuration of Mail Readers for the DESY Mail Servers in Zeuthen == === General Remarks === The centrally installed mail clients on Linux/UNIX and Windows are usually preconfigured to use the correct settings. As users can override these settings and recommended settings may change it is a good advice to check whether your personal mail settings are in agreement with the values given below ==== Your Mail Address ==== In all mails the preferred email address '''Firstname.Lastname@desy.de''' should be used. Please note that the default on some unmaintained systems is '''accountname@hostname.ifh.de''' which '''does not work'''. Mail clients allow you to override that default From: address to use the form given above. ==== Incoming Mail ==== Incoming mail is accessed using the '''IMAP''' protocol on the server (see also a [[IMAPServer|detailed description]]) '''imap.ifh.de''' on port 143 (or in conjunction with SSL port 993) Authentication can be done using '''GSSAPI''' (Kerberos5) or by '''Plain''' authentication giving the (AFS) '''username''' and '''password''' ==== Outgoing Mail ==== All outgoing mail is sent to a mail server using the '''SMTP''' protocol. The '''smtp.ifh.de''' (mail.ifh.de, mailz2.desy.de) mail server can be used from within the DESY network without further authentication. Sending mail over this server from outside DESY is only possible using '''authenticated SMTP'''. For DESY internal traffic there is a second SMTP server '''mail1.ifh.de''' (mailz.desy.de). ==== SMTP Authentication ==== is not required but it can be used. It has to be used if mail from a remote host (e.g. from a notebook on a conference) needs to be sent via our mail server to a recipient outside DESY. This is called relaying and normally not allowed. Make sure to use the host name '''smtp.ifh.de''' and have the required [[#certificates|Telekom CA certificate]] installed. For recent operating systems that should have been done already. The authentication can be done using '''GSSAPI''' (Kerberos5) or by '''Plain''' authentication giving the (AFS) '''username''' and '''password''' You have to configure your mail client to use smtp.ifh.de as the outgoing mail server, use your (UNIX) username (and password) for authentication and use an encrypted connection ('''TLS''', not SSL) on '''port 25'''. For thunderbird that is done on config screens, for pine/alpine the line {{{ smtp-server=smtp.ifh.de/user= }}} enables authenticated smtp. If password authentication is chosen, '''TLS''' (on port 25) and '''not SSL''' must be used. That uses SSL encryption. Several sites do block outgouig traffic on port 25 and sending mail using that port will fail. In this case sending mail using DESY Zeuthen mail servers would not be possible even when using authenticated SMTP. Therefore on smtp.ifh.de '''port 587''' is open as well for mail submission (service "submission"). Older clients require the use of '''port 465''' when using '''TLS with SMTP''', this port can still be used on smtp.ifh.de but should be avoided for new configurations. ==== Address Books ==== The centrally managed address books are using the '''LDAP''' protocol. To use it the name of a server and at least the search base have to be given. The following address books are useful (access is limited to DESY and to some High Energy Physics Institutes): || server name || search base || remarks || || ldap.desy.de || o=DESY,c=de || the official address book || || ldap.ifh.de || o=DESY,c=de || mirror of ldap.desy.de || || ldap.cern.ch || o=CERN,c=ch || the CERN address book || For backward compatibility the search base o=DESY Zeuthen on ldap.ifh.de is also a mirror of the official address book on ldap.desy.de. You must use the default LDAP port 389, not SSL (port 636). === Mail client specific information === <> ==== Alpine ==== <> ===== On Linux: (only if a self signed certificate has been reported) ===== This step is '''usually not required''' ||<#CCFFFF> '''Notice!'''<
>The following procedure needs to be followed only if you get warnings concerning certificates || Download [[http://www.telesec.de/downloads/DT-Root-CA-2.cer|the Telekom root CA]] and copy the file to * /etc/ssl/certs (SuSE) or * /usr/lib/ssl/certs (Debian, Ubuntu) or * /etc/pki/tls/certs (RedHat, Fedora, Scientific Linux, CentOS) For the downloaded file the following command has to be issued (make sure you are in the certs directory), otherwise the certificate will not be found: {{{ ln -s downloaded_file `openssl x509 -noout -hash -in downloaded_file`.0 }}} ===== Configuring alpine by editing .pinerc ===== (this has been done already on DESY Zeuthen computers running SL5/6) add or modify the following lines in .pinerc: {{{ inbox-path={ }inbox # the folders on the server (mdbox format) and the local folders (mbox format) folder-collections=Folders on imap.ifh.de {imap.ifh.de}[], mail/[] # immediate startup (for non DESY computers required) rsh-open-timeout=0 # the next lines are optional... # pressing at the last mail in the INBOX checks and opens the next INBOX feature-list=...,tab-checks-recent }}} ===== Configuring alpine by using the configure screen of alpine ===== The configure screen can be accessed from the main menu by selecting the setup menu and then select the "(C) Config" screen. * Search the keyword "Inbox Path" and set the field to {[[http://imap.ifh.de/tls|imap.ifh.de/tls]]}inbox * Search the option "Tab Checks for Recent Messages" and activate it * Exit the setup screen by committing the changes, then reenter the setup screen, select "(L) collectionLists" * Add a new collection (a) and set Nickname to "Folders on imap.ifh.de", Server to "imap.ifh.de" * Exit the screen and commit the changes To set rsh-open-timeout=0 you may have to * Search the option "Expose Hidden Config" and activate it, then leave the configure screen (commit changes) * Reenter the configuration screen, search "Rsh Open Timeout", change its value to 0, then leave the configure screen by committing this change. ===== Using alpine ===== To move or copy local folders or folders from another IMAP server to the imap.ifh.de server do the following * select all messages in the original folder by pressing '''; a''' * copy all messages in the folder to a new destination '''a s {imap.ifh.de}''' '''' * remove the delete mark if you want to copy instead of moving the folder '''a u''' * unselect all messages '''; a''' <> ==== Thunderbird ==== (please do also have a look into the [[http://www-zeuthen.desy.de/technisches_seminar/texte/mail2_okt09.pdf|Vortrag im technischen Seminar]] if you have a german version of thunderbird) ||<#CCFFFF> '''Notice!'''<
>In case of certificate warnings please consult the section on certificates above (under topic alpine)|| Start thunderbird and create a new mail account: * Select in the Edit menu "Account Settings" and add a new (email) account * Enter your Name '''and an arbitrary Email address ending with @ifh.de''' in the appropriate place. This guarantees that thunderbird will automatically configure the imap and smtp servers to be used properly. When the server configuration has been automatically found, please change the email address to your officiall address firstname.lastname@desy.de . If you entered the desy.de address in the first place then proceed as follows: * in the next screen select "IMAP " as server type and enter '''imap.ifh.de''' as the incoming server name, * enter '''smtp.ifh.de''' as the outgoing server name (SMTP) * enter your Linux/Windows '''account name''' in the field "Incoming User Name" * the same name can be entered for the outgoing server (authenticated SMTP) or left blank * Enter a name for the thunderbird account and press the Finish button Then in the newly created account change some settings: * in the "Server Settings" menu select '''STARTTLS''' (or TLS/SSL) * If you want to authenticate using Kerberos the option '''Kerberos/GSSAPI''' has to be selected. In addition on '''Windows''' open the Config Editor in "Edit" - "Preferences" - "Advanced" - "General" and '''set network.auth-use-sspi to "false"'''. * click on "Advanced..." and unselect "Show only subscribed folders" * Do not select password encryption, we are encrypting the connection to the server, which also ensures that the password information is transferred safely. * Make sure that you '''do not enter a value for "IMAP server directory"'''. That field is in Edit->Account Settings->Server Settings->Advanced. The value of that field on mail.ifh.de was usually set to "mail". To have thunderbird look in all folders for new mail: * Open the Config Editor in "Edit" - "Preferences" - "Advanced" - "General" * search for the preference {{{mail.check_all_imap_folders_for_new}}}, and change its value to {{{true}}} Please disable the offline storage of emails in the AFS home directory: * Go to "Edit" - "Account Settings" - "Synchronization & Storage" and uncheck "Keep messages for this account on this computer" <> ==== MacOSX Mail ==== The configuration is similar to what is described under [[#thunderbird|Thunderbird]] above. Kerberos authentication may work depending on the software installed. Make sure that * IMAP is configured using TLS (SSL) and port 143, not 993 * the field for the mail directory on the server remains empty (home directory on the server is used)