New CS Email Server and Clients Tutorials
Total Page:16
File Type:pdf, Size:1020Kb
New CS Email Server and Clients Tutorials Revision 1.2 Yung-Chuan Lee Computer Information Specialist Department of Computer Science January 2010 2.Background Several improvements have been incorporated when constructing the new mail server. First of all, the new email server provides secure SMTP/POP3/IMAP services. A free and legit certificate was obtained from ipsCA (Certificate Authority) to enable SSL/TLS connections. The new Webmail also uses SSL connections to enhance the security and privacy. Secondly, spam filter and mail scanner are setup to reduce spams and possible virus/trojan/worms infections. This active filtering and scanning are designed at STMP server level to prevent malicious emails before accepting them. With such configuration, the new email server only consumes a fraction of CPU resource and is very prompt. Furthermore, because of this improvement, CS emails is not rerouted to SIU server for spam filtering anymore. This eliminates the dependency to external server as well simplify troubleshooting process. The email format has been switched to MailDir. This renders each email in a single file instead of all emails in one big spool file, and it further improves both mail server and webmail performance. Instead of centralized email spool on the server, each userʼs emails are now stored under MailDir folder in their Linux home directory to enhance user accounts and files management as well improve file security. Webmail system is switched from OpenWebmail to Squirrelmail. Squirrelmail provides plug-able modules to enable more functionalities while keeping its core system simple and fast. To prevent malicious attacks, our webmail has configured to temporary block an user and an IP when too many login attempts failed. In addition, an user will be automatically logoff after inactive for 20 minutes to enhance the security. Finally, fighting spams and malicious programs is a continuous effort. All possible spams are forwarded to a designated CS account and manually reviewed by CIS personnel to separate spams (junk emails) and hams (legit emails). Monthly maintenance scripts have been developed to train spam filter from reviewed spams and hams to improve its accuracy. The following tutorial provide insights of common email client configurations and is organized into three parts: email client setup, webmail how-to, and alpine (new pine) configuration. If you encounter any problems, please contact CIS personnel at [email protected]. 1 3.Email Client Setup Please use the following settings to setup your email clients. Outlook 2007 and thunderbird are demonstrated here. Other email clients will be similar. • SMTP server (outgoing server): mail.cs.siu.edu • SMTP port: 25 or 587 • required authentication and TLS connection. • POP3/IMAP server (incoming server): mail.cs.siu.edu • please use POP3 if you donʼt know IMAP. • POP3 port (secure POP3): 995 with SSL • IMAP port (secure IMAP): 993 with SSL a. Outlook 2007: i. Open Account Settings Window from Tools>Account Settings... ii. Click on New to configure a new account. If you already have CS account setup, highlight the account, click Change and skip to step v.. 2 iii. Click “Manually configure....” at the bottom and click Next. iv. Make sure “Internet E-mail” is selected and click Next. 3 v. Filling all the information and make sure both “incoming email server” and “outgoing email server” are mail.cs.siu.edu. Remeber the User Name and Password are CS account not SIU one. Then, click More Settings. vi. Under Outgoing Server tab, make sure “My outgoing server (SMTP)...” is checked and “Use same settings as....” is selected. 4 vii. Under Advanced tab, make sure “This server requires an...” is checked and “Use the following types of...” is set to TLS. Then, click OK. viii.Finally, click on Test Account Setting to send a test email. If everything is set correctly, you will get the following window. 5 b. Thunderbird: i. Open Account Settings Window from Tools>Account Settings.... ii. Click Add Account to add a new account. For existing account, skip to step ix. iii. Make sure Email account is selected and click Next. 6 iv. Put Your Name and Email Address. Then, click Next. v. Make sure POP is selected and input mail.cs.siu.edu to both Incoming Server and Outgoing Server. Then, click Next. 7 vi. Put your CS email account ID in Incoming User Name and click Next. vii. Enter a name for this account in Account Name and click Next. 8 viii.Click Finish. ix. Click Server Settings under the account you just created and make sure SSL is selected. 9 x. Click Outgoing Server (SMTP) and highlight the one you just created (if you have more than one) and click Edit. xi. Make sure TLS is selected and User name and password is checked. Then click OK. xii. Finally, click OK to close Account Settings window and start send/receive email. 10 4.Webmail How-To The new Webmail is located at https://mail.cs.siu.edu and it is using secure http to ensure the security and privacy. The system will auto-logout if there is no activities for 20 minutes. To prevent brute-force password attack, the system will lock a user for 10 minutes after 3 failed login attempts within 5 minutes. Furthermore, an IP will be locked for 30 minutes after 10 failed login attempts within 15 minutes. Please note that this lock-out only apply to Webmail login and have no effects when you use email client to check emails. The Webmail system is extremely intuitive and shares most common interface as other webmails. It also utilizes a flexible plugin method to enable modules to extend its functionalities. The Help function provides most documents on how to use it and set personal information and preferences. Here, we only show those plugin modules which do not have documents in the Help functions. a. By default, Squirrelmail blocks images for security reasons. To view images, you can click on the View Unsafe Images. You can set rules on how to automatically display images under Options in section c. b. To report “spam” while your reading, click on Spam. To report multiple emails as “Spams” in folder view, select emails and click on Spam. c.Inside the Options after you login, you will see SpellChecker Options and Unsafe Image Rules. (a) SpellChecker Options: the system provide ispell but you can add new words (“Add to Dic”) during spelling check. If you want, you can then remove your personal words by “Edit your personal dictionary” 11 (b) Unsafe Image Rules: you can configure image setting in here as well add new Rule regarding when to automatically show images in your emails. d. A Calendar module is enabled. You can click on the day to add/modify/delete events. The details of an event will be displayed in day view. However, in month view, only the title of a event will show up in the calendar. The time and content of a event will be displayed as a tooltip. 12 5.Alpine Configuration (new Pine from University of Washington) Although more and more people are used to having convenient graphic interface to read and write emails. Alpine still provides an invincible performance and availability. If you want to use alpine with new email server, please modify your .pinerc configuration file according to the following (contributed and tested by Feng Yu): user-domain"="cs.siu.edu smtp-server"="mail.cs.siu.edu incoming-folders="cs-mail" {mail.cs.siu.edu/novalidate-cert/ssl/ user=yourusername}INBOX If you have just to use alpine with CS email account, instead of use incoming- folders, you can put your email account in inbox-path. inbox-path={mail.cs.siu.edu/novalidate-cert/ssl/user=yourusername}INBOX This will configure alpine to use Dovecot IMAP server. If you want to take full advantages of IMAP, you can add the followings to your feature-list. This will enable folders to be used for other folders as well as messages and make sure that all folders are listed correctly. "separate-folder-and-directory-entries, "enable-lame-list-mode If you are using both SquirrelMail and alpine, it is strongly recommended to use IMAP with alpine. However, if you decide to use POP3 with alpine for any reason, you can add pop3 in the email account setting. inbox-path={mail.cs.siu.edu/novalidate-cert/pop3/ssl/user=yourusername}INBOX 13 This page is intentionally left as blank. 14.