Lesson 16

Mail services UCS mail stack

» UCS provides a fully-featured mail stack

» Based on Postfix as the mail

» Cyrus provides IMAP services

» Spamassassin is integrated for spam detection

» ClamAV provides detection » Provides full IMAP setup using single package installation » Groupware features like meeting coordination or tasks are not supported

» Provided by groupware solutions like , Open-Xchange and » Administration integrated in Univention Management Console

» E.g. mail addresses are managed in the user settings

» Mail-specific settings have their own wizards Mail installation

» Installation is performed by selecting the component “Mail server” during installation

» Subsequent installation in the Univention Management Console can be performed in the “Basic settings” module in the “Software” tab » Alternatively on the command line:

» univention­install univention­mail­server Mail transport

» By default for incoming mail the UCS mail server is configured to accept mail from the internet (via SMTP)

» The mail server must be registered in the MX record for the omain

» By default outgoing mails are send directly via SMTP

» A DNS lookup for the mail domain is done and the mail send via SMTP

» Alternatively a mail relay can be configured

» Set UCR variable mail/relayhost to the mail relay server

» If the mail relay server requires authentication, set the UCR variable mail/relayauth to yes and edit the file /etc/postfix/smtp_auth to configure credentials Mail home servers

» In larger environments the mail can be distributed among servers

» Every UCS mail server can be assigned as a “mail home server” in the user settings » Typical scenario: A company with several sites operating local IMAP servers » When a mail is received, the mail home server is looked up in LDAP and the mail is rerouted to the respective server

» Advanced IMAP spool replication scenarios can be achieved using the Cyrus Murder extension Mail domains

» The UCS mail server only accepts mails for addresses registered in the UCS management system

» Mail domains need to be registered in the UMC before they can be used as part of an

» The DNS domain name of the UCS system is automatically registered as a mail domain » New domains can be added with the “Mail” module of the UMC

» “Add mail object” → “Mail domain” » If the UCS mail server should receive mail from the internet the mail domains must also have an MX DNS record Configuration of mail addresses

» Mail addresses are assigned to users in the “Users” module of UMC

» Postfix only accepts mail for registered addresses » “Primary e-mail address” is used for authentication

» Must be unique » “Alternative e-mail addresses” provide optional mail aliases

» E.g. for name changes after marriage

» Several users can an alias e-mail address Spam detection

» Spamassassin is integrated for spam classification

» Activated by default

» If a different solution is used, it can be turned off by setting the UCR variable mail/antivir/spam to false » Uses a classification system to assert, whether a mail is likely spam

» Mails exceeding the threshold are delivered to the folder Spam

» Threshold configurable through UCR (mail/antispam/requiredhits) » In addition the spam classification can be “trained”

» Legitimate mails can be copied to the folder Ham and Spam, which wasn't detected as such can be moved to Spam. These are automatically scanned and included in future classifications. Malware detection

» ClamAV is integrated for malware detection by default

» Can be deactivated by setting the UCR variable mail/antivir to false

» Updated virus patterns are pulled through the integrated service FreshClam

» Integrated through

» Additional or alternative virus scan engines can be integrated Configuration of mail clients

» When configuring IMAP capable mail clients the following settings should be used:

» Username: The primary e-mail address of the user

» Password: The standard password of the user

» Hostname: The name of the IMAP server

» Protocol for receiving mail: IMAP/TLS, port 143 (plain text auth)

» Protocol for sending mail: SMTP/TLS, port 465 (plain text auth) Lesson 16 - Summary

»UMC domain module » “Mail” »Groupware solutions via App-Center