7084
Comment: Mail on OS X 10.7 supports TLS SMTP. Must configure using preferences dialog, not the initial setup wizard for new accounts
|
8400
default sf=pf
|
Deletions are marked like this. | Additions are marked like this. |
Line 37: | Line 37: |
Both Exim filters and Procmail are available on the new systems. You can use either procmail or an Exim filter, but not both. Here are some considerations for deciding which one to use. | Both Exim filters and Procmail are available. You can use either procmail or an Exim filter, but not both. Here are some considerations for deciding which one to use. |
Line 40: | Line 40: |
* If you want to exercise control over your email by splitting it into various IMAP folders based on custom criteria using the power of regexps, perhaps using procmail would be best. | |
Line 42: | Line 41: |
* If you already know procmail, you can use it. It is recommended that you not use procmail going forward because it has been unmaintained for about a decade, and can have reliability issues during delivery. |
|
Line 47: | Line 49: |
== Forwarding == If you want email sent to your HCoop email address to be forwarded elsewhere, you can do that as follows. * Make a {{{.public/.forward}}} file in your home directory. '''If you are forwarding to G``Mail''': you ''must'' read [[https://support.google.com/mail/bin/answer.py?hl=en&answer=175365|Google's Best Mail Practices]] document to avoid causing all coop mail to be flagged as spam. Currently, what you can do on the delivery side is: * Do not enable a default alias (catch-all address). This is the number one thing you can do to help the coop avoid the wrath of Google; when you have a catch-all you will more likely than not receive several thousand spam messages per month. Often, Google rejects them upon forwarding so you never see them, but it wastes resources for us and makes Google think we're spammers. * Do not enable SpamAssassin (ideally you could, but currently we modify headers for even DKIM signed mail. This will change eventually) * Add your hcoop mail account as an addition identity in gmail. According to Google "Go to your Mail settings and Accounts tab and add the address you are forwarding from to 'Send mail as'. This is a new feature from user requests, where Gmail will detect that you forwarded from that account and help prevent displaying a phishing warning." |
|
Line 88: | Line 104: |
If you have a convincing reason for wanting to use our SMTP server to send messages to e-mail addresses for mailboxes that we don't host, then you can configure {{{mail.hcoop.net}}} as the outgoing SMTP server in your mail client. You can use either port 25 or port 465. You must enable TLS SMTP auth, and you will need to authenticate with the same username and password that you use to get mail from POP3 or IMAP. Virtual mailbox names and passwords may be used here. '''The server will not query you for a username and password by default.''' Thus, you ''will'' get confusing error messages if you don't configure your client to attempt to authenticate with plaintext SMTP auth using TLS. | When at all possible, send mail through our mail hub. In the past, you could send from arbitrary machines, but the self-appointed spam police of the world have decided that mail for a domain originating from multiple locations is a sure sign of spamming. Additionally, it is highly likely that your ISP's entire netblock has been blacklisted already. If you are using your hcoop.net address you '''must send mail through us''' because our SPF records mandates it in order to reduce the likelihood Google et al will flag our messages to members as spam. |
Line 90: | Line 106: |
The SMTP server requires a TLS aware mail client. MacOS X <= 10.6 Mail, Outlook and Opera do not seem to support this at the moment. Mozilla supports TLS and runs on MacOS X, Windows and Linux. Mail on OS X 10.7 (Lion) supports TLS for SMTP, but it must be configured using the account preferences dialog rather than the initial account setup wizard. | Configure {{{mail.hcoop.net}}} as the outgoing SMTP server in your mail client. You can use either port 25 or port 465. You must enable TLS SMTP auth, and you will need to authenticate with the same username and password that you use to get mail from POP3 or IMAP. Virtual mailbox names and passwords may be used here. '''The server will not query you for a username and password by default.''' Thus, you ''will'' get confusing error messages if you don't configure your client to attempt to authenticate with plaintext SMTP auth using TLS. |
Line 92: | Line 108: |
'''However, be sure to have a good reason to use our SMTP server in this way.''' If your computer never moves and your ISP provides an SMTP server (which most ISP's do), then you should definitely use that server instead of ours. SMTP servers are like public postal mailboxes in this way. There is rarely a reason to prefer one over another, so it generally makes sense to use the one physically closest to you. | The SMTP server requires a TLS aware mail client. MacOS X <= 10.6 Mail, Outlook, and Opera do not seem to support this at the moment. Mozilla supports TLS and runs on MacOS X, Windows and Linux. Mail on OS X 10.7 (Lion) supports TLS for SMTP, but it must be configured using the account preferences dialog rather than the initial account setup wizard. |
Line 94: | Line 110: |
== Reasons to do this == Here is a list of situations where it might be acceptable to use our server for sending email. * The SMTP servers that some ISP's use today will rewrite the sender address, so that it is not possible for example to send mail as user@hcoop.net via those ISPs. * You travel frequently and your ISP's SMTP server does not let you send email from some locations. |
You may also want to reconfigure your domain to use `addDefaultSPF` which sets an SPF record indicating that all mail for your domain will go through our mail servers (more generally, any mail exchanger you've set). If you ever send mail from another host by changing the `From`, you do not want to do this as it would increase the likelihood that mail is marked as spam. |
This is the chapter of the MemberManual that describes how to receive and manage your email.
Contents
Introduction
HCoop offers a variety of ways to wrangle and access your email. Your email address is your login name, @hcoop.net.
Email sent to any of your HCoop-managed domains can be configured using Domtool. Please consult the Domtool User Guide for details on how to set that up.
We use the Maildir format (that is, a directory which contains files, each file containing exactly one message) rather than the mbox format (where all messages reside in one large mbox file).
By default, all email is delivered to your ~/Maildir directory. This directory is created for you when your account is created. So please do not delete the ~/Maildir directory if you value mail delivery and access.
Delivery
This section contains some topics relating to email delivery.
Quotas
The ~/Maildir directory resides on its own volume, and has a separate quota from the rest of your home directory.
Before copying over any existing email, be sure that you have enough disk space in your quota. Log into ssh.hcoop.net and run
fs listquota ~/Maildir
This will give you the name of your mail volume, available space (in MB), used space (in MB), the percentage of your volume used, and the percent of space used on AFS by all HCoop volumes.
If you need more space, please file a support request at https://members.hcoop.net/portal/support in the AFS category. Be sure to mention how much space you want.
Filtering
Both Exim filters and Procmail are available. You can use either procmail or an Exim filter, but not both. Here are some considerations for deciding which one to use.
- If you are not familiar with procmail, and simply want to send mail to another email address, using an Exim filter will be best.
If you want to use a more readable syntax, which uses if ... then statements, then using an Exim filter instead of procmail will be more tolerable.
- If you already know procmail, you can use it.
It is recommended that you not use procmail going forward because it has been unmaintained for about a decade, and can have reliability issues during delivery.
Please read the following subpages for specific information on each method.
Forwarding
If you want email sent to your HCoop email address to be forwarded elsewhere, you can do that as follows.
Make a .public/.forward file in your home directory.
If you are forwarding to GMail: you must read Google's Best Mail Practices document to avoid causing all coop mail to be flagged as spam. Currently, what you can do on the delivery side is:
- Do not enable a default alias (catch-all address). This is the number one thing you can do to help the coop avoid the wrath of Google; when you have a catch-all you will more likely than not receive several thousand spam messages per month. Often, Google rejects them upon forwarding so you never see them, but it wastes resources for us and makes Google think we're spammers.
Do not enable SpamAssassin (ideally you could, but currently we modify headers for even DKIM signed mail. This will change eventually)
- Add your hcoop mail account as an addition identity in gmail. According to Google "Go to your Mail settings and Accounts tab and add the address you are forwarding from to 'Send mail as'. This is a new feature from user requests, where Gmail will detect that you forwarded from that account and help prevent displaying a phishing warning."
Dealing with spam
Spam is an inevitable fact of life. See the SpamAssassin subpage for details on using SpamAssassin, which is our preferred solution to the spam problem.
Virtual mailboxes
Virtual mailboxes are a good way to give someone a "vanity address" on one of your domains, where they can receive and check email. See the Virtual Mail subpage for full details on how to use them.
Mailing lists
Instructions for setting up mailing lists on your domain are available on the Mailing Lists subpage.
Access
This section explains how to access your email.
Webmail
HCoop has two webmail interfaces. Both allow you to access your email using a web browser.
The standard one, Squirrelmail, is available at https://mail.hcoop.net.
A more AJAX-y alternative called Roundcube is available at https://rcube.hcoop.net. Users of the Internet Explorer web browser are advised not to use Roundcube at this time, because Roundcube contains some vulnerabilities that are only exploitable on the IE browser.
IMAP
SSL IMAP is available via SSL at port 993, using hostname mail.hcoop.net.
STARTTLS IMAP is available on port 143, using hostname mail.hcoop.net.
POP3
POP3 access is available via SSL at port 995, using hostname mail.hcoop.net. If you're using Thunderbird, make sure to uncheck "Use secure authentication". Do not use port 110; it is not available.
Configuring email clients
Please consult the email clients subpage for examples of how to get IMAP and POP3 access working with various email clients.
Sending Mail
When at all possible, send mail through our mail hub. In the past, you could send from arbitrary machines, but the self-appointed spam police of the world have decided that mail for a domain originating from multiple locations is a sure sign of spamming. Additionally, it is highly likely that your ISP's entire netblock has been blacklisted already. If you are using your hcoop.net address you must send mail through us because our SPF records mandates it in order to reduce the likelihood Google et al will flag our messages to members as spam.
Configure mail.hcoop.net as the outgoing SMTP server in your mail client. You can use either port 25 or port 465. You must enable TLS SMTP auth, and you will need to authenticate with the same username and password that you use to get mail from POP3 or IMAP. Virtual mailbox names and passwords may be used here. The server will not query you for a username and password by default. Thus, you will get confusing error messages if you don't configure your client to attempt to authenticate with plaintext SMTP auth using TLS.
The SMTP server requires a TLS aware mail client. MacOS X <= 10.6 Mail, Outlook, and Opera do not seem to support this at the moment. Mozilla supports TLS and runs on MacOS X, Windows and Linux. Mail on OS X 10.7 (Lion) supports TLS for SMTP, but it must be configured using the account preferences dialog rather than the initial account setup wizard.
You may also want to reconfigure your domain to use addDefaultSPF which sets an SPF record indicating that all mail for your domain will go through our mail servers (more generally, any mail exchanger you've set). If you ever send mail from another host by changing the From, you do not want to do this as it would increase the likelihood that mail is marked as spam.
ISPs that block SMTP
Some ISPs and possibly other networks discriminate against the SMTP protocol. Some block or filter in or outgoing SMTP altogether.
If you need to send mail using HCOOP's mail server and experience long delays, this is likely due to your network. You can test out the mail server's responsiveness by doing "telnet mail.hcoop.net 25" on both your local machine and ssh.hcoop.net. If you immediately get a "220" banner, the server is working fine and you can type "QUIT".
To work around this issue, you can use mail80.hcoop.net as the server, and configure your email client to send mail through port 80.
Mail clients that don't understand TLS
You can also set up a custom SSH tunnel to port 25 on ssh.hcoop.net, if your MUA can't/won't use TLS.
Configuring programs to send mail through HCoop
For information on how to send mail through HCoop's SMTP server, check out our SMTP Clients subpage.