6640
Comment: Add note about state of Exim auth
|
9429
remove an outright lie, thanks to time
|
Deletions are marked like this. | Additions are marked like this. |
Line 5: | Line 5: |
[[TableOfContents]] | <<TableOfContents>> |
Line 11: | Line 11: |
Email sent to any of your HCoop-managed domains can be configured using Domtool. Please consult the [:DomTool/UserGuide:Domtool User Guide] for details on how to set that up. | Email sent to any of your HCoop-managed domains can be configured using Domtool. Please consult the [[DomTool/UserGuide|Domtool User Guide]] for details on how to set that up. |
Line 25: | Line 25: |
Before copying over any existing email, be sure that you have enough disk space in your quota. Here's how: | Before copying over any existing email, be sure that you have enough disk space in your quota. Log into `ssh.hcoop.net` and run |
Line 33: | Line 33: |
If you need more space, please file a support request at [https://members2.hcoop.net/portal/support] in the AFS category. Be sure to mention how much space you want. | If you need more space, please file a support request at [[https://members.hcoop.net/portal/support]] in the AFS category. Be sure to mention how much space you want. == Sub Addresses == All mail address support sub-addressing in the form `mailbox+$address@domain` which is delivered to `mailbox@domain`. This allows you to easily generate one-time use addresses that can be blocked by a filter later if the source ends up spamming you without resorting to a catch-all, and more generally to make it easier to filter your mail (e.g. ClintonEbadi uses `clinton+amazon`, `clinton+paypal`, etc. and procmail rules for filing them into folders). |
Line 37: | Line 41: |
Both Exim filters and Procmail are available on the new systems. You can use either procmail or an Exim filter, but not both. Here are some considerations for deciding which one to use. | Both Exim filters and Procmail are available. You can use either procmail or an Exim filter, but not both. Here are some considerations for deciding which one to use. |
Line 40: | Line 44: |
* If you want to exercise control over your email by splitting it into various IMAP folders based on custom criteria using the power of regexps, perhaps using procmail would be best. | |
Line 42: | Line 45: |
* If you already know procmail, you can use it. It is recommended that you not use procmail going forward because it has been unmaintained for about a decade, and can have reliability issues during delivery. |
|
Line 45: | Line 51: |
* [:/EximFilter:Exim filter instructions] * [:/Procmail:Procmail instructions] |
* [[/EximFilter|Exim filter instructions]] * [[/Procmail|Procmail instructions]] == Forwarding == If you want email sent to your HCoop email address to be forwarded elsewhere, you can do that as follows. * Make a {{{.public/.forward}}} file in your home directory. '''If you are forwarding to G``Mail''': you ''must'' read [[https://support.google.com/mail/bin/answer.py?hl=en&answer=175365|Google's Best Mail Practices]] document to avoid causing all coop mail to be flagged as spam. Currently, what you can do on the delivery side is: * Do not enable a default alias (catch-all address). This is the number one thing you can do to help the coop avoid the wrath of Google; when you have a catch-all you will more likely than not receive several thousand spam messages per month. Often, Google rejects them upon forwarding so you never see them, but it wastes resources for us and makes Google think we're spammers. * Do not enable SpamAssassin (ideally you could, but currently we modify headers for even DKIM signed mail. This will change eventually) * Add your hcoop mail account as an addition identity in gmail. According to Google "Go to your Mail settings and Accounts tab and add the address you are forwarding from to 'Send mail as'. This is a new feature from user requests, where Gmail will detect that you forwarded from that account and help prevent displaying a phishing warning." <<Anchor(official.gmail)>> === Official Mail and Gmail === Gmail has decided that official communications from Hcoop are spam for reasons they prefer to keep mysterious. To help you receive official communications, there are a few steps you should take. * Remove the spam tag from any official mail that gets classified as spam * Add a filter for "`from:(*@*hcoop.net)`" with the setting "Never send to Spam" (see Google's [[http://support.google.com/mail/bin/topic.py?hl=en&topic=1669049&parent=1668963&ctx=topic|Using filters and labels]] documentation). * In January 2013, you could do this by searching for the above text and clicking the down arrow in the search box to create a filter from the current search |
Line 50: | Line 79: |
Spam is an inevitable fact of life. See the [:/SpamAssassin:SpamAssassin subpage] for details on using Spam``Assassin, which is our preferred solution to the spam problem. | Spam is an inevitable fact of life. See the [[/SpamAssassin|SpamAssassin subpage]] for details on using Spam``Assassin, which is our preferred solution to the spam problem. |
Line 54: | Line 83: |
Virtual mailboxes are a good way to give someone a "vanity address" on one of your domains, where they can receive and check email. See the [:/VirtualMail:Virtual Mail subpage] for full details on how to use them. | Virtual mailboxes are a good way to give someone a "vanity address" on one of your domains, where they can receive and check email. See the [[/VirtualMail|Virtual Mail subpage]] for full details on how to use them. |
Line 58: | Line 87: |
Instructions for setting up mailing lists on your domain are available on the [:/MailingLists:Mailing Lists subpage]. | Instructions for setting up mailing lists on your domain are available on the [[/MailingLists|Mailing Lists subpage]]. |
Line 66: | Line 95: |
HCoop has a webmail interface at [https://mail2.hcoop.net]. It allows you to access your email using a web browser. | HCoop has two webmail interfaces. Both allow you to access your email using a web browser. The standard one, Squirrelmail, is available at [[https://mail.hcoop.net]]. A more AJAX-y alternative called Roundcube is available at [[https://rcube.hcoop.net]]. |
Line 70: | Line 103: |
SSL IMAP is available via SSL at port 993, using hostname {{{deleuze.hcoop.net}}}. | SSL IMAP is available via SSL at port 993, using hostname {{{mail.hcoop.net}}}. |
Line 72: | Line 105: |
STARTTLS IMAP is available on port 143, using hostname {{{deleuze.hcoop.net}}}. | STARTTLS IMAP is available on port 143, using hostname {{{mail.hcoop.net}}}. |
Line 76: | Line 109: |
POP3 access is available via SSL at port 995, using hostname {{{deleuze.hcoop.net}}}. If you're using Thunderbird, make sure to uncheck "Use secure authentication". Do not use port 110; it is not available. | POP3 access is available via SSL at port 995, using hostname {{{mail.hcoop.net}}}. If you're using Thunderbird, make sure to uncheck "Use secure authentication". Do not use port 110; it is not available. |
Line 80: | Line 113: |
Please consult the [:/Clients:email clients subpage] for examples of how to get IMAP and POP3 access working with various email clients. | Please consult the [[/Clients|email clients subpage]] for examples of how to get IMAP and POP3 access working with various email clients. |
Line 84: | Line 117: |
If you have a convincing reason for wanting to use our SMTP server to send messages to e-mail addresses for mailboxes that we don't host, then you can configure {{{deleuze.hcoop.net}}} as the outgoing SMTP server in your mail client. You must enable TLS SMTP auth, and you will need to authenticate with the same username and password that you use to get mail from POP3 or IMAP. Virtual mailbox names and passwords may be used here. '''The server will not query you for a username and password by default.''' Thus, you ''will'' get confusing error messages if you don't configure your client to attempt to authenticate with plaintext SMTP auth using TLS. | When at all possible, send mail through our mail hub. In the past, you could send from arbitrary machines, but the self-appointed spam police of the world have decided that mail for a domain originating from multiple locations is a sure sign of spamming. Additionally, it is highly likely that your ISP's entire netblock has been blacklisted already. If you are using your hcoop.net address you '''must send mail through us''' because our SPF records mandates it in order to reduce the likelihood Google et al will flag our messages to members as spam. |
Line 86: | Line 119: |
The SMTP server requires a TLS aware mail client. MacOS X Mail, Outlook and Opera do not seem to support this at the moment. Mozilla supports TLS and runs on MacOS X, Windows and Linux. | Configure {{{mail.hcoop.net}}} as the outgoing SMTP server in your mail client. You can use either port 25 or port 465. You must enable TLS SMTP auth, and you will need to authenticate with the same username and password that you use to get mail from POP3 or IMAP. Virtual mailbox names and passwords may be used here. '''The server will not query you for a username and password by default.''' Thus, you ''will'' get confusing error messages if you don't configure your client to attempt to authenticate with plaintext SMTP auth using TLS. |
Line 88: | Line 121: |
'''However, be sure to have a good reason to use our SMTP server in this way.''' If your computer never moves and your ISP provides an SMTP server (which most ISP's do), then you should definitely use that server instead of ours. SMTP servers are like public postal mailboxes in this way. There is rarely a reason to prefer one over another, so it generally makes sense to use the one physically closest to you. | The SMTP server requires a TLS aware mail client. MacOS X <= 10.6 Mail, Outlook, and Opera do not seem to support this at the moment. Mozilla supports TLS and runs on MacOS X, Windows and Linux. Mail on OS X 10.7 (Lion) supports TLS for SMTP, but it must be configured using the account preferences dialog rather than the initial account setup wizard. |
Line 90: | Line 123: |
/!\ '''This is not completely configured yet'''. We haven't yet set up Exim to authenticate via TLS, and people cannot authenticate using their Kerberos credentials. For now, please make a virtual mailbox for yourself, and use its credentials to log in. We intend to fix this before the end of the forced migration period. == Reasons to do this == Here is a list of situations where it might be acceptable to use our server for sending email. * The SMTP servers that some ISP's use today will rewrite the sender address, so that it is not possible for example to send mail as user@hcoop.net via those ISPs. * You travel frequently and your ISP's SMTP server does not let you send email from some locations. |
You may also want to reconfigure your domain to use `addDefaultSPF` which sets an SPF record indicating that all mail for your domain will go through our mail servers (more generally, any mail exchanger you've set). If you ever send mail from another host by changing the `From`, you do not want to do this as it would increase the likelihood that mail is marked as spam. |
Line 103: | Line 129: |
If you need to send mail using HCOOP's mail server and experience long delays, this is likely due to your network. You can test out the mail server's responsiveness by doing "telnet deleuze.hcoop.net 25" on mire. If you immediately get a "220" banner, the server is working fine and you can type "QUIT". | If you need to send mail using HCOOP's mail server and experience long delays, this is likely due to your network. You can test out the mail server's responsiveness by doing "telnet mail.hcoop.net 25" on both your local machine and `ssh.hcoop.net`. If you immediately get a "220" banner, the server is working fine and you can type "QUIT". |
Line 109: | Line 135: |
You can also set up a custom SSH tunnel to port 25 on mire.hcoop.net, if your MUA can't/won't use TLS. | You can also set up a custom SSH tunnel to port 25 on `ssh.hcoop.net`, if your MUA can't/won't use TLS. == Configuring programs to send mail through HCoop == For information on how to send mail through HCoop's SMTP server, check out our [[/SMTPClients|SMTP Clients]] subpage. |
This is the chapter of the MemberManual that describes how to receive and manage your email.
Contents
Introduction
HCoop offers a variety of ways to wrangle and access your email. Your email address is your login name, @hcoop.net.
Email sent to any of your HCoop-managed domains can be configured using Domtool. Please consult the Domtool User Guide for details on how to set that up.
We use the Maildir format (that is, a directory which contains files, each file containing exactly one message) rather than the mbox format (where all messages reside in one large mbox file).
By default, all email is delivered to your ~/Maildir directory. This directory is created for you when your account is created. So please do not delete the ~/Maildir directory if you value mail delivery and access.
Delivery
This section contains some topics relating to email delivery.
Quotas
The ~/Maildir directory resides on its own volume, and has a separate quota from the rest of your home directory.
Before copying over any existing email, be sure that you have enough disk space in your quota. Log into ssh.hcoop.net and run
fs listquota ~/Maildir
This will give you the name of your mail volume, available space (in MB), used space (in MB), the percentage of your volume used, and the percent of space used on AFS by all HCoop volumes.
If you need more space, please file a support request at https://members.hcoop.net/portal/support in the AFS category. Be sure to mention how much space you want.
Sub Addresses
All mail address support sub-addressing in the form mailbox+$address@domain which is delivered to mailbox@domain. This allows you to easily generate one-time use addresses that can be blocked by a filter later if the source ends up spamming you without resorting to a catch-all, and more generally to make it easier to filter your mail (e.g. ClintonEbadi uses clinton+amazon, clinton+paypal, etc. and procmail rules for filing them into folders).
Filtering
Both Exim filters and Procmail are available. You can use either procmail or an Exim filter, but not both. Here are some considerations for deciding which one to use.
- If you are not familiar with procmail, and simply want to send mail to another email address, using an Exim filter will be best.
If you want to use a more readable syntax, which uses if ... then statements, then using an Exim filter instead of procmail will be more tolerable.
- If you already know procmail, you can use it.
It is recommended that you not use procmail going forward because it has been unmaintained for about a decade, and can have reliability issues during delivery.
Please read the following subpages for specific information on each method.
Forwarding
If you want email sent to your HCoop email address to be forwarded elsewhere, you can do that as follows.
Make a .public/.forward file in your home directory.
If you are forwarding to GMail: you must read Google's Best Mail Practices document to avoid causing all coop mail to be flagged as spam. Currently, what you can do on the delivery side is:
- Do not enable a default alias (catch-all address). This is the number one thing you can do to help the coop avoid the wrath of Google; when you have a catch-all you will more likely than not receive several thousand spam messages per month. Often, Google rejects them upon forwarding so you never see them, but it wastes resources for us and makes Google think we're spammers.
Do not enable SpamAssassin (ideally you could, but currently we modify headers for even DKIM signed mail. This will change eventually)
- Add your hcoop mail account as an addition identity in gmail. According to Google "Go to your Mail settings and Accounts tab and add the address you are forwarding from to 'Send mail as'. This is a new feature from user requests, where Gmail will detect that you forwarded from that account and help prevent displaying a phishing warning."
Official Mail and Gmail
Gmail has decided that official communications from Hcoop are spam for reasons they prefer to keep mysterious. To help you receive official communications, there are a few steps you should take.
- Remove the spam tag from any official mail that gets classified as spam
Add a filter for "from:(*@*hcoop.net)" with the setting "Never send to Spam" (see Google's Using filters and labels documentation).
- In January 2013, you could do this by searching for the above text and clicking the down arrow in the search box to create a filter from the current search
Dealing with spam
Spam is an inevitable fact of life. See the SpamAssassin subpage for details on using SpamAssassin, which is our preferred solution to the spam problem.
Virtual mailboxes
Virtual mailboxes are a good way to give someone a "vanity address" on one of your domains, where they can receive and check email. See the Virtual Mail subpage for full details on how to use them.
Mailing lists
Instructions for setting up mailing lists on your domain are available on the Mailing Lists subpage.
Access
This section explains how to access your email.
Webmail
HCoop has two webmail interfaces. Both allow you to access your email using a web browser.
The standard one, Squirrelmail, is available at https://mail.hcoop.net.
A more AJAX-y alternative called Roundcube is available at https://rcube.hcoop.net.
IMAP
SSL IMAP is available via SSL at port 993, using hostname mail.hcoop.net.
STARTTLS IMAP is available on port 143, using hostname mail.hcoop.net.
POP3
POP3 access is available via SSL at port 995, using hostname mail.hcoop.net. If you're using Thunderbird, make sure to uncheck "Use secure authentication". Do not use port 110; it is not available.
Configuring email clients
Please consult the email clients subpage for examples of how to get IMAP and POP3 access working with various email clients.
Sending Mail
When at all possible, send mail through our mail hub. In the past, you could send from arbitrary machines, but the self-appointed spam police of the world have decided that mail for a domain originating from multiple locations is a sure sign of spamming. Additionally, it is highly likely that your ISP's entire netblock has been blacklisted already. If you are using your hcoop.net address you must send mail through us because our SPF records mandates it in order to reduce the likelihood Google et al will flag our messages to members as spam.
Configure mail.hcoop.net as the outgoing SMTP server in your mail client. You can use either port 25 or port 465. You must enable TLS SMTP auth, and you will need to authenticate with the same username and password that you use to get mail from POP3 or IMAP. Virtual mailbox names and passwords may be used here. The server will not query you for a username and password by default. Thus, you will get confusing error messages if you don't configure your client to attempt to authenticate with plaintext SMTP auth using TLS.
The SMTP server requires a TLS aware mail client. MacOS X <= 10.6 Mail, Outlook, and Opera do not seem to support this at the moment. Mozilla supports TLS and runs on MacOS X, Windows and Linux. Mail on OS X 10.7 (Lion) supports TLS for SMTP, but it must be configured using the account preferences dialog rather than the initial account setup wizard.
You may also want to reconfigure your domain to use addDefaultSPF which sets an SPF record indicating that all mail for your domain will go through our mail servers (more generally, any mail exchanger you've set). If you ever send mail from another host by changing the From, you do not want to do this as it would increase the likelihood that mail is marked as spam.
ISPs that block SMTP
Some ISPs and possibly other networks discriminate against the SMTP protocol. Some block or filter in or outgoing SMTP altogether.
If you need to send mail using HCOOP's mail server and experience long delays, this is likely due to your network. You can test out the mail server's responsiveness by doing "telnet mail.hcoop.net 25" on both your local machine and ssh.hcoop.net. If you immediately get a "220" banner, the server is working fine and you can type "QUIT".
To work around this issue, you can use mail80.hcoop.net as the server, and configure your email client to send mail through port 80.
Mail clients that don't understand TLS
You can also set up a custom SSH tunnel to port 25 on ssh.hcoop.net, if your MUA can't/won't use TLS.
Configuring programs to send mail through HCoop
For information on how to send mail through HCoop's SMTP server, check out our SMTP Clients subpage.