How To Collection
- How to build SmartPost over the existed XMail environment
- How to close an open relay
- How to configure max size of file attachments
- How to implement anti-virus filters
- How to implement open-relay-databases and black lists checks
- How to deliver local system mail (from crond for exampel)
The default distribution of XMail comes as an open relay for some reasons.
If your mail server is working in the global Internet this relay should be closed.
Scenario:
You want to run a public SMTP with a secured relay.
Solutions:
Generally:
- For your LAN users you CAN (if you want) set smtprelay.tab
to the scope of your subnet.
Members of that subnet are then able to relay without authentication.
- Domain members outside that scope MUST HAVE a valid user account
in the XMail server/domain.
- Do NOT use mail-auth in your server.tab.
This blocks all mails from other SMTPs,
because they cannot authenticate with your system.
This authentication scheme is meant for private
or complex public infrastructures.
So make sure #"SmtpConfig"[TAB]"mail-auth"
_remains commented out_ in your server.tab.
Pop_before_SMTP:
- When your users poll mail, they do a POP_before_SMTP,
which authenticates them as valid users.
- XMail then opens the SMTP relay for a short time frame
(900 sec by default) and only for that user.
- Make sure that #"EnableAuthSMTP-POP3"[TAB]"0"
is commented out with a # in your server.tab.
SMTP AUTH:
- Set "SMTP Server requires authentication" on your mail client.
- XMail automatically handles that client request
and sends mail only to authenticated users.
- Make sure that "EnableAuthSMTP-POP3"[TAB]"0"
is NOT commented out with a # in your server.tab.
You can also allow both: Pop_before_SMTP and SMTP Auth
for a more loose security policy.
If possible, you should prefer SMTP Auth only, since it is more secure.
smtp.ipmap.tab should be in most cases set to
"0.0.0.0"[TAB]"0.0.0.0"[TAB]"ALLOW"[TAB]"1"[NEWLINE]
smtprelay.tab MUST be set to "127.0.0.1"[TAB]"255.0.0.0"
in case of web-mail access (SmartPost web-mail for example)
with Apache installed on the same box as XMail MTA
(set Apache's IP there otherwise)
This is because most web-access clients (including SmartPost)
do not support SMTP authentication.
Conclusion:
A spammer can only use the server's relay, if he has the username
and password of a valid domain account or another backdoor.
Restart XMail MTA
You can test your server here http://www.abuse.net/relay.htm
If your users use just external POP clients you need only to set
MaxMessageSize variabel in server.tab XMail's config file.
If users use SmartPost web client or other web-clients.
- in /etc/php.ini set
memory_limit
max_execution_time
- in /etc/httpd/conf.d/php.conf set
LimitRequestBody in bytes.
SmartPost web-client selv hase an according variabel in confglobal.php
$TOTALWEBATTACHMENTSSIZEINBYTES
Each incoming and/or outgoing mail can be filtered in some ways.
For this purposes XMail MTA hase two special config files
filters.in.tab and filters.out.tab
For more information see Xmail XMail documetation
$MAIL_ROOT system variabel MUST be defined to make this filters work.
This filters.xx.tab files contain a link to the according xxx.tab file (for example av-filter.tab) inside ../filters XMail's subdirectory.
This ../filters/av-filter.tab starts a script (it can be real executable also) to run antivirus software with a mail file as command line parametr.
This script (or real executable) MUST return a special value to the XMail.
Here are my simple examples are adopted to run Norman Virus Control for Linux to check all incoming mail.
$MAIL_ROOT/filters.in.tab
"*"[TAB]"*"[TAB]"0.0.0.0/0"[TAB]"0.0.0.0/0"[TAB]"av-filter.tab"[NL]
$MAIL_ROOT/filters/av-filter.tab
"/var/MailRoot/filters/filter.pl"[TAB]"@@FILE"[TAB]"@@FROM"[NEWLINE]
$MAIL_ROOT/filters/filter.pl
Where nvcc runs the Norman Virus Control software.
This script is supposed to be running on XMail version 1.17
Older versions of XMail should get the other value back from script.
To test your antivirus filter you can use eicar standard antivirus test file.
XMail server has a special variabel in server.tab
"CustMapsList" [TAB] "relays.ordb.org.:1"[NEWLINE]
This example will check all the incoming mail through ordb.org database. And reject all the mails coming from spam relays.
See XMail documetation for more details.
So you have an existed XMail server with users and you want to build SmartPost over it.
Yes, it is possible. There is a PHP script that can do this work for you.
You can find xmail2smartpost script in the download section.
Before use this script you need to go through steps 2,3,5, and 6 of SmartPosts installation instraction.
After that steps you get workable Apache+php, IMAP server and SmartPost's SQL database.
REMEMBER! This script clears ALL the tables of SmartPost's database each time you run it and fills this tables again with the data from XMail.
Configure the script before use. Just edit some variables in the beginning of the file.
Then run it from console like #php xmail2smartpost.php
Script DOES NOT affect the existed XMail database.
|