axigen mail server system administrator's manual€¦ · files provided for...
TRANSCRIPT
AXIGEN System Administrator's Manual
AXIGEN® Mail Server System Administrator's
Manual
Product version 6.0
Last update on: 3/20/2008 6:52:15 PM Document version: 1.0
Copyright © 2008 Gecad Technologies S.A.
http://www.axigen.com
AXIGEN System Administrator's Manual
Copyright & trademark notices
This edition applies to version 6.0 of the licensed program AXIGEN and to all subsequent releases and modifications until otherwise indicated in new editions.
Notices
References in this publication to GECAD TECHNOLOGIES S.A. products, programs, or services do not imply that GECAD TECHNOLOGIES S.A. intends to make these available in all countries in which GECAD TECHNOLOGIES S.A. operates. Evaluation and verification of operation in conjunction with other products, except those expressly designated by GECAD TECHNOLOGIES S.A., are the user's responsibility. GECAD TECHNOLOGIES S.A. may have patents or pending patent applications covering subject matter in this document. Supplying this document does not give you any license to these patents. You can send license inquiries, in writing, to the GECAD TECHNOLOGIES S.A. sales department, [email protected].
Copyright Acknowledgement (c) GECAD TECHNOLOGIES S.A. 2008. All rights reserved.
All rights reserved. This document is copyrighted and all rights are reserved by GECAD TECHNOLOGIES S.A. No part of this document may be reproduced or transmitted in any form or by any means, electronic or mechanical, including photocopying and recording, or by any information storage and retrieval system without the permission in writing from GECAD TECHNOLOGIES S.A.
The information contained in this document is subject to change without notice. If you find any problems in the documentation, please report them to us in writing. GECAD TECHNOLOGIES S.A. will not be responsible for any loss, costs or damages incurred due to the use of this documentation.
AXIGENTM Mail Server is a SOFTWARE PRODUCT of GECAD TECHNOLOGIES S.A. GECAD TECHNOLOGIES and AXIGENTM are trademarks of GECAD TECHNOLOGIES S.A. Other company, product or service names may be trademarks or service marks of others.
GECAD TECHNOLOGIES S.A. 10A Dimitrie Pompeiu Blvd., Connect Business Center, 2nd fl., Bucharest 2,
ROMANIA; phone: +40-21-303-2080; fax: +40-21-303-2081; e-mail: Sales: [email protected]
Technical support: [email protected]: http://www.axigen.com
(c) Copyright GECAD TECHNOLOGIES S.A. 2008. All rights reserved.
2
Copyright © 2008 Gecad Technologies S.A.
http://www.axigen.com
AXIGEN System Administrator's Manual
Table of Contents Introduction ......................................................................................................................... 21
Purpose of this Document......................................................................................................21
Structure of this document .....................................................................................................21
Audience and knowledge requirements .................................................................................21
Related documentation ..........................................................................................................22
Chapter 1. Mail Server Overview ....................................................................................... 23
OS Compatibility ....................................................................................................................23
Integrated Messaging Solution ..............................................................................................23
High Configurability................................................................................................................23
Innovative Storage .................................................................................................................23
Advanced Security Tools .......................................................................................................23
Automation Options ...............................................................................................................24
Clustering Support .................................................................................................................24
Chapter 2. Getting Started with AXIGEN .......................................................................... 25
2.1. Software and Hardware requirements ............................................................................25
Software requirements ................................................................................................... 25
Hardware requirements.................................................................................................. 25
Supported platforms...............................................................................................................25
Tested platforms ....................................................................................................................27
2.2. Installing on Linux ...........................................................................................................27
General installation steps.......................................................................................................27
Files Provided for Installation .................................................................................................28
2.2.1. Installing under RHEL, Fedora Core, Mandrake and SUSE (gcc3)...................... 29
2.2.2. Installing under Fedora Core, Mandriva and SUSE (gcc4) .................................. 29
2.2.3. Installing under Debian 3.1................................................................................... 30
2.2.4. Installing under Debian 4.0 and Ubuntu ............................................................... 31
2.2.5. Installing under Gentoo ........................................................................................ 32
2.2.6. Installing under Slackware ................................................................................... 32
2.3. Installing on BSD ............................................................................................................33
2.3.1. Installing on FreeBSD .......................................................................................... 33
2.3.2. Installing on NetBSD ............................................................................................ 34
2.3.3. Installing on OpenBSD 4.1 ................................................................................... 35
2.3.4. Installing on OpenBSD ......................................................................................... 35
2.4. Installing on Solaris i386 and Sparc................................................................................36
2.5. Uninstalling under Linux..................................................................................................37
3
Copyright © 2008 Gecad Technologies S.A.
http://www.axigen.com
AXIGEN System Administrator's Manual
2.5.1. Uninstalling under RHEL, Fedora Core, Mandriva /Mandrake and SUSE (gcc3, gcc4)............................................................................................................................... 37
2.5.2. Uninstalling under Debian / Ubuntu...................................................................... 38
2.5.3. Uninstalling under Gentoo.................................................................................... 38
2.5.4. Uninstalling under Slackware ............................................................................... 38
2.6. Uninstalling under BSD ...................................................................................................39
2.6.1. Uninstalling under FreeBSD................................................................................. 39
2.6.2. Uninstalling under NetBSD................................................................................... 40
2.6.3. Uninstalling under OpenBSD................................................................................ 40
2.7. Uninstalling under Solaris ...............................................................................................41
2.8. Starting / Stopping / Restarting the Server .....................................................................41
2.9. Initial Server Configuration..............................................................................................42
2.9.1. Setting the Admin Password ................................................................................ 42
2.9.2. Logging on to the WebAdmin Interface ................................................................ 42
2.9.3. Creating a New Domain ....................................................................................... 43
2.9.4. Adding an Account to an Existing Domain ........................................................... 45
2.9.5. Automated Configuration with AXIGEN Configuration Wizard ............................. 47
Chapter 3. Mail Server Architecture .................................................................................. 51
Services and Modules............................................................................................................51
Architecture Features.............................................................................................................51
Administration Tools ..............................................................................................................51
Security ..................................................................................................................................51
3.1. Generic Server Configuration .........................................................................................52
3.1.1. Running Services ................................................................................................. 52
3.1.2. Other Generic Server Parameters........................................................................ 52
Primary domain ......................................................................................................................52
SSL Random File ...................................................................................................................52
3.1.3. DNR Settings........................................................................................................ 53
Logging ..................................................................................................................................53
DNR Options ..........................................................................................................................53
Nameservers..........................................................................................................................53
3.2. Services and Modules.....................................................................................................53
3.2.1. SMTP Receiving................................................................................................... 53
Listeners ................................................................................................................................54
Access Control .......................................................................................................................54
Authentication ........................................................................................................................54
Message Acceptance Rules ..................................................................................................54
4
Copyright © 2008 Gecad Technologies S.A.
http://www.axigen.com
AXIGEN System Administrator's Manual
Flow Control ...........................................................................................................................54
Milter ......................................................................................................................................55
Logging ..................................................................................................................................55
Email Loop Protection ............................................................................................................55
Error Control ..........................................................................................................................55
Thread Management..............................................................................................................55
3.2.2. Processing............................................................................................................ 55
Logging ..................................................................................................................................56
Email Delivery ........................................................................................................................56
Delivery Reports ....................................................................................................................56
Queue Parameters.................................................................................................................56
Message statuses ..................................................................................................................56
3.2.3. SMTP Sending ..................................................................................................... 57
Routing Rules ........................................................................................................................57
Logging ..................................................................................................................................57
Thread Management..............................................................................................................58
3.2.4. POP3.................................................................................................................... 58
Listeners ................................................................................................................................58
Access Control .......................................................................................................................58
Flow Control ...........................................................................................................................59
Logging ..................................................................................................................................59
Encryption and Authentication ...............................................................................................59
Error Control ..........................................................................................................................59
Thread Management..............................................................................................................59
Compatibility with various POP3 Mail Clients ........................................................................59
3.2.5. IMAP..................................................................................................................... 60
Listeners ................................................................................................................................60
Access Control .......................................................................................................................60
Flow Control ...........................................................................................................................60
Logging ..................................................................................................................................60
Encryption and Authentication ...............................................................................................61
Error Control ..........................................................................................................................61
Thread Management..............................................................................................................61
Compatibility with various IMAP Mail Clients .........................................................................61
Public Folders ........................................................................................................................61
Internationalized Search ........................................................................................................61
3.2.6. Logging................................................................................................................. 61
5
Copyright © 2008 Gecad Technologies S.A.
http://www.axigen.com
AXIGEN System Administrator's Manual
Log Service Overview ............................................................................................................61
Log Types ..............................................................................................................................62
AXIGEN Log levels ................................................................................................................62
Logging format .......................................................................................................................63
Rules......................................................................................................................................63
Attributes of the Log service ..................................................................................................64
3.2.7. Reporting.............................................................................................................. 64
3.2.8. WebMail ............................................................................................................... 65
Listeners ................................................................................................................................66
Access Control .......................................................................................................................66
Flow Control ...........................................................................................................................66
Logging ..................................................................................................................................66
HTTP Protocol Options ..........................................................................................................66
WebMail Options....................................................................................................................66
Thread Management..............................................................................................................67
3.2.9. Storage................................................................................................................. 68
Filling the Containers .............................................................................................................68
Space saving filling procedure ...............................................................................................69
3.2.10. FTP Backup Service........................................................................................... 69
Listeners ................................................................................................................................69
Access Control .......................................................................................................................70
Flow Control ...........................................................................................................................70
Logging ..................................................................................................................................70
Error Control ..........................................................................................................................70
Thread Management..............................................................................................................70
3.2.11. RPOP Service .................................................................................................... 70
Logging ..................................................................................................................................71
Thread Management..............................................................................................................71
3.3. Connectivity and Threading ............................................................................................71
3.3.1. Listeners............................................................................................................... 71
3.3.2. Rules .................................................................................................................... 72
Allow/Deny Rules ...................................................................................................................72
Rule Enforcement Policy........................................................................................................73
3.3.3. Threads ................................................................................................................ 73
3.4. Clustering Support ..........................................................................................................74
3.4.1. Cluster Overview .................................................................................................. 74
3.4.1.1. LDAP Introduction .........................................................................................74
6
Copyright © 2008 Gecad Technologies S.A.
http://www.axigen.com
AXIGEN System Administrator's Manual
Setting up a new directory service for the cluster ..................................................................74
Integrating an existing directory service with the cluster........................................................74
3.4.1.1.1. Basic Directory Setup.................................................................................75
3.4.1.1.2. LDAP Entry Structure .................................................................................76
3.4.1.1.3. LDAP Authentication ..................................................................................77
3.4.1.2. AXIGEN Mapping System .............................................................................78
3.4.1.3. AXIGEN Authentication System ....................................................................79
3.4.1.4. AXIGEN Front-End Services Setup ..............................................................81
3.4.1.4.1. The SMTP Proxy ........................................................................................81
3.4.1.4.2. The IMAP and POP3 Proxies.....................................................................82
3.4.1.4.3. The WebMail Proxy ....................................................................................82
3.4.1.4.4. Mapping Setup ...........................................................................................82
3.4.1.5. AXIGEN Back-End Services Setup ...............................................................83
3.4.2. LDAP Routing....................................................................................................... 84
1. Configuring OpenLDAP for AXIGEN..................................................................................84
2. Configuring LDAP Connectors in AXIGEN ........................................................................85
3.4.2.1. Configuring Mapping Parameters .................................................................85
3.4.2.2. POP3 Proxy Service .....................................................................................86
Listeners ................................................................................................................................86
Access Control .......................................................................................................................86
Flow Control ...........................................................................................................................86
Logging ..................................................................................................................................86
Encryption and Authentication ...............................................................................................86
Error Control ..........................................................................................................................86
Thread Management..............................................................................................................86
Back-end Server Connection Settings ...................................................................................87
3.4.2.3. IMAP Proxy Service ......................................................................................87
Listeners ................................................................................................................................87
Access Control .......................................................................................................................87
Flow Control ...........................................................................................................................87
Logging ..................................................................................................................................87
Encryption and Authentication ...............................................................................................87
Error Control ..........................................................................................................................87
Thread Management..............................................................................................................88
Back-end Server Connection Settings ...................................................................................88
3.4.3. AXIGEN LDAP Authentication.............................................................................. 88
3.4.4. Integrating Active Directory into a cluster environment ........................................ 89
7
Copyright © 2008 Gecad Technologies S.A.
http://www.axigen.com
AXIGEN System Administrator's Manual
3.4.5. Exotic Cluster Setups ........................................................................................... 91
3.5. Groupware and collaboration ..........................................................................................91
3.5.1. Personal Organizer & AXIGEN Outlook Connector.............................................. 91
3.5.2. User folders and permissions............................................................................... 91
Computing permissions .........................................................................................................92
Permissions description .........................................................................................................92
Types of permissions .............................................................................................................92
Chapter 4. Mail Server Security ......................................................................................... 94
Routing Rules ........................................................................................................................95
4.1. Authentication and Encryption ........................................................................................95
Secure/Plain Connections and Authentication Methods ........................................................95
SSL parameters .....................................................................................................................96
Prerequisites and Settings for Each Active Directory User Defined for AXIGEN...................97
4.2. SPF and DomainKeys.....................................................................................................98
Command line parameters.....................................................................................................99
DomainKeys Verifier configuration.........................................................................................99
DomainKeys Signer configuration........................................................................................ 100
Starting/Stopping/Restarting the Domain Keys Daemons ................................................... 101
4.3. Mail Filtering.................................................................................................................. 101
Filter Types .......................................................................................................................... 101
Active Filters ........................................................................................................................ 102
Filtering Levels..................................................................................................................... 102
4.3.1. Message Acceptance Rules............................................................................... 103
4.3.2. Routing Rules..................................................................................................... 104
4.3.3. Antivirus / Antispam Filters ................................................................................. 105
4.3.4. Message Rules................................................................................................... 106
4.3.4.1. SIEVE Overview and Implementation in AXIGEN....................................... 108
SIEVE Overview .................................................................................................................. 108
The AXIGEN SIEVE interpreter ........................................................................................... 108
Action interaction ................................................................................................................. 109
Vacation interaction ............................................................................................................. 109
Vacation Extension .............................................................................................................. 110
4.3.5. The AXIGEN Filtering Module ............................................................................ 111
4.3.5.1. Filtering Module Implementation in AXIGEN............................................... 111
4.3.5.2. Configuring the AXIGEN Filtering Module................................................... 112
AXIMilter configuration......................................................................................................... 112
4.3.5.3. AXIGEN Filtering Module Commands......................................................... 114
8
Copyright © 2008 Gecad Technologies S.A.
http://www.axigen.com
AXIGEN System Administrator's Manual
Command line parameters................................................................................................... 114
4.3.6. Activating and Prioritising Filters and Rules ....................................................... 114
Filter Priority ......................................................................................................................... 114
Activation Inheritance........................................................................................................... 114
4.3.7. Language Specifications for Policy Configuration .............................................. 114
Basic structure ..................................................................................................................... 115
SMTP Events ....................................................................................................................... 115
Methods ............................................................................................................................... 116
Contexts ............................................................................................................................... 116
Variables .............................................................................................................................. 116
Structures............................................................................................................................. 118
Conditions ............................................................................................................................ 118
Functions ............................................................................................................................. 119
4.3.7.1. SMTP Functionalities (I) .............................................................................. 119
onConnect............................................................................................................................ 119
onEhlo.................................................................................................................................. 124
onMailFrom .......................................................................................................................... 132
4.3.7.2. SMTP Functionalities (II) ............................................................................. 140
onRcptTo ............................................................................................................................. 140
onHeadersReceived ............................................................................................................ 150
onBodyChunk ...................................................................................................................... 157
4.3.7.3. SMTP Functionalities (III) ............................................................................ 162
onDataReceived .................................................................................................................. 162
onRelay................................................................................................................................ 169
onDeliveryFailure ................................................................................................................. 174
onTemporaryDeliveryFailure................................................................................................ 176
Chapter 5. User and Domain Configuration ................................................................... 179
5.1. Domains ........................................................................................................................ 179
5.2. User Accounts............................................................................................................... 180
5.3. Groups .......................................................................................................................... 181
5.4. Mailing Lists .................................................................................................................. 181
Mailing List Server Overview ............................................................................................... 181
Administration of the Mail List .............................................................................................. 182
Message Flow for AXIGEN List Server ................................................................................ 182
Templates explained ............................................................................................................ 182
5.5. Public Folders ............................................................................................................... 183
9
Copyright © 2008 Gecad Technologies S.A.
http://www.axigen.com
AXIGEN System Administrator's Manual
Chapter 6. Working with the WebMail Module in AXIGEN ............................................ 1846.1. Accessing/Leaving the WebMail Interface .................................................................... 184
6.2. WebMail Features and Configuration ........................................................................... 185
Navigating in Your WebMail Account................................................................................... 185
Searching within your email account ................................................................................... 186
6.3. Working with Messages in WebMail ............................................................................. 187
Main Button Bar ................................................................................................................... 187
Composing a new message................................................................................................. 187
Steps for editing a new message in AXIGEN WebMail ....................................................... 188
Marking messages............................................................................................................... 189
Deleting messages .............................................................................................................. 190
6.4. WebMail Folders ........................................................................................................... 190
Public Folders ...................................................................................................................... 190
Special Folders .................................................................................................................... 190
Managing Folders in WebMail ............................................................................................. 190
Managing Contacts in WebMail ........................................................................................... 191
6.5. Working with the Personal Organizer in WebMail......................................................... 194
6.5.2. Working with your Journal .................................................................................. 201
6.6. Configuring Account Settings in WebMail ..................................................................... 209
6.6.1. Configuring Personal Data ................................................................................. 210
6.6.2. WebMail Data Settings....................................................................................... 211
6.6.3. Mail Filtering in WebMail .................................................................................... 213
6.6.3.1. WebMail Filters Overview ........................................................................... 214
6.6.4. Setting Sharing Permissions .............................................................................. 217
Global Permissions .............................................................................................................. 217
Folder permissions............................................................................................................... 217
Share a folder ...................................................................................................................... 217
Subscribe to folders shared by other users ......................................................................... 219
6.6.5. Configuring WebMail RPOP Connections.......................................................... 219
Connection details ............................................................................................................... 220
Retrieval settings ................................................................................................................. 220
Security ................................................................................................................................ 220
RPOP Templates ................................................................................................................. 220
6.6.6. WebMail Account Information ............................................................................ 221
6.6.7. WebMail Blacklist ............................................................................................... 221
6.6.8. Requesting Temporary Email Addresses........................................................... 222
10
Copyright © 2008 Gecad Technologies S.A.
http://www.axigen.com
AXIGEN System Administrator's Manual
Chapter 7. Using AXIGEN WebMail features in Outlook ............................................... 2237.1. Installing the AXIGEN Outlook Connector .................................................................... 223
7.2. Server Side Rules ......................................................................................................... 225
7.3. Folder Sharing .............................................................................................................. 227
7.4. Open/Close other user's folders.................................................................................... 229
7.5. Manage Global Permissions ......................................................................................... 230
Chapter 8. Administration Tools Overview .................................................................... 232
8.1. Working with axigen.cfg ................................................................................................ 233
Restrictions .......................................................................................................................... 233
Definitions ............................................................................................................................ 233
Structure of the axigen.cfg file ............................................................................................. 234
Chapter 9. Configuring AXIGEN using WebAdmin........................................................ 236
WebAdmin Overview ........................................................................................................... 236
WebAdmin Features ............................................................................................................ 236
Thread Management............................................................................................................ 236
Log Control .......................................................................................................................... 236
WebAdmin Flow Control ...................................................................................................... 236
HTTP Protocol Options for WebAdmin ................................................................................ 237
Session Options for WebAdmin ........................................................................................... 237
Working with WebAdmin ...................................................................................................... 237
Saving the Configuration in WebAdmin ............................................................................... 238
Confirmation / Error Messages ............................................................................................ 238
Displaying/Hiding the Contextual Help................................................................................. 239
9.1. Configuring Global Settings .......................................................................................... 240
9.2. Managing AXIGEN Services ......................................................................................... 241
9.2.1. Configure the Running Services......................................................................... 241
9.2.2. SMTP Receiving Tab ......................................................................................... 241
Logging ................................................................................................................................ 242
Email Loop Protection .......................................................................................................... 242
Error Control ........................................................................................................................ 242
Thread Management............................................................................................................ 243
9.2.3. SMTP Sending Tab ............................................................................................ 243
Logging ................................................................................................................................ 243
Thread Management............................................................................................................ 243
9.2.4. IMAP Tab ........................................................................................................... 244
Logging ................................................................................................................................ 244
Encryption and Authentication ............................................................................................. 244
11
Copyright © 2008 Gecad Technologies S.A.
http://www.axigen.com
AXIGEN System Administrator's Manual
Error Control ........................................................................................................................ 245
Thread Management............................................................................................................ 245
9.2.5. POP3 Tab........................................................................................................... 245
Logging ................................................................................................................................ 246
Encryption and Authentication ............................................................................................. 246
Error Control ........................................................................................................................ 247
Thread Management............................................................................................................ 247
9.2.6. WebMail Tab ...................................................................................................... 247
Logging ................................................................................................................................ 248
HTTP Protocol Options ........................................................................................................ 248
Webmail Options.................................................................................................................. 249
Thread Management............................................................................................................ 249
9.2.7. WebAdmin Tab................................................................................................... 249
Logging ................................................................................................................................ 250
HTTP Protocol Options ........................................................................................................ 250
WebAdmin Options .............................................................................................................. 251
Thread Management............................................................................................................ 251
9.2.8. DNR Tab ............................................................................................................ 251
Logging ................................................................................................................................ 251
DNR Options ........................................................................................................................ 252
Nameservers........................................................................................................................ 252
9.2.9. Remote POP Tab ............................................................................................... 253
Logging ................................................................................................................................ 253
Thread Management............................................................................................................ 254
9.2.10. CLI Tab............................................................................................................. 254
Logging ................................................................................................................................ 254
CLI Options .......................................................................................................................... 255
Error Control ........................................................................................................................ 255
Thread Management............................................................................................................ 255
9.3. Domains and Accounts ................................................................................................. 256
9.3.1. The Manage Domains Tab................................................................................. 256
9.3.1.1. Domains General Configuration .................................................................. 257
9.3.1.2. Defining Domain Aliases ............................................................................. 259
9.3.1.3. Domain Message Filters Page .................................................................... 259
9.3.1.4. Configuring the Message Appender............................................................ 261
9.3.1.5. Managing Account Defaults ........................................................................ 261
9.3.1.5.1. Account Defaults General Parameters..................................................... 262
12
Copyright © 2008 Gecad Technologies S.A.
http://www.axigen.com
AXIGEN System Administrator's Manual
9.3.1.5.2. Configuring Account Quotas and Restrictions ......................................... 262
Managing Account Quotas................................................................................................... 262
Configuring Restrictions....................................................................................................... 263
Password Policy Enforcement ............................................................................................. 264
Session restrictions.............................................................................................................. 264
WebMail Restrictions ........................................................................................................... 264
Message Sending Restrictions ............................................................................................ 265
Remote POP Restrictions .................................................................................................... 265
Temporary Email Addresses Restrictions ............................................................................ 265
9.3.1.5.3. Managing Account Filters......................................................................... 266
9.3.2. Manage Accounts Tab ....................................................................................... 267
9.3.2.1. Accounts General Page .............................................................................. 268
9.3.2.2. Account Aliases........................................................................................... 270
Account Aliases Management ............................................................................................. 270
9.3.2.3. Configuring Quotas and Restrictions .......................................................... 270
Managing Account Quotas................................................................................................... 270
Configuring Restrictions....................................................................................................... 271
Password Policy Enforcement ............................................................................................. 272
Session restrictions.............................................................................................................. 272
WebMail Restrictions ........................................................................................................... 272
Message Sending Restrictions ............................................................................................ 273
Remote POP Restrictions .................................................................................................... 273
Temporary Email Addresses Restrictions ............................................................................ 273
Parameter inheritance.......................................................................................................... 273
9.3.2.4. Account WebMail Options ........................................................................... 274
Appearance Options ............................................................................................................ 274
Account Preferences............................................................................................................ 274
Contacts Settings................................................................................................................. 275
Defining a Signature ............................................................................................................ 276
9.3.2.5. Managing Message Filters .......................................................................... 276
9.3.2.5.1. Admin Filters ......................................................................................... 277
Incoming Message Rules..................................................................................................... 277
General Settings for the New Message Rule ....................................................................... 278
New Message Rule Conditions ............................................................................................ 278
New Message Rule Actions ................................................................................................. 278
9.3.2.5.2. User Filters ............................................................................................ 279
Incoming Messages Rules ................................................................................................... 279
13
Copyright © 2008 Gecad Technologies S.A.
http://www.axigen.com
AXIGEN System Administrator's Manual
General Settings of the New Message Rule ........................................................................ 279
New Message Rule Conditions ............................................................................................ 280
New Message Rule Actions ................................................................................................. 280
9.3.3. Groups Tab ........................................................................................................ 281
9.3.3.1. Group General Configuration ...................................................................... 282
9.3.3.2. Groups Message Filters .............................................................................. 282
9.3.4. Mailing Lists........................................................................................................ 284
9.3.4.1. Mailing Lists General Configuration ............................................................ 285
Settings ................................................................................................................................ 285
Services ............................................................................................................................... 286
Info ....................................................................................................................................... 286
9.3.4.2. Members ..................................................................................................... 287
9.3.4.3. Subscription and Posting ............................................................................ 287
Subscription/Unsubscription ................................................................................................ 287
Message posting.................................................................................................................. 288
Message Headers ................................................................................................................ 288
Message Templates............................................................................................................. 289
9.3.4.4. Configuring Quotas and Restrictions .......................................................... 290
Managing Mailing List Quotas.............................................................................................. 290
Session Restrictions ............................................................................................................ 290
WebMail Restrictions ........................................................................................................... 291
Message Sending Restrictions ............................................................................................ 291
9.3.4.5. Mailing Lists WebMail Options .................................................................... 291
Appearance Options ............................................................................................................ 291
Preferences.......................................................................................................................... 292
9.3.4.6. Mailing Lists Message Filters ...................................................................... 293
9.3.5. Configuring Public Folders ................................................................................. 295
9.3.5.1. Public Folders General Configuration ......................................................... 296
Settings ................................................................................................................................ 296
9.3.5.2. Configuring Public Folders Quotas ............................................................. 296
9.3.6. Account Classes Tab ......................................................................................... 297
9.3.6.1. Account Classes General Parameters ........................................................ 298
9.3.6.2. Configuring Quotas and Restrictions .......................................................... 299
Managing Account Quotas................................................................................................... 299
Configuring Restrictions....................................................................................................... 300
Password Policy Enforcement ............................................................................................. 300
Session restrictions.............................................................................................................. 300
14
Copyright © 2008 Gecad Technologies S.A.
http://www.axigen.com
AXIGEN System Administrator's Manual
WebMail Restrictions ........................................................................................................... 301
Message Sending Restrictions ............................................................................................ 301
Remote POP Restrictions .................................................................................................... 302
Temporary Email Addresses Restrictions ............................................................................ 302
Parameter inheritance.......................................................................................................... 302
9.3.6.3. Managing Message Filters .......................................................................... 303
9.4. Security & Filtering ........................................................................................................ 305
9.4.1. AntiVirus and AntiSpam Tab .............................................................................. 305
9.4.1.1. Supported AV/AS Applications.................................................................... 306
9.4.1.2. Setting the AntiVirus Actions ....................................................................... 306
9.4.1.3. AntiSpam Configuration .............................................................................. 307
Setting a WhiteList ............................................................................................................... 307
Spam Thresholds ................................................................................................................. 307
9.4.2. Additional AntiSpam Methods ............................................................................ 308
BlackList............................................................................................................................... 308
Sender Policy Framework .................................................................................................... 309
Domain Keys authentication ................................................................................................ 309
DNSBL (DNS BlackList)....................................................................................................... 309
Safe IPs/IP Ranges.............................................................................................................. 310
DNS Check .......................................................................................................................... 310
9.4.3. Global Access Control ........................................................................................ 311
Access Restriction ............................................................................................................... 311
9.4.4. Acceptance & Routing Tab................................................................................. 311
9.4.4.1. Acceptance Basic Settings.......................................................................... 312
Received messages............................................................................................................. 312
Allowed ESMTP Commands................................................................................................ 312
Allow/Disallow local delivery ................................................................................................ 313
Override default SMTP banner ............................................................................................ 313
9.4.4.2. Routing Basic Settings ................................................................................ 313
Setting a Smart Host ............................................................................................................ 313
Remote delivery ................................................................................................................... 314
Outgoing connection settings............................................................................................... 314
9.4.4.3. Advanced Settings ...................................................................................... 314
Advanced Settings ............................................................................................................... 314
Adding a new acceptance or routing rule............................................................................. 315
New rule conditions.............................................................................................................. 315
9.4.5. Incoming Message Rules Tab............................................................................ 316
15
Copyright © 2008 Gecad Technologies S.A.
http://www.axigen.com
AXIGEN System Administrator's Manual
9.4.5.1. New Message Rule Page............................................................................ 317
New rule conditions.............................................................................................................. 317
Actions ................................................................................................................................. 318
9.5. Queue ........................................................................................................................... 318
9.5.1. Processing Tab .................................................................................................. 319
Logging ................................................................................................................................ 319
Email Delivery ...................................................................................................................... 319
Queue Parameters............................................................................................................... 321
9.5.2. View Queue........................................................................................................ 322
Viewing the Queue............................................................................................................... 322
Detailed message information ............................................................................................. 322
Actions to be taken for selected items ................................................................................. 323
9.6. Status & Monitoring....................................................................................................... 323
9.6.1. Reporting Service Tab........................................................................................ 323
Logging ................................................................................................................................ 324
Log types ............................................................................................................................. 325
Data Collection..................................................................................................................... 325
SNMP Parameters ............................................................................................................... 325
9.6.2. Charts Tab.......................................................................................................... 326
Defined charts ...................................................................................................................... 326
Available Chart Groups ........................................................................................................ 327
Refresh options .................................................................................................................... 327
9.6.2.1. Chart Parameters Configuration ................................................................. 327
General settings................................................................................................................... 327
Data Aggregation ................................................................................................................. 328
9.6.2.2. Display Settings .......................................................................................... 329
Predefined styles ................................................................................................................. 329
Live Preview......................................................................................................................... 329
9.6.3. Storage Charts ................................................................................................... 330
Overall Storage .................................................................................................................... 330
Per Domain Storage ............................................................................................................ 330
9.6.3.1. Detailed Storage Info .................................................................................. 330
All Storage Files & Domain Storage .................................................................................... 331
Object Storage & Message Storage .................................................................................... 331
9.7. Logging ......................................................................................................................... 332
9.7.1. Local Services Log ............................................................................................. 333
Local Services Log Overview............................................................................................... 333
16
Copyright © 2008 Gecad Technologies S.A.
http://www.axigen.com
AXIGEN System Administrator's Manual
9.7.2. Log Collection Rules .......................................................................................... 333
Log Collection Rules ............................................................................................................ 333
9.7.2.1. Log Collection Rule Configuration............................................................... 334
Settings section.................................................................................................................... 334
Logging ................................................................................................................................ 335
Rotation Parameters ............................................................................................................ 335
9.7.3. View Log Files .................................................................................................... 336
Log files................................................................................................................................ 336
Viewing, deleting or downloading a log file .......................................................................... 336
9.7.4. Log Server Settings............................................................................................ 337
Listeners .............................................................................................................................. 337
Logging Settings .................................................................................................................. 337
9.8. Backup and Restore Tab .............................................................................................. 338
Logging ................................................................................................................................ 338
Error Control ........................................................................................................................ 338
Thread Management............................................................................................................ 339
9.9. Automatic Migration Tab ............................................................................................... 339
9.10. Clustering Section ....................................................................................................... 340
9.10.1. Clustering Setup............................................................................................... 340
9.10.1.1. LDAP Connectors Page ............................................................................ 341
Logging Parameters............................................................................................................. 342
Thread Management............................................................................................................ 342
9.10.1.2. User Maps Page ....................................................................................... 343
9.10.1.3. Routing and Authentication Page.............................................................. 343
9.10.2. POP3 Proxy Tab .............................................................................................. 344
Logging ................................................................................................................................ 344
Encryption and Authentication ............................................................................................. 345
Error Control ........................................................................................................................ 345
Thread Management............................................................................................................ 345
Back-end Server Connection Settings ................................................................................. 346
9.10.3. IMAP Proxy Tab ............................................................................................... 346
Logging ................................................................................................................................ 347
Encryption and Authentication ............................................................................................. 347
Error Control ........................................................................................................................ 347
Thread Management............................................................................................................ 348
Back-end Server Connection Settings ................................................................................. 348
9.11. Administration Rights Section ..................................................................................... 349
17
Copyright © 2008 Gecad Technologies S.A.
http://www.axigen.com
AXIGEN System Administrator's Manual
9.11.1. Administrative Groups Tab............................................................................... 349
Administrative Groups.......................................................................................................... 349
9.11.1.1. General ..................................................................................................... 349
General parameters ............................................................................................................. 350
9.11.1.2. Membership .............................................................................................. 350
Membership hierarchy ......................................................................................................... 350
Members of the configured group ........................................................................................ 350
Parents of the configured group........................................................................................... 351
9.11.1.3. Permissions............................................................................................... 351
Explicit Permissions ............................................................................................................. 351
Setting explicit permissions at server level .......................................................................... 351
Adding server permissions................................................................................................... 352
Setting explicit permissions at domain level ........................................................................ 352
Adding domain permissions ................................................................................................. 353
Effective permissions ........................................................................................................... 353
9.11.2. Administrative Users Tab ................................................................................. 354
Administrative users' list....................................................................................................... 354
Adding a new administrative user ........................................................................................ 354
9.11.2.1. General ..................................................................................................... 355
General settings................................................................................................................... 355
9.11.2.2. Membership .............................................................................................. 355
Membership hierarchy ......................................................................................................... 355
9.11.2.3. Permissions............................................................................................... 356
Explicit Permissions ............................................................................................................. 356
Setting explicit permissions at server level .......................................................................... 356
Adding server permissions................................................................................................... 356
Setting explicit permissions at domain level ........................................................................ 357
Adding domain permissions ................................................................................................. 358
Effective permissions ........................................................................................................... 358
9.11.3. Domain Admin Limits Configuration ................................................................. 359
Domain Admin Limits ........................................................................................................... 359
Services ............................................................................................................................... 359
Accounts and Account Classes ........................................................................................... 360
Groups ................................................................................................................................. 360
Mailing Lists ......................................................................................................................... 361
Public Folders ...................................................................................................................... 361
9.12. TCP Listeners and Control Rules ............................................................................... 362
18
Copyright © 2008 Gecad Technologies S.A.
http://www.axigen.com
AXIGEN System Administrator's Manual
9.12.1. Listeners........................................................................................................... 363
9.12.1.1. Configuring General Parameters .............................................................. 363
General settings................................................................................................................... 363
Flow control.......................................................................................................................... 364
Access Control ..................................................................................................................... 364
Other settings....................................................................................................................... 365
9.12.1.2. SSL Parameters for Listeners ................................................................... 365
SSL configuration................................................................................................................. 365
Path to certificate file/authorities .......................................................................................... 365
9.12.2. Access and Flow Control Rules........................................................................ 367
Service Level ....................................................................................................................... 367
Flow Control ......................................................................................................................... 368
Chapter 10. Configuring AXIGEN using CLI................................................................... 369
Service Description .............................................................................................................. 369
10.1. Special Contexts ......................................................................................................... 370
Login Context ....................................................................................................................... 370
Initial Context ....................................................................................................................... 371
Reporting Context ................................................................................................................ 371
Server Context ..................................................................................................................... 371
Commands Context ............................................................................................................. 372
Commands-Server Context ................................................................................................. 372
Commands-Storage Context ............................................................................................... 372
Migration Context ................................................................................................................. 373
10.2. Common commands ................................................................................................... 373
10.3. Connecting to CLI ....................................................................................................... 374
10.4. Troubleshoot the CLI Connection ............................................................................... 375
10.5. Context Specific Commands....................................................................................... 375
Login Context <login> .......................................................................................................... 375
Initial Context <#> ................................................................................................................ 375
Server Context <server#> .................................................................................................... 376
CLI Context <server-cli#> .................................................................................................... 377
Listener context <server-(service_name)-listener#>............................................................ 377
Allow Rule Context <server-(service_name)-listener-allowrule#> ....................................... 378
SSL Control Context <server-(service_name)-listener-sslcontrol#> .................................... 378
Log Context <server-log#> .................................................................................................. 379
Rule Context <server-log-rule#> .......................................................................................... 379
19
Copyright © 2008 Gecad Technologies S.A.
http://www.axigen.com
AXIGEN System Administrator's Manual
Chapter 11. Command Line Parameters for AXIGEN .................................................... 398Display version..................................................................................................................... 398
Run in foreground ................................................................................................................ 398
Crash control........................................................................................................................ 398
Process ID ........................................................................................................................... 398
Path to configuration file ...................................................................................................... 398
Using mqview tool to view status for messages in the queue.............................................. 398
POP3 Authentication............................................................................................................ 399
Chapter 12. RFCs Currently Implemented by AXIGEN.................................................. 400
POP3 ................................................................................................................................... 400
POP3 and IMAP Specifications ........................................................................................... 400
SMTP specifications ............................................................................................................ 400
SMTP service extensions .................................................................................................... 400
IMAP specifications.............................................................................................................. 400
HTTP specifications: ............................................................................................................ 400
DNS specifications............................................................................................................... 401
Sieve extensions implemented in AXIGEN .......................................................................... 401
Generic RFCs ...................................................................................................................... 401
Mailing Lists ......................................................................................................................... 401
FTP ...................................................................................................................................... 401
Groupware ........................................................................................................................... 401
SNMP................................................................................................................................... 401
20
Copyright © 2008 Gecad Technologies S.A.
http://www.axigen.com
AXIGEN System Administrator's Manual
Introduction Purpose of this Document Congratulations on your decision to choose AXIGEN Mail Server as your messaging solution. This document serves as guide for AXIGEN Mail Server version 6.0 and subsequent versions until specified otherwise. Full information about AXIGEN product versions and licensing options can be found on the AXIGEN website.
For an overview of AXIGEN Mail Server architecture and functionalities, see Chapter 3. Mail Server Architecture.
Intended as reference guide for system administrators, this manual includes full documentation on mail server architecture, functionalities and configuration options.
Structure of this document This document is divided in 12 main Chapters as follows:
• Chapter 1 - Brief overview of main AXIGEN features (commercial and technical differentiators)
• Chapter 2 –Server startup instructions (requirements / install / uninstall / initial configuration)
• Chapters 3 through 7 – Descriptions of architecture (modules/services), security functions and user management. These chapters provide general information about the server capabilities and functionalities. They also include direct references to configuration instructions for each feature/set of parameters in Chapter 9.
• Chapter 8 – Brief overview of all existing AXIGEN configuration tools and description of the Configuration file (axigen.cfg).
• Chapter 9 – WebAdmin (Web configuration interface) Administration Guide. This chapter provides detailed configuration instructions for all functionalities mentioned in Chapters 3-5. It also maps Configuration options provided by WebAdmin to configuration parameters present in the axigen.cfg file, the AXIGEN text-editable configuration file.
• Chapters 10 through 11 – Description of the Command Line Interface possible configurations and available Command Line Parameters that allow you to perform different basic administration tasks.
• Chapter 12 – List of RFCs currently implemented by AXIGEN
Audience and knowledge requirements The intended audience for this manual is represented by administrators of the mail servers in companies where the version 6.0 of AXIGEN Mail Server is installed and evaluated.
In order to build, extract and acquire the correct information from this manual, a regular audience should have:
• A detailed knowledge of general mail server abilities and functions
• Knowledge of network protocols
21
Copyright © 2008 Gecad Technologies S.A.
http://www.axigen.com
AXIGEN System Administrator's Manual
Related documentation Additional information regarding AXIGEN can be found in the following sources:
• AXIGEN HSP manual - Contains detailed instructions on HSP – AXIGEN proprietary server-side scripting language information. This provides administrators with expansion capabilities for the AXIGEN WebAdmin / WebMail modules. (On demand only)
• AXIGEN Online documentation – an online version of this manual
• AXIGEN Quick Installation and Configuration guide – everything you need to get your server up and running
• AXIGEN Knowledgebase – articles containing specific instructions in response to Support queries and troubleshooting procedures
22
Copyright © 2008 Gecad Technologies S.A.
http://www.axigen.com
AXIGEN System Administrator's Manual
Chapter 1. Mail Server Overview AXIGEN Mail Server is a fully self developed solution, truly innovative in several respects, particularly scalable and configurable. This messaging solution offers the entire range of mail services -SMTP, POP3, IMAP, WebMail - includes List server, Logging, Reporting and FTP Backup modules and provides various, flexible administration options (including a central Web administration interface - WebAdmin).
OS Compatibility It is currently available for several Linux distributions, FreeBSD, OpenBSD, NetBSD and Solaris, working on several architectures, such as x86, SPARC and PowerPC. Development roadmap includes versions for Windows, Mac OS and other operating systems. AXIGEN uses MPA (Multi Platform Architecture), a proprietary cutting-edge technology that allows porting the AXIGEN server on multiple platforms while keeping the same set of features. This makes it possible to adapting the product to any demanded platform, while guaranteeing stability, and makes it easier for users to switch to a different platform, whenever their requirements change.
Integrated Messaging Solution AXIGEN is an integrated service server, being able to successfully replace a solution based on several Open Source solutions. It is also modular, as it can run with any number of services inhibited. For instance, if you only want to run the SMTP service, AXIGEN can run with all other services inhibited by allocating all processing threads to SMTP. Thus, AXIGEN can accommodate any usage scenario - main mail server, backup server, mail relay server.
High Configurability Built with administration needs in mind, AXIGEN provides System Administrators with unmatched configuration possibilities for each and every module and feature. For each and every AXIGEN module and feature, you can fine tune connection control, client management and make advanced settings for every domain and account you are managing. An example of advanced service configuration options in AXIGEN would be WebMail account and domain settings: mailbox quota, attachment size limit, mail size limit, session idle & activity timeout, maximum number of messages sent per hour by one account, HTML filtering level for HTML email messages, etc.
Innovative Storage AXIGEN Mail Storage uses a proprietary technology which optimizes space and mail flow. This innovative storage architecture, doubled by a similar queue architecture, with index based access reduces I/O operations and disk access. Messages are stored in container files, a proprietary format that supports an effective space-saving filling procedure, allowing system administrator to specify the locations and number of directories/files allowed for message storage.
Advanced Security Tools In terms of security, an extensive security tool set is implemented, which is also highly configurable. System Administrators can flexibly use the filtering rules available at server, domain and user level, by specifying what filters to use, the order of applicable filters and the actions to be taken according to the results of the scanning process. Filtering in AXIGEN includes Antivirus/Antispam, Antispoofing (SPF authentication rules) Domain Keys and custom SIEVE scripts. AXIGEN integrates at present connectors for Open source Antispam and Antivirus applications (SpamAssassin and ClamAV) but thanks to its script interface for external connectors, it can integrate with virtually any AS/AV application requested by users.
23
Copyright © 2008 Gecad Technologies S.A.
http://www.axigen.com
AXIGEN System Administrator's Manual
Automation Options AXIGEN addresses automation requirements of System Administrators by providing them with an alternative configuration interface - CLI (Command Line Interface). Apart from providing an alternate method of performing basic configuration tasks, CLI automates repetitive tasks, which can be really time-consuming when performed manually. Automatic domain data migration is also available in WebAdmin, where you can easily set migration related parameters.
Clustering Support AXIGEN allows system administrators to route SMTP, POP and IMAP connections to different machines running our messaging solutions. This new feature is based the integration of AXIGEN with OpenLDAP and it makes use of the SMTP In, POP3 Proxy and IMAP Proxy services.
These are some of the distinctive AXIGEN features - to read more about them, their configuration procedures, and many more facilities and configuration options provided by AXIGEN, browse through this online documentation.
24
Copyright © 2008 Gecad Technologies S.A.
http://www.axigen.com
AXIGEN System Administrator's Manual
Chapter 2. Getting Started with AXIGEN This section gets you started with AXIGEN Mail Server, by outlining the software and hardware requirements your system needs to fulfill before you can install AXIGEN, the install and uninstall procedure for all available Linux distributions, BSD and Solaris platforms and initial configuration steps needed for the initial server run.
2.1. Software and Hardware requirements
Software requirements AXIGEN has the following minimal software requirements:
• Linux OS, kernel 2.4/2.6 • glibc version 2.2.93 or later • libstdc++ version 3.2 or later
For BSD platforms requirements are as follows:
• FreeBSD 6.x • NetBSD 3.0 or NetBSD 3.1 • OpenBSD 4.1 or OpenBSD 4.2
For Solaris requirements are as follows:
• Solaris 10
For all platforms:
• Internet Explorer 6 or later/ Firefox 2.0
Hardware requirements
AXIGEN has the following minimal hardware requirements:
• Processor: x86, minimum frequency 300 MHz • RAM: 128 MB. • Available space on HDD: 50 MB free space for installation purposes and default
configuration files. The actual space AXIGEN will take on your hard disk depends on the number of accounts, domains, mailboxes and the size of messages stored on the mail server.
Supported platforms Linux (x86, 32-bit)
RedHat Enterprise
• Redhat Enterprise Linux 5 • Redhat Enterprise Linux 4 • Redhat Enterprise Linux 3
Fedora
• 8 • 7
25
Copyright © 2008 Gecad Technologies S.A.
http://www.axigen.com
AXIGEN System Administrator's Manual
CentOS
• 5.x • 4.x
SUSE
• SUSE Linux Enterprise Server • SLES 10 • SLES 9
• SUSE Linux • 10.3 • 10.2 • 10.1
Gentoo
• 2007.0 • 2006.1
Novell
• OES
Ubuntu
• Server 7.10 • Server 7.04 • Server 6.10 • Server 6.06
Debian
• 4.0 • 3.1
Mandriva
• 2008.0 • 2007.1 • 2007.0 • Corporate Server 4
Slackware
• 12.0 • 11.0
BSD (x86, 32-bit)
FreeBSD
• 6.x
OpenBSD
• 4.2 • 4.1
26
Copyright © 2008 Gecad Technologies S.A.
http://www.axigen.com
AXIGEN System Administrator's Manual
NetBSD
• 3.1 • 3.0
Solaris
• Solaris 10
SPARC
Solaris
• Solaris 10
PPC
Fedora
• 8
RedHat Enterprise
• Redhat Enterprise Linux 4
Tested platforms AXIGEN has been tested extensively and is guaranteed to work on the following Linux distributions: Gentoo, RedHat/Fedora, Slackware, Debian, Ubuntu, Mandrake/Mandriva, SUSE. AXIGEN also runs on BSD platforms (FreeBSD, NetBSD and OpenBSD) and on Solaris 10. AXIGEN runs on three different architectures: x86, PowerPC and SPARC.
2.2. Installing on Linux The following section describes the general installation steps for AXIGEN on RedHat and SUSE distributions. For instructions related to a specific Linux distribution, please refer to the Install file included in the installation kit or read the sections corresponding to the respective Linux distribution.
General installation steps Here are the general steps to be taken in order to install AXIGEN.
• Unzip the original installation package. Read the Installing AXIGEN under RedHat and SUSE section for an example on how to unzip the installation files.
• Install AXIGEN files. Read the Installing AXIGEN under RedHat and SUSE section for an example on how to install the product.
• Configure axigen.cfg, as explained in the Configuring AXIGEN using axigen.cfg file section in order to adjust axigen.cfg file to your specific environment.
• Start the AXIGEN server (Read the Starting/Stopping/Restarting AXIGEN section for information on how to start AXIGEN).
• Create domains/accounts for your AXIGEN installation (more information can be found in the User and Domain Configuration section).
• Reconfigure axigen.cfg (if needed). • Reload AXIGEN server. This way the changes committed in the main axigen.cfg file
can take effect (changes to domains and accounts are made on the fly). Read the Starting/Stopping/Restarting AXIGEN section for information on how to reload AXIGEN.
• After the installation, no daemons or related application are started.
27
Copyright © 2008 Gecad Technologies S.A.
http://www.axigen.com
AXIGEN System Administrator's Manual
Files Provided for Installation The installation kit consists of the following files:
• INSTALL • UNINSTALL • README • Distribution-specific package file(s).
The following table shows the files and directories provided in the installation kit required for AXIGEN to run correctly:
Directory/File Description
/etc/init.d/ /etc/init.d/axigen
This is the initscript for AXIGEN. The script will start the daemon for the Gentoo, Debian, RedHat and SUSE distributions.
/etc/rc.d/rc3.d/S80axigen /etc/rc.d/rc4.d/S80axigen /etc/rc.d/rc5.d/S80axigen
Symbolic links to the above mentioned initscript file, needed to start the daemon in the respective run levels (only for RedHat and SUSE distributions).
/etc/rc.d/rc.axigenThis is the initscript for AXIGEN in the Slackware distribution.
/etc/conf.d/axigenThis is the configuration file used by the AXIGEN initscript in the Gentoo distribution
/etc/opt/ /etc/opt/axigen/ /etc/opt/axigen/axigen.cfg
This is the main configuration file for AXIGEN.
/opt/axigen/ /opt/axigen/bin/ /opt/axigen/bin/axigen
This is the AXIGEN daemon.
/opt/axigen/bin/mqview
This is the executable to be used for viewing the status of the queued messages. Please refer to the Command Line Parameters section for instructions on using this tool.
/opt/axigen/share/ /opt/axigen/share/doc/ /opt/axigen/share/doc/README
Document containing the release notes for this version of AXIGEN.
/opt/axigen/share/doc/INSTALLDocument containing the installation instructions for AXIGEN
/opt/axigen/share/doc/UNINSTALLDocument containing the instructions for uninstalling AXIGEN.
/opt/axigen/share/doc/LICENSE Document containing the license for AXIGEN.
/opt/axigen/share/examples/ /opt/axigen/share/examples/axigen.cfg/opt/axigen/share/examples/domain.cfg/opt/axigen/share/examples/account.cfg
Sample configuration files, containing the default values for AXIGEN parameters, as presented in this Manual.
/var/opt/ /var/opt/axigen/ /var/opt/axigen/Webmail/
Default directory used for storing files pertaining to AXIGEN WebMail module.
28
Copyright © 2008 Gecad Technologies S.A.
http://www.axigen.com
AXIGEN System Administrator's Manual
2.2.1. Installing under RHEL, Fedora Core, Mandrake and SUSE (gcc3)
In order to install the AXIGEN Mail Server on RHEL, Fedora Core, Mandrake and SUSE follow these instructions:
1. Unzip installation file
Unzip the downloaded file by issuing the following command in the same directory as the downloaded file: tar xzvf <install kit file>
For example, to unpack the AXIGEN RPM package for the i386 architecture type in the directory where the file is located: tar xzvf axigen-6.0.0.i386.rpm.gcc3.tar.gz
2. Installation
In order to install the RPM package, you must issue (while logged in as root) the following command, from the same directory with the rpm file: rpm -ivh axigen-version-build.i386.rpm
For instance, the corresponding command for the 6.0 AXIGEN version will be: rpm -ivh axigen-6.0.0-1.gcc3-1.i386.rpm
After the installation no daemons or related application will be started.
3. Configuration
Before you start AXIGEN, you need to configure it. You can do that by modifying the main configuration file (please refer to the Initial Configuration section for more information).
4. Start AXIGEN
In both RedHat and SUSE, the AXIGEN server can be started via its initscript, by issuing this command: /etc/init.d/axigen start The above installation steps apply for the following gcc3 distributions: Redhat Enterprise Linux 3 and 4 SUSE Linux Enterprise Server 9
These installation instructions apply for all RPM based distros (RHEL, SUSE).
2.2.2. Installing under Fedora Core, Mandriva and SUSE (gcc4)
In order to install the AXIGEN Mail Server on gcc4 based distributions (RHEL, Fedora Core, Mandriva, SUSE), follow these instructions:
1. Unzip installation file
Issue the following command, in the same directory as the downloaded file, to unzip the installation file: tar xzvf <install kit file>
29
Copyright © 2008 Gecad Technologies S.A.
http://www.axigen.com
AXIGEN System Administrator's Manual
For example, to unpack the AXIGEN installation file type the command below in the directory where the file is located: tar xzvf axigen-6.0.0.i386.rpm.tar.gz
2. Installation
Issue (while logged in as root) the following command, from the same directory as the rpm file: rpm -ivh axigen-version-build.i386.rpm
For instance, the corresponding command for the 6.0 AXIGEN version will be: rpm -ivh axigen-6.0.0-1.i386.rpm
After the installation, no daemons or related application will be started.
3. Configuration
Before you start AXIGEN, you need to configure it. You can do that by modifying the main configuration file (please refer to the Initial Configuration section for more information).
4. Start AXIGEN
In RHEL, Fedora Core and Mandriva the AXIGEN server can be started via its initscript, by issuing this command: /etc/init.d/axigen start The above installation steps apply for the following gcc4 distributions: Redhat Enterprise Linux 5 Fedora Core 7 or higher SUSE Linux 10.0 or higher Mandriva 2007.0 or higher
2.2.3. Installing under Debian 3.1
In order to install the AXIGEN Mail Server on Debian 3.1, follow these instructions:
1. Unzip installation file
Issue the following command, in the same directory as the downloaded file, to unzip the installation file: tar xzvf <install kit file>
For example, to unpack the AXIGEN installation file for Debian 3.1 architecture, type the command below in the directory where the file is located: tar xzvf axigen-6.0.0.i386.deb31.tar.gz
2. Installation
In order to install the DEB package, you must issue (while logged in as root) the following command, from the same directory with the deb file: dpkg -i axigen_version-build_i386.deb
For instance, the corresponding command for the 6.0 AXIGEN version will be: dpkg -i axigen_6.0.0-1_i386.deb
After the installation no daemons or related application will be started.
30
Copyright © 2008 Gecad Technologies S.A.
http://www.axigen.com
AXIGEN System Administrator's Manual
3. Configuration
Before you start AXIGEN, you need to configure it. You can do that by modifying the main configuration file and the other specific configuration files (please refer to the README file from the installation kit, for more information about their names and locations). More information about each configuration setting can be found in the sample configuration files installed by default, as comments.
4. Start AXIGEN
In Debian 3.1, AXIGEN can be started via its initscript, by issuing: /etc/init.d/axigen start
The above installation steps apply for the following distributions: Debian 3.1 architecture
2.2.4. Installing under Debian 4.0 and Ubuntu
In order to install the AXIGEN Mail Server on Debian 4.0 and Ubuntu follow these instructions:
1. Unzip installation file
Issue the following command, in the same directory as the downloaded file, to unzip the installation file: tar xzvf <install kit file>
For example, to unpack the AXIGEN installation file for Debian architecture type the command below in the directory where the file is located: tar xzvf axigen-6.0.0.i386.deb.tar.gz
2. Installation
In order to install the DEB package, you must issue (while logged in as root) the following command, from the same directory with the deb file: dpkg -i axigen_version-build_i386.deb
For instance, the corresponding command for the 6.0 AXIGEN version will be: dpkg -i axigen_6.0.0-1_i386.deb
After the installation, no daemons or related application will be started.
3. Configuration
Before you start AXIGEN, you need to configure it. You can do that by modifying the main configuration file and the other specific configuration files (please refer to the README file from the installation kit for more information about their names and locations). More information about each configuration setting can be found in the sample configuration files installed by default, as comments.
4. Start AXIGEN
In Debian, AXIGEN can be started via its initscript, by issuing: /etc/init.d/axigen start
These same instructions also apply to the Ubuntu distribution.
31
Copyright © 2008 Gecad Technologies S.A.
http://www.axigen.com
AXIGEN System Administrator's Manual
The above installation steps apply for the following distributions: Debian 4.0 Ubuntu Server 6.06, 6.10, 7.04, 7.10
2.2.5. Installing under Gentoo
In order to install the AXIGEN Mail Server on Gentoo follow these instructions:
1. Unzip installation file
Issue the following command, in the same directory as the downloaded file, to unzip the installation file: tar xzvf <install kit file>
For example, to unpack the AXIGEN installation file for Gentoo architecture, type the command below in the directory where the file is located: tar xzvf axigen-6.0.0.i386.ebuild.tar.gz
2. Installation
In order to install the ebuild package, you must issue the following commands (while logged in as root) from the same directory as the ebuild file: ./prepare.sh emerge axigen
After the installation, no daemons or related applications are started.
3. Configuration
Before you start AXIGEN, you need to configure it. You can do that by modifying the main configuration file and the other specific configuration files (please refer to the README file from the installation kit for more information about their names and locations). More information about each configuration setting can be found in the sample configuration files installed by default, as comments.
4. Start AXIGEN
In Gentoo, AXIGEN can be started via its initscript, by issuing: /etc/init.d/axigen start
Several settings for the AXIGEN initscript are available via the following file (please read the comments from this file for information about using them): /etc/conf.d/Axigen
The above installation steps apply for the following distributions: Gentoo 2006.1, 2007
2.2.6. Installing under Slackware
In order to install the AXIGEN Mail Server on Slackware, follow these instructions:
1. Unzip installation file
Issue the following command, in the same directory as the downloaded file, to unzip the installation file: tar xzvf <install kit file>
32
Copyright © 2008 Gecad Technologies S.A.
http://www.axigen.com
AXIGEN System Administrator's Manual
For example, to unpack AXIGEN TGZ for the Slackware architecture, type the command below in the directory where the file is located: tar xzvf axigen-6.0.0.i386.slack.tar.gz
2. Installation
In order to install the Slackware TGZ package, you must issue (while logged in as root) the following command, from the same directory with the tgz file: installpkg axigen-version.i386-1.tgz
For instance, the corresponding command for the 6.0 AXIGEN version will be: installpkg axigen-6.0.0-i386-1.tgz
After the installation, no daemons or related applications are started.
3. Configuration
Before you start AXIGEN, you need to configure it using the AXIGEN Configuration Wizard. For more details on this subject see the Automated Configuration with AXIGEN Configuration Wizard section.
4. Start AXIGEN
In Slackware, AXIGEN can be started via its initscript, by issuing: /etc/rc.d/rc.axigen start
In order to start AXIGEN initscript at boot time, you need to add the following line in the /etc/rc.d/rc.local file: [ -x /etc/rc.d/rc.axigen ] && /etc/rc.d/rc.axigen start
and set the executable bit for the script: chmod +x /etc/rc.d/rc.axigen
2.3. Installing on BSD AXIGEN is available for several BSD platforms: FreeBSD, NetBSD and OpenBSD. As a general rule, for BSD platforms, the install command is: pkg_add axigen-version.tgz
2.3.1. Installing on FreeBSD
In order to install the AXIGEN Mail Server on FreeBSD, follow these instructions:
1. Unzip installation file
Issue the following command, in the same directory as the downloaded file, to unzip the installation file: tar xzvf <install kit file>
For example, to unpack AXIGEN TGZ for the FreeBSD architecture type the command below in the directory where the file is located: tar xzvf axigen-6.0.0.i386.freebsd.tar.gz
2. Installation
Issue (while logged in as root), the following command, from the same directory as the tgz file: pkg_add axigen-version.tgz
33
Copyright © 2008 Gecad Technologies S.A.
http://www.axigen.com
AXIGEN System Administrator's Manual
For instance, the corresponding command for the 6.0 AXIGEN version will be: pkg_add axigen-6.0.0.tgz
After the installation, no daemons or related application will be started.
3. Configure AXIGEN
Before you start the AXIGEN server, you need to configure it. You can do that by modifying the main configuration file and the other specific configuration files (please refer to the README file from the installation kit for more information about their names and locations).
More information on each configuration setting can be found in the sample configuration files installed by default, as comments.
4. Start the AXIGEN server
In FreeBSD, the AXIGEN server can be started via its initscript, by issuing: /usr/local/etc/rc.d/axigen.sh start
2.3.2. Installing on NetBSD
In order to install the AXIGEN Mail Server on NetBSD, follow these instructions:
1. Unzip installation file
Issue the following command, in the same directory as the downloaded file, to unzip the installation file: tar xzvf <install kit file>
For example, to unpack AXIGEN TGZ for the NetBSD architecture, type the command below in the directory where the file is located: tar xzvf axigen-6.0.0.i386.netbsd.tar.gz
2. Installation
In order to install the NetBSD package, you must issue (while logged in as root), the following command from the same directory as the tgz file: pkg_add axigen-version.tgz
For instance, the corresponding command for the 6.0 AXIGEN version will be: pkg_add axigen-6.0.0.tgz
After the installation, no daemons or related application will be started.
3. Configure AXIGEN
Before you start the AXIGEN server you need to configure it. You can do that by modifying the main configuration file and the other specific configuration files (please refer to the README file from the installation kit for more information about their names and locations).
More information about each configuration setting can be found in the sample configuration files installed by default, as comments.
34
Copyright © 2008 Gecad Technologies S.A.
http://www.axigen.com
AXIGEN System Administrator's Manual
4. Start the AXIGEN server
In NetBSD, the AXIGEN server can be started via its initscript, by issuing: /etc/rc.d/axigen start
2.3.3. Installing on OpenBSD 4.1
In order to install the AXIGEN Mail Server on OpenBSD 4.1, follow these instructions:
1. Unzip installation file
Issue the following command, in the same directory as the downloaded file, to unzip the installation file: tar xzvf <install kit file>
For example, to unpack AXIGEN TGZ for the OpenBSD 4.1 architecture, type the command below in the directory where the file is located: tar xzvf axigen-6.0.0.i386.openbsd41.tar.gz
2. Installation
In order to install the OpenBSD package, you must issue (while logged in as root), the following command, from the same directory as the tgz file: pkg_add axigen-version.tgz
For instance, the corresponding command for the 6.0 AXIGEN version will be: pkg_add axigen-6.0.0.tgz
After the installation, no daemons or related application will be started.
3. Configure AXIGEN
Before you start the AXIGEN server, you need to configure it. You can do that by modifying the main configuration file and the other specific configuration files (please refer to the README file from the installation kit, for more information about their names and locations).
More information about each configuration setting, can be found in the sample configuration files installed by default, as comments.
4. Start the AXIGEN server
In OpenBSD, the AXIGEN server can be started via its initscript, by issuing: /usr/local/bin/axigen.sh start
The above installation steps apply for the following distributions: OpenBSD 4.1
2.3.4. Installing on OpenBSD
In order to install the AXIGEN Mail Server on OpenBSD, follow these instructions:
1. Unzip installation file
Issue the following command, in the same directory as the downloaded file, to unzip the installation file: tar xzvf <install kit file>
35
Copyright © 2008 Gecad Technologies S.A.
http://www.axigen.com
AXIGEN System Administrator's Manual
For example, to unpack AXIGEN TGZ for the OpenBSD architecture type the command below in the directory where the file is located: tar xzvf axigen-6.0.0.i386.openbsd.tar.gz
2. Installation
In order to install the OpenBSD package, you must issue (while logged in as root), the following command from the same directory as the tgz file: pkg_add axigen-version.tgz
For instance, the corresponding command for the 6.0 AXIGEN version will be: pkg_add axigen-6.0.0.tgz
After the installation, no daemons or related application will be started.
3. Configure AXIGEN
Before you start the AXIGEN server, you need to configure it. You can do that by modifying the main configuration file and the other specific configuration files (please refer to the README file from the installation kit, for more information about their names and locations).
More information about each configuration setting can be found in the sample configuration files installed by default, as comments.
4. Start the AXIGEN server
In OpenBSD, the AXIGEN server can be started via its initscript, by issuing: /usr/local/bin/axigen.sh start
The above installation steps apply for the following distributions: OpenBSD 4.2
2.4. Installing on Solaris i386 and Sparc In order to install the AXIGEN Mail Server on Solaris, follow these instructions:
1. Installation
In order to install the Solaris/SunOS package, you must issue (while logged in as root), the following command, from the same directory as the AXIGEN uncompressed installation kit: gunzip axigen-version.tar.gz tar xvf axigen-version.tar pkgadd -d .
For instance, for the 6.0 AXIGEN version the corresponding command will be:
For Solaris i386: gunzip axigen-6.0.0.i386.solaris.tar.gz tar xvf axigen-6.0.0.i386.solaris.tar pkgadd -d .
For Solaris Sparc: gunzip axigen-6.0.0.sparc.solaris.tar.gz tar xvf axigen-6.0.0.sparc.solaris.tar pkgadd -d.
36
Copyright © 2008 Gecad Technologies S.A.
http://www.axigen.com
AXIGEN System Administrator's Manual
After the installation, no daemons or related application will be started.
2. Configuration
Before you start the AXIGEN server you need to configure it. You can do that by modifying the main configuration file and the other specific configuration files (please refer to the README file from the installation kit for more information about their names and locations).
More information about each configuration setting can be found in the sample configuration files installed by default, as comments.
3. Start the AXIGEN server
In Solaris/SunOS, the AXIGEN server can be started via its initscript, by issuing: /etc/init.d/axigen start
2.5. Uninstalling under Linux This section provides instructions on how to uninstall the AXIGEN Mail Server under all available Linux distributions.
2.5.1. Uninstalling under RHEL, Fedora Core, Mandriva /Mandrake and SUSE (gcc3, gcc4)
To uninstall the AXIGEN mail server under RHEL, Fedora Core, Mandriva/Mandrake and SUSE:
1. Remove the AXIGEN RPM package
In order to remove the AXIGEN package and its related files and directories issue the following command, while logged in as root: rpm -e axigen
The command explained above will also stop the AXIGEN daemon.
2. Optional: Remove the rest of the files/directories
The command from the first step does not automatically remove the files that were modified after the installation (such as configuration files), non-empty directories and other files or directories that were not created as a result of the installation. All the files and/or directories that are contained in the following locations must be deleted manually: /etc/opt/axigen/ /var/opt/axigen/
The above installation steps apply for the following gcc3 distributions: Redhat Enterprise Linux 3 and 4 SUSE Linux Enterprise Server 9 and the following gcc4 distributions: Fedora Core 7 or 8 SUSE Linux 10.0 or higher Mandriva 2007.0 or higher
37
Copyright © 2008 Gecad Technologies S.A.
http://www.axigen.com
AXIGEN System Administrator's Manual
2.5.2. Uninstalling under Debian / Ubuntu
To uninstall AXIGEN under Debian or Ubuntu, go through the following steps:
1. Remove the AXIGEN package
In order to remove AXIGEN package and its related files and directories, you have two options:
o while logged in as root, issue the command: dpkg -P AXIGEN (to "purge" the package - this is the recommended option)
o while logged in as root, issue the command: dpkg -r AXIGEN (to "remove" the package).
These commands also stop AXIGEN daemon.
2. Optional: Remove the rest of the files/directories
The commands at Step 1 do not automatically remove the files that were modified after the installation (such as configuration files), non-empty directories and other files or folders that were not created as a result of the installation. All the files and/or directories that are contained in the following locations must be deleted manually: /etc/opt/axigen/ /var/opt/axigen/ /opt/axigen/
2.5.3. Uninstalling under Gentoo
Here are the steps to be taken in order to uninstall AXIGEN under Gentoo:
1. Remove AXIGEN ebuild package
In order to remove AXIGEN package and its related files and directories issue the following command, while logged in as root: emerge --unmerge AXIGEN
This command also stops the AXIGEN daemon.
2. Optional: Remove the rest of the files/directories
The command at Step 1 does not automatically remove the files that were modified after the installation (such as configuration files), non-empty directories and other files or folders that were not created as a result of the installation. All the files and/or directories that are contained in the following locations must be deleted manually: /etc/opt/axigen/ /var/opt/axigen/ /opt/axigen/
2.5.4. Uninstalling under Slackware
Here are the steps to be taken in order to uninstall AXIGEN under Slackware:
1. Remove the AXIGEN Slackware TGZ package
In order to remove the AXIGEN package and its related files and directories issue the following commands, while logged in as root:
38
Copyright © 2008 Gecad Technologies S.A.
http://www.axigen.com
AXIGEN System Administrator's Manual
First, stop the AXIGEN daemon: /etc/rc.d/rc.axigen stop
Then remove AXIGEN package: removepkg axigen-version-i386
For instance, to remove AXIGEN version 6.0.0, the corresponding command will be: removepkg axigen-6.0.0-i386
2. Optional: Remove the rest of the files/directories
The command at Step 1 does not automatically remove the files that were modified after the installation (such as configuration files), non-empty directories and other files or folders that were not created as a result of the installation. All the files and/or directories that are contained in the following locations must be deleted manually: /etc/opt/axigen/ /var/opt/axigen/ /opt/axigen/
Also, you can remove the following line from the /etc/rc.d/rc.local: [ -x /etc/rc.d/rc.axigen ] && /etc/rc.d/rc.axigen start
2.6. Uninstalling under BSD The generic command used to uninstall the AXIGEN Mail Server for BSD platforms is: pkg_delete axigen-version
2.6.1. Uninstalling under FreeBSD
To uninstall AXIGEN Mail Server, follow these instructions:
1. Remove the AXIGEN package
In order to remove the AXIGEN package and its related files and directories issue the following commands, while logged in as root:
First, stop the AXIGEN daemon: /usr/local/etc/rc.d/axigen.sh stop
Then remove the package pkg_delete axigen-version
To uninstall version 6.0.0 the corresponding command is: pkg_delete axigen-6.0.0
2. Optional: Remove the rest of the files/directories
The command from the first step does not automatically remove the files that were modified after the installation (such as configuration files), non-empty directories and other files or folders that were not created as a result of the installation. These files must be removed manually.
39
Copyright © 2008 Gecad Technologies S.A.
http://www.axigen.com
AXIGEN System Administrator's Manual
2.6.2. Uninstalling under NetBSD
To uninstall AXIGEN Mail Server, follow these instructions:
1. Remove the AXIGEN package
In order to remove the AXIGEN package and its related files and directories issue the following commands, while logged in as root:
First, stop the AXIGEN daemon: /etc/rc.d/axigen stop
Then remove the package: pkg_delete axigen-version
For AXIGEN Mail Server version 6.0.0 the corresponding command would be: pkg_delete axigen-6.0.0
2. Optional: Remove the rest of the files/directories
The command at the first step does not automatically remove the files that were modified after the installation (such as configuration files), non-empty directories and other files or folders that were not created as a result of the installation. These files must be removed manually.
2.6.3. Uninstalling under OpenBSD
To uninstall AXIGEN Mail Server, follow these instructions:
1. Remove the AXIGEN package
In order to remove the AXIGEN package and its related files and directories issue the following commands, while logged in as root:
First, stop the AXIGEN daemon: /usr/local/bin/axigen.sh stop
Then remove the package: pkg_delete axigen-version
To remove AXIGEN Mail Server version 6.0.0, the corresponding command is: pkg_delete axigen-6.0.0
2. Optional: Remove the rest of the files/directories
The command from the first step does not automatically remove the files that were modified after the installation (such as configuration files), non-empty directories and other files or folders that were not created as a result of the installation. These files must be removed manually.
40
Copyright © 2008 Gecad Technologies S.A.
http://www.axigen.com
AXIGEN System Administrator's Manual
2.7. Uninstalling under Solaris Here are the steps to be taken in order to uninstall AXIGEN under Solaris:
1. Remove the AXIGEN package
In order to remove the AXIGEN package and its related files and directories issue the following commands, while logged in as root:
First, stop the AXIGEN daemon: /etc/init.d/axigen stop
Then remove the package: pkgrm GCADAxigen
2. Optional: Remove the rest of the files/directories
The command from the first step does not automatically remove the files that were modified after the installation (such as configuration files), non-empty directories and other files or folders that were not created as a result of the installation. These files must be removed manually.
2.8. Starting / Stopping / Restarting the Server This section lists common commands meant to start / stop / restart the server the axigenfilters script for various Linux distributions and FreeBSD.
The 'axigenfilters' script manages (starts, stops and restarts) the Bundled SpamAssassin, the AXiMilter, the AXIGEN Signing Module and the AXIGEN Verifying Module. For the 'axigenfilters' script commands, replace axigen with axigenfilters in all the commands below.
1. Linux
• For RedHat, Debian, Gentoo and SUSE distributions
You can start the server with the following command: /etc/init.d/axigen start
To stop the server issue: /etc/init.d/axigen stop
In order to restart the AXIGEN daemon (in order to reload the new configuration settings, for instance), you can use the 'restart' parameter: /etc/init.d/axigen restart
To view the status of the AXIGEN demon, you can pass the 'status' parameter: /etc/init.d/axigen status
• In Slackware use the same commands applied to the /etc/rc.d/rc.axigen initscript, instead of /etc/init.d/axigen. For instance, to start the server issue: /etc/rc.d/rc.axigen start
2. FreeBSD
In FreeBSD, the AXIGEN server can be started via its initscript, by issuing: usr/local/etc/rc.d/axigen.sh start
3. Solaris
In Solaris/SunOS, the AXIGEN server can be started via its initscript, by issuing: etc/init.d/axigen start
41
Copyright © 2008 Gecad Technologies S.A.
http://www.axigen.com
AXIGEN System Administrator's Manual
To stop the server, you can issue: /etc/init.d/axigen stop
In order to restart the AXIGEN daemon, you can use: /etc/init.d/axigen restart
To reload the AXIGEN daemon (i.e. for new configuration settings to take effect), you can pass the 'reload' parameter to the initscript: /etc/init.d/axigen reload
To view the AXIGEN daemon status, you can pass the 'status' parameter: etc/init.d/axigen status
2.9. Initial Server Configuration This section describes basic server configurations that you need to do in order to get your server up and running: setting the admin password, enabling the Web configuration interface, creating a domain and adding accounts. Some of these actions can also be performed automatically using the AXIGEN Configuration Wizard, also described in this section.
2.9.1. Setting the Admin Password
Before accessing the WebAdmin interface it is mandatory to set the password for the AXIGEN admin account. To do that, go through these steps:
1. If the AXIGEN server is running, first stop it, using the following command: /etc/init.d/axigen stop
2. Run AXIGEN only with -A (or --admin-passwd) option.
3. Example: /opt/axigen/bin/axigen -A <password>
4. Restart the server. /etc/init.d/axigen restart
Note: Currently you can use this password only with the admin username.
For details on how to set the password using the Configuration Wizard, see the corresponding section.
2.9.2. Logging on to the WebAdmin Interface
In AXIGEN 6.0, the WebAdmin service is enabled by default. The WebAdmin module, according to the default configuration listens to the 9000/tcp port. When typing in the IP/port combination to WebAdmin in your browser, the following login window will be displayed:
42
Copyright © 2008 Gecad Technologies S.A.
http://www.axigen.com
AXIGEN System Administrator's Manual
To configure the WebAdmin service for remote access, you can either do so when configuring it within the AXIGEN Configuration Wizard, or by modifying the IP/port combination in the axigen.cfg configuration file. For the configuration file option, follow the procedure below:
1. In the webadmin {} context, configure the default listener: webadmin = { ... listeners = ( { address = 127.0.0.1:9000 enable = yes ... }
2. You need to set in the listener's address parameter the IP address of the machine on which AXIGEN is installed. Or, you can set this parameter to 0.0.0.0 (in this case, the listener will listen to all machine interfaces). When accessing the AXIGEN WebMail, you need to replace the 127.0.0.1 IP from the URL with the IP address of the machine on which the AXIGEN Mail Server is installed. For example, if the machine running AXIGEN has the 192.168.1.1 IP address, change the IP/port data under Server->WebAdmin->Listeners->Address to match your IP/port: server { ... webadmin { ... listeners = ( { ... address = 192.168.1.1:9000 enable = yes
Remember to reload your AXIGEN Mail Server after each change in the configuration files.
3. Check the system log file(s) for confirmation that the WebAdmin service is correctly loaded. The system log file should display a message similar to the one below: ...INFO: WEBADMIN: listener added 192.168.1.1:9000 ...SUCCESS: WEBADMIN: started
You can now login to WebAdmin. Start your favorite browser and enter the IP/port pair you have configured. In the example set above, the default address is http://192.168.1.1:9000. Login using the admin username and the password you have previously set.
For details on how to set the WebAdmin interface automatically, see the AXIGEN Configuration Wizard section.
2.9.3. Creating a New Domain
The AXIGEN mail server stores each created domain in a unique domain location. The default location in AXIGEN is /var/opt/axigen/domains (for Linux/Solaris) and /var/axigen/domains (for *BSD).
Important! When creating domains, one message storage location with the default 32GB size is recommended for each predicted 20GB of message occupied storage space. For larger spaces, additional message storage locations should be created or the default parameters modified in order to increase total average size for the location to correspond to the number of 20GB storages you need. It is recommended that the occupied space is 2/3 out of the storage location size.
43
Copyright © 2008 Gecad Technologies S.A.
http://www.axigen.com
AXIGEN System Administrator's Manual
You can add multiple message storage locations using WebAdmin (when creating the domain) or CLI (within the domain creation context). After creating the domain, additional locations cannot be added. When using CLI, the command to create multiple message storage locations is as follows: ADD MessagesLocation <path>
To create a new Domain, please follow the steps presented below:
1. Click on the Manage Domains tab. The following page is displayed.
2. To add a new domain hit the Add Domain button displayed in the upper right corner
of the Domain list. 3. Type the name of your domain in the New domain name text box.
Note: AXIGEN is RFC compliant in terms of characters you can use when creating new domains and/or accounts. Please refer to the relevant RFC standard, Internet message format, available for instance on http://www.faqs.org/rfcs/rfc2822.html.
4. Specify a password to protect the selected domain in the Postmaster Password text area or click the Set Random button to select a random password combination. When using this button the password randomly assigned is displayed under it.
5. Check the Enable MACL Support option so users in belonging to this domain will be able to set different permission levels on their folders in order to share them.
6. Only on domain creation you have the option to configure storage location details by clicking the Show button. Detailed information on storage is available in the corresponding Mail Server Architecture chapter.
7. Hit the Quick Add button to have the domain created with all the default parameters.
44
Copyright © 2008 Gecad Technologies S.A.
http://www.axigen.com
AXIGEN System Administrator's Manual
6. Hit the Advanced Config button to edit the domain-specific parameters according to your preferences. The following pages will be displayed:
7. Press the Save Configuration button (lower window section) to save your changes.
You have successfully created a new domain. You can see the domains you have created on the server at any time by clicking the Manage Domains tab.
Note: After defining your first domain, it will be set as primary domain. This will be considered your default domain for all incoming mail. You can make any domain primary at any time by pressing the corresponding Make primary button in the Domain list.
To find out more about Domain configuration, see Domains section.
2.9.4. Adding an Account to an Existing Domain
To add a new account to an existing domain:
1. In the WebAdmin page click on Manage Accounts tab. 2. Click on the domain for which you want to display the existing accounts or to add a
new account. In the screenshot below no domain was selected.
3. In order to create a new account click the Add Account button. The domain you are creating the account in is displayed in the Domain name field if you have already selected a certain domain. If you press the Add Account button prior to the domain selection you will have to type the desired domain. Specify a name for the account
45
Copyright © 2008 Gecad Technologies S.A.
http://www.axigen.com
AXIGEN System Administrator's Manual
you are creating in the Account Name text field. Type a password of choice in the Account password text field or click the Set Random button to select a random password combination. When using this button the password randomly assigned is displayed under it.
4. To add the account press the Quick Add button. For advanced account settings click the Advanced Config link and the pages below will be displayed:
5. Press the Save Configuration button to save your changes.
You have successfully added the 'patricia.miller' account to the 'mycompany.com' domain. For further details on accounts advanced settings, see the Accounts section.
46
Copyright © 2008 Gecad Technologies S.A.
http://www.axigen.com
AXIGEN System Administrator's Manual
2.9.5. Automated Configuration with AXIGEN Configuration Wizard
Aiming to enhance, simplify and render the initial setup automatic, starting with version 1.2.6 the AXIGEN Mail server includes the AXIGEN Configuration Wizard. In eleven easy steps the wizard enables system administrators to instantly set the admin password, configure the primary domain and set up an interface for the WebAdmin management tool and also for the POP3 and IMAP services. These actions were previously performed partly manually, partly using the WebAdmin interface.
The AXIGEN Configuration Wizard is provided as part of all the AXIGEN Mail Server 6.0 installation packages, available for download on the AXIGEN site.
Firstly, the wizard needs to be launched by issuing one of the following commands, depending on the platform you have installed the AXIGEN Mail Server on:
1. On Solaris and all Linux platforms: /opt/axigen/bin/axigen-cfg-wizard
2. On OpenBSD and FreeBSD: /usr/local/bin/axigen-cfg-wizard
3. On NetBSD: /usr/pkg/bin/axigen-cfg-wizard
1. Configuring the Admin Password After launching the AXIGEN Configuration Wizard, the first step you are prompted to take is specify the admin password. The password is required and therefore system administrators must type at least one character.
Use the Password field to type your password and the Validate field to retype it for validation.
To move from one field to another, please use the Tab or Enter keys. To proceed to the next step, when located on the Next button, press the Enter key.
2. Configuring your Primary Domain The next stage of running the wizard consists in configuring AXIGEN’s primary domain. The wizard will automatically detect the machine’s FQDN (Fully Qualified Domain Name) and based on it will propose the domain name as primary. If no domain can be detected, the default ‘localdomain’ will be displayed. System administrators can edit the fields of this tab at any time.
In the Primary Domain field, the wizard will display the automatically detected domain. Use the Domain Location field to edit the default storage path for the primary domain,
47
Copyright © 2008 Gecad Technologies S.A.
http://www.axigen.com
AXIGEN System Administrator's Manual
/var/opt/axigen/domains. To configure the primary domain password for the account postmaster, use the Postmaster account password field.
To move from one field to another, please use the Tab or Enter keys. To proceed to the next step, when located on the Next button, press the Enter key. 3. Alias Configuration When running the wizard, this steps allows system administrators to select the alias they would like to configure for the primary domain defined at the previous step. There are three available options:
• Redirect all mails for root account to postmaster
• Add the 'localhost' alias to this domain • Add the 'localhost.localdomain' alias to
this domain
To select or deselect one of the listed options, press Enter. 4. Configuring the WebAdmin Interface
This following step performed by the AXIGEN Configuration Wizard is to select the WebAdmin Interface. The wizard will list all the existing interfaces with their respective IP addresses and ports, enabling system administrators to select a listener for WebAdmin. In the previous versions, the WebAdmin was initially accessed on its default listener, http://127.0.0.1:9000/.
Select one of the listed interfaces, then move to the OK button (using the Tab or Enter keys) and then press Enter again. If you choose the first option, all, all the listed interfaces will be used as listeners for the WebAdmin management tool. If you choose a different interface, you will be prompted to confirm the choice you have made. 5. Configuring the SMTP Interface The next step performed by the AXIGEN Configuration Wizard is to select the SMTP Interface. The wizard will list all the existing interfaces with their respective IP addresses and ports, enabling system administrators to select a listener for SMTP.
Select one of the listed interfaces, then move to the OK button (using the Tab or Enter keys) and then press Enter again. If you choose the first option, all, all the listed interfaces will be used as listeners for the SMTP service. If you choose a different interface, you will be prompted to confirm the choice you have made.
48
Copyright © 2008 Gecad Technologies S.A.
http://www.axigen.com
AXIGEN System Administrator's Manual
6. Services Selection The sixth step of the automatic configuration process allows system administrators to select the active services for the AXIGEN server. For each of the selected services, POP3, IMAP or WebMail, further settings are available within the following steps. If none of the three services is enabled, the wizard will skip directly to step 10 of the configuration. To select or deselect one of the listed options, press Enter.
7. Configuring the POP 3 Interface The next step performed by the AXIGEN Configuration Wizard is to select the POP3 Interface. The wizard will list all the existing interfaces with their respective IP addresses and ports, enabling system administrators to select a listener for the POP3 service.
Select one of the listed interfaces, then move to the OK button (using the Tab or Enter keys) and then press Enter again. If you choose the first option, all, all the listed interfaces will be used as listeners for the POP3 service. If you choose a different interface, you will be prompted to confirm the choice you have made. 8. Configuring the IMAP Interface Step 8 performed by the AXIGEN Configuration Wizard is to select the IMAP Interface. The wizard will list all the existing interfaces with their respective IP addresses and ports, enabling system administrators to select a listener for the POP3 service.
Select one of the listed interfaces, then move to the OK button (using the Tab or Enter keys) and then press Enter again. If you choose the first option, all, all the listed interfaces will be used as listeners for the POP3 service. If you choose a different interface, you will be prompted to confirm the choice you have made.
9. Configuring the WebMail Interface For the next step, the AXIGEN Configuration Wizard will allow system administrators to select the WebMail Interface. The wizard will list all the existing interfaces with their respective IP addresses and ports, enabling system administrators to select a listener for the WebMail service.
49
Copyright © 2008 Gecad Technologies S.A.
http://www.axigen.com
AXIGEN System Administrator's Manual
Select one of the listed interfaces, then move to the OK button (using the Tab or Enter keys) and then press Enter again. If you choose the first option, all, all the listed interfaces will be used as listeners for the WebMail service. If you choose a different interface, you will be prompted to confirm the choice you have made.
10. Configuring Relay Policies The AXIGEN Configuration Wizard will then prompt system administrators to select the networks allowed to relay emails through the AXIGEN server without prior authentication. To select or deselect one of the listed options, press Enter.
When one of the available networks is selected, a script configuring a Relay Policy is automatically created. For details on Relay Polices, please see the corresponding section of the online documentation.
11. Sendmail Wrapper Configuration This configuration steps is required if system administrators want command line applications such as mailix to be able to send emails via AXIGEN. Such applications use the Sendmail Wrapper which thus needs to be configured to work correctly with AXIGEN.
The Wizard describes in detail the actions taken when selecting "Yes" at this step.
The Wizard will initially display a message prompting you to wait for the changes to be applied to your existing configuration and will then respond with a successful operation message. After completing these steps, the wizard will display a message summarizing the steps just taken. It will also instruct system administrators to start the AXIGEN service and then access the WebAdmin interface on the selected IP-port combination. Troubleshooting Firstly, on some distributions, the operating system sets the console display encoding to UTF-8. Thus all the wizard’s messages would be displayed incorrectly. For troubleshooting, please consult this Knowledgebase article.
Secondly, if any other message except the successful one is displayed by the wizard after taking the configuration steps, please contact the AXIGEN Support team at [email protected].
50
Copyright © 2008 Gecad Technologies S.A.
http://www.axigen.com
AXIGEN System Administrator's Manual
Chapter 3. Mail Server Architecture AXIGEN is an integrated service SMTP, IMAP, POP, secured SSL/TLS, WebMail and list server, integrating advanced technologies and messaging services.
Services and Modules AXIGEN Mail Server is an Internet-based mail server that provides messaging services over the Internet via connections using a Transmission Control Protocol/Internet Protocol (TCP/IP) network. AXIGEN Mail Server sends mail messages using the Simple Mail Transfer Protocol (SMTP). The messages can be retrieved using the Post Office Protocol version 3 (POP3), the Internet Message Access Protocol (IMAP) and WebMail. AXIGEN Mail Storage integrates a proprietary technology that allows storing messages in a special directory structure, guaranteeing an effective, fast mail flow and optimizing space-saving.
Architecture Features AXIGEN incorporates a multi-threaded engine, which can break server activity into multiple parallel processing threads. This enables system administrators to allocate a certain number of processing threads to specific modules (SMTP incoming / SMTP outgoing / WebMail / IMAP, etc.) Running services can be configured at service, domain and account level.
Most AXIGEN services (SMTP Incoming, SMTP Outgoing, POP, IMAP, WebMail) make use of configurable listeners to define rules for accepting or denying connections.
Administration Tools The administration tools enable both centralized configuration (WebAdmin and Command Line Interface) and manual configuration (configuration file).
For each service described in the Architecture chapter, configuration options are available in each of these tools (WebAdmin, CLI and the configuration file, axigen.cfg).
Security AXIGEN incorporates an advanced filtering system and other innovative security tools (Antivirus, AntiSpam, Antispoofing - SPF Authentication, SSL/TLS authentication).
Highly configurable logging and reporting services are also available, and an FTP Backup service allowing you to securely backup and restore your domain and user configuration.
Below you can find a schema illustrating all AXIGEN components.
51
Copyright © 2008 Gecad Technologies S.A.
http://www.axigen.com
AXIGEN System Administrator's Manual
3.1. Generic Server Configuration In AXIGEN, there are a number of generic server settings referring to overall server behavior and functionalities, such as Running services, SSL and DNR related settings.
3.1.1. Running Services
AXIGEN is a modular server running either as integrated service server or with certain services inhibited.
When using AXIGEN as main mail server, it is recommended to run all services provided by AXIGEN - Processing, SMTP Incoming, SMTP Outgoing, POP3, IMAP, WebMail, WebAdmin, CLI, Log, Report, FTP Backup - in order to take full benefit of functionalities offered by the server. By default, when installing mail services the following services will be running: SMTP, IMAP, POP3, WebMail and WebAdmin. SMTP stands for all AXIGEN SMTP services: SMTP Incoming, SMTP Outgoing and Processing.
To see configuration options on this parameter see the Configure the Running Services section.
A similar option is available in WebAdmin at domain and account/mail list level with relevant choices for the respective level - see the Domains&Accounts section for configuration options.
3.1.2. Other Generic Server Parameters
Primary domain In AXIGEN Mail Server you can specify a primary domain name, and than add as many domains (secondary domains) as your license type allows.
The primary domain is the default domain for your mail server. This means that email sent to "user_name" will automatically be transmitted to "user_name@primarydomain"
The primary domain default value is the result of the 'getdomainname' function, which is the current domain name (local domain).
SSL Random File In order to establish SSL connections, a file containing entropy data is used for generating random numbers. The path to this file needs to be defined in the Server Global settings. SSL parameters are also provided when defining listeners (see corresponding section). For more information on SSL in AXIGEN, see Authentication and Encryption.
For more information on how to set generic server parameters using WebAdmin, see Configure the Running Services.
52
Copyright © 2008 Gecad Technologies S.A.
http://www.axigen.com
AXIGEN System Administrator's Manual
3.1.3. DNR Settings
AXIGEN includes a Domain Name Resolver (DNR) module used to extract information from domain servers. The module implements the specifications from RFC1034 and RFC1035 and communicates with Domain Name Servers using UDP sockets on port 53.
AXIGEN services using DNR:
• The SMTP Receiving service uses DNR for performing the SPF tests (this action involves PTR and TXT queries).
• The SMTP Sending service queries DNR for MX and A information about the domain where to relay the mail messages.
Logging All AXIGEN main services can log different types of events. The system administrator can specify what events are logged, where and how they are logged.
See Logging service for more details on logging in AXIGEN.
DNR Options In this section you can configure the time period after the first DNR query is closed, maximum number of DNR query retries to be executed and number of results (IP addresses) cached for each DNR query type to be executed.
Nameservers When performing DNR searches AXIGEN uses a list of known nameservers (specified in the OS configuration). In order to limit bandwidth and time consumed with DNS traffic a list of known hosts can be defined. Different priority values can be assigned to nameserver IP’s to set the order in which you wish to query nameservers (the servers with the higher priority are queried first).
For information on how to configure these parameters, please see DNR Tab.
3.2. Services and Modules This section includes brief overviews of all services and modules included in AXIGEN Mail Server.
3.2.1. SMTP Receiving
The SMTP Receiving module in AXIGEN establishes the dialogue with other entities via SMTP/ESMTP protocols, receives the mail message (if all conditions set by the System Administrator are fulfilled) and forwards the mail message to the Processing module.
53
Copyright © 2008 Gecad Technologies S.A.
http://www.axigen.com
AXIGEN System Administrator's Manual
This module protects the Mail Server against attacks and ensures a good functionality (adjusted to the processing power of the hardware, the bandwidth, and other factors) due to functions as configurable listeners, thread and client management, user authentication and a built-in SPF authentication procedure.
In AXIGEN, at SMTP Receiving level, SPF tests are being performed, thus ensuring basic email sorting before reaching the queue. The SMTP Receiving module accepts connections as specified by SMTP listeners defined in the configuration file, receives the message and performs the SPF test. If the message passes the test it is placed in the Queue. By default the server accepts connections on 127.0.0.1:25.
Listeners Listeners can be defined and managed to add extra flexibility and configurability to this service. For that, global access limitations, SSL Settings and access lists can be enforced on the address used by this service for binding.
Access Control Access rules allow you to control connection to this service by defining simple access lists for specific Networks / IP Ranges / IP’s. Service level access rules are automatically applied to all its listeners and will override for this service any existing Global Access rules.
Authentication Authentication is a method for preventing non-desirable actions by granting access to AXIGEN server's SMTP Receiving features to authenticated users only.
Note: The AXIGEN server supports authentication, meaning it can be instructed to accept only connections/messages from authenticated entities. However, not all mail clients support this feature. If your mail client does not support SMTP authentication, this feature will not be available.
SMTP-Receiving Authentication parameters allow you to specify the authentication methods to be used for secured or unsecured connections. The available types are: Plain, Login, CramMD5, DigestMD5 and/or GSSAPI.
For information on how to configure authentication parameters for SMTP-Receiving using the SMTP filtering system, see Acceptance and Routing Advanced Settings.
Message Acceptance Rules At SMTP-connection level message acceptance rules can be configured and implemented to best suit security requirements. Incoming connections established via SMTP and the message flow can be easily managed, using already established policies, to help save space and resources for email processing.
The Message Acceptance Rules section provides more details on this subject.
Flow Control Flow control parameters can be adjusted to fine tune the server’s performance and avoid overloading it. Global access limitations to this listener can be enforced by setting the total number of simultaneous connections, concurrent connections from each remote IP address, number of new connections to the listener made in a time period interval, number of total connections from each remote IP address on a time interval period. The default interval for this time period is set to 1 minute.
54
Copyright © 2008 Gecad Technologies S.A.
http://www.axigen.com
AXIGEN System Administrator's Manual
Milter As an additional security enhancement, the SMTP Policy system can call external milter type filters. More information on functions defined for using external Milter filters are available in the SMTP Functionalities (I) chapter.
Logging All AXIGEN main services can log different types of events. The system administrator can specify what events are logged, where and how they are logged.
See Logging service for more details on logging in AXIGEN.
Email Loop Protection To prevent looping emails from increasing your mail server's traffic set a number of maximum received headers for all received emails.
Error Control To protect the server the number of failed/wrong commands, received from SMTP clients during one session, can be limited. When these limits are exceeded, incomplete connections or connections that are not RFC compliant will be dropped thus freeing important bandwidth.
Important! If you do not specify a limit for the maximum number of (authentication) errors allowed for a SMTP client's session, security risks may arise.
Thread Management AXIGEN Mail Server is designed to run on different machine configurations and operating systems, on networks with various traffic loads, structures, domain configurations, user rights etc. That is why, depending on all these variables, you can adapt the workload to the server’s processing power to improve its performance or avoid overload by setting the minimum and maximum number of threads that can be opened at a specific moment of time.
For more details on how to configure SMTP Receiving parameters using WebAdmin see SMTP Receiving Tab.
3.2.2. Processing
The Processing module manages the mail messages, transmitted from the SMTP Incoming and WebMail modules, in the AXIGEN Queue and delivers them to AXIGEN Storage (for local delivery) and to the SMTP Sending module (for external delivery).
55
Copyright © 2008 Gecad Technologies S.A.
http://www.axigen.com
AXIGEN System Administrator's Manual
The processing module interacts with:
1. the IMAP module uses the AXIGEN Processing module for Append operations executed on mailboxes;
2. the WebMail module uses the AXIGEN Processing module for Compose operations (after the message is composed, it is placed in AXIGEN Queue);
Logging All AXIGEN main services can log different types of events. The system administrator can specify what events are logged, where and how they are logged.
See Logging service for more details on logging in AXIGEN.
Email Delivery In case message can not be delivered for some non-critical reason, it can be re-scheduled, meaning AXIGEN will try to re-send it after a defined time interval is elapsed. AXIGEN mail scheduling feature can be adjusted in terms of: first delivery retry timeout for an email, stop doubling retry timeout when it reaches and max. number of retries.
Delivery Reports Temporary and permanent delivery error reports can be configured to be sent automatically when reaching a number of failed delivery attempts. The message can be customized by setting a specific notification sender, subject, beginning and ending body, or appending variables. Also the headers or even the entire original message can be set to be attached to your notification.
Queue Parameters The messages received from SMTP clients are stored in a queue that is processed by AXIGEN according to specific rules. Different operations can be executed on this queue, such as inspecting the queue, specifying/modifying the path where the queue is stored, setting the maximum number of queue subdirectories, processing size (number of messages) and number of local delivery threads for local SMTP transactions.
Note: Currently any change in the parameters specific to the Processing module requires a sever restart to become effective.
Message statuses A message in the queue can have one of the following statuses:
• Incoming: The message is currently being received. It has not been treated in either way by AXIGEN.
• Received: The email has been received. No action has been taken on it yet. • Processing: Message processing is underway. • Processed: The email processing ended, successfully or not. If the message is
successfully processed, the next specific action (for instance delivery) specified for the message is carried out. If the email processing ends unsuccessfully, the message remains in Processed status.
• Sending: The process of sending the message is underway. • Send Failure: The email sending failed. • Sent: The message has been sent. • Raw received: The email was received from the WebMail module.
56
Copyright © 2008 Gecad Technologies S.A.
http://www.axigen.com
AXIGEN System Administrator's Manual
• Relay error: The SMTP Sending module did not manage to send the message to the addressing server.
• Local error: The SMTP Sending module did not manage to send the email to the AXIGEN Storage.
• Filter reject: The message was rejected by a configured filter. • Filter discard: The email was deleted by a filter without any notification. • Cleanup error: The NDR message could not be send to the sender. • New mail: The email has just arrived in the queue. • Removed: The message was deleted. • IO Error: The message could not be read from the disk.
For more details on how to configure Processing parameters using WebAdmin see Processing Tab.
3.2.3. SMTP Sending
The SMTP Sending module is responsible for sending messages directly to message recipients. AXIGEN SMTP Sending uses DNR (Domain Name Resolver) for mapping domain names to IP addresses and includes complete rescheduling procedures.
By default, AXIGEN is configured not to allow open relaying. This means that the server does not automatically dispatch mail that is neither for nor from a local user. By using client management, SMTP Sending blocks spammers' attempts to relay large quantities of mail.
Routing Rules Configuring Routing Rules allows system administrators to customize SMTP Sending actions for all or a part of the transmitted email communication. For further information, see Routing Rules in the Mail Server Security chapter.
If AXIGEN fails to send messages to a specific domain because this domain was down for some time, when the domain is up again, the first message that goes successfully to that domain will also queue the rest of the pending messages from the queue and will force delivery of all messages.
Logging All AXIGEN main services can log different types of events. The system administrator can specify what events are logged, where and how they are logged.
See Logging service for more details on logging in AXIGEN.
57
Copyright © 2008 Gecad Technologies S.A.
http://www.axigen.com
AXIGEN System Administrator's Manual
Thread Management AXIGEN Mail Server is designed to run on different machine configurations and operating systems, on networks with various traffic loads, structures, domain configurations, user rights etc. That is why, depending on all these variables, you can adapt the workload to the server’s processing power to improve its performance or avoid overload by setting the minimum and maximum number of threads that can be opened at a specific moment of time.
For more details on how to configure SMTP Sending parameters using WebAdmin see SMTP Sending Tab.
3.2.4. POP3
AXIGEN POP3 module establishes connection with POP3 clients and retrieves mail messages from the storage unit. The server accepts connections as specified by the POP3 listeners defined in the configuration file. By default the server accepts connections on 127.0.0.1:110 .
In AXIGEN the POP3 module works as follows:
• shows only the messages that existed in the mailbox when the mailbox was opened; • keeps zombie copies for the messages deleted during the current session; the
module shows them as zero size messages, and the module reports an error when a client application tries to retrieve a deleted message;
• messages are retrieved using the RETR command and the message is marked with the "Seen" flag (you can view this flag when using an IMAP or WebMail client);
Note: The server only manages mail messages in AXIGEN Storage format. For more information on this format, please consult the AXIGEN Storage section.
Listeners Listeners can be defined and managed to add extra flexibility and configurability to this service. For that, global access limitations, SSL Settings and access lists can be enforced on the address used by this service for binding.
Access Control Access rules allow you to control connection to this service by defining simple access lists for specific Networks / IP Ranges / IP’s. Service level access rules are automatically applied to all its listeners and will override for this service any existing Global Access rules.
58
Copyright © 2008 Gecad Technologies S.A.
http://www.axigen.com
AXIGEN System Administrator's Manual
Flow Control Flow control parameters can be adjusted to fine tune the server’s performance and avoid overloading it. Global access limitations to this listener can be enforced by setting the total number of simultaneous connections, concurrent connections from each remote IP address, number of new connections to the listener made in a time period interval, number of total connections from each remote IP address on a time interval period. The default interval for this time period is set to 1 minute.
Logging All AXIGEN main services can log different types of events. The system administrator can specify what events are logged, where and how they are logged.
See Logging service for more details on logging in AXIGEN.
Encryption and Authentication Various authentication types can be used in AXIGEN for IMAP secured (SSL/TLS) or unsecured connections. Possible options are: normal login, plain, login, CramMD5, DigestMD5 and GSSAPI. By default, all these methods are selected (all types of authentication are allowed).
Error Control To protect the server the number of failed/wrong commands, received from POP3 clients during one session, can be limited. When these limits are exceeded, incomplete connections or connections that are not RFC compliant will be dropped thus freeing important bandwidth.
Important! If you do not specify a limit for the maximum number of (authentication) errors allowed for a POP3 client's session, security risks may arise.
Thread Management AXIGEN Mail Server is designed to run on different machine configurations and operating systems, on networks with various traffic loads, structures, domain configurations, user rights etc. That is why, depending on all these variables, you can adapt the workload to the server’s processing power to improve its performance or avoid overload by setting the minimum and maximum number of threads that can be opened at a specific moment of time.
Compatibility with various POP3 Mail Clients AXIGEN has been thoroughly tested and it is proven to work with Mozilla, Outlook, Outlook Express, ThunderBird, The BAT!, Eudora. For information on how to set up your POP3 account, see the corresponding section of the AXIGEN website.
For more details on how to configure POP3 parameters using WebAdmin see POP3 Tab.
59
Copyright © 2008 Gecad Technologies S.A.
http://www.axigen.com
AXIGEN System Administrator's Manual
3.2.5. IMAP
AXIGEN IMAP module establishes connection with IMAP clients and retrieves mail messages from the storage unit. The server accepts connections as specified by the IMAP listeners defined in the configuration file. By default the server accepts connections on 127.0.0.1:143 .
The IMAP module now implements a new extension, QUOTA, as described by the RFC 2087 standard. IMAP clients implementing the QUOTA extension can display mail box quota for a specific user account. So far, users were able to find out what their current mailbox quota was (space occupied/total space) only via WebMail.
Listeners Listeners can be defined and managed to add extra flexibility and configurability to this service. For that, global access limitations, SSL Settings and access lists can be enforced on the address used by this service for binding.
Access Control Access rules allow you to control connection to this service by defining simple access lists for specific Networks / IP Ranges / IP’s. Service level access rules are automatically applied to all its listeners and will override for this service any existing Global Access rules.
Flow Control Flow control parameters can be adjusted to fine tune the server’s performance and avoid overloading it. Global access limitations to this listener can be enforced by setting the total number of simultaneous connections, concurrent connections from each remote IP address, number of new connections to the listener made in a time period interval, number of total connections from each remote IP address on a time interval period. The default interval for this time period is set to 1 minute.
Logging All AXIGEN main services can log different types of events. The system administrator can specify what events are logged, where and how they are logged.
See Logging service for more details on logging in AXIGEN.
60
Copyright © 2008 Gecad Technologies S.A.
http://www.axigen.com
AXIGEN System Administrator's Manual
Encryption and Authentication Various authentication types can be used in AXIGEN for IMAP secured (SSL/TLS) / unsecured connections. Possible options are: normal login, plain, login, cram-md5, digest-md5 and gssapi. By default, all these methods are selected (all types of authentication are allowed).
Error Control To protect the server the number of failed/wrong commands, received from IMAP clients during one session, can be limited. When these limits are exceeded, incomplete connections or connections that are not RFC compliant will be dropped thus freeing important bandwidth.
Important! If you do not specify a limit for the maximum number of (authentication) errors allowed for a IMAP client's session, security risks may arise.
Thread Management AXIGEN Mail Server is designed to run on different machine configurations and operating systems, on networks with various traffic loads, structures, domain configurations, user rights etc. That is why, depending on all these variables, you can adapt the workload to the server’s processing power to improve its performance or avoid overload by setting the minimum and maximum number of threads that can be opened at a specific moment of time.
Compatibility with various IMAP Mail Clients AXIGEN has been thoroughly tested and it is proven to work with Mozilla, Outlook, Outlook Express, ThunderBird, The BAT!, Eudora. For information on how to set up your IMAP account, see the corresponding section of the AXIGEN website.
Public Folders Users may now share email messages by simply copying and/or moving them to a public folder. System administrators can also associate a certain email address with a public folder. Thus, emails can be sent directly to the public folder, archiving options being also available.
Internationalized Search When running an IMAP search for any IMAP client, the search text may contain language-specific characters (i.e. using diacritics).
For more details on how to configure IMAP parameters using WebAdmin see IMAP Tab.
3.2.6. Logging
Log Service Overview AXIGEN offers an extremely flexible logging service, allowing you to select among different logging levels (how detailed the information logged should be), logging types (internal, external and system services are available) and where to store the information logged. You can set all these options for each AXIGEN TCP service and for the Log Service itself. The Log Service is responsible with collecting events relevant for the System Administrator. You can log (internally, remotely or using the system log) the activity of all services available in AXIGEN.
AXIGEN Log Service can log internal data coming from other AXIGEN modules/services or data coming from the UDP port 2000 (default option). This data can be logged in the same
61
Copyright © 2008 Gecad Technologies S.A.
http://www.axigen.com
AXIGEN System Administrator's Manual
location or in different locations for separate services, depending on the configuration applied by the system administrator.
For AXIGEN Log service, you can also specify the following information:
• on what address the Log listener should be listening (see the Log Listener section for more information);
• what hosts should be rejected by the Log service (using the listener denyRules, a priority and an enable/disable switch);
• what hosts should be accepted by the Log service (using the listener allowRules, a priority and an enable/disable switch).
Log Types AXIGEN modules should define the log type using the "logtype" parameter, which can have any single values from the following three:
- "internal", - "remote" or - "system" log.
Use the "internal" option to send events to the Log Service running on the same AXIGEN server. The Server should have the Log Service activated.
Use the "remote" option to send events to a Log Service running in another AXIGEN server, remotely, at the address specified using the "hostname" attribute. This AXIGEN Server must have the Log Service activated.
Use the "system" option to send events to the syslog (for instance sysklogd) with facility "LOG_MAIL" and levels mapped as:
• 0 - no message sent • 1 - LOG_CRIT • 2 - LOG_ERR • 4 - LOG_WARNING • 8 - LOG_INFO • 16 - LOG_DEBUG
AXIGEN Log levels In AXIGEN the events are organized in 6 categories and you can select which category of events to collect. AXIGEN modules must define the "loglevel" parameter. In order to specify the desired sets of events to log you have to specify the correspondent log levels or a combination of thereof. The log levels in AXIGEN Mail Server are:
• 0: no messages are logged • 1: log critical messages • 2: log errors • 4: log warnings • 8: log informative messages • 16: log protocol communication
and the corresponding one-time combinations. Therefore the accepted values for the loglevel parameter are from 0 to 31.
Example 1 - Combining log levels in AXIGEN Mail Server: If you set loglevel=15 = 1+2+4+8
62
Copyright © 2008 Gecad Technologies S.A.
http://www.axigen.com
AXIGEN System Administrator's Manual
AXIGEN Mail Server will log the following information: critical errors and errors and warnings and information.
Example 2 Disabling the log service for one AXIGEN service Remember the log service is configured separately for AXIGEN Mail Server main services (IMAP, POP3, SMTP Incoming), so if you set loglevel = 0 in the IMAP log service section, no data for that specific service will be logged by the Log Server for the AXIGEN IMAP service. However, the Log server will continue logging other AXIGEN Mail Server services according to the settings defined for logging the respective services.
Logging format The format used for data logging is the following: 'date hostname modulename:sessionId: user_message\n'
AXIGEN Log service then transforms this data in a format similar to the one described below: 'date loglevel hostname modulename:sessionId: user_message\n' 05-19 17:08:01 0300 08 johnd-l SMTP:00000005: connection accepted from [127.0.0.1]
Example of log service configuration using the axigen.cfg file: • loglevel = 01-31 • hostname = 'yourcompany.com' (this is the result of the standard 'hostname'
command) • modulename = 'SMTP' (other accepted values are: POP3, IMAP, WEBMAIL, RELAY,
PROCESSING) • sessionId (this is an UINT value written in hexa incremented separately for each
connection of a protocol. For the processing module, as there is no relevant protocol, the value is currently 0; future versions will provide however as value the ID of the message in the working queue.
• loglevel is a 5 bits mask for the following values: LOG_none = 0x00, /// critical LOG_crit = 0x01, /// errors LOG_err = 0x02, /// warnings LOG_warn = 0x04, /// information LOG_info = 0x08, /// log protocol communication LOG_proto = 0x10,
Rules Log Rules are used to define circumstances under which certain restrictions will be imposed on log files and the log level. Rules can be associated with host names, module names or both. For instance, a rule can be defined in order to specify the size, duration and number of old files kept for logs generated on a certain host, for a certain module (e.g. SMTP In). An ordered list is created with all log rules configurations using the 'priority' parameters as ordering key.
You can define the Log rules at the AXIGEN main module's level, in the corresponding sections of the configuration file.
The Log Service will check if the information sent by the modules is the information that is supposed to receive, according to the Log Service configuration.
63
Copyright © 2008 Gecad Technologies S.A.
http://www.axigen.com
AXIGEN System Administrator's Manual
A log rule set includes the following information:
• the rule's priority ("1" means the rule has the highest priority possible) • the hostname of the user of this rule • the module of the user of this rule • the level of log generated by the user of this log • the name of the destination file • the maximum size of the destination file in KB • the maximum duration the destination file is used in seconds • the maximum number of old files (saved) to be kept • the rotate period (how often a new log file is created - daily, monthly, yearly)
Attributes of the Log service AXIGEN Log service can log internal data coming from other modules/services or data coming from the UDP port 2000 (default value). This data can be logged in the same location or in different locations for separate services, depending on the configuration applied by system administrator.
AXIGEN main modules must define the log type to be used by that specific module. The definition is executed via the "logtype" parameter that can have any of the following three values: "internal", "remote" or "system" log.
The value for the loglevel parameter from the log clients (the services sending information for logging to AXIGEN Log service) specifies for themselves the log levels sent to the Log service.
The value for the loglevel parameter from the log service's rule specifies the log levels accepted by the service from clients.
Therefore if:
• clientlevel = 15 (the log level specified in the SMTP-In service page in WebAdmin for instance)
and
• rulelevel = 9 (the log level specified in the rule defined for the SMTP-In module)
the Log service will only log the lines on level 9 (critical information), even if the information retrieved from client also contains errors and warnings (this information is ignored).
For information on how to configure log rules using WebAdmin, see the Adding and Editing Log Rules.
3.2.7. Reporting
The reporting service can help you check server activity at global traffic and module level. The server jobs can be overseen by assigning the reporting service to collect data for parameters such as:
- Inbound WebMail Connections - IMAP Append Requests - POP3 Inbound Connection - Queue Size - SMTP Outbound Connections - SYSTEM Load Average - Messages rejected by built-in filters
64
Copyright © 2008 Gecad Technologies S.A.
http://www.axigen.com
AXIGEN System Administrator's Manual
and many others.
Data is temporary collected according to the time value, called synctime, (defined in the Data Collection section of the Reporting Service tab) and placed into a buffer. For each collected parameter, the buffer size is equal to the integer value from the division of the aggregation interval to the data collection time. For instance, if synctime is 120 seconds and aggregation interval is 25 minutes, 12 samples will be collected each 2 minutes.
For each type of report, the aggregation function (average, maximum, minimum, total) is applied to the temporary data in the buffer and the result is stored in the database, the buffer is emptied and the process is repeated as many times as defined in the aggregation interval. Using the same example (and considering that the aggregation function is ‘average’), after 25 minutes the arithmetic mean of the 12 samples is computed, stored in the database and the buffer is reset.
After the database filled all its records the newest value will replace oldest one, meaning the database rotates. Thus databases have fixed sizes and fixed periods of time, the size is equal to the value defined by the Rotate database after storing parameter and the time is equal to the product of the aggregation interval and number of collected values. For instance, in the above example considering that the number of collected samples is 7, the size of the database will be 7 in terms of number of stored values and 7 X 25 = 175 minutes in terms of time.
History for each collected parameter is displayed in a chart. The administrator can control some of the chart’s properties such as colors and line styles from the ‘Display settings’ tab of the ‘Configure Chart’ section.
The displayed chart has the following properties:
• Ox axis: o Scale: 1 hour, 1 day or 1 week, the first larger value than the aggregation
interval X the rotate database parameter. So it is possible that the displayed interval is larger than the collected data interval, in this case the graphic the zone where there is no collected data will be empty.
o Origin: the oldest value in the database o Value: timestamp for each collected value
• Oy axis: o Scale: selected automatically based on the highest value in the interval o Origin: 0 o Value: the collected value associated with the timestamp on the Ox axis
For information on how to modify reporting settings as well as to define your own set of reporting data and graphics see the Reporting Tab chapter. For details on charts view in WebAdmin see Charts Tab.
3.2.8. WebMail
AXIGEN WebMail establishes connection with the mail server via Web browsers, sends and retrieves mail messages to and from the storage unit.
AXIGEN WebMail works with major web browsers such as Internet Explorer and Mozilla. With this module the users can securely access their mailboxes from Internet browsers, while the system administrators are in complete control of the content, functionality and look of the web pages.
65
Copyright © 2008 Gecad Technologies S.A.
http://www.axigen.com
AXIGEN System Administrator's Manual
Listeners Listeners can be defined and managed to add extra flexibility and configurability to this service. For that, global access limitations, SSL Settings and access lists can be enforced on the address used by this service for binding.
Access Control Access rules allow you to control connection to this service by defining simple access lists for specific Networks / IP Ranges / IP’s. Service level access rules are automatically applied to all its listeners and will override for this service any existing Global Access rules.
Flow Control Flow control parameters can be adjusted to fine tune the server’s performance and avoid overloading it. Global access limitations to this listener can be enforced by setting the total number of simultaneous connections, concurrent connections from each remote IP address, number of new connections to the listener made in a time period interval, number of total connections from each remote IP address on a time interval period. The default interval for this time period is set to 1 minute.
Logging All AXIGEN main services can log different types of events. The system administrator can specify what events are logged, where and how they are logged.
See Logging service for more details on logging in AXIGEN.
HTTP Protocol Options WebMail allows you to set HTTP limits for any request made to the WebMail service. This prevents you from automatically accepting excessive amounts of data (HTTP headers, HTTP body and upload data).
WebMail Options To facilitate login procedures for multi-domain environments, AXIGEN implements login domain selection. Users can select the domain from a drop-down list and then login with their username and password only.
66
Copyright © 2008 Gecad Technologies S.A.
http://www.axigen.com
AXIGEN System Administrator's Manual
To better manage security and resource related issues persistent connections can be allowed/denied and time limits on active/idle sessions imposed.
Thread Management AXIGEN Mail Server is designed to run on different machine configurations and operating systems, on networks with various traffic loads, structures, domain configurations, user rights etc. That is why, depending on all these variables, you can adapt the workload to the server’s processing power to improve its performance or avoid overload by setting the minimum and maximum number of threads that can be opened at a specific moment of time.
Other AXIGEN WebMail Features include: • Complex customization - simple change of skin and behavior; • Easy to use, secure and user-friendly – due to Features like tree structure for
folders view, common actions applied on folders (rename, delete, move, create), built in HTTP server etc.;
• Server Side Scripting Language - called HSP, used to generate HTML code; • Personal Address Book - WebMail Contacts give users the possibility to select
recipients from their personal contact list when composing new email messages. New addresses can be added to the existing address book either manually or automatically, when receiving new emails;
• Personal Organizer - comprises tools such as calendar, tasks, journal, notes and collaborative support. Through AXIGEN Outlook Connector, the Personal Organizer is synchronized between Outlook and AXIGEN's WebMail;
• Public Address Book - contains contacts set at domain level, that are also available when composing an email;
• Automatic filters and replies – can be set trough WebMail interface wizards. Vacation/ out-of-office messages can be defined and enabled to be sent automatically as a response to all received emails.
• Internationalized search and multiple languages support - language-specific characters can now be used when running a search;
• Public folders - users may now share email messages by simply copying and/or moving them to a public folder. System administrators can also associate a certain email address with a public folder. Thus, emails can be sent directly to the public folder, archiving options being also available.
• Compose while attach - using IFrame technology users can continue the Compose action while attaching files to their messages.
• URL redirect rules and virtual host support - URL redirect rules are used for redirecting plain connections established on one listener towards a secure domain:port location. Redirects can also be used to redirect connections from a specified listener to a virtual host. This way, several domain names can be defined for the same IP address and several domains hosted on one single IP. This is useful, for instance, when you wish to have two different WebMail login pages for two different local domains hosted at the same IP.
• HTML mail filtering levels - parses the HTML code from the e-mails and generates a safer (i.e. removes possibly unsafe scripts) and cleaner (i.e. converts to XHTML-like) HTML code. This provides WebMail account users with the ability to set the HTML filtering level to be applied to all mail in HTML format.
For more details on how to configure WebMail parameters using WebAdmin see WebMail Tab.
67
Copyright © 2008 Gecad Technologies S.A.
http://www.axigen.com
AXIGEN System Administrator's Manual
3.2.9. Storage
AXIGEN Storage is a specific file structure with index based access allowing fast mail delivery, retrieve and query.
AXIGEN Mail Storage checks the consistency of the messages placed in the storage and empties the queue only if the mail message is correctly stored.
All domain and user configuration along with user messages are stored in AXIGEN specific storage.
Each AXIGEN storage is defined by three elements:
• Storage directory: the directory where all storage file will be created • Max. file size: maximum size of a data file (Storage Container). The default value is
256 MB. • Max. files: maximum number of files. The default value is 128 files.
Therefore the maximum capacity of each storage is Max. file size * Max. files and the default capacity is 32 GB.
Inside storage directory, a list of files, named with 2 hexa digits followed by the .hsf extension -- e.g. 2A.hsf -- are created. There is also a file named hsf.dat which contains an unique id of the storage and the relation with other storages of the same domain. This information is useful in case some of the storage directories are moved to other locations.
Another feature of AXIGEN storage is that it supports transactions, so that some critical operations of domain configuration changes are made safely.
Filling the Containers When a Storage Container approaches its maximum size, (defined by the Max. file size parameter), another Storage Container will be created and the new messages will be stored herein. If the number of Storage Containers reaches the maximum value (defined by the Max. files parameter) and all of them have reached the maximum size, the storage is considered full and no more messages will be inserted.
The data in the Storage Containers is written in blocks of 4KB, therefore usually the files size is a multiple of 4KB. These memory blocks are called nodes. Smaller blocks of memory are also available, for message parts smaller than 4KB. These smaller blocks are called formatted nodes.
Each storage file can contain a maximum of 16 millions messages, and the maximum theoretical file size is 64GB (some limitations might apply, depending on your system configuration; currently AXIGEN limits this maximum size to 2GB). There can be maximum 128 files in one storage, and one domain can have over 4 billion message storages defined.
The actual maximum capacity in terms of total message count and size depends on the specific messages in the storage. For more details, see Domains section.
For each domain, at least three storages are used:
• one storage for domain configuration, where all domain specific configuration, the public folder and the list of domain objects (users, maillist, forwarders, etc) are stored;
• one storage for domain objects configuration, where all domain objects configurations and folders are stored;
68
Copyright © 2008 Gecad Technologies S.A.
http://www.axigen.com
AXIGEN System Administrator's Manual
• one or more storages for messages, where all mails and other data associated with mails are stored; it is recommended to define each message storage on a different physical disk, since AXIGEN will use these storages in parallel.
Space saving filling procedure The storage files with more free space have a priority when it comes to selecting the files in which a new message is added. The usage of the free space is also enhanced by message deletion.
Each message in a storage file is identified by a pointerID (type UINT). The information related to these pointers-to-messages is stored in the same storage file.
3.2.10. FTP Backup Service
AXIGEN Mail Server provides a FTP backup/restore service meant to enable regular backup operations for your entire domain and user configuration. This service is based on FTP (File Transfer Protocol, standard RFC 959).
The FTP Backup service allows using any FTP client (including standard Web browsers) in order to connect to the backup machine using the admin username and password. You can replicate the entire domain and user (accounts, lists forwarders, folder recipients) folder structure on the backup machine. The FTP service generates a virtual structure, from which you can retrieve files whenever you need them.
The directory structure created by the FTP service is similar to the one given below:
/ domains -> domains root director |-example.org -> domain name directory |-domainRegistry.bin -> domain config file (binary) |-domainCoreConfig.cfg -> domain config file (text) |-users -> users root directory |-postmaster -> user directory |-Registry.bin -> user config file (binary) |-CoreConfig.cfg -> user config file (text) |-folders -> user folders root directory |-INBOX -> user folder |-... -> other user folders |-maillists -> maillists root directory |-... -> same folder structure as for `users |-forwarders -> forwarders root directory |-... -> same folder structure as for `users' |-publicFolder -> domain public folder root
Listeners Listeners can be defined and managed to add extra flexibility and configurability to this service. For that, global access limitations, SSL Settings and access lists can be enforced on the address used by this service for binding.
69
Copyright © 2008 Gecad Technologies S.A.
http://www.axigen.com
AXIGEN System Administrator's Manual
Access Control Access rules allow you to control connection to this service by defining simple access lists for specific Networks / IP Ranges / IP’s. Service level access rules are automatically applied to all its listeners and will override for this service any existing Global Access rules.
Flow Control Flow control parameters can be adjusted to fine tune the server’s performance and avoid overloading it. Global access limitations to this listener can be enforced by setting the total number of simultaneous connections, concurrent connections from each remote IP address, number of new connections to the listener made in a time period interval, number of total connections from each remote IP address on a time interval period. The default interval for this time period is set to 1 minute.
Logging All AXIGEN main services can log different types of events. The system administrator can specify what events are logged, where and how they are logged.
See Logging service for more details on logging in AXIGEN.
Error Control To protect the server the number of failed/wrong commands, received from FTP clients during one session, can be limited. When these limits are exceeded, incomplete connections or connections that are not RFC compliant will be dropped thus freeing important bandwidth.
Important! If you do not specify a limit for the maximum number of (authentication) errors allowed for a FTP client's session, security risks may arise.
Thread Management AXIGEN Mail Server is designed to run on different machine configurations and operating systems, on networks with various traffic loads, structures, domain configurations, user rights etc. That is why, depending on all these variables, you can adapt the workload to the server’s processing power to improve its performance or avoid overload by setting the minimum and maximum number of threads that can be opened at a specific moment of time.
For more details on how to configure FTP Backup parameters using WebAdmin see Backup and Restore Tab.
3.2.11. RPOP Service
The AXIGEN RPOP module establishes remote POP connections to already existing email accounts and retrieves all incoming traffic to the AXIGEN account.
Each AXIGEN account user can configure and add RPOP connections when connected to WebMail. In order to establish such a connection, the user must specify the hostname and port for the existing email account and the username and password required to login. Users can choose the folder to which the retrieved emails will be directed, the time interval between subsequent retrievals and if the email is deleted from the remote account or not after being transferred. Encryption options are also available.
More details about adding and configuring RPOP connections are available in the Configuring WebMail RPOP Connections section.
70
Copyright © 2008 Gecad Technologies S.A.
http://www.axigen.com
AXIGEN System Administrator's Manual
Logging All AXIGEN main services can log different types of events. The system administrator can specify what events are logged, where and how they are logged.
See Logging service for more details on logging in AXIGEN.
Thread Management AXIGEN Mail Server is designed to run on different machine configurations and operating systems, on networks with various traffic loads, structures, domain configurations, user rights etc. That is why, depending on all these variables, you can adapt the workload to the server’s processing power to improve its performance or avoid overload by setting the minimum and maximum number of threads that can be opened at a specific moment of time.
For more details on how to configure Remote POP parameters using WebAdmin see RPOP Tab.
3.3. Connectivity and Threading All AXIGEN modules implement a set of connectivity and threading functionalities and features that make it faster and easier to manage.
3.3.1. Listeners
AXIGEN Mail Server can use different Listeners for its TCP services (SMTP Receiving, POP3, IMAP, WebMail, WebAdmin, CLI and FTP Backup) and UDP services (Log and Reporting).
Listeners are network points of entry, associated with an interface address and port number that grant access to a specific TCP or UDP service.
Listeners add extra flexibility and configurability to each AXIGEN service, as they can be used to grant differentiated access to the same services for different categories of users (e.g users within a specific domain). Moreover, listeners can be associated with a variety of rules that allow defining specific limitations for connections coming from IPs within specified IP sets.
Listeners can be defined, using various parameters corresponding to that TCP service, from the configuration file (as of type "TcpListener" OBJECT-SET) or through WebAdmin (the web configuration interface). UDP service listeners have fewer parameters associated as connection related parameters do not apply to them.
The following attributes are available for each listener:
• address - the "point of entry" address and port number
• enable - specifies whether the listener is enabled or not (this way you won't have to delete the listener when you want to discontinue its use)
• max. number of simultaneous connections and max. number of new connections in a defined time interval (seconds/minutes/hours/days) - parameters specifying limitations for network connections accepted for this listener
• max. connections from each remote IP address and max. connections from each remote IP address in a defined time interval (seconds/minutes/hours/days) - parameters specifying limitations for network connections from the same IP address accepted for this listener
71
Copyright © 2008 Gecad Technologies S.A.
http://www.axigen.com
AXIGEN System Administrator's Manual
TCP listeners can also be set to support SSL connections. Further SSL parameters are available for TCP listeners in AXIGEN:
• allowed SSL versions • certificate file • Max. chain verification depth • Use Ephemeral Key • Request certificate-based authentication from client
and others.
Below you can find a scheme for a quick understanding of the Log listeners: (in this context ':' can be translated as 'of type'):
TCP service: • 'listeners' : 'TcpListener' OBJECT-SET • 'allowRules' : 'TcpAllowRule' OBJECT-SET • 'denyRules' : 'IpRule' OBJECT-SET
UDP service:
• 'listeners' : 'IpListener' OBJECT-SET
For more information about the usage of these parameters in WebAdmin and specific details on their values and how to set them see Adding and Editing TCP Listeners. You can also configure listeners using the CLI tool, for more information see Configuring AXIGEN using CLI.
3.3.2. Rules
Different rules can be associated with listeners, meant to sort connections based on various parameters, and to reject (deny rules) or accept (allow rules) them accordingly. Using deny and allow rules you can automatically accept/deny connections from specific IP addresses.
Allow/Deny Rules Allow/Deny rules enable you to specify the rules for accepting/rejecting connections when these connections follow the limitations imposed by the listener.
Allow/Deny Rules are defined using the following general attributes:
• specify a network/mask, IP range or single IP for which the reject/allow rule is applied • check or uncheck the 'enable' option to specify if the rule is enabled or not
You can then set priorities for when applying the rules and impose further connection limitations using the flow control parameters described below:
• max. number of simultaneous connections and max. number of new connections in a defined time interval (seconds/minutes/hours/days) - these parameters impose limitations on the number of connections initiated by any address within the rule IP set
• max. connections from each remote IP address and max. connections from each remote IP address in a defined time interval (seconds/minutes/hours/days) - these parameters impose limitations on the number of connections initiated by the same address within the rule IP set
72
Copyright © 2008 Gecad Technologies S.A.
http://www.axigen.com
AXIGEN System Administrator's Manual
Rule Enforcement Policy The policy for applying accept and deny rules for connections to listeners is described below:
1. The IP address from which the connection has been initiated is exposed. 2. AXIGEN verifies if this IP address is part of a set of IP addresses associated to one
or more deny rules; if yes, the deny rule with the highest priority (meaning LOWEST value for the priority attribute) is applied.
3. AXIGEN verifies if this IP address is part of a set of IP addresses associated to one or more accept rules; if yes, the accept rule with the highest priority (meaning LOWEST value for priority attribute) is applied.
4. If the IP address from which the connection has been initiated is associated only with a deny rule, the connection is denied (closed)
5. If the IP address from which the connection has been initiated is associated with both a deny AND an allow rule, the rule with the highest priority is applied. If the rule with the highest priority is a deny rule, the connection is denied (closed). If the rule with the highest priority is an allow rule, the limitations (if any) for the specified connections from the allow rule are applied. If the allow rule and the deny rule have the same priority, the connection is accepted.
6. If the IP address from which the connection has been initiated is associated only with an accept rule, the verifications defined for connections in the accept rule are applied, and if fulfilled, the connection is accepted.
After applying the limitations imposed by the rules, the global limitations defined at listener level are applied. Only then the connection is accepted (and the respective service protocol is applied on the accepted connection).
If no allow rule is defined for the IP address from which the connection has been initiated, then the connection is considered as fulfilling the rules and the verifications defined globally (if any) for the current listener are applied.
For details on how to configure rules using WebAdmin, see Adding and Editing TCP Rules. You can also configure Rules using CLI, for more details see Configuring AXIGEN using CLI.
3.3.3. Threads
AXIGEN has a multi-threaded engine which allows separate module thread allocation. Combined with Linux OS multi processor capabilities, the multi-threaded engine can break server activity into multiple parallel processing threads. By allocating a number of threads to certain modules, (SMTP Receiving / SMTP Sending / WebMail / IMAP, etc.) resource (memory/CPU) distribution is adapted to usage scenario (main mail server / backup server / gateway mail server) and hardware resources.
Thread allocation is performed using the connection thread control parameters available for most AXIGEN modules. Depending on your network specifications and conditions the workload can be adapted to the server's processing power, in order to prevent a system overload and/or improve its performance. More details on connection thread management using WebAdmin are available in each service description tab.
These parameters are also accessible for configuration in each service section from axigen.cfg (see Configuring AXIGEN using the Configuration File).
You can also configure connection thread parameters in each service context from CLI, for more information please see Configuring AXIGEN using CLI.
73
Copyright © 2008 Gecad Technologies S.A.
http://www.axigen.com
AXIGEN System Administrator's Manual
3.4. Clustering Support Having the system administrators' needs in mind, AXIGEN provides Clustering Support starting with version 3.0. Clustering support is based on OpenLDAP integration with AXIGEN and allows routing for the SMTP Incoming, POP3 Proxy and IMAP proxy services. This new feature enables system administrators to spread mailboxes on several AXIGEN servers and have a separate machine that routes POP3/IMAP connections to the appropriate mailbox server. Another important feature of the OpenLDAP integration with the AXIGEN Mail Server is the LDAP Authentication mechanism. This new method is available for all the AXIGEN services that require authentication: SMTP In, POP3, IMAP, WebMail, POP3 Proxy and IMAP Proxy.
For a detailed example on how to setup a high availability distributed solution see this related article: Implementing, Deploying and Managing a High Availability Distributed Solution on AXIGEN Mail Server.
3.4.1. Cluster Overview
This section includes a brief LDAP introduction, AXIGEN Mapping and Authentication systems, as well as front-end and back-end services setup in AXIGEN.
3.4.1.1. LDAP Introduction During the first stages of cluster planning the most important service that needs to be considered is the LDAP directory. The LDAP server will be a part of the cluster back-end section and will be set to make use of the high-availability clustering ability.
The directory services are required for routing and authentication purposes. Without it, the proxies cannot route traffic to the designated node that stores an account. There are two situations a cluster engineer can encounter while setting up a cluster:
• No LDAP / Active Directory service is available and needs to be set up. • A directory already exists and the cluster must be built around it.
NOTE: Although a directory service is highly recommended, a local file can be used to route traffic in the back-end. Using a local file can slow a cluster very much and the proxies will require updates each time the configuration changes. More details on this topic are available in the AXIGEN Mapping System chapter.
Setting up a new directory service for the cluster
This type of setup can be created quite fast. The directory service must be installed and configured according to the cluster requirements, using the recommended default values, to be integrated as smoothly as possible with AXIGEN. Once the service is running, the next phase of cluster deployment should start and the proxies set in place.
NOTE: Other fields can be added to the directory entries if the need arises. AXIGEN does not require exclusive access to any value or field, but merely relies on it to perform its tasks.
Integrating an existing directory service with the cluster
The toughest configuration scenario is the use of an already existing directory service within the cluster environment. There are special requirements that must be dealt with, such as directory and entry structure, as well as the information provided to the mail server during
74
Copyright © 2008 Gecad Technologies S.A.
http://www.axigen.com
AXIGEN System Administrator's Manual
normal operation. However, in most cases, to the existing entries some new fields need to be added and the already existing ones need to fit perfectly into the default entry model used by AXIGEN Mail Server. If AXIGEN and another application require the same field to have different types of values, then another, custom field, must be added to the entry structure to allow AXIGEN to behave as expected.
NOTE: AXIGEN Mail Server can integrate with almost any type of entry structure used by a directory service. The only drawback here is that fields must be added to every entry of the directory that AXIGEN will use and this can prove very difficult with some setups.
Starting with version 5.x recursive lookups in directories are available. Any user entries that require LDAP authentication should be inside the same group. The group itself can contain other user groups or the entries themselves.
3.4.1.1.1. Basic Directory Setup Entries in an LDAP Directory have a tree structure. These entries have their own attributes and unique identifiers. Attributes have names that are defined in the schemes used by the server. Unique identifiers are in fact the entry DN (distinguished name) containing an attribute (such as CN – common name) followed by the identifier of the parent entry.
If the cluster will use a new LDAP directory to perform the routing and authentication processes, a basic setup procedure is required to prepare the entries that are to be added. For the LDAP server to have a basic structural support for the entries it will hold, a basic configuration is required to be added, through an "ldapadd" command. This first entry will actually create an organization type of division in the directory and all other objects will be contained in this organization object. To create the object for the "example.tld" domain, use the following LDAP syntax:
dn: dc=example,dc=tld objectClass: dcObject objectClass: organization dc: example o: tld
Next, user objects that will be used by AXIGEN proxy services can be added in the newly created organization object. This is the entire initial setup the directory service requires, as a basic example. However, if more complex schemes need to be used, any number of branches can be defined.
NOTE: An LDIF file can be used to import this information into the directory. This helps prevent issues related to LDAP syntax and can save the cluster engineer a lot of time. NOTE: LDAP connectors defined in AXIGEN need to be configured accordingly so that looking information in the structure, that has just been created, is possible.
While adding the LDAP connector in the WebAdmin interface, certain settings need to be configured correctly, in such a manner, that the server can lookup information within the directory structure. The search base and search pattern are the most basic settings that control the way AXIGEN will perform the lookups. For the above example, using the same domain name, the values should be set as follows:
• Search Base: dc=example,dc=tld • Search Pattern: mail=%e
75
Copyright © 2008 Gecad Technologies S.A.
http://www.axigen.com
AXIGEN System Administrator's Manual
The search base actually represents the exact branch in the directory that AXIGEN will consider the parent containing all user entries. The search process will try to match the "mail" property content against the pattern being looked up. This search pattern should return only one entry for each user account looked up by the server. The default value should be more than sufficient for most setups and unless a very special setup is used, it should not be changed.
NOTE: For the search pattern to work with the above example, the "mail" property must exist for each user entry. No matches will be found in the directory if the property doesn’t exist.
3.4.1.1.2. LDAP Entry Structure AXIGEN will use the set search pattern to match an entry from the LDAP directory. If a match is found, the entry is analyzed and certain properties for the entry are used to perform the routing and authentication actions.
These properties need to be set in the LDAP connector options if they are required in the cluster setup. If they are missing the cluster will not function properly. In case the directory structure is already defined, the respective properties must be added to each user entry. If the directory is a fresh installation, each added user should have the properties defined beforehand. Below is an example of what a user LDIF file should contain for AXIGEN to use both routing and authentication for this user:
dn: cn=user1,dc=example,dc=tld objectClass: inetOrgPerson objectClass: inetLocalMailRecipient cn: user-account sn: user-account mail: [email protected]: user-account mailHost: 127.0.0.1
The first line specifies where the user entry will be added and where its actual location in the directory structure will be. The next two lines define what properties this entry will be allowed to use. The common name and the surname are next, followed by the three main properties used by AXIGEN proxy services:
• The "mail" property is defined in the LDAP connector settings that AXIGEN tries to match during the search process.
• The "userPassword" property will be used by AXIGEN in the authentication process.
• The "mailHost" property specifies the back-end server a user account is hosted on.
The properties are loaded from the schema files that LDAP uses through the "objectClass" definition lines. The fields can have different names, depending on the actual directory setup, but all of them can be set in the LDAP connector settings so that AXIGEN maintains its flexibility regarding already configured directory structures.
In the above example, the "mailHost" property is the one providing the routing information back to the AXIGEN proxy, thus it must exist for the cluster setup to work correctly. The "userPassword" property, however, is optional as the authentication process can be performed locally, on each back-end.
76
Copyright © 2008 Gecad Technologies S.A.
http://www.axigen.com
AXIGEN System Administrator's Manual
NOTE: All the properties for entries in the LDAP directory are case sensitive. Also, the values defined in AXIGEN LDAP connector settings should match the properties used for directory entries.
3.4.1.1.3. LDAP Authentication The authentication process in a clustering environment can be performed either on the front-end or back-end nodes. This is why, depending on the setup to be deployed, LDAP authentication may not be required. A good example of such setup is the one-tier cluster.
To delegate the authentication process to the proxy servers, a user password property must exist in all directory entries. Using the information stored in that field, the proxy service can compare the information provided by the client with what it found as a result of the lookup.
WARNING: If the authentication is set to be performed using LDAP and the property does not exist, or is not defined, the authentication process will always fail and the user will be locked out of his account permanently.
The password may contain information in one of the following formats:
• Clear text is a rather insecure method of storing passwords, but has very low processing power requirements. In addition, the speed at which the authentication process is performed is greater than for any of the other formats.
• Plain text will allow the password to be retrieved without binding to the LDAP server, but it will be encoded in base64 format. The password can easily be recovered if public access to the LDAP server is allowed.
• Encrypted hashes is the most secure method of storing passwords. However, they can be retrieved only by binding to the LDAP server using a privileged account. The connector should be set to bind and the account details should be filled in before attempting to use this format.
The authentication process takes place on the front-end systems only if LDAP authentication is enabled for the proxy services. The authentication itself is actually performed twice, once on the front-end and once on the back-end. This would appear useless, while in fact, with the help of the front-ends only valid authentication requests will reach the back-end systems. Another advantage for using front-end authentication is preventing third-parties from ever reaching the back-end systems directly. This is a very important security feature and should be enforced as often as possible.
NOTE: The authentication process depends on the success of the user entry lookup in the directory. If the account is not found, then the authentication process will fail. NOTE: LDAP Authentication can also be used for regular services on the back-end systems. This is actually recommended for speed increase and maintaining the overall cluster integrity and stability.
For more detailed information please see AXIGEN Authentication System and AXIGEN LDAP Authentication.
77
Copyright © 2008 Gecad Technologies S.A.
http://www.axigen.com
AXIGEN System Administrator's Manual
3.4.1.2. AXIGEN Mapping System Mapping information is required to establish the routing behavior in any AXIGEN cluster. The theory behind the mapping system is fairly simple: using the entry returned by the front-end query, the field referring to the mail host (back-end) is assigned as the destination system for that user’s session. The mapping data actually provides the information required by the front-end to decide what back-end holds the actual user account.
The mapping system performs this routing task in two basic ways:
• Using a local user database mapping information is retrieved by parsing a locally defined file, containing all mapping patterns.
• Using an LDAP directory mapping information is retrieved from the LDAP directory.
Both methods have the same result as long as they are configured properly. Mapping information is gathered using the AXIGEN User Map defined in the proxy configuration. The user map is used for routing and can also be used in the authentication process. The mapping system is one of the key elements in the front-end node configuration.
Local user maps are read from a file formatted in a specific way so that AXIGEN can interpret and retrieve information from it. Single entries can be provided for individual users as well as regular expressions to match and map multiple user accounts to the same back-end system. An LDAP directory is more recommended than the use of local files, because it is more productive while using a resource intensive setup such as a cluster.
An LDAP directory can be used to perform the authentication process too, so using it makes more sense in a complex setup because it helps keep track of front-end behavior from a central point. Most clusters will use LDAP or Active Directory to perform the mapping process and all that is required for this to work is setting up the routing property. It is a very straight forward method and is preferred because of the multiple advantages LDAP provides.
The mapping information is defined by selecting a user map in the proxy configuration. The selected user map will route connections to the back-end system using a local file or an LDAP directory.
While using an LDAP directory, the cluster engineer is presented with two possible connection options:
• Password (Simple) should be used whenever the information held in the LDAP directory can be retrieved using a plain LDAP search. This would also include password fields that should be available in plain text (un-hashed).
• Bind (Authenticated) is required only if the information stored in the directory tree has one or more fields that are hashed (such as DSA or RSA encrypted passwords). In this case only an authorized user can retrieve useful information.
Depending on the setup, both connections can be used in complete safety. However, some setups allow only bound connections. The most common example of such setup is Active Directory as it only allows authenticated users to search the directory tree and retrieve information.
While using a local file to define mapping information, in the user map configuration, the file path and name must be specified. In addition, AXIGEN must be able to access the file and read information from it. The local mapping file syntax is simple and flexible. The basic format of the local file used by the mapping system is:
<account-name-pattern> <back-end-system>
78
Copyright © 2008 Gecad Technologies S.A.
http://www.axigen.com
AXIGEN System Administrator's Manual
Example:
[email protected] 192.168.20.3
In the above example, the account “user1” in the domain “example.tld” will be assigned the back-end with the IP address 192.168.20.3. The back-end system can also be specified with its domain name and its fully qualified domain name:
[email protected] backend3.example.tld and [email protected] backend3
However, the above examples will also match the pattern “[email protected]” because the address contains the search pattern “[email protected]”. To prevent this behavior, regular expressions must be applied to the entry:
^[email protected] backend3
Using this format, the pattern will match only if the account name starts with the pattern entered. Using the above examples, any standard Perl regular expression can be designed to match the required accounts. This way, accounts can be mapped alphabetically, based on domain name and other types of criteria.
NOTE: While setting up a cluster the mapping system must be configured carefully. The cluster engineer should make sure that for any particular search the results returned will not confuse the proxy services. If multiple entries are matched at the same time, only the first one will be taken into consideration. This can generate unexpected results for the end-users and can also generate other issues if multiple services depend on the cluster operation. NOTE: Custom mapping configurations can be used while migrating from previous setups. If the destination host already exists in the LDAP directory, the entry field (property) can be specified in the AXIGEN configuration to match it. NOTE: While using Active Directory, the routing property must be added manually for each of the users already defined by the domain administrator. Any of the unused attributes can be used to hold this information. The only consideration with this approach would be to use the same attribute for all users.
For more detailed information please see Configuring Mapping Parameters.
3.4.1.3. AXIGEN Authentication System The authentication process is one of the most common safety measures used for any service. AXIGEN clusters also use authentication and support a wide variety of algorithms as well as password encryption.
Any AXIGEN cluster can make use of the two authentication methods available:
• Internal Authentication - the account information defined and stored on the back-end is used to process the authentication request.
• LDAP Authentication - the LDAP directory tree is used to search, retrieve and process the authentication request.
While using the internal AXIGEN authentication system, the password is retrieved by the server from its local user information data. The password is defined during the account creation process and can be changed at a later time, either by the administrator or by the
79
Copyright © 2008 Gecad Technologies S.A.
http://www.axigen.com
AXIGEN System Administrator's Manual
user from within the WebMail interface. This method does not require an LDAP server to be set up but is very slow by comparison.
LDAP authentication is very widely used in cluster setups because of the speed gain. Also, while using LDAP, the mapping system can be assigned to it and the resulting setup becomes a centralized configuration point for the proxy services. In addition, the LDAP server may already exist and contain the entries required, in which case the configuration overhead is reduced considerably.
The LDAP authentication isolates the process from the actual AXIGEN account defined. This can arise some unexpected results such as different passwords within the directory and the back-end server. While a user can still change its password from the WebMail interface, this password will not be updated in the LDAP tree structure and the user can become easily confused. To prevent such issues, a thorough synchronization process must be implemented within the cluster.
This type of authentication overrides the standard AXIGEN authentication method. As such, using LDAP to authenticate sessions for one service will also disable the internal authentication method for all services. LDAP authentication is performed using an LDAP connector that must be defined in advance. The directory tree must also be configured before the authentication process will succeed.
The authentication process consists of a three stage process:
• LDAP query - During this stage, AXIGEN performs a lookup in the directory tree and expects the account password information as the result.
• Credential information matching - Using the information gathered during the first stage, AXIGEN compares what the client provided against what LDAP returned.
• Session authentication - If the above process was successful the session becomes authenticated.
If any of the above stages fail for some reason, the session will not be authenticated. Thus, for the account that requests an authentication, the LDAP server must be able to return an entry and a valid password property.
WARNING: If LDAP authentication is enabled and an account exists on any back-end system but has not yet been defined in the LDAP directory tree, the user will not be able to authenticate, even though it will be able to receive messages. NOTE: To prevent any issues while using the LDAP authentication method, some type of consistency checks should be run against the user database available in the directory tree and the AXIGEN internal user list. If the results are not identical, some users will not be able to use the services. NOTE: Similarly, if more than one entry is returned during an LDAP search for any account, only the first result will be taken into consideration. This may result in abnormal cluster behavior and some service users might not be able to log in. NOTE: Authenticating users using an existing Active Directory service can be achieved by configuring the LDAP connector, used by AXIGEN, to use the directory service. This setup must be carefully tuned to match the current directory configuration.
For more details please visit AXIGEN LDAP Authentication.
80
Copyright © 2008 Gecad Technologies S.A.
http://www.axigen.com
AXIGEN System Administrator's Manual
3.4.1.4. AXIGEN Front-End Services Setup The services that run on the front-end nodes of the cluster are only the proxy services. All of these services can run on any number of systems without affecting the overall cluster availability. As long as one of the front-end nodes is still serving incoming requests, the cluster will be fully functional.
Because all front-end nodes are identical, you can add or remove nodes at will. The more front-end nodes your cluster has, the more requests will be processed at the same time. It is important to have sufficient front-ends to keep up with the number of the requests, especially during peak activity times.
The following services provide proxy abilities within AXIGEN:
• SMTP Proxy routes and authenticates incoming SMTP sessions. This service is vital for mail delivery within the cluster.
• IMAP Proxy routes and authenticates IMAP sessions. This service allows users to retrieve their messages from their back-end account through the proxy using the IMAP protocol.
• POP3 Proxy routes and authenticates POP3 sessions. This service allows users to retrieve their messages from their back-end account through the proxy using the POP3 protocol.
• WebMail Proxy routes and authenticates WebMail access requests. This service also renders the web pages requested by the web browser, using the information retrieved from the back-end server holding the user account.
3.4.1.4.1. The SMTP Proxy While configuring the AXIGEN cluster, the SMTP service can be set up using two methods. The default state of this protocol enables it to run as a “local” service, meaning it will try to deliver messages locally if the destination of an e-mail is a domain defined in the AXIGEN configuration. The second state, that can be enabled and disabled as required, is the “routing” state.
If the SMTP service is set up to route connections, it will use its assigned user map to decide where an incoming connection must be forwarded. This action will only be taken for entries found in the user map. If the destination is not present in the mapping system and no result is returned, then the service will relay the message and normal SMTP policy rules will apply.
NOTE: Because the SMTP service can only be reached from the outside while using the standard port 25, the proxy service should run on this port. Using another port for the proxy setup can render the cluster useless. NOTE: It is very important to consider the SMTP configuration for the cluster as any changes made for one front-end must be replicated on all of the other front-end nodes. This includes changes in the SMTP Policy script file and the main AXIGEN configuration file. WARNING: An open relay among the front-end nodes is very hard to spot and can cause many problems with spam and black lists. Special care is recommended while setting up SMTP proxies to prevent such issues.
The SMTP proxy uses the same authentication method as all of the other services that run on that particular node. This is why, in the event that LDAP authentication is used, the same connector will be used for all services.
81
Copyright © 2008 Gecad Technologies S.A.
http://www.axigen.com
AXIGEN System Administrator's Manual
3.4.1.4.2. The IMAP and POP3 Proxies Both of these services provide similar functions within the cluster and from a configuration standpoint, they are identical. They both use the same authentication method, internal or LDAP, and in the second situation, they use the same connector. In a similar way, the same user map is used for the routing section of these services.
The only notable difference between configurations of these services is the failover address and port used. The failover address is used in case a match is not found in the user map. As these services use different ports and different protocols, an IP-port pair can be specified as failover for each individual service.
NOTE: For the SMTP service the failover address is not required because the message will get relayed or discarded if no routing information can be found.
Both IMAP and POP3 proxy services can run on the same system as the IMAP and POP3 services, forwarding requests to the same system or another system when required. This helps with the design of single tier clusters that have neither stand-alone front-end nodes, nor load balancers.
For more details on this topic please see IMAP Proxy Service and POP3 Proxy Service.
3.4.1.4.3. The WebMail Proxy UPDATE: This proxy has not yet been implemented and configuration details have not yet been released. This section has been marked for future updates.
The WebMail proxy replaces the standard WebMail interface available on an individual AXIGEN server. The public area of the interface and the main login page are identical to the normal WebMail interface but the session information displayed after the login procedure has been completed and is preloaded from the back-end nodes.
3.4.1.4.4. Mapping Setup User maps are used to provide routing information to the proxy services running on a cluster node. More than one user map can be defined and each can be configured separately.
A user map can have one of the three following types:
• Local File - Uses a specified path to load a local file containing the routing information.
• LDAP Password - Connects to an LDAP server using one of the defined connectors. • LDAP Bind - Uses bound connections to an LDAP server requiring authentication
such as an Active Directory tree.
Once the type of the mapping is set, the configuration details must be solved. For the local file mapping to work, a local file with mapping information must exist. This file must have the correct permissions set for AXIGEN to access it and retrieve the information.
With the LDAP mapping type, an LDAP connector must be selected from the list of defined connectors. If no connector has been defined, a new one must be set up so AXIGEN can retrieve the mapping information from the LDAP server.
WARNING: Each user map can use one LDAP connector at a time. Therefore, only one base DN and only one search pattern can be set to retrieve the information from the directory. While defining the LDAP connector a search pattern, that can return all user
82
Copyright © 2008 Gecad Technologies S.A.
http://www.axigen.com
AXIGEN System Administrator's Manual
entries defined, should be used with caution so they can all access the system. If the pattern cannot match all entries, the ones excluded will never be matched by the mapping system even if they are defined in the LDAP directory.
For additional information on this topic read the User Maps chapter.
3.4.1.5. AXIGEN Back-End Services Setup The cluster back-end systems are the actual information center for the entire setup. The system or systems that make up the back-end area of any cluster require access to storage resources. Thus, the AXIGEN services that run on these systems are very similar in configuration to the services that run on any stand-alone AXIGEN server.
The back-end services used by the cluster nodes are:
• SMTP Services will provide functionality for the incoming and outgoing mail received by the accounts stored on the cluster node. The SMTP incoming service will accept connections from the SMTP proxies on the front-ends.
• IMAP and POP3 Services will accept routed connections from the respective proxy services. They will retrieve the information from the storage and pass it to the proxies to be displayed in the mail client.
• WebMail Service will provide the information required by the WebMail proxies to render the pages requested by the client. It will not be accessible directly, only through routed connections from the proxies.
• Other Services include other modules supported by the server that are independent on the cluster setup. These include the FTP Backup service, the CLI, the WebAdmin interface, RPOP etc.
These systems have domains and accounts set up locally and take care of the imposed restrictions regarding disk space usage and quota management. All details concerning the actual user account settings must be defined and configured on the back-end systems, through any of the administration interfaces.
All services that make use of an authentication mechanism in a cluster, using LDAP authentication, should also use this type of authentication in the back-end section. This is recommended because using the same resource to authenticate sessions provides increased integrity to the whole clustering system. Because LDAP authentication can be used by both routing and non-routing services, this approach should make sense in most cluster setups.
NOTE: In the back-end, no routing is performed and consequently, no proxy services should be running. As such, while an LDAP connector can be defined to enable directory authentication, this connector should not be used to map any connections. WARNING: Setting up a routing SMTP service in the back-end will cause looping messages that will be discarded.
Individual service configuration, except the authentication method, should be fairly straight-forward and easy to perform, as the services themselves are not different in any way from the services used by any other AXIGEN server.
83
Copyright © 2008 Gecad Technologies S.A.
http://www.axigen.com
AXIGEN System Administrator's Manual
3.4.2. LDAP Routing
The AXIGEN Mail Server provides routing options at SMTP In, POP3 Proxy and IMAP Proxy level through its integration with OpenLDAP. LDAP stands for Lightweight Directory Access Protocol. It is a model for Directory Services that provides a data/namespace model for both the directory and a specific protocol.
A directory is a specialized database with a hierarchical structure designed for frequent queries but infrequent updates. Unlike general databases they don't contain transaction support or roll-back functionality. Directories are easily replicated to increase availability and reliability.
In order to be configured for use within AXIGEN, OpenLDAP has to already be set up. OpenLDAP installations may very, depending on your preferred operating system. Integrating OpenLDAP with AXIGEN is a two-step process, as described below:
1. Configuring OpenLDAP for AXIGEN Note: In this document the localdomain.test address is used as an example. Please remember to edit it accordingly.
• please run the following command and then place the following text: # ldapadd -D "cn=admin,dc=localdomain,dc=test" –W dn: dc=localdomain,dc=test objectClass: dcObject objectClass: organization dc: localdomain o: test
• In order to add users to the LDAP directory, add the following into a file. You may add as many users as you want in this file:
dn: cn=user1,dc=localdomain,dc=test objectClass: inetOrgPerson objectClass: inetLocalMailRecipient cn: user1 sn: user1 mail: user1@localdomain userPassword: user1 mailHost: 127.0.0.1
• Then run the following command: # ldapadd -D "cn=admin,dc=localdomain,dc=test" -W -f file.txt
• You will be asked for the password you set up in the /etc/openldap/slapd.conf file (in our example, 'secret').
• You can test if the user was added using the following command (the second version of the command includes authentication:
# ldapsearch -b "dc=localdomain, dc=test" # ldapsearch -b "dc=localdomain, dc=test" -D "cn=admin,dc=localdomain,dc=test" -W
• In order to delete an entry, use the command: # ldapdelete -D "cn=admin,dc=localdomain,dc=test" –W # cn=user7,dc=localdomain,dc=test
• To edit an LDAP entry, just use: # ldapmodify -D "cn=admin,dc=localdomain,dc=test" –W # dn: cn=user5,dc=localdomain,dc=test
84
Copyright © 2008 Gecad Technologies S.A.
http://www.axigen.com
AXIGEN System Administrator's Manual
# changetype:modify # mailHost:10.10.247.5 #
Note that you must press another <Enter> after the modified field.
2. Configuring LDAP Connectors in AXIGEN Login to WebAdmin using your preferred browser, press the 'UserDb' tab and go to the 'LDAP Connectors' section. Press 'Add new ldapconn' and fill in the fields:
• name - the name of this connector • hosturl - the ldap host (e.g. 'ldap://localhost:389') • bindDN - the DN of the admin account (e.g. 'cn=admin,dc=localdomain,dc=test') • bindPass - the password set in your /etc/openldap/slapd.conf file (e.g. 'secret') • searchBase - the search base (e.g. 'dc=localdomain,dc=test', but using '%s' is
recommended, as it is the expanded domain name, • for use in the 'dc' style LDAP base.) • searchPattern - the search pattern (e.g. 'mail=%e') • passwordField - the name of the field containing the password, defined in your user
file created above (e.g. 'userPassword') • axigenHostField - the name of the field containing the mail host, defined in your user
file created above (e.g. 'mailHost') • useFirst - should the first returned field be used if more are found ('yes' or 'no')
For more details on setting the above parameters in WebAdmin, see LDAP Connectors.
3.4.2.1. Configuring Mapping ParametersIn order to successfully route connection on either of the supported protocols, SMTP, POP or IMAP, system administrators need to set mapping parameters. The easiest and most intuitive way of setting mapping parameters is through WebAdmin, AXIGEN's web-based administration interface.
In the User Maps page you can add and configure a list of User Maps at server level. In order to do so, system administrators should access Clustering > Clustering Setup > User Maps page and hit the "Add User Map" button.
85
Copyright © 2008 Gecad Technologies S.A.
http://www.axigen.com
AXIGEN System Administrator's Manual
For each new user map, the following parameters are available: name, type (Local file, LDAP Password, LDAP Bind) and, as the case may be, either file location or defined LDAP Connectors. For details on how to set these parameters, see User Maps.
3.4.2.2. POP3 Proxy Service AXIGEN POP3 Proxy module establishes connection, trough remote servers, with POP3 clients. The server accepts connections as specified by the POP3 Proxy listeners defined in the configuration file. By default the server accepts connections on 127.0.0.1:110 .
Listeners Listeners can be defined and managed to add extra flexibility and configurability to this service. For that, global access limitations, SSL Settings and access lists can be enforced on the address used by this service for binding.
Access Control Access rules allow you to control connection to this service by defining simple access lists for specific Networks / IP Ranges / IP’s. Service level access rules are automatically applied to all its listeners and will override for this service any existing Global Access rules.
Flow Control Flow control parameters can be adjusted to fine tune the server’s performance and avoid overloading it. Global access limitations to this listener can be enforced by setting the total number of simultaneous connections, concurrent connections from each remote IP address, number of new connections to the listener made in a time period interval, number of total connections from each remote IP address on a time interval period. The default interval for this time period is set to 1 minute.
Logging All AXIGEN main services can log different types of events. The system administrator can specify what events are logged, where and how they are logged.
See Logging service for more details on logging in AXIGEN.
Encryption and Authentication The POP3 Proxy service only supports PLAIN authentication, which is why it is recommended that StartTLS or SSL are used for encrypting the connection. The authentication can be performed on the POP3 proxy or on the back end server.
Error Control To protect the server the number of failed/wrong commands, received from POP3 clients during one session, can be limited. When these limits are exceeded, incomplete connections or connections that are not RFC compliant will be dropped thus freeing important bandwidth.
Important! If you do not specify a limit for the maximum number of (authentication) errors allowed for a POP3 client's session, security risks may arise.
Thread Management AXIGEN Mail Server is designed to run on different machine configurations and operating systems, on networks with various traffic loads, structures, domain configurations, user rights etc. That is why, depending on all these variables, you can adapt the workload to the
86
Copyright © 2008 Gecad Technologies S.A.
http://www.axigen.com
AXIGEN System Administrator's Manual
server’s processing power to improve its performance or avoid overload by setting the minimum and maximum number of threads that can be opened at a specific moment of time.
Back-end Server Connection Settings In this section, you can allow a connection timeout to be set, specify the maximum number of connections between POP3 Proxy and the back-end Server, another local network interface IP address to be used for connections with the back-end server and whether or not to use SSL to connect to the back-end server.
For more details on how to configure POP3 Proxy parameters using WebAdmin see POP3 Proxy Tab.
3.4.2.3. IMAP Proxy Service AXIGEN IMAP Proxy module establishes connection, trough remote servers, with IMAP clients. The server accepts connections as specified by the IMAP Proxy listeners defined in the configuration file. By default the server accepts connections on 127.0.0.1:110 .
Listeners Listeners can be defined and managed to add extra flexibility and configurability to this service. For that, global access limitations, SSL Settings and access lists can be enforced on the address used by this service for binding.
Access Control Access rules allow you to control connection to this service by defining simple access lists for specific Networks / IP Ranges / IP’s. Service level access rules are automatically applied to all its listeners and will override for this service any existing Global Access rules.
Flow Control Flow control parameters can be adjusted to fine tune the server’s performance and avoid overloading it. Global access limitations to this listener can be enforced by setting the total number of simultaneous connections, concurrent connections from each remote IP address, number of new connections to the listener made in a time period interval, number of total connections from each remote IP address on a time interval period. The default interval for this time period is set to 1 minute.
Logging All AXIGEN main services can log different types of events. The system administrator can specify what events are logged, where and how they are logged.
See Logging service for more details on logging in AXIGEN.
Encryption and Authentication The IMAP Proxy service only supports PLAIN authentication, which is why it is recommended that StartTLS or SSL are used for encrypting the connection. The authentication can be performed on the IMAP proxy or on the back end server.
Error Control To protect the server the number of failed/wrong commands, received from POP3 clients during one session, can be limited. When these limits are exceeded, incomplete connections or connections that are not RFC compliant will be dropped thus freeing important bandwidth.
87
Copyright © 2008 Gecad Technologies S.A.
http://www.axigen.com
AXIGEN System Administrator's Manual
Important! If you do not specify a limit for the maximum number of (authentication) errors allowed for a POP3 client's session, security risks may arise.
Thread Management AXIGEN Mail Server is designed to run on different machine configurations and operating systems, on networks with various traffic loads, structures, domain configurations, user rights etc. That is why, depending on all these variables, you can adapt the workload to the server’s processing power to improve its performance or avoid overload by setting the minimum and maximum number of threads that can be opened at a specific moment of time.
Back-end Server Connection Settings In this section, you can allow a connection timeout to be set, specify the maximum number of connections between IMAP Proxy and the back-end Server, another local network interface IP address to be used for connections with the back-end server and whether or not to use SSL to connect to the back-end server.
For more details on how to configure IMAP Proxy parameters using WebAdmin see IMAP Proxy Tab.
3.4.3. AXIGEN LDAP Authentication
Aiming to provide its users with a relatively simple way of adding new user database sources, starting with version 3.0, AXIGEN implements LDAP authentication methods. The new authentication engine adds two new authentication methods for both plain and secure connections, namely DIGEST-MD5 and GSSAPI. For more details on the new methods, see Authentication and Encryption.
In order to enable LDAP authentication, system administrators need to first add and define a list LDAP Connectors. The connectors can be managed and configured via WebAdmin, on the UserDb tab. For details on how to add new LDAP Connectors, please see the corresponding section. A new section of corresponding to the UserDb tab has been added to the configuration file. Below you will find an example of how this section should be configured: userDb = { logType = internal logLevel = 15 logHost = 127.0.0.1:2000 maxThreads = 5 ldapConnectors = ( { name = "ldap1" hosturl = "ldap://server1:389" bindDN = "CN=Martin Brown,OU=USERS,OU=CompanyName1, OU=Companies,OU=CompanyName2,DC=server,DC=local" bindPass = "qwe123" searchBase = "OU=USERS,OU=CompanyName1,OU=Companies,OU=CompanyName2, DC=server,DC=local" searchPattern = "(sAMAccountName=%u)" passwordField = "givenName" axigenHostField = "" useFirst = yes } ) }
88
Copyright © 2008 Gecad Technologies S.A.
http://www.axigen.com
AXIGEN System Administrator's Manual
Two new parameters are also added for all services needing authentication: userDbConnectorType ( with hree available values: ldap | ldapbind | local) and userDbConnectorName. The services requiring authentication are SMTP In, POP3, IMAP, WebMail, POP3 Proxy and IMAP Proxy. For each of these services, the user database parameters can easily be configured using WebAdmin. The above described parameters are available on the General page of the tab corresponding to each service.
For detailed instructions on configuring these parameters using WebAdmin, see the LDAP Connectors Page.
3.4.4. Integrating Active Directory into a cluster environment
Active Directory is treated by AXIGEN just like any other LDAP directory. However, this implies certain configuration changes from the standard LDAP connector settings used in a general directory setup. Active Directory has predefined property names and these have to be used for the authentication process to be successful.
The account name that needs to be matched against the AXIGEN internal user database is the "sAMAccountName" property. This property contains exactly the username required for the login procedure. Having this information will help us set up an LDAP search filter, later on, that will isolate a particular user in the Active Directory structure.
Active Directory doesn’t allow anonymous queries in its database. For this reason, any lookup should be performed by an already existing user in the AD. The returned information will then be forwarded to the proxy service and the authentication will be performed. This user may be a regular one (they have access to the database by default) or the domain administrator, as the one in the example below. In LDAP terms, the value of the Bind DN should reflect a user account that will have to be set up appropriately in the LDAP connector settings.
The search base, which is the top most organizational element, contains all entries we are querying and needs to be known beforehand. Common to all the users, we are trying to authenticate as, is the LDAP path. Since AXIGEN can perform recursive lookups in the directory structure, this top unit may contain any number of smaller organizational units that comprise the actual accounts.
The host name and port should be defined, in a similar manner, as for any other LDAP server. The default port on which the Active Directory can be contacted is the same, 389. The Bind DN field should contain a user account value similar to the one below:
CN=administrator,CN=Users,DC=example,DC=tld
The default location for the "administrator" account in the Active Directory is the "Users" container, right inside the root of the defined domain ("example.tld" in the above example). The password for the used account should be entered as the bind password.
NOTE: These settings are used only while performing the actual lookup in the directory. They do not refer to the authentication settings for this particular account.
To use a search base that will identify all accounts in the same container as the "administrator" account, the following type of string for its value should be set:
CN=Users,DC=example,DC=tld The used search pattern must identify particular user entries in the directory. For this reason, the above mentioned value will be used to isolate particular accounts:
89
Copyright © 2008 Gecad Technologies S.A.
http://www.axigen.com
AXIGEN System Administrator's Manual
(sAMAccountName=%u)
For each database entry we are searching for, this attribute should have exactly the same value as the user name (%u). The variable "%u" will expand as the username.
The server should be configured to use only the first value found in the lookup. This should prevent errors if more than one match is found in a lookup.
NOTE: This option can generate issues and may block users logging in. To prevent such problems, all users have to be unique. NOTE: The password field and the AXIGEN host (used in routing) should be left blank if only the Active Directory authentication is required.
Even if users are authenticated in Active Directory, they still need to exist on the back-end servers. If a user account does not exist, the authentication will be successful but the inbox will not be selected. The only use for an Active Directory account that has no mailbox is to send emails through the SMTP service using authenticated credentials.
WARNING: This will enable any user to send authenticated messages even if they do not have an email account created.
If routing is used within the cluster environment (more than one node is present in the background), then a certain property must be defined for all the user accounts in the Active Directory. Any inactive property can be used for this purpose, but it is recommended that one of the extra added properties is used.
NOTE: In the default Active Directory schema, there are over 10 properties unused by common services running on the network. These were left out exactly for the purpose of expanding the directory service and be used in conjunction with other applications.
The property values should contain the IP address of the back-end server holding the account and the property name has to be set up in the LDAP connector settings. It is very important for all accounts to use the same property as all will be looked-up in the directory by the same connector.
WARNING: The IP address of the back-end node should be set, for all users, in the same property or the cluster will become inaccessible to the ones that use a different property for the AXIGEN mail host. Even if the session is correctly authenticated, the inbox of some accounts will not be found because no destination back-end will be selected.
The routing process can be set up using a local file instead of the LDAP connector. This removes the need of manually editing the values in Active Directory and is relatively hassle-free. However, using local files to process the routing information can increase the proxy servers overhead. Moreover, if there is more than one proxy, the same file version must be used across all nodes to ensure the cluster integrity and stability. The synchronization process has to be performed manually after each change.
UPDATE: This may be subject to change in the future. The local files could be automatically redistributed.
90
Copyright © 2008 Gecad Technologies S.A.
http://www.axigen.com
AXIGEN System Administrator's Manual
3.4.5. Exotic Cluster Setups
This chapter deals with common setups that are beyond the standard deployment of a clustering environment. Most of the examples here provide some sort of advantage like lower costs in exchange for a drawback such as higher risks and creation of single points of failure.
UPDATE: This section should be updated if other cluster configuration environments are encountered.
3.5. Groupware and collaboration Starting with version 6.0 AXIGEN Mail Server introduces groupware services allowing network users to interact and work together by sharing folders, e-mails, calendars, tasks etc. Complex permission hierarchies can be created to meet the specific collaboration and sharing needs of any organization.
3.5.1. Personal Organizer & AXIGEN Outlook Connector
Having time management and mobility needs in mind a Personal Organizer module is available from both AXIGEN’s WebMail interface and the email client Outlook. The Personal Organizer comprises tools such as calendar, tasks, journal, notes and collaborative support.
Aiming to adapt to all requirements generated by a competitive business environment, the new version's permission granting structure enables users to delegate email sending tasks to their team members and view the free/busy status to avoid assigning events when a team member is already taking part in a different one.
The AXIGEN Outlook Connector enhances the communication of Microsoft's email client with the AXIGEN server, thus making the Personal Organizer available for Outlook users to take full advantage of all AXIGEN's features & capabilities.
AXIGEN Outlook Connector implements most Exchange-like features including server-side Search Folders (such as Unread messages or Large Messages) which enables users to easily locate messages based on various filters. The new application also allows new folders (including special folders) creation on the server directly from Outlook.
For a detailed usage description for the Personal Organizer in AXIGEN's WebMail Interface, please see the corresponding chapter of this Manual.
3.5.2. User folders and permissions
Starting with version 6.0 users are allowed to perform operations on folders (view its contents, add items, delete items etc.) if permissions on the respective folder were defined. By default all users have permissions on their own folders and can allow other users to access one or more of their personal folders with different permission levels (read only, read and write etc.). These permissions can be set either from WebMail or Outlook and can be granted to a user or a group of users (defined by the system administrator in WebAdmin).
Important! The system administrator has the right to set permissions on any user or public folder.
91
Copyright © 2008 Gecad Technologies S.A.
http://www.axigen.com
AXIGEN System Administrator's Manual
Computing permissions Each time the server needs to determine if a specific action on a specific resource is allowed or denied for a specific administrative user the following reasoning is used:
- if the permission is set to deny on at least one of the parent folders in the chain, for the user or a group that the user belongs to, the permission will be denied - if the permission is not denied on any of parent folders in the chain but allowed on at least one, for the user and/or a group that the user belongs to, the permission will be allowed
- if the permission is neutral (not set) on all parent folders in the chain, for the user and/or a group that the user belongs to, the permission will be denied
The Effective permissions tab will show the final result of this operation.
Permissions description Read items - Folder is visible and its contained items can be read.
View items - Folder appears in hierarchy ("lookup").
Read folder content - Items in this folder may be read.
Share the read / unread status - Changes to the read / unread flag are seen by other users does not apply for contacts, calendar, tasks, journal and notes folders).
Set / clear flags - Modify flags other than read / unread and deleted / not deleted (does not apply for contacts, calendar, tasks, journal and notes folders).
Add items - Add new items to folder (create new, move to, copy to). Both 'add items' and delete items' permissions are required for modifiying items.
Add subfolders - Add new subfolders below this folder (create new, move to, copy to).
Delete folder - Delete this folder, including all its contained items.
Delete items - Delete items in this folder. Both 'add items' and 'delete items' permissions are required for modifying items.
Mark items as deleted / not deleted - Modify the deleted / not deleted flag.
Expunge folder - Purge items marked with the deleted flag.
Manage permissions - Modify permissions on this folder.
Types of permissions When new entities are created they can have two types of permissions:
1. Implicit permissions do not appear in the permissions list for resources, cannot be modified (they are resolved directly by the MACL engine) and cannot be overridden with an explicit 'DENY' from any level (above or below). These are:
• the 'postmaster' user has 'all rights' on all public folders • the 'postmaster' user has 'Lookup' and 'Manage permissions' on all folders of all the
accounts in its domain • the 'postmaster' user has 'all rights' on his mailbox (and all subfolders) • each user has 'all rights' on his/her mailbox (and all subfolders)
92
Copyright © 2008 Gecad Technologies S.A.
http://www.axigen.com
AXIGEN System Administrator's Manual
2. Default permissions are explicit, modifiable and appear when specific entities are created. They are:
• newly created folder in the PF namespace or in a mailbox other than the creator's, the creator has 'all rights', with 'apply to subfolders'
• if the newly created public folder is created from the WebAdmin interface, no explicit permissions are set for it
• when a new domain is created, the PF root contains the permission: 'all users in domain, allow, Lookup, apply to subfolders'
Details on how to set folder permissions are available in the Setting Sharing Permissions chapter.
93
Copyright © 2008 Gecad Technologies S.A.
http://www.axigen.com
AXIGEN System Administrator's Manual
Chapter 4. Mail Server Security AXIGEN Mail Server comes with a full security feature set, guaranteeing secure reception, transit and delivery of email and protection for your confidential data.
Authentication AXIGEN server supports authentication, meaning it can be instructed to accept only connections/messages from authenticated entities. CRAM-MD5, LOGIN, PLAIN, DIGEST-MD5 and GSSAPI methods are available for client authentication, reducing the risk of unauthorized connections.
Encryption(SSL/TLS) All AXIGEN communication protocols can benefit from SSL/TLS technology which allows sending encrypted messages across networks and preventing plain text messages to be intercepted on the way from sender to recipient. This encryption method guarantees secure data transmission over networks.
Built In Firewall (application level) Stopping spammers and preventing DOS attacks is one of the most important tasks of a mail server and the sooner the problem is identified in the mail stream , the better. This is why AXIGEN has a built in Firewall at the application (TCP listener) level that allows Administrator to control connectivity parameters, like the following listener rules:
- maximum simultaneous connections; - maximum connections to be accepted during a time interval; - maximum simultaneous connections accepted from a single host (that may be an attacker);
Furthermore, Administrators may define IP sets that have specific sets of such rules, applied with different priorities or IP sets whose connections are denied. For more details see Listener Rules. Anti-spoofing (SPF and DomainKeys Compliant) SPF authentication is used by the SMTP Incoming module in AXIGEN to determine whether the mail message comes from an authorized source. DomainKeys is an e-mail authentication system designed to verify both the DNS domain of an email sender and the message integrity. This additional authentication method significantly reduces spoofing attempts, that is, unauthorized attempts to gain server access, or assuming a fake identity when sending an email.
Message Acceptance Rules The system administrator can configure and implement message acceptance policies and adjust them to best suit their security requirements. Incoming connections established via SMTP and the message flow can be easily managed using the established policies.
94
Copyright © 2008 Gecad Technologies S.A.
http://www.axigen.com
AXIGEN System Administrator's Manual
Antivirus / Antispam The AXIGEN Mail Server can easily integrate with a large number of antivirus/antispam applications, either commercial, or open source. Starting with version 5.0 SpamAssassin is integrated within the AXIGEN kit.
Available Antivirus applications: ClamAv, KAV(Kaspersky) for Mail Servers, BitDefender, Sophos, F-Prot, DrWeb, Symantec, F-Secure, Avast, eTrust, Norman, Panda, McAfee.
Available Antispam applications: SpamAssasin, AVG, Kaspersky Anti-Spam, Avira MailGate, BitDefender Mail Protection for Enterprises, Symantec Brightmail AntiSpam.
Routing Rules The Processing policies correspond to the SMTP Processing and SMTP Outgoing modules.
On one hand, they enable administrators to define the NDR (Non-Delivery Receipt) text and the conditions when such a message is returned.On the other hand, they allow system administrator to customize SMTP Outgoing actions for all or part of the relayed email communication.
Message Rules Message rules instruct the AXIGEN Mail Server to take certain actions on processed email messages based on pieces of information contained by the message headers.
4.1. Authentication and Encryption AXIGEN Mail Server provides a variety of security options related to authentication and encryption for all connections established by/with the mail server.
Secure/Plain Connections and Authentication Methods AXIGEN supports TLS enabled connections. TLS-enabled connections are connections that support the Transport Layer Security, a standard providing encryption and authentication service that can be negotiated during the startup phase of many Internet protocols, including SMTP, POP3 and IMAP, and used for general communication authentication and encryption over TCP/IP networks.
All AXIGEN mail services (SMTP, IMAP, POP3) provide an AllowStartTLS parameter that you can enable and have the server advertise TLS capability.
Authentication methods are available both for TLS-enabled connections and plain connections (non TLS-enabled).
The methods supported by AXIGEN are: PLAIN, LOGIN, CRAM-MD5, DIGEST-MD5 and GSSAPI.
The PLAIN mechanism consists of a single message from the client to the server, in which the client sends the authorization identity (identity to login as), the authentication identity (identity whose password will be used) and the clear-text password. If left empty, the authorization identity is the same as the authentication identity. The PLAIN authentication mechanism is not recommended for use over an unencrypted network connection.
The LOGIN mechanism is a non-standard mechanism, and is similar to the PLAIN mechanism except that this mechanism lacks the support for authorization identities.
95
Copyright © 2008 Gecad Technologies S.A.
http://www.axigen.com
AXIGEN System Administrator's Manual
The CRAM-MD5 is a challenge-response mechanism that transfers hashed passwords instead of clear text passwords. For insecure channels (e.g., when TLS is not used), it is safer than PLAIN.
The DIGEST-MD5 is the required authentication mechanism for LDAP v3 servers .
The Digest-MD5 is based on the HTTP Digest Authentication. In Digest-MD5, the LDAP server sends data that includes various authentication options that it is willing to support plus a special token to the LDAP client. The client responds by sending an encrypted response that indicates the authentication options that it has selected. The response is encrypted in such a way that proves that the client knows its password. The LDAP server then decrypts and verifies the client's response.
GSSAPI is the Generic Security Services Application Programming Interface. Its primary use today is with Kerberos authentication. Kerberos is the primary authentication mechanism in Windows Active Directory.
For information on configuring TLS and authentication methods related parameters, see: Configuring IMAP Authentication and Encryption Parameters Secure POP3 Connections
Also, for all AXIGEN services, authentication error control parameters are available. That is, if on attempting to connect, clients fail to authenticate correctly a number of times, the connection is dropped. For information on these parameters, see the Connection Error Control sections for each module in Configuring AXIGEN using WebAdmin.
SSL parameters AXIGEN supports SSL-enabled connections, providing advanced SSL parameters for TCP Listener configuration available for all its TCP Services (SMTP, IMAP, POP3, WebMail, CLI and WebAdmin). See SSL Parameters for Listeners for information on these parameters and how to configure them using WebAdmin.
For information on configuring TLS and authentication methods related parameters, see: Configuring IMAP Authentication and Encryption Parameters and Secure POP3 Connections.
Also, for all AXIGEN services, authentication error control parameters are available. That is, if on attempting to connect, clients fail to authenticate correctly a number of times, the connection is dropped. For information on these parameters, see the Connection Error Control sections for each module in Configuring AXIGEN using WebAdmin.
4.1.1. Kerberos Authentication within Active Directory
Kerberos is the primary authentication mechanism in Windows Active Directory. Within the AXIGEN Mail Server, it is used as an authentication method through GSSAPI (Generic Security Services Application Programing Interface). In order to enable Kerberos authentication for your installed AXIGEN Mail Server, please follow the steps described below. 1. Create an account named "axigen_SERVICE" in Active Directory corresponding to each service you want to authenticate on from AXIGEN. Three accounts will be used for all AXIGEN supported services: axigen_smtp, axigen_imap, and axigen_pop.
2. Export the keys using the KTPASS utility:
96
Copyright © 2008 Gecad Technologies S.A.
http://www.axigen.com
AXIGEN System Administrator's Manual
1. Generate a key for the SMTP service: ktpass -princ smtp/axigen.hostname@REALM -mapuser axigen_smtp -pass PASSWORD -out axigen-smtp.keytab
2. Generate a key for the IMAP service: ktpass -princ imap/axigen.hostname@REALM -mapuser axigen_imap -pass PASSWORD -out axigen-imap.keytab
3. Generate keys for the POP3 service: ktpass -princ pop/axigen.hostname@REALM -mapuser axigen_pop -pass PASSWORD -out axigen-pop.keytab
In all commands shown above you must replace: axigen.hostname - with the domain AXIGEN users should use to login to REALM - with the Kerberos realm, particularly for Active Directory, with the domain name for which you want to authenticate PASSWORD - with the password for the corresponding "axigen_SERVICE" account, which you have previously created. Please note that the AXIGEN Mail Server IP address must reverse point to the same hostname you have specified above as "axigen.hostname".
3. Copy the exported key files on the AXIGEN machine in the /etc directory and merge them using the 'ktutil' application. Simply type 'ktutil' and issue the following commands in the application's subshell:
• load the needed keytab files, according to the services you want to use GSSAPI authentication with: rkt /etc/axigen-smtp.keytab rkt /etc/axigen-imap.keytab rkt /etc/axigen-pop.keytab
• write the new /etc/krb5.keytab file: wkt /etc/krb5.keytab
• exit the ktutil shell: quit
At this moment, all necessary keys will be saved in the /etc/krb5.keytab file.
Prerequisites and Settings for Each Active Directory User Defined for AXIGEN The AXIGEN Mail Server domain name must be the same as the full Active Directory domain name. Also, the accounts for which you want to use Kerberos authentication must be created within the AXIGEN Mail Server.
Example
The example below shows how to set up the Windows version of the Mozilla Thunderbird email client to use Kerberos authentication with in an Active Directory environment:
1. Open the 'Account Settings' window from 'Tools' -> 'Account Settings...'. 2. Click 'Add Account'. This will open the 'Account Wizard'. 3. Select 'Email account' as the type of account to be created, then press 'Next'. 4. Fill in your name and e-mail address and press 'Next'. 5. In the next screen, select 'IMAP' or 'POP' incoming server types, according to your
network policy. Set the 'incoming server' box to AXIGEN's fully qualified host name or the AXIGEN machine IP address.
97
Copyright © 2008 Gecad Technologies S.A.
http://www.axigen.com
AXIGEN System Administrator's Manual
6. Press 'Next' and fill in the user account name as stored in AXIGEN. In the last screen, fill in the account name, then press 'Next', review the settings and press 'Finish'.
7. Go to the 'Server settings' section of the newly created account and check the 'Use secure authentication' option. Also, if AXIGEN is configured to relay emails from authenticated users only and if you have created a keytab corresponding to the 'smtp' service (as shown above), add the AXIGEN hostname in the 'Outgoing server (SMTP)' section, selecting the 'Username and password' checkbox from the 'Security and authentication' section.
8. Click the 'OK' button from the 'Account settings' window.
4.2. SPF and DomainKeys SPF (Sender Policy Framework) is a sender authentication method developed in order to ensure mail server's security by applying different anti-spoofing mechanisms. This mechanism consists in making a DNS request in order to determine whether the mail message comes from an authorized source, which is described in a SPF record, registered on the DNS. SPF records contain domain attributes that uniquely describe mail messages. The query may have one of the following seven possible results:
• pass: meaning the message meets the domain's definition for legitimate messages; • neutral • none • soft fail • fail: meaning the message does not meet the domain's definition for legitimate
messages; • temp error • permanent error
In case of permanent error, AXIGEN rejects the mail message generating the respective error. If a temporary error is generated, the AXIGEN returns an error message to the sending party. In all other cases the mail message is accepted.
To enable SPF in AXIGEN or to add a SPF header to emails, use the Message Acceptance Rules.
DomainKeys Compliance Starting with version 2.0, AXIGEN Mail Server is also DomainKeys compliant. DomainKeys is an e-mail authentication system designed to verify both the DNS domain of an email sender and the message integrity, ebedded in the AXIGEN Signing Module. The DomainKeys specification has adopted aspects of Identified Internet Mail to create an enhanced protocol called DomainKeys Identified Mail (DKIM).
The AXIGEN Signing Module is only available for the commercial versions of the AXIGEN Mail Server. It does not work within free of evaluation versions. To test this specific feature, please contact our sales department.
The AXIGEN Signing Module is only available for the commercial versions of the AXIGEN Mail Server. It does not work within free of evaluation versions. To test this specific feature, please contact our sales department.
98
Copyright © 2008 Gecad Technologies S.A.
http://www.axigen.com
AXIGEN System Administrator's Manual
4.2.1. AXIGEN Signing Module Usage and Configuration
AXIGEN Signing Module is a module that provides AXIGEN with a tool to prevent forgery and possible repudiation. It implements the Yahoo DomainKeys concept that basically works by signing the contents of an email and allows mail servers to verify that signature.
The DomainKeys module is composed of two daemons that run independently of AXIGEN and of each other: the DomainKeys Signer and the DomainKeys Verifier. Each of them has a configuration file and communicates with AXIGEN using an AFSL connector.
The signer's role is to sign emails that come from AXIGEN and the verifier’s role is to verify the mail which applies only if the mails were previously signed.
In order to activate the DomainKeys filters, first make sure that the AxigenFilters service is started. For more information on this see Starting/Stopping/Restarting the Server.
The DomainKeys Signing filter can be activated from WebAdmin in the 'Security & Filtering' menu, go to 'AntiVirus and AntiSpam' context, 'Supported Applications' tab, click the 'ENABLE' button for Application named 'DKSigner'.
The DomainKeys Verifier can be enabled from WebAdmin in the 'Security & Filtering' menu, go to 'Additional AntiSpam Methods' context and click the 'Enable Domain Keys' check-box under 'Domain Keys'. Also, under this check-box some configurable actions for DK Verifier can be found. We strongly recommend that the DomainKeys Verifier AV/AS configuration filter to be activated with the highest priority and the signer with the lowest.
Command line parameters The below listed command line parameters are to be used both for the signer and the verifier.
• -h displays this help message • -v displays the version • -f run in foreground • -u <user> run as user. DEFAULT: 'AXIGEN' • -g <group> run as group. DEFAULT: 'AXIGEN' • -c <path>: path to the configuration file; the default paths are as follows:
• /etc/opt/AXIGEN/axidkd.conf for DomainKeys Verifier • /etc/opt/AXIGEN/axidksd.conf for DomainKeys Signer
DomainKeys Verifier configuration • bindIp <ip> - The address used to listen for connections from AXIGEN. • bindPort <port> - The port used for connections from AXIGEN. - DEFAULT: 1982 • logType <type> - This parameter defines where to log messages. It can be
"system","file" or "stdout". The "system" value means that messages will be logged to the system log, "file" that they will be logged in a file and "stdout" that messages will be logged at standard output. WARNING: if "file" is selected for this property, the logFile must also be set. - DEFAULT "system"
• logFile <file> - In case that logType has the value "file", this defines the file where messages are logged. - DEFAULT: "none"
• logLevel <level> - The level at which messages will be logged. Possible values are: o 0 - only error messages will be logged
99
Copyright © 2008 Gecad Technologies S.A.
http://www.axigen.com
AXIGEN System Administrator's Manual
o 1 - error and warning message will be logged o 2 - all messages will be logged o DEFAULT: 2
• addAuthHeader - This options enables/disables adding the "Authentication-Results" header to the message after verification. It can take the values: yes or no. - DEFAULT: "yes"
• actionOnPass - This option specifies what action should be sent to AXIGEN when the domainkeys verification yields a pass action (details on the actions that can be sent to AXIGEN in the AFSL documentation). The possible values are pass|match|discard|error. - DEFAULT: "pass"
• actionOnFail - This option specifies what action should be sent to AXIGEN when the domainkeys verification yelds a fail action. Possible values are: pass|match|discard|error. - DEFAULT: "match"
• actionOnSoftFail - This option specifies what action should be sent to AXIGEN when the domainkeys verification yelds a softfail action. Possible values: pass|match|discard|error. - DEFAULT: "match"
• actionOnNeutral - This option specifies what action should be sent to AXIGEN when the domainkeys verification yelds a neutral action. Possible values: pass|match|discard|error. - DEFAULT: "pass"
• actionOnTempError - This option specifies what action should be sent to AXIGEN when the domainkeys verification yelds a temperror action. Possible values: pass|match|discard|error. - DEFAULT: "error"
• actionOnPermError - This option specifies what action should be sent to AXIGEN when the domainkeys verification yelds a permerror action. Possible values: pass|match|discard|error. - DEFAULT: "match"
• rwTimeout <value> - This option specifies the timeout used when communicating with AXIGEN and with the Milter Implementation (in milisecconds). The range for this value is 1 - 65535. - DEFAULT: 400
• processingThreads <threads> - The number of processing threads which also reflects the maximum number of connections made to the milter implementation. The range for this value is 1 - 128. - DEFAULT: 16
DomainKeys Signer configuration • bindIp <ip> - The address used to listen for connections from AXIGEN. • bindPort <port> - The port used for connections from AXIGEN. - DEFAULT: 1982 • logType <type> - This parameter defines where to log messages. It can be
"system","file" or "stdout". The "system" value means that messages will be logged to the system log, "file" that they will be logged in a file and "stdout" that messages will be logged at standard output. WARNING: if "file" is selected for this property, the logFile must also be set. - DEFAULT "system"
• logFile <file> - In case that logType has the value "file", this defines the file where messages are logged. - DEFAULT: "none"
• logLevel <level> - The level at which messages will be logged. Possible values are: o 0 - only error messages will be logged o 1 - error and warning message will be logged o 2 - all messages will be logged o DEFAULT: 2
• rwTimeout <value> - This option specifies the timeout used when communicating with AXIGEN and with the Milter Implementation (in milliseconds). The range for this value is 1 - 65535. - DEFAULT: 400
• privateKeyPath - This path to the private key used for signing. This parameter is required.
• selector - The selector used to form the query for the public-key. This parameter is required
100
Copyright © 2008 Gecad Technologies S.A.
http://www.axigen.com
AXIGEN System Administrator's Manual
• canonicalization - The canonicalization algorithm type. Possible values: simple|nofws. - DEFAULT: "nofws"
• removeHeaders - This option, if yes removes duplicate headers from the signature. Possible values: yes|no. - DEFAULT: "no"
• processingThreads <threads> - The number of processing threads which also reflects the maximum number of connections made to the milter implementation. The range for this value is 1 - 128. - DEFAULT: 16
Starting/Stopping/Restarting the Domain Keys Daemons Slackware:
• To start the deamons, issue the following command: /etc/rc.d/rc.axigendk start
• To stop the deamons, you can issue: /etc/rc.d/rc.axigendk stop
• In order to restart the deamons, issue the command: /etc/rc.d/rc.axigendk restart
Others (rmp-based, Ubuntu, Gentoo, Debian) • To start the deamons, issue the following command:
/etc/init.d/axigendk start • To stop the deamons, you can issue:
/etc/init.d/axigendk stop • In order to restart the deamons, issue the command:
/etc/init.d/axigendk restart
4.3. Mail Filtering AXIGEN provides various types of filters at each level of mail processing that allow you to increase mail traffic security and block any type of unwanted mail messages from reaching their intended recipient mailbox. The filtering system in AXIGEN is highly effective and allows maximum flexibility in defining what email messages should be scanned, what filters should be used, the order in which these filters are applied and the actions taken according to the results of the scanning process. The filters can be applied both for incoming and for outgoing email traffic.
Filter Types 1. Message Acceptance Rules
AXIGEN implements a set of message acceptance rules at SMTP-connection level. The system administrator can configure and implement message acceptance rules and adjust them to best suit their security requirements. Incoming connections established via SMTP and the message flow can be easily managed using the established rules. Moreover, they allow adding headers, changing addresses and other such actions. For more details, see the Message acceptance rules section.
2. Routing Rules
To further fin-tune email communication management at SMTP level, AXIGEN Mail Server implements Routing rules.
The Routing rules correspond to the Processing and SMTP Outgoing modules and enable administrators to define the NDR (Non-Delivery Receipt) text and the conditions when such a message is returned. The system administrator can also customize SMTP Outgoing actions for all or part of the relayed email communication. For further information, see the dedicated section in this chapter.
101
Copyright © 2008 Gecad Technologies S.A.
http://www.axigen.com
AXIGEN System Administrator's Manual
Important! The following filter types are defined in the WebAdmin interface and in the configuration file: type script - for Message rules type socket - for Antivirus/Antispam rules
3. Message rules Message rules instruct the AXIGEN Mail Server to take certain actions on processed email messages based on pieces of information contained by the message headers.
Using Message rules is safe since they do not operate on the mail content but only extract information from the mail header and take actions according to the pre-defined rules. See the Message rules section for further details.
4. Antivirus / Antispam Filters Antivirus / Antispam Filters can be easily used with the AXIGEN Mail Server to ensure a high security level for email communication. Commercial Antivirus applications can communicate with AXIGEN either directly (using the AXIMilter module) or through AMAVIS. For more details, see the corresponding section of the current chapter.
This type of filtering allows integration with virtually any third party applications, including Antivirus and Antispam applications. Currently, connectors for ClamAv Antivirus and SpamAssassin Anti-spam application (both open source) are implemented ensuring effective virus and spam protection for all mail traffic managed by AXIGEN Mail Server.
Moreover, AXIGEN supports integration with Amavis, a generic interface used to connect a mail server to twelve different Antivirus applications: KAV(Kaspersky) for Mail Servers, BitDefender, Sophos, F-Prot, DrWeb, Symantec, F-Secure, Avast, eTrust, Norman, Panda and McAfee.
To see instructiuns on how to make AXIGEN work with ClamAV, see the corresponding AXIGEN forum posting. For SpamAssassin, you simply need to install the application, no further configurations are necessary. A sample setup procedure for connecting these two applications to AXIGEN is also given in the AXIGEN Install and Configuration Guide.
For instructions on setting up the AXIGEN Mail Server integration with Amavis, see the dedicated article on the AXIGEN site. At this time the integration has been tested for Kaspersky and BitDefender but the procedure is similar for any of the products supported by Amavis.
Active Filters Filter configuration in AXIGEN, also involves the notion of Active Filters. Although not a distinct filter category, the Active Filters designation is used to refer to filters currently enabled in AXIGEN. This designation is particularly useful when enabling filters.
Filtering Levels In AXIGEN, you can apply filters at three levels:
• server level (these filters are applied to all emails directed to any account / mail list from the server)
• domain level (these filters are applied to all emails directed to the domain to which the account / mail list belongs)
• account / mail list level (these filters are applied only to the account / mail list for which the filters have been created)
102
Copyright © 2008 Gecad Technologies S.A.
http://www.axigen.com
AXIGEN System Administrator's Manual
Thus, a typical filtering chain in AXIGEN will contain different types of filters, applied on different levels.
If one of the filters in the filtering chain yields an error (internal error, AFSL or any type of error), the email being processed is kept in the processing queue and it will go through the filtering chain all over again, at a later time until all the filters in the chain can be applied. If all the filters in the filtering chain yield a PASS action, and the last one yields REJECT, the email is rejected. In case one of the filters situated in the middle of the chain triggers a REJECT or DISCARD action, the email will go through the filtering chain again.
The order in which these filters will be applied, is based on their level and on their priority. See Activating Filters for details on activation inheritance and priority levels.
AXIGEN Mail Servers can easily integrate with other third party applications through a simple interface which is made available as part of SDK (Software Development Kit). For more details on SDK delivery, please contact the AXIGEN Sales Department.
4.3.1. Message Acceptance Rules
AXIGEN Mail Server implements a set of message acceptance rules at SMTP-connection level.
The system administrator can configure and implement message acceptance rules and adjust them to best suit their security requirements. Incoming connections established via SMTP and the message flow can be easily managed using the established rules. Moreover, they allow adding headers, changing addresses and other such actions.
Examples of message acceptance rules:
• allow incoming messages from a specific domain • deny incoming messages with attachments exceeding 3 MB • allow authenticated users only • accept secured connections only • deny looping emails (when the number of Received headers exceeds 20)
103
Copyright © 2008 Gecad Technologies S.A.
http://www.axigen.com
AXIGEN System Administrator's Manual
The message acceptance rules can consist in any number of such rules applied following a given priority.
These rules can be set at SMTP Incoming level and help save space and resources for email processing.
The rules are defined using an AXIGEN proprietary scripting language and are at this time contained, along with the Processing and Relay policy scripts in a single file per installed server. They can also be created automatically via the WebAdmin Wizard. More details no how to do this are available in the Message Acceptance Settings chapter.
Through the Message acceptance rules, a wide range of event handlers associated with the SMTP events are available, along with various methods, message headers, envelopes and peer information.
The events are predefined blocks within the script that will be executed at specific moments by the server. For each event, the server calls certain methods which can have a configurable or predefined behavior. The available events at SMTP Incoming level are:
• onConnect • onEhlo • onMailFrom • onRcptTo • onDataReceived
Message acceptance rules are based on a proprietary scripting language. For an overview of this language, please see the Language Specifications section.
4.3.2. Routing Rules
To further fin-tune email communication management at SMTP level, AXIGEN Mail Server implements Routing Rules.
The Routing Rules correspond to the Processing and SMTP Outgoing modules and enable administrators to define the NDR (Non-Delivery Receipt) text and the conditions when such a message is returned. As an example, NDR responses are sent when the specified recipient of an email message is invalid.
Routing Rules also allow system administrators to customize SMTP Outgoing actions for all or part of the relayed email communication. For example, they can
• establish a certain address where all emails from a certain domain are relayed, or • specify a username/password authentication before relaying emails to a certain
address.
Routing rules can contain any number of predefined options, thus being easily adapted to various security requirements.
The rules are defined using an AXIGEN proprietary scripting language and are at this time contained, along with the Message acceptance rules scripts in a single file per installed server. They can also be created automatically via the WebAdmin Wizard. For details on the options available in the WebAdmin Wizard, please see the corresponding section.
104
Copyright © 2008 Gecad Technologies S.A.
http://www.axigen.com
AXIGEN System Administrator's Manual
A wide range of event handlers associated with the SMTP events are available, along with various methods, message headers, envelopes and peer information are available when defining Routing rules.
The events defined for the Routing rules and their contexts are as follows:
Event Context
onRelay SMTP Sending
onDeliveryFailure Processing
onTemporaryDeliveryFailure Processing
For a detailed description of the scripting language the rules are based on, please see the Language Specifications section.
4.3.3. Antivirus / Antispam Filters
Antivirus / Antispam Filters can be easily used with the AXIGEN Mail Server to ensure a high security level for email communication.
IMPORTANT! The AXIGEN Mail Server can integrate with more than 14 antivirus applications - KAV(Kaspersky) for Mail Servers, BitDefender, Sophos, F-Prot, DrWeb, Symantec, F-Secure, Avast, eTrust, Norman, Panda, McAfee, ClamAV - and 6 antispam applications - SpamAssassin, AVG, Kaspersky Anti-Spam, Avira MailGate, BitDefender Mail Protection for Enterprises, Symantec Brightmail AntiSpam.
1. Simple Integration with ClamAV and SpamAssassin To see instructions on how to make AXIGEN work with ClamAV, see the corresponding AXIGEN forum posting. For SpamAssassin, you simply need to install the application, no further configurations are necessary. A sample setup procedure for connecting these two applications to AXIGEN is also given in the AXIGEN Install and Configuration Guide.
2. Integration with Commercial Antivirus Applications
Commercial Antivirus applications can communicate with AXIGEN either directly (using the AXIMilter module) or through AMAVIS.
The AXIMilter module can communicate with any Antivirus application that has milter support, while AMAVIS provides support for the following security solutions: KAV(Kaspersky) for Mail Servers, BitDefender, Sophos, F-Prot, DrWeb, Symantec, F-Secure, Avast, eTrust, Norman, Panda, McAfee.
For instructions on setting up AXIMilter, see the AXIMilter section.
More details on setting up the AXIGEN Mail Server integration with Amavis, are available on the AXIGEN site in this dedicated article.
3. Integration with commercial Antispam applications For instructions on how to integrate AXIGEN with AVG, Kaspersky Anti-Spam, Avira MailGate, BitDefender Mail Protection for Enterprises, Symantec Brightmail AntiSpam, please see the related Knowledgebase articles:
105
Copyright © 2008 Gecad Technologies S.A.
http://www.axigen.com
AXIGEN System Administrator's Manual
How to enable spam protection in AXIGEN using AVGHow to enable anti-spam filtering in AXIGEN using the milter implementation of Kaspersky Anti-SpamHow to enable anti-spam filtering in AXIGEN using the milter implementation of Avira MailGateHow to enable anti-spam filtering in AXIGEN using the milter implementation of BitDefender Mail Protection for EnterprisesHow to enable anti-spam filtering in AXIGEN using the milter implementation of Symantec Brightmail AntiSpam
Antivirus / Antispam Filters are dynamic filters executed by external processes. These types of filters are based on a file defining the communication protocol between AXIGEN and the external process executing the filter.
Antivirus/Antispam Filters can also interact with Message rules, via two headers appended to email messages. These headers contain a spam or virus level value which actually indicates the likelihood of that particular email message being virus or spam. Based on these levels, actions imposed by the message rules can be taken, for instance moving email messages above a certain level to a specified Quarantine folder.
AXIGEN supports creating customized filter chain. This means system administrators can define and use as many Antivirus/Antispam Filters and Message rules as required by their security policies.
In AXIGEN, antispam/antivirus filters calls are multithreaded - this means that filters can be applied on several emails at the same time, improving thus service availability and processing speed.
If one of the filters in the filtering chain does not respond, AXIGEN provides a failsafe mode, which allows pinging the filter regularly until the connection is reestablished. At that moment, the email message filtering chain is resumed. This guarantees that every message goes through the entire filtering chain.
AXIGEN Mail Servers can easily integrate with other third party applications through a simple interface which is made available as part of SDK (Software Development Kit). For more details on SDK delivery, please contact the AXIGEN Sales Department.
For information on how to configure Antivirus/Antispam filters at different levels using WebAdmin, see:
Manage Antivirus/Antispam FiltersDomain Filter ConfigurationGroups Filter ConfigurationList Filter Configuration
Antivirus/Antispam filters can also be configured using the CLI Filters context. For information on how to use the Command Line Interface, see Configuring AXIGEN using CLI.
4.3.4. Message Rules
Message rules instruct the AXIGEN Mail Server to take certain actions on processed email messages based on pieces of information contained by the message headers.
Thus you can create rules like:
• messages from [email protected] copy to alex@localdomain;
106
Copyright © 2008 Gecad Technologies S.A.
http://www.axigen.com
AXIGEN System Administrator's Manual
• messages from [email protected] move to folder Jokes; • all messages reply with "Out-of-office" message;
Message rules are easily created using the provided Web Wizard by each individual user via the WebMail module of AXIGEN. For more details on Wizard usage, please see Mail Filtering in WebMail.
More complex message rules can be created by the system administrator using a simple scripting language called SIEVE. The same language is used by the WebMail Wizard when defining message rules automatically.
Using Message rules is safe since they do not operate on the mail content but only extract information from the mail header and take actions according to the pre-defined rules. They work basically by comparing different keys using different comparators and comparison methods, against headers of a mail message. Based on the result of the comparison, you can apply different actions to the corresponding mail message, i.e. reject, discard, redirect, etc.
Message rules are static filters, where the filter itself is contained in a separate file. Different user-defined scripts can be included in any AXIGEN Filtering System. The supported language provides an extremely flexible filtering methodology, as users can define any number of script filters according to their needs.
AXIGEN also implements the vacation extension. This means that message rules can be created and applied for generating out-of-office type automatic replies. Thus, auto-generated messages can be sent when the user of the account for which the vacation applies, is on vacation, out of office or in general away for an extended period of time. The vacation extension is an extra functionality also available via script files.
Antivirus/Antispam Filters can also interact with Message rules, via two headers appended to email messages. These headers contain a spam or virus level value which actually indicates the likelihood of that particular email message being virus or spam. Based on these levels, actions imposed by the message rules can be taken, for instance moving email messages above a certain level to a specified Quarantine folder.
AXIGEN supports creating customized filter chain. This means system administrators can define and use as many Antivirus/Antispam Filters and Message rules as required by their security policies.
For a complete description of message rules implementation in AXIGEN, see the SIEVE Language section. For a complete description of this language, see RFC 3028.
Message rules can also be created from WebAdmin at different server levels. For more details on adding new message rules from WebAdmin, see:
Configuring Message RulesDomain Filter ConfigurationAccount Filter Configuration
Filters can also be configured using the CLI Filters context (see Configuring AXIGEN using CLI) and by editing the configuration file (see Configuring AXIGEN using the Configuration File).
107
Copyright © 2008 Gecad Technologies S.A.
http://www.axigen.com
AXIGEN System Administrator's Manual
4.3.4.1. SIEVE Overview and Implementation in AXIGEN
SIEVE Overview Sieve is a language created and used for mail filtering either on the server or on the client. The language is completely described in the RFC 3028. Sieve is an interpreted language that can be described as relatively simple. It has no loop structures, no variables (in the basic form) it has only an if control structure.
Sieve works basically by comparing different keys using different comparators and comparison methods, against headers of a mail message and based on the result applies actions to the message, like reject, discard, redirect.
The structure of Sieve as described in the RFC 3028 is: SIEVE defines 5 actions: keep, fileinto, reject, discard, redirect which are self-explanatory. It also defines 3 control commands:
• <stop> - which stops the processing to that point • <if elsif else> structure • require command - which defines an extension of the language. It tells the interpreter
that the respective extension will be used in the script
The if structure has the form: if <test> <block> elsif <test> <block> else <block>
A block is a block of commands (actions and control commands - including other ifs) and a test can be one of the following:
1. address - tests a set of the address headers against a set of keys using different comparison methods
2. envelope - optional test 3. header - tests a set of the headers against a set of keys using different comparison
methods:
• true, false - constants • allof <other tests> - logic and between several tests • anyof <other tests> - logic or between several tests • not <test> - negation of a test • exists - test if a set of headers exist • size - test against the size of a message
A test can take 2 values: true or false.
After parsing a script against a mail message, several actions can result which may interact. Several constrains are defined regarding action interaction which will be explained in the next paragraph.
If no action is to be taken after a complete parse of the script, or an error occurs, an implicit keep will ensure delivery of the message to the inbox.
The AXIGEN SIEVE interpreter The interpreter uses the following restrictions and constrains in implementing the RFC 3028:
• it implements the extensions described in the rfcs: fileinto, reject, envelope, copy, relational, spamtest, virustest, subaddress
108
Copyright © 2008 Gecad Technologies S.A.
http://www.axigen.com
AXIGEN System Administrator's Manual
• the relational test :count can only be used with the i;ascii-numeric comparator and when there are more then one strings in the second string list, only the first will be considered
• it implements the "i;octet", "i;ascii-ccasemap" and "i;ascii-numeric" comparators for the "i;ascii-numeric" comparator, the :matches and :contains tags, cannot be used. Error otherwise.
• it allows only require with (fileinto, reject, envelope, copy, vacation) arguments, gives an error message otherwise
• allows address and envelope test with the second string list (the values list) not tested for valid addresses (i.e. it allows part of addresses put in the values list)
• it allows only the: "From", "To", "CC", "Bcc", "Sender", "Resent-From", "Resent-To" headers to appear in the address test and only "To", "From" headers in the envelope test. Error otherwise.
• the require group of commands must appear first and must contain only required commands. Error otherwise.
• elsif and else must appear only after an if or an elsif. error otherwise • there is one type of warning and five types of error messages:
1. "[Syntax Error]: given if there is a syntax error in the script 2. "[Parse Error]: if a semantic error appears 3. "[Semantic Error]: similar to parse error 4. "[Validation Error]: if the script is not compliant to this document 5. "[Run-time Error]: if something is wrong during a message parse
• numbers in the size test cannot be negative and cannot exceed 2^32-1. error otherwise
• numbers when using the i;ascii-numeric comparator cannot exceed 2^32-1 and cannot be negative. If a string used with this comparator starts with something other than a digit, or is null, or is negative, or it exceeds 2^32-1, it gets the value 2^32. Leading whitespace (SP,HTAB,CRLF) is ignored
• it does not allow two or more comparator, address-part, match-type tags in the address, hearer and envelope tests. Error otherwise.
Action interaction General action interaction: the following constrains apply (error otherwise):
• reject can only be by itself and only once (eventually with stop) • keep can appear with any action (except reject) several times, and a move to Inbox
(or similar) will be executed once • discard can appear with any action (except reject) several times and the result will be
a discard only when solely discard actions are present or there is an implicit keep by using the :copy tag
• fileinto can appear several times with any action (except reject) and a move to the specified folder will be executed (if a move to the same folder is specified, it is treated as an error but a duplicate move will not be performed - a warning will be issued)
• redirect can appear several times and with any action (except reject), the result consisting in redirecting to the specified address only once (without giving an error if a duplicate reject with the same address appears) - a warning will be issued
• any action except stop, fileinto, vacation and redirect used with the :copy tag will cancel the implicit keep
Vacation interaction • vacation can appear once per script and all other appearances will be disregarded.
109
Copyright © 2008 Gecad Technologies S.A.
http://www.axigen.com
AXIGEN System Administrator's Manual
• vacation used with discard, redirect, fileinto or explicit keep will not be an error and will not be considered to break the respective actions interaction rules
Spamtest and Virustest Extension
This implementation supports the spamtest and virustest extensions as described in the RFC 3685, but in each case, the following constrains appear: Spamtest
• a separate tool will be implemented that will map vendor specific information from antispam tool and
• a new header named "X-AxigenSpam-Level" will be added which can have the following values:
1- message was tested and is clear of spam 2 -9- message was tested and has a varying likelihood of containing spam in increasing order 10- message was tested and definitely contains spam
Virustest
• a separate tool will be implemented that will map vendor specific information from antivirus tool and
• a new header named "X-AxigenVirus-Level" will be added which can have the following values:
1- message was tested and contains no known viruses
2 - message was tested and contained a known virus which was replaced with harmless content 3 - message was tested and contained a known virus which was "cured" such that it is now harmless 4 - message was tested and possibly contains a known virus
5 - message was tested and definitely contains a known virus
The possible values of the header SHOULD be only numbers and if so MUST be only the above numbers but may also have leading and trailing spaces and may contain alphanumeric characters after the numbers. There may be maximum one header of each type at a given moment, and when the tool has a value to assign to the header, it will assign it only if it is greater than the value already contained in the header.
Vacation Extension The vacation extension is implemented using the draft: draft-ietf-sieve-vacation-04. The vacation extension is used to send auto-generated messages when the user of the account for which the vacation applies, is in vacation, out of office, in general away for an extended period of time.
For a description of the syntax of this extension, please consult the SIEVE related documents and the draft this implementation is based of.
Implementation specific issues like restrictions and constrains, and in general issues that appear in the draft with SHOULD or MAY, are defined below.
110
Copyright © 2008 Gecad Technologies S.A.
http://www.axigen.com
AXIGEN System Administrator's Manual
The minimum value for the vacation: days argument is 1 and the maximum is 45. If the value given to the days argument is less that 1 it will be considered 1 and if greater that 45, it will be considered 45. The default value if the days parameter is omitted is 7.
The Previous Response Tracking feature (section 4.2 of the draft) is implemented using a CRC32 hash and the date when the response was sent. This means that there may be cases when a second response will be generated even though it was not supposed to, but the chances of that is negligible compared to the speed gain.
The Limiting Replies to Personal Messages feature (section 4.6 of the draft) was implemented considering the same cases as in the draft, but this will change in a way to allow the administrator to define custom rules for recognizing auto-generated mails.
The vacation response message is generated with all the features defined in the Section 5 of the draft except the References field that is not generated in this version of the implementation.
The interaction between vacation and other actions is described above, under Action Interaction.
4.3.5. The AXIGEN Filtering Module
Based on the Sendmail's Content Management Protocol (Milter), the AXIGEN Filtering Module (AXIMilter) provides an interface for third-party software (such as antivirus/antispam) to validate and modify messages as they pass through AXIGEN Mail Server.
Through AXIMilter, AXIGEN can be integrated with various Antivirus and Antispam applications. At this time, the AXIGEN Messaging Solution integration with AXIMilter has been sucessfully tested for Kaspersky (kavmilter), Symantec Brightmail, Avast and Avira.
4.3.5.1. Filtering Module Implementation in AXIGEN
A "milter" is a module used by a mail transfer agent (MTA) that allows the addition of very efficient Antivirus/Antispam filters in the mail processing chain. It makes decisions and takes actions during the SMTP sessions. The milter uses a communication protocol based on sockets. This protocol can be used to enable third party applications like anti-virus or anti-spam software to integrate with different MTAs supporting this milter module.
AXIMilter is a daemon that runs separately from AXIGEN. It can be configured through its configuration file, located by default in /etc/opt/axigen/aximilter.conf. The configuration file can be specified using the command line arguments, if one wants to use configuration located elsewhere.
The AXIGEN MTA communicates with the milter extension using the "aximilter.afsl" filter and the inet socket. The filter takes care of the communications and translations between the two parties. Any results passed on by the milter to the filter are interpreted and formatted by it and passed down the chain to AXIGEN.
When the filter is defined and activated in the AXIGEN configuration you have to set the socket used for communications between AXIGEN and the milter extension. This is an inet
111
Copyright © 2008 Gecad Technologies S.A.
http://www.axigen.com
AXIGEN System Administrator's Manual
(TCP) type of socket. Through this socket AXIGEN will connect to the milter interface and give instructions (formatted by the filter file) to the third party application at the other end. This connection is also used to receive any results from the milter back to AXIGEN.
Filter file purpose:
• Parse the information received • Interpret and check the information • Translate information • Pass information
Socket purpose:
• Establish a communications channel • Transfer information • Maintain the integrity of the information
The milter extension takes the requests received from AXIGEN and passes them to the milter counterpart of the third party application. This communication is negotiated using the standard milter protocol. When the third party milter responds, information is again passed through the TCP socket and interpreted by the filter. Only then, based on the information received, AXIGEN is able to determine what action to take.
The whole process chain can be described as follows. The AXIGEN MTA receives an email and the processing chain begins. When AXIGEN reaches the filter designated for the milter extension it passes the necessary information through the socket. All the information is translated by the filter file and fed to the AXIMilter (AXIGEN's milter extension). AXIMilter then connects through a socket to the third party milter implementation and sends the request to make a decision about the fate of the particular email.
After deciding the action to be taken on the respective email (to accept it or not and why) the information is again passed to AXIMilter through the socket between the two milter implementations. AXIMilter sends the results back to AXIGEN through the socket defined in the filter setup and it is again translated. When the AXIGEN MTA receives the information, it takes the necessary steps to deliver or discard the message.
4.3.5.2. Configuring the AXIGEN Filtering Module The AXIGEN Milter implementation filter can be enabled from WebAdmin in "AntiVirus and AntiSpam" context, enable the Application named 'aximilter'.
For more information on Antivirus/Antispam Filters in AXIGEN, see Antivirus/Antispam Filters.
AXIMilter configuration The milter configuration resides in the /etc/opt/axigen/aximilter.conf file. Depending on the setup you want to achieve there are multiple options to consider. Due to the TCP style of sockets used you can decide you want to use one machine as mail server and another one on the network as mail scanner. You can also use the same machine. There are some other options you should consider like the number of threads and/or connections you want to allow at any given time. This can have serious productivity and security implications.
Below you can find explanations for the available configuration options:
• bindIp <ip> is the variable that sets the interface AXIMilter will use to listen for connections from AXIGEN. If the machine running AXIMilter has more than one
112
Copyright © 2008 Gecad Technologies S.A.
http://www.axigen.com
AXIGEN System Administrator's Manual
interface you should change this variable to the IP of the interface available to the AXIGEN server. This should be set to a LAN IP address ensuring that the traffic between your MTA and AXIMilter is not visible to anyone else. If you run AXImilter and AXIGEN on the same machine you can leave this option unchanged.
• bindPort <port> is the port that AXIGEN connects to when establishing a connection to the AXImilter extension. You can set this port to whatever you like as long as the port is not already bind by another process. This port must be used when creating the filter in the AXIGEN configuration. When AXIGEN initiates the connection to the socket, AXIMilter has to be listening for connections. If the port is not used by another process you can leave this option unchanged. DEFAULT: 1981
• rwTimeout <value> is the maximum amount of time allocated to a connection session. It is expressed in milliseconds. Setting this value too high on a high traffic server might saturate all the available connections. Setting this too low on a slow machine might interfere with the communications transmitted. The range for this value is 1 - 65535. - DEFAULT: 400
• milterIp <ip> is the IP address of the machine running the third party milter implementation. As with the "bindIp" variable this should be set to the local IP address of that particular machine or left unchanged if the other milter runs locally. DEFAULT: "127.0.0.1"
• milterPort <port> is the port number AXIMilter connects to when establishing a connection with the third party milter implementation. This port has to be the same as the one specified in the configuration file of the third party software. This port is crucial in setting up a working milter implementation. If you change the port in the configuration of your software, you have to change it here too. Most anti-virus scanners use different ports so make sure to check which port you have to set here before testing your implementation. DEFAULT: 1990
• logType <type> - this parameter defines where to log messages. It can be "system","file" or "stdout". The "system" value means that messages will be logged to the system log, "file" that they will be logged in a file and "stdout" that messages will be logged at standard output. WARNING: if "file" is selected for this property, the logFile must also be set. - DEFAULT "system"
• logFile <file> - if logType has the value "file", this defines the file where messages are logged. - DEFAULT: "none"
• logLevel <level> - the level at which messages will be logged. Possible values are: o 0 - only error messages will be logged o 1 - error and warning message will be logged o 2 - all messages will be logged o DEFAULT: 2
• processingThreads <threads> is the number of threads ready to process requests. This number also limits the maximum connections that can be established to the AXIMilter extension. This means that if for example you set this value to 3, only a maximum 3 requests can be sent at any given time, thus only the fate of 3 emails can be decided. When one of these connections is closed a new one can be opened. Make sure you balance this value so that you don't overload the server and at the same time you don't keep too many emails waiting if you have a lot of traffic. The default value should be sufficient for most modern computers and at the same time should be reasonable enough on a medium-sized server. The range for this value is 1 - 128. - DEFAULT: 16
113
Copyright © 2008 Gecad Technologies S.A.
http://www.axigen.com
AXIGEN System Administrator's Manual
4.3.5.3. AXIGEN Filtering Module Commands
Command line parameters • -h displays this help message • -v displays the version • -f run in foreground • -u <user> run as user. DEFAULT: 'axigen' • -g <group> run as group. DEFAULT: 'axigen' • -c <path>: path to the configuration file DEFAULT: /etc/opt/axigen/aximilter.conf
Starting with version 5 the AXIMilter daemon is included in the AxigenFilters. A list of commands needed to start, stop, restart, or check the status is available in the Starting/Stopping/Restarting the Server section.
4.3.6. Activating and Prioritising Filters and Rules
In AXIGEN Mail Server, you can activate Antivirus / Antispam filters by enabling them from 'AntiVirus and AntiSpam' context, and Message rules by adding and enabling them in the 'Incoming Message Rules' list, available in the 'Security & Filtering' menu in WebAdmin.
Filter Priority Priorities between enabled Antivirus / Antispam filters or Message rules can be changed using the the up and down arrows under the Priority section from the same context that these can be Enabled/Disabled.
Activation Inheritance All filters activated at server level, will automatically be applied at all filtering levels, according to their respective priority levels.
The same is true for domain level filters, which can be activated at account / mail list level. Filters activated at domain level, are applied to all accounts belonging to the respective domain. Filters activated only at account level, will only be applied to that specific account.
For information on how to activate filters using WebAdmin see the following pages:
Managing Message Filters Domain Filter ConfigurationAccount Filter ConfigurationList Filter Configuration
4.3.7. Language Specifications for Policy Configuration
The AXIGEN SMTP Policy system is defined in a single file per installed AXIGEN Mail Server and has events for the SMTP Incoming, Outgoing and Processing stages of a mail life cycle. The Policy system contains Message Acceptance Policies and Processing and Relay Policies. The file is known by the server by the means of smtpFiltersFile parameter.
Important!
Starting with version 5, changing the existent rules/methods or adding new rule/methods by directly editing the smtpFilter file is NOT recommended for normal usage. This could render unavailable in the corresponding context of SMTP filter/rules in WebAdmin and it is not advisable unless you need heavy tweaking and know what you are doing.
114
Copyright © 2008 Gecad Technologies S.A.
http://www.axigen.com
AXIGEN System Administrator's Manual
Instead of directly editing smtpFilters, for normal usage, the administrator should use the following context from the WebAdmin module: 'Security & Filtering' -> 'Acceptance & Routing'.
If the specific WebAdmin context is invalidated by manual modifications of the smtpFilters file, then a warning will be displayed, and the user will be presented with the opportunity of overwriting the contents of the file.
Since manual modification of smtpFilters file is not recommended anymore, a wizard that will help you build your required rules is available in WebAdmin.
ATTENTION! If rules already exist in the smtpFilters file, using the wizard from WebAdmin will overwrite all of them, please first back-up your smtpFilters file.
Basic structure The language is structured in blocks of two types: events and methods. The events are predefined blocks that will be executed at specific moments by the server. The methods are custom defined blocks that will be called from the language. Thus the basic structure of a language file is: event event1 {
event event2 {
.
. }
Comments inside the script file are allowed using the syntax: #comment until the end of line.
SMTP Events The events defined for the SMTP filters and their contexts are as follows:
Event Context
onConnect SMTP Receiving
onEhlo SMTP Receiving
onMailFrom SMTP Receiving
onRcptTo SMTP Receiving
onHeadersReceived SMTP Receiving
onBodyChunk SMTP Receiving
onDataReceived SMTP Receiving
onRelay SMTP Sending
onDeliveryFailure Processing
onTemporaryDeliveryFailure Processing
115
Copyright © 2008 Gecad Technologies S.A.
http://www.axigen.com
AXIGEN System Administrator's Manual
Thus, the structure of the script file is: #Sample AXIGEN SMTP Filter #the event called when a connection is made to SMTP event onConnect { . code . } #the event called when smtp receives EHLO event onEhlo { . call(Ionel); . } method Ionel { . code }
Methods Beside the custom methods, a number of predefined methods are also available. They are called in the same way and have a predefined behavior. The currently available predefined methods are:
• checkSPF • checkReverseDNS • addHeader • addIfNotExistsHeader • removeFirstHeader • removeHeader • modifyHeader • modifyIfExistsHeader • addRcpt • discardRcpt
A more comprehensive example of a script defined until now, can be: event onHelo { call(heloEvent); } method heloEvent { . call(checkSpf); call(addHeader); }
Contexts This language defines a scripting language to be used especially for SMTP filtering. The SMPT process has three different contexts: Incoming, Outgoing and Processing. Thus the behavior of the same filter differs depending on the context to which it is applied. For example the SMTPIn events are triggered only within the SMTP Incoming context. The same applies to context dependent variables which will be detailed below.
Variables After methods and events, the next as level of importance are the variables. They act as input and output to functions and also act as actions to be taken by the SMTP engine. All
116
Copyright © 2008 Gecad Technologies S.A.
http://www.axigen.com
AXIGEN System Administrator's Manual
variables are considered to be string or numbers and can be of three types:
• read-only variables (input variables); • read-write variables (input/output variables); • action variables - these variables can be either read-only or read-write but they are in
this category because they can cause the SMTP engine to take an action or are involved in an action.
Variable behavior is context-dependent. If a variable is an input variable for the SMTP Incoming context it will be set only in that context and will be "" in the SMTP Outgoing context. Furthermore, a variable will be set only after that variable's value is known. For example, the MailFromDomain variable will be "" in the onConnect and onEhlo events and will be set only in onMailFrom event.
Some variables are set/read by the engine but there are methods for reading/writing them from the code. The reading of a variable implies the comparing of the variable's value with another value or variable. This is done using test functions that form the test block of a conditional block.
To set a variable, the function set is used: set(SPFResult, "some value");
When a predefined method is called, it usually sets one or more variables as its output and usually requires setting one or more variable as its input. Apart from the predefined variables, custom variables also exist and they can be used later in the code. To define a variable you just set its value: set(aVariable, "aValue").
The previous function defines a variable named aVariable and sets its value to "aValue".
A custom defined variable has lifetime that lasts until the end of a block. To preserve a variable across blocks and across contexts, the export function is used: export(aVariable)
The lifetime of a filter with its contexts is per email message so the export function can be used to preserve the value of a variable specific to one email message through different stages of SMTP. For example, at the SMTP Outgoing context, the value of MailFromDomain is not set but can be, if in one of the SMTP Incoming events, an export(MailFromDomain) was made.
Within the SMTP Filter Language, the concept of variable expanding means that, within a string, a variable name may appear and at runtime the name will be replaced by the variable's value. In order for a variable to be expanded, its name must appear between "%" characters. An example of variable expanding is: event onConnect { set(aVariable, "Hello.");set(SMTPGreeting, "%aVariable% This is my AXIGEN server");
}
When you connect on the SMTP port, the greeting will be: "Hello. This is my AXIGEN server"
This expanding mechanism also works for comparing two variables: event onConnect { set(aVariable, "value"); set(bVariable, "value"); if (is(aVariable,"%bVariable%) {
117
Copyright © 2008 Gecad Technologies S.A.
http://www.axigen.com
AXIGEN System Administrator's Manual
set(SMTPAction,"reject"); } }
Structures Condition blocks There are only block, sub-block, if and switch structures. The block structures were defined above. The ‘if’ structure has the following form: if (conditions) { } else { }
The sub-blocks mentioned above are part of the ‘if’ and ‘switch’ structure and as in the case of blocks, start with a "{" and end with a "}".
The switch structure has the following form: switch (variable) { case <value>: { } case <value>: { } default: { } }
Both the ‘if’ and the ‘switch’ structures can imbricate a maximum of 16 levels of imbrication. The case statements are exclusive, that means that if a case is matched, after the execution of the block, the switch structure is exited.
Conditions The conditions are Boolean functions that are used in the ‘if’ and ‘switch’ tests. They split into 2 types: single conditions and logical groups.
The single conditions are as follows:
• is(variable,value) - matches for equality; • isCase(variable,value) - matches for equality and if strings, the match is case
insensitive; • match(variable,regexp) - regular expression match • lessThen(variable,value) - number comparison • greaterThen(variable,value) - number comparison • greaterOrEqual(variable, value) - number comparison • lessOrEqual(variable, value) - number comparison • iprange(variable, range) - matches if the variable's value is in range. If the variable is
not an ipAddress, the function returns false. Emample of how to define IP ranges: o 192.168.1.1-192.168.1.10 (range) o 192.168.1.1/24 (cidr) o 192.168.1.1/255.255.255.0 (netmask)
The logical groups are:
• not(condition) - negation of a condition • allof(condition,condition,...) - similar to an AND between conditions • anyof(condition,condition,...) - similar to an OR between conditions
The logical groups allow a maximum of 16 levels of imbrication.
118
Copyright © 2008 Gecad Technologies S.A.
http://www.axigen.com
AXIGEN System Administrator's Manual
Functions The functions can be looked at as keywords from other languages. They are the building blocks of the language and their behavior is hard-coded. The functions available are:
• all the Boolean functions described above; • call (method) - this executes a predefined of custom defined method. If the method is
custom defined, it must be defined in the same script file as the call; • export (variable) - this function exports a variable name and value to be used in
another context. If the variable is custom defined it must be defined in the same script file;
• set (variable, value) - this sets the value of a RW variable; • return - this function ends the current event or method execution.
4.3.7.1. SMTP Functionalities (I) A list of all events and all variables and methods that can be used by each event is presented below. The type (IN or OUT) and the access method (RO - read only, RW - read write, WO - write only) will be specified for each variable.
Important! Certain variables are only interpreted within some events, while the remaining events ignore them. Therefore setting such a variable for an event that will ignore it will take no effect. This is also applicable to predefined methods. Not all variables marked as RO or not presented for a certain event will generate an error if set. The reason is they can be marked as RW for other events of the same context. However, setting them will have no effect.
onConnect Called when a new client is connected.
Variable Type Access Method Explanation Value set Default
smtpPort numeric IN,RO The local listener port the client used to connect
Range: 0 - 65535
Not Applicable
smtpIp ip IN,RO The local interface IP the client used to connect
IP Not Applicable
remoteSmtpPort numeric IN,RO The remote port the connection was established through
Range: 0 - 65535
Not Applicable
remoteSmtpIp ip IN,RO The remote IP the connection
IP Not Applicable
119
Copyright © 2008 Gecad Technologies S.A.
http://www.axigen.com
AXIGEN System Administrator's Manual
Variable Type Access Method Explanation Value set Default
was established from.
isSSLConnection choice IN,RO 'yes' if the connection is encrypted (socket ssl), no if it is not.
Choice:
• yes - the connection is encrypted (socket ssl)
• no - the connection is not encrypted
Not Applicable
DNSBLServer text OUT,WO The DNSBL server name used by 'checkDNSBL' method.
Text string
DNSBLResult ip IN,RO The result of a 'checkDNSBL' call; if the client ip is not found using 'DNSBLServer' the result is an empty string
IP
DNSBLExplanation text IN,RO The explanation associated with the result returned by a 'checkDNSBL' call
Text string
smtpGreeting text OUT,WO The initial message sent to the client (for the moment, it can be a static string only).
Text string AXIGEN specific greeting text
smtpAction choice OUT,WO Determine what action the smtp engine shoud take for the current command.
Choice:
• accept - the server accepts the current command
• reject - the server rejects the
Takes an action conforming with the internal policies
120
Copyright © 2008 Gecad Technologies S.A.
http://www.axigen.com
AXIGEN System Administrator's Manual
Variable Type Access Method Explanation Value set Default
current command and returns a permanent error
• tmpreject - the server rejects the current command and returns a temporary error
• abort - the server aborts the connection
smtpExplanation text OUT,WO The message sent to the client in case of a reject or tmpreject action.
Text string A default error message
RFCBreak multival OUT,WO List of RFC violation permitted or requested.
Values:
• nofolding - Header lines longer than 78 characters are permitted and no folding is perfomed on those lines
• bodycrlfcorrection - SMTP IN service is allowed to modify the body of 7Bit mime messages in order to fix invalid line terminator sequences (the single CR, LF or LFCR and CRCRLF sequences found in mail's body are replaced with CRLF)
filterName text OUT,WO The name of the extenral filter to be added
Text string Not Applicable
121
Copyright © 2008 Gecad Technologies S.A.
http://www.axigen.com
AXIGEN System Administrator's Manual
Variable Type Access Method Explanation Value set Default
filterType choice OUT,WO The type of the external filter to be added
Choice:
• milter - The new external filter is of type MILTER
Not Applicable
filterAddress text OUT,WO The address of the new external filter
Text string Not Applicable
addFilterResult choice IN,RO Choice:
• ok - The addFilter call was successfull
• error - The addFilter call failed
Not Applicable
addFilterExplanation text IN,RO Text string Not Applicable
filterNamePattern text OUT,WO The pattern name of filters to be executed
Text string
'filterName'.result choice IN,RO The execution result of an external smtp filter
Choice:
• pass - The filter was executed and returned a positive result
• fail - The filter was executed and returned a rejection result
• neutral - The filter was not selected for execution by the lass executeFilters call
• error - The filter was not executed because of system errors
Not Applicable
'filterName'.action choice IN/OUT,RW The default action taken by the smtp engine as a result ofexecuting an external smtp
Choice:
• accept - The engine accepts the current and the following commands
• continue - The
Not Applicable
122
Copyright © 2008 Gecad Technologies S.A.
http://www.axigen.com
AXIGEN System Administrator's Manual
Variable Type Access Method Explanation Value set Default
filter engine accepts the current command
• discard - The engine ignores the current command
• tmpreject - The engine temporary rejects the current command
• reject - The engine permanently rejects the current command
'filterName'.explanation text IN,RO The explanation associated with the execution of an external smtp filter
Text string Not Applicable
Methods
Name Explanation Input Parameters Output Parameters
addFilter Adds an external smtp filter
• filterName-Specifies the name of the filter to be added
• filterType-Specifies the type of the filter to be added
• filterAddress-Specifies the address of the filter to be added
• addFilterResult-Indicates if the add filter operation was successfull
• addFilterExplanation-Indicates the failure reason of the add filter operation
executeFilters Execute onConnect method for selected filters
• filterNamePattern-The selection name pattern of filters to be executed
• 'filterName'.result-The execution result of the filter named 'filterName'
• 'filterName'.action-The default smtp action taken as a result of executing the filter named 'filterName'
checkDNSBL Checks if the clinent ip is black-listed in
• DNSBLServer-The DNS Black List server used to check the client
• DNSBLResult-The ip associated with the client ip in server 'DNSBLServer'
123
Copyright © 2008 Gecad Technologies S.A.
http://www.axigen.com
AXIGEN System Administrator's Manual
Name Explanation Input Parameters Output Parameters server 'DNSBLServer'
ip • DNSBLExplanation-Explanation associated with the 'DNSBLResult'
onEhlo Called after receiving the EHLO message sent by the client.
Variable Type Access Method Explanation Value set Default
smtpPort numeric IN,RO The local listener port the client used to connect
Range: 0 - 65535
Not Applicable
smtpIp ip IN,RO The local interface IP the client used toconnect
IP Not Applicable
remoteSmtpPort numeric IN,RO The remote port the connection was established through
Range: 0 - 65535
Not Applicable
remoteSmtpIp ip IN,RO The remote IP the connection was established from
IP Not Applicable
isSSLConnection choice IN,RO 'yes' if the connection is encrypted (socket ssl), no if it is not.
Choice:
• yes - the connection is encrypted (socket ssl)
• no - the connection is not encrypted
Not Applicable
ehloHost hostname IN,RO The hostname the client declares
Hostname Not Applicable
isESMTP choice IN,RO 'yes' if the client used EHLO, 'no' for HELO
Choice:
• yes - the client used EHLO
• no - the client used HELO
Not Applicable
authUser text IN,RO Name of sucessfully authenticated user ('' if the Auth command was incorrectly used)
Text string Not Applicable
authMatchFrom choice OUT,WO Verifies if the sender address corresponds to the
Choice:
• yes - the sender address corresponds
yes
124
Copyright © 2008 Gecad Technologies S.A.
http://www.axigen.com
AXIGEN System Administrator's Manual
Variable Type Access Method Explanation Value set Default
one used to authenticate.
to the one used to authenticate
• no - the sender address does not correspond to the one used to authenticate
mailCount numeric IN,RO Number of succesfully sent mails during this session.
Range: Not Applicable
totalMailSize numeric IN,RO Total size of email messages sent in the respective session (in octets).
Range: Not Applicable
remoteDelivery choice IN/OUT,RW Specifies which clients can send remote messages.
Choice:
• all - all clients can send remote messages
• none - no clients can send remote messages
• auth - only authenticated clients can send remote messages
auth
localDelivery choice IN/OUT,RW Specifies which clients can send messages locally.
Choice:
• all - all clients can send messages locally
• none - no clients can send messages locally
• auth - only authenticated clients can send messages locally
all
maxRcptCount numeric IN/OUT,RW The maximum number of recipients for an email.
Range: 0 - 1000
1000
maxDataSize numeric IN/OUT,RW The maximum size of a mail message (KB).
Range: 0 - 4294967295
10240
125
Copyright © 2008 Gecad Technologies S.A.
http://www.axigen.com
AXIGEN System Administrator's Manual
Variable Type Access Method Explanation Value set Default
maxReceivedHeaders numeric IN/OUT,RW The maximum size of 'Received' headers after which the email is considered to be looping.
Range: 0 - 4294967295
30
allowStartTLS choice IN/OUT,RW 'yes' if the STARTTLS extension is allowed, 'no' if otherwise.
Choice:
• yes - STARTTLS extension is allowed
• no - STARTTLS extension is not allowed
yes
allowPipelining choice IN/OUT,RW 'yes' if the PIPELINING extension is allowed, 'no' if otherwise.
Choice:
• yes - PIPELINING extension is allowed
• no - PIPELINING extension is not allowed
yes
allow8BitMime choice IN/OUT,RW 'yes' if the 8BIT extension is allowed, 'no' if otherwise.
Choice:
• yes - 8BIT extension is allowed
• no - 8BIT extension is not allowed
yes
allowBinaryData choice IN/OUT,RW 'yes' if the BINARY extension is allowed, 'no' if otherwise.
Choice:
• yes - BINARY extension is allowed
• no - BINARY extension is not allowed
yes
plainConnAuthTypes multival IN/OUT,RW Allowed authentication types for a plain connection (possible values: 'all', 'none' or a 'plain', 'login', 'cram-md5', 'digest-md5' and 'gssapi' combination).
Values:
• all - All authentication types are allowed for plain connections
• none - No authentication type is allowed for plain connections
• plain - PLAIN authentication is allowed for plain connections
• login - LOGIN authentication is allowed for plain
all
126
Copyright © 2008 Gecad Technologies S.A.
http://www.axigen.com
AXIGEN System Administrator's Manual
Variable Type Access Method Explanation Value set Default
connections • cram-md5 - CRAM-
MD5 authentication is allowed for plain connections
• digest-md5 - DIGEST-MD5 authentication is allowed for plain connections
• gssapi - GSSAPI authentication is allowed for plain connections
secureConnAuthTypes multival IN/OUT,RW Allowed authentication types for a SSL connection (possible values: 'all', 'none' or a 'plain', 'login', 'cram-md5' and 'gssapi' combination).
Values:
• all - All authentication types are allowed for secure connections
• none - No authentication type is allowed for secure connections
• plain - PLAIN authentication is allowed for secure connections
• login - LOGIN authentication is allowed for secure connections
• cram-md5 - CRAM-MD5 authentication is allowed for secure connections
• digest-md5 - DIGEST-MD5 authentication is allowed for secure connections
• gssapi - GSSAPI authentication is allowed for secure connections
all
DNSBLServer text IN,RO The DNSBL server name used by 'checkDNSBL' method.
Text string
DNSBLResult ip OUT,WO The result of a IP
127
Copyright © 2008 Gecad Technologies S.A.
http://www.axigen.com
AXIGEN System Administrator's Manual
Variable Type Access Method Explanation Value set Default
'checkDNSBL' call; if the client ip is not found using 'DNSBLServer' the result is an empty string
DNSBLExplanation text OUT,WO The explanation associated with the result returned by a 'checkDNSBL' call
Text string
SPFResult choice IN/OUT,RW Result of the SPF check (possible values: 'None', 'Neutral', 'Pass', 'Fail', 'SoftFail', 'TempError', 'PermError'; can be set manually or by calling the 'checkSPF' method; if the result is 'Fail', the subsequent 'MAIL FROM' commands will fail.
Choice:
• None - TBD • Neutral - TBD • Pass - The message
meets the domain's definition for legitimate messages
• Fail - The message does not meet the domain's definition for legitimate messages
• SoftFail - TBD • TemprError - TBD • PermError - TBD
None
SPFHeader text IN/OUT,RW The 'Received-SPF' header value; if it's set to '', the header will no longer be added.
Text string Not Applicable
SPFExplanation text IN/OUT,RW The explanation associated with the SPF response.
Text string Not Applicable
smtpAction choice OUT,WO Determine what action the smtp engine shoud take for the current command.
Choice:
• accept - the server accepts the current command
• reject - the server rejects the current command and returns a permanent error
• tmpreject - the server rejects the current command and returns a temporary
Takes an action conforming with the internal policies
128
Copyright © 2008 Gecad Technologies S.A.
http://www.axigen.com
AXIGEN System Administrator's Manual
Variable Type Access Method Explanation Value set Default
error • abort - the server
aborts the connection
smtpExplanation text OUT,WO The message sent to the client in case of a reject or tmpreject action.
Text string A default error message
ReverseDNSResult choice OUT,WO The result of a 'checkReverseDNS' call.
Choice:
• Fail - the EHLO name was not found in the list of names associated with the client ip
• Pass - the EHLO name was found in the list of names associated with the client ip
• Neutral - no names was specified in the EHLO command
ReverseDNSName text OUT,WO The first name associated with the client ip obtained with a 'checkReverseDNS' call.
Text string
RFCBreak multival IN,RO List of RFC violation permitted or requested.
Values:
• nofolding - Header lines longer than 78 characters are permitted and no folding is perfomed on those lines
• bodycrlfcorrection - SMTP IN service is allowed to modify the body of 7Bit mime messages in order to fix invalid line terminator sequences (the single CR, LF or LFCR and CRCRLF sequences found in mail's body are
129
Copyright © 2008 Gecad Technologies S.A.
http://www.axigen.com
AXIGEN System Administrator's Manual
Variable Type Access Method Explanation Value set Default
replaced with CRLF)
filterName text OUT,WO The name of the extenral filter to be added
Text string Not Applicable
filterType choice OUT,WO The type of the external filter to be added
Choice:
• milter - The new external filter is of type MILTER
Not Applicable
filterAddress text OUT,WO The address of the new external filter
Text string Not Applicable
addFilterResult choice IN,RO Choice:
• ok - The addFilter call was successfull
• error - The addFilter call failed
Not Applicable
addFilterExplanation text IN,RO Text string Not Applicable
filterNamePattern text OUT,WO The pattern name of filters to be executed
Text string
'filterName'.result choice IN,RO The execution result of an external smtp filter
Choice:
• pass - The filter was executed and returned a positive result
• fail - The filter was executed and returned a rejection result
• neutral - The filter was not selected for execution by the lass executeFilters call
• error - The filter was not executed because of system errors
Not Applicable
'filterName'.action choice IN/OUT,RW The default action taken by the smtp engine as a result of executing an external smtp filter
Choice:
• accept - The engine accepts the current and the following commands
• continue - The
Not Applicable
130
Copyright © 2008 Gecad Technologies S.A.
http://www.axigen.com
AXIGEN System Administrator's Manual
Variable Type Access Method Explanation Value set Default
engine accepts the current command
• discard - The engine ignores the current command
• tmpreject - The engine temporary rejects the current command
• reject - The engine permanently rejects the current command
'filterName'.explanation text IN,RO The explanation associated with the execution of an external smtp filter
Text string Not Applicable
Methods
Name Explanation Input Parameters Output Parameters
addFilter Adds an external smtp filter
• filterName-Specifies the name of the filter to be added
• filterType-Specifies the type of the filter to be added
• filterAddress-Specifies the address of the filter to be added
• addFilterResult-Indicates if the add filter operation was successfull
• addFilterExplanation-Indicates the failure reason of the add filter operation
executeFilters Execute onEhlo method for selected filters
• filterNamePattern-The selection name pattern of filters to be executed
• 'filterName'.result-The execution result of the filter named 'filterName'
• 'filterName'.action-The default smtp action taken as a result of executing the filter named 'filterName'
checkReverseDNS Search the EHLO name in the list of names associated with the client ip
• ReverseDNSResult-The result of the method call
• ReverseDNSName-The primary name associated with the client ip
checkDNSBL Checks if the clinent ip is black-listed in server
• DNSBLServer-The DNS Black List server used to check the client ip
• DNSBLResult-The ip associated with the client ip in server 'DNSBLServer'
131
Copyright © 2008 Gecad Technologies S.A.
http://www.axigen.com
AXIGEN System Administrator's Manual
Name Explanation Input Parameters Output Parameters 'DNSBLServer' • DNSBLExplanation-
Explanation associated with the 'DNSBLResult'
checkSPF Calls the SPF module and the results are stored in the 'SPFResult', 'SPFHeader' and 'SPFExplanation' variables
• SPFResult-Result of the SPF check
• SPFHeader-Value of the Received-SPF header value
• SPFExplanation-Explanation associated with the SPF response
onMailFrom Called as a result of the 'MAIL FROM' command issued by the client.
Variable Type Access Method Explanation Value set Default
smtpPort numeric IN,RO the local listener port the client used to connect
Range: 0 - 65535
Not Applicable
smtpIp ip IN,RO The local interface IP the client used to connect
IP Not Applicable
remoteSmtpPort numeric IN,RO The remote port the connection was established through
Range: 0 - 65535
Not Applicable
remoteSmtpIp ip IN,RO The remote IP the connection was established from
IP Not Applicable
isSSLConnection choice IN,RO 'yes' if the connection is encrypted (socket ssl), no if it is not.
Choice:
• yes - the connection is encrypted (socket ssl)
• no - the connection is not encrypted
Not Applicable
ehloHost hostname IN,RO The hostname the client declares
Hostname Not Applicable
isESMTP choice IN,RO 'yes' if the client used EHLO, 'no' for HELO
Choice:
• yes - the client used EHLO
Not Applicable
132
Copyright © 2008 Gecad Technologies S.A.
http://www.axigen.com
AXIGEN System Administrator's Manual
Variable Type Access Method Explanation Value set Default
• no - the client used HELO
authUser text IN,RO Name of sucessfully authenticated user ('' if the Auth command was incorrectly used)
Text string Not Applicable
authMatchFrom choice OUT,WO Verifies if the sender address corresponds to the one used to authenticate.
Choice:
• yes - The sender address corresponds to the one used to authenticate
• no - The sender address does not correspond to the one used to authenticate
yes
mailCount numeric IN,RO Verifies if the sender address corresponds to the one used to authenticate.
Range: Not Applicable
totalMailSize numeric IN,RO Total size of email messages sent in the respective session (in octets).
Range: Not Applicable
remoteDelivery choice IN/OUT,RW Specifies which clients can send remote messages.
Choice:
• all - all clients can send remote messages
• none - no clients can send remote messages
• auth - only authenticated clients can send remote messages
auth
localDelivery choice IN/OUT,RW Specifies which clients can send messages locally.
Choice:
• all - all clients can send messages locally
• none - no clients can
all
133
Copyright © 2008 Gecad Technologies S.A.
http://www.axigen.com
AXIGEN System Administrator's Manual
Variable Type Access Method Explanation Value set Default
send messages locally
• auth - only authenticated clients can send messages locally
maxRcptCount numeric IN/OUT,RW The maximum number of recipients for an email.
Range: 0 - 1000
1000
maxDataSize numeric IN/OUT,RW The maximum size of a mail message (KB).
Range: 0 - 4294967295
10240
maxReceivedHeaders numeric IN/OUT,RW The maximum size of 'Received' headers after which the email is considered to be looping.
Range: 0 - 4294967295
30
DNSBLServer text IN,RO The DNSBL server name used by 'checkDNSBL' method.
Text string
DNSBLResult ip OUT,WO The result of a 'checkDNSBL' call; if the client ip is not found using 'DNSBLServer' the result is an empty string
IP
DNSBLExplanation text OUT,WO The explanation associated with the result returned by a 'checkDNSBL' call
Text string
SPFResult choice IN/OUT,RW Result of the SPF check (possible values: 'None', 'Neutral', 'Pass', 'Fail', 'SoftFail', 'TempError',
Choice:
• None - TBD • Neutral - TBD • Pass - the message
meets the domain's definition for legitimate messages
None
134
Copyright © 2008 Gecad Technologies S.A.
http://www.axigen.com
AXIGEN System Administrator's Manual
Variable Type Access Method Explanation Value set Default
'PermError'; can be set manually or by calling the 'checkSPF' method; if the result is 'Fail', the subsequent 'MAIL FROM' commands will fail.
• Fail - the message does not meet the domain's definition for legitimate messages
• SoftFail - TBD • TemprError - TBD • PermError - TBD
SPFHeader text IN/OUT,RW The 'Received-SPF' header value; if it's set to '', the header will no longer be added.
Text string Not Applicable
SenderMXCheckResult choice IN,RO Result of the Sender MX verification (possible values: 'Pass', 'Fail', 'Neutral', 'Error'); see 'checkSenderMX' method.
Choice:
• Pass - The sender has a valid MX
• Fail - The sender does not have a valid MX
• Neutral - No sender specified, is a NDR message
• Error - There was an error determining sender MX
Not Applicable
mailFrom text IN/OUT,RW The address specified in mail from; if set manually, the new address will be used.
Text string Not Applicable
mailFromLocalPart text IN,RO The local part of the address specified in mail from; modified automatically along with the 'mailFrom' value.
Text string Not Applicable
mailFromDomain text IN,RO The domain of the mail from address; modified automatically along with the
Text string Not Applicable
135
Copyright © 2008 Gecad Technologies S.A.
http://www.axigen.com
AXIGEN System Administrator's Manual
Variable Type Access Method Explanation Value set Default
'mailFrom' value.
mailFromAuthUser text IN,RO The authenticated user specified in the mail from command.
Text string Not Applicable
mailFromSize numeric IN,RO The email size specified in the mail from command.
Range: Not Applicable
HeaderName text OUT,WO See header usage methods.
Text string Not Applicable
HeaderValue text IN/OUT,RW See header usage methods.
Text string Not Applicable
delayDelivery text OUT,WO Enables and configures delay delivery feature. It may be set to an absolute date (format RFC 2822) or to a relative date exprimated as +[[nnh] nnm]nn[s]
Text string
overquotaAction choice OUT,WO Determine what action the smtp engine shoud take for a recipient that is overquota.
Choice:
• reject - the server rejects the overquota recipient with a permanent error message
• tmpreject - the server rejects the overquota recipient with a temporary error message
• discard - the server accepts the overquota recipient without adding it to recipient list
reject
smtpAction choice OUT,WO Determine what action the smtp engine shoud take for the
Choice:
• accept - the server accepts the current
Takes an action conforming with the
136
Copyright © 2008 Gecad Technologies S.A.
http://www.axigen.com
AXIGEN System Administrator's Manual
Variable Type Access Method Explanation Value set Default
current command.
command • reject - the server
rejects the current command and returns a permanent error
• tmpreject - the server rejects the current command and returns a temporary error
• abort - the server aborts the connection
internal policies
smtpExplanation text OUT,WO The message sent to the client in case of a reject or tmpreject action.
Text string A default error message
RFCBreak multival IN,RO List of RFC violation permitted or requested.
Values:
• nofolding - Header lines longer than 78 characters are permitted and no folding is perfomed on those lines
• bodycrlfcorrection - SMTP IN service is allowed to modify the body of 7Bit mime messages in order to fix invalid line terminator sequences (the single CR, LF or LFCR and CRCRLF sequences found in mail's body are replaced with CRLF)
filterName text OUT,WO The name of the extenral filter to be added
Text string Not Applicable
filterType choice OUT,WO The type of the external filter to be added
Choice:
• milter - The new external filter is of type MILTER
Not Applicable
137
Copyright © 2008 Gecad Technologies S.A.
http://www.axigen.com
AXIGEN System Administrator's Manual
Variable Type Access Method Explanation Value set Default
filterAddress text OUT,WO The address of the new external filter
Text string Not Applicable
addFilterResult choice IN,RO Choice:
• ok - The addFilter call was successfull
• error - The addFilter call failed
Not Applicable
addFilterExplanation text IN,RO Text string Not Applicable
filterNamePattern text OUT,WO The pattern name of filters to be executed
Text string
'filterName'.result choice IN,RO The execution result of an external smtp filter
Choice:
• pass - The filter was executed and returned a positive result
• fail - The filter was executed and returned a rejection result
• neutral - The filter was not selected for execution by the lass executeFilters call
• error - The filter was not executed because of system errors
Not Applicable
'filterName'.action choice IN/OUT,RW The default action taken by the smtp engine as a result of executing an external smtp filter
Choice:
• accept - The engine accepts the current and the following commands
• continue - The engine accepts the current command
• discard - The engine ignores the current command
• tmpreject - The engine temporary rejects the current command
Not Applicable
138
Copyright © 2008 Gecad Technologies S.A.
http://www.axigen.com
AXIGEN System Administrator's Manual
Variable Type Access Method Explanation Value set Default
• reject - The engine permanently rejects the current command
'filterName'.explanation text IN,RO The explanation associated with the execution of an external smtp filter
Text string Not Applicable
Methods
Name Explanation Input Parameters Output Parameters
addFilter Adds an external smtp filter
• filterName-Specifies the name of the filter to be added
• filterType-Specifies the type of the filter to be added
• filterAddress-Specifies the address of the filter to be added
• addFilterResult-Indicates if the add filter operation was successfull
• addFilterExplanation-Indicates the failure reason of the add filter operation
executeFilters Execute onMailFrom method for selected filters
• filterNamePattern-The selection name pattern of filters to be executed
• 'filterName'.result-The execution result of the filter named 'filterName'
• 'filterName'.action-The default smtp action taken as a result of executing the filter named 'filterName'
checkDNSBL Checks if the clinent ip is black-listed in server 'DNSBLServer'
• DNSBLServer-The DNS Black List server used to check the client ip
• DNSBLResult-The ip associated with the client ip in server 'DNSBLServer'
• DNSBLExplanation-Explanation associated with the 'DNSBLResult'
checkSPF Calls the SPF module and the results are stored in the 'SPFResult', 'SPFHeader' and 'SPFExplanation' variables
• SPFResult-Result of the SPF check
• SPFHeader-Value of the Received-SPF header value
• SPFExplanation-Explanation associated with the SPF response
checkSenderMX • SenderMXCheckResult-Result of the Sender MX check
addHeader Adds the specified header
• HeaderName-Name of the header field to be
139
Copyright © 2008 Gecad Technologies S.A.
http://www.axigen.com
AXIGEN System Administrator's Manual
Name Explanation Input Parameters Output Parameters through the 'HeaderName' and 'HeaderValue' variables
added • HeaderValue-Value of
the added field
addIfNotExistsHeader Adds the heather only if no other field with the same name exists
• HeaderName-Name of the header field to be added
• HeaderValue-Value of the added field
removeFirstHeader Deletes the first instance of a field with the 'HeaderName' name from the header
• HeaderName-Name of the header field to be removed
removeHeader Deletes all instances of the field named 'HeaderName' from the header
• HeaderName-Name of the header field to be removed
removeHeaderValue Deletes a specific instance of the field named 'HeaderName' from the header
• HeaderName-Name of the header field to be removed
• HeaderValue-The value of the specific instance to be removed
modifyHeader Modifies or adds a header
• HeaderName-Name of the header field to be modified (or added if not exists)
• HeaderValue-The new field value
modifyIfExistsHeader Modifies a header
• HeaderName-Name of the header field to be modified
• HeaderValue-The new field value
4.3.7.2. SMTP Functionalities (II)
onRcptTo Called as a result of the 'RCPT TO' command issued by the client
Variable Type Access Method Explanation Value set Default
smtpPort numeric IN,RO The local listener Range: Not
140
Copyright © 2008 Gecad Technologies S.A.
http://www.axigen.com
AXIGEN System Administrator's Manual
Variable Type Access Method Explanation Value set Default
port the client used to connect
0 - 65535 Applicable
smtpIp ip IN,RO The local interface IP the client used to connect
IP Not Applicable
remoteSmtpPort choice IN,RO The remote port the connection was established through
Choice:
0 - 65535
Not Applicable
remoteSmtpIp ip IN,RO The remote IP the connection was established from
IP Not Applicable
isSSLConnection choice IN,RO 'yes' if the connection is encrypted (socket ssl), no if it is not.
Choice:
• yes - the connection is encrypted (socket ssl)
• no - the connection is not encrypted
Not Applicable
ehloHost hostname IN,RO The hostname the client declares
Hostname Not Applicable
isESMTP choice IN,RO 'yes' if the client used EHLO, 'no' for HELO
Choice:
• yes - the client used EHLO
• no - the client used HELO
Not Applicable
authUser text IN,RO Name of sucessfully authenticated user ('' if the Auth command was incorrectly used)
Text string Not Applicable
mailCount numeric IN,RO Verifies if the sender address corresponds to the one used to authenticate.
Range: Not Applicable
totalMailSize numeric IN,RO Total size of email messages sent in the respective session (in octets).
Range: Not Applicable
141
Copyright © 2008 Gecad Technologies S.A.
http://www.axigen.com
AXIGEN System Administrator's Manual
Variable Type Access Method Explanation Value set Default
remoteDelivery choice IN/OUT,RW Specifies which clients can send remote messages.
Choice:
• all - all clients can send remote messages
• none - no clients can send remote messages
• auth - only authenticated clients can send remote messages
auth
localDelivery choice IN/OUT,RW Specifies which clients can send messages locally.
Choice:
• all - all clients can send messages locally
• none - no clients can send messages locally
• auth - only authenticated clients can send messages locally
all
maxRcptCount numeric IN/OUT,RW The maximum number of recipients for an email.
Range: 0 - 1000
1000
maxDataSize numeric IN/OUT,RW The maximum size of a mail message (KB).
Range: 0 - 4294967295
10240
maxReceivedHeaders numeric IN/OUT,RW The maximum size of 'Received' headers after which the email is considered to be looping.
Range: 0 - 4294967295
30
DNSBLServer text IN,RO The DNSBL server name used by 'checkDNSBL' method.
Text string
DNSBLResult ip OUT,WO The result of a 'checkDNSBL' call; if the client ip is not found using 'DNSBLServer' the result is an empty string
IP
DNSBLExplanation text OUT,WO The explanation Text string
142
Copyright © 2008 Gecad Technologies S.A.
http://www.axigen.com
AXIGEN System Administrator's Manual
Variable Type Access Method Explanation Value set Default
associated with the result returned by a 'checkDNSBL' call
SPFResult choice IN/OUT,RW Result of the SPF check (possible values: 'None', 'Neutral', 'Pass', 'Fail', 'SoftFail', 'TempError', 'PermError'; can be set manually or by calling the 'checkSPF' method; if the result is 'Fail', the subsequent 'MAIL FROM' commands will fail.
Choice:
• None - TBD • Neutral - TBD • Pass - the message
meets the domain's definition for legitimate messages
• Fail - the message does not meet the domain's definition for legitimate messages
• SoftFail - TBD • TemprError - TBD • PermError - TBD
None
SenderMXCheckResult choice IN,RO Result of the Sender MX verification (possible values: 'Pass', 'Fail', 'Neutral', 'Error'); see 'checkSenderMX' method.
Choice:
• Pass - The sender has a valid MX
• Fail - The sender does not have a valid MX
• Neutral - No sender specified, is a NDR message
• Error - There was an error determining sender MX
Not Applicable
mailFrom text IN,RO The address specified in mail from.
Text string Not Applicable
mailFromLocalPart text IN,RO The local part of the address specified in mail from; modified automatically along with the 'mailFrom' value.
Text string Not Applicable
mailFromDomain text IN,RO The domain of the mail from address; modified automatically along with the
Text string Not Applicable
143
Copyright © 2008 Gecad Technologies S.A.
http://www.axigen.com
AXIGEN System Administrator's Manual
Variable Type Access Method Explanation Value set Default
'mailFrom' value.
mailFromAuthUser text IN,RO The authenticated user specified in the mail from command.
Text string Not Applicable
mailFromSize numeric IN,RO The email size specified in the mail from command.
Range: Not Applicable
rcptCount numeric IN,RO Number of recipients communicated by the client up to the given moment.
Range: Not Applicable
currentRcpt text IN/OUT,RW The current address communicated by the client as recipient; it can be set manually, causing the recipient address to change; if after setting it the 'addRcpt' method is called, the newly set address will be added to the one communicated by the client.
Text string Not Applicable
currentRcptFolder text IN/OUT,RW In case of deliveryto a local domain, it specifies the folder the email message will be delivered to.
Text string INBOX
currentRcptLocalPart text IN,RO Local part of the recipient address; modified automatically when setting 'currentRcpt'.
Text string Not Applicable
currentRcptRelayHost text IN/OUT,RW SMTP routing Text string
144
Copyright © 2008 Gecad Technologies S.A.
http://www.axigen.com
AXIGEN System Administrator's Manual
Variable Type Access Method Explanation Value set Default
host used to deliver the mail for this recipient.
isRcptDomainLocal choice IN,RO States if the recipient domain specified by the client is a local one
Choice:
• yes - the recipient domain specified by the client is a local one
• no - the recipient domain specified by the client is not a local one
Not Applicable
isRcptLocal choice IN,RO States if the recipient specified by the client is a local one
Choice:
• yes - the recipient specified by the client is a local one
• no - the recipient specified by the client is not a local one
Not Applicable
HeaderName text OUT,WO See header usage methods.
Text string Not Applicable
HeaderValue text IN/OUT,RW See header usage methods.
Text string Not Applicable
delayDelivery text OUT,WO Enables and configures delay delivery feature. It may be set to an absolute date (format RFC 2822) or to a relative date exprimated as +[[nnh] nnm]nn[s]
Text string
overquotaAction chioce OUT,WO Determine what action the smtp engine shoud take for a recipient that is overquota.
N/A reject
isOverquota choice IN,RO Specifies if the current recipient is overquota.
Choice:
• yes - The current recipient will exceed its quota limit if the current mail will be delivered to it
Not Applicable
145
Copyright © 2008 Gecad Technologies S.A.
http://www.axigen.com
AXIGEN System Administrator's Manual
Variable Type Access Method Explanation Value set Default
• no - The current recipient may receive the current mail without exceeding its quota limit
smtpAction choice OUT,WO Determine what action the smtp engine shoud take for the current command.
Choice:
• accept - the server accepts the current command
• reject - the server rejects the current command and returns a permanent error
• tmpreject - the server rejects the current command and returns a temporary error
• abort - the server aborts the connection
Takes an action conforming with the internal policies
smtpExplanation text OUT,WO The message sent to the client in case of a reject or tmpreject action.
Text string A default error message
RFCBreak multival IN,RO List of RFC violation permitted or requested.
Values:
• nofolding - Header lines longer than 78 characters are permitted and no folding is perfomed on those lines
• bodycrlfcorrection - SMTP IN service is allowed to modify the body of 7Bit mime messages in order to fix invalid line terminator sequences (the single CR, LF or LFCR and CRCRLF sequences found in mail's body are replaced with CRLF)
filterName text OUT,WO The name of the extenral filter to be added
Text string Not Applicable
146
Copyright © 2008 Gecad Technologies S.A.
http://www.axigen.com
AXIGEN System Administrator's Manual
Variable Type Access Method Explanation Value set Default
filterType choice OUT,WO The type of the external filter to be added
Choice:
• milter - The new external filter is of type MILTER
Not Applicable
filterAddress text OUT,WO The address of the new external filter
Text string Not Applicable
addFilterResult choice IN,RO Choice:
• ok - The addFilter call was successfull
• error - The addFilter call failed
Not Applicable
addFilterExplanation text IN,RO Text string Not Applicable
filterNamePattern text OUT,WO The pattern name of filters to be executed
Text string
'filterName'.result choice IN,RO The execution result of an external smtp filter
Choice:
• pass - The filter was executed and returned a positive result
• fail - The filter was executed and returned a rejection result
• neutral - The filter was not selected for execution by the lass executeFilters call
• error - The filter was not executed because of system errors
Not Applicable
'filterName'.action choice IN/OUT,RW The default action taken by the smtp engine as a result of executing an external smtp filter
Choice:
• accept - The engine accepts the current and the following commands
• continue - The engine accepts the current command
• discard - The engine ignores the current command
• tmpreject - The engine temporary rejects the
Not Applicable
147
Copyright © 2008 Gecad Technologies S.A.
http://www.axigen.com
AXIGEN System Administrator's Manual
Variable Type Access Method Explanation Value set Default
current command • reject - The engine
permanently rejects the current command
'filterName'.explanation text IN,RO The explanation associated with the execution of an external smtp filter
Text string Not Applicable
Methods
Name Explanation Input Parameters Output Parameters
addFilter Adds an external smtp filter
• filterName-Specifies the name of the filter to be added
• filterType-Specifies the type of the filter to be added
• filterAddress-Specifies the address of the filter to be added
• addFilterResult-Indicates if the add filter operation was successfull
• addFilterExplanation-Indicates the failure reason of the add filter operation
executeFilters Execute onRcptTo method for selected filters
• filterNamePattern-The selection name pattern of filters to be executed
• 'filterName'.result-The execution result of the filter named 'filterName'
• 'filterName'.action-The default smtp action taken as a result of executing the filter named 'filterName'
checkDNSBL Checks if the clinent ip is black-listed in server 'DNSBLServer'
• DNSBLServer-The DNS Black List server used to check the client ip
• DNSBLResult-The ip associated with the client ip in server 'DNSBLServer'
• DNSBLExplanation-Explanation associated with the 'DNSBLResult'
checkSenderMX • SenderMXCheckResult-Result of the Sender MX check
addHeader Adds the specified header through the 'HeaderName' and 'HeaderValue' variables
• HeaderName-Name of the headerfield to be added
• HeaderValue-Value of the added field
148
Copyright © 2008 Gecad Technologies S.A.
http://www.axigen.com
AXIGEN System Administrator's Manual
Name Explanation Input Parameters Output Parameters
addIfNotExistsHeader Adds the heather only if no other field with the same name exists
• HeaderName-Name of the header field to be added
• HeaderValue-Value of the added field
removeFirstHeader Deletes the first instance of a field with the 'HeaderName' name from the header
• HeaderName-Name of the header field to be removed
removeHeader Deletes all instances of the field named 'HeaderName' from the header
• HeaderName-Name of the header field to be removed
removeHeaderValue Deletes a specific instance of the field named 'HeaderName' from the header
• HeaderName-Name of the header field to be removed
• HeaderValue-The value of the specific instance to be removed
modifyHeader Modifies or adds a header
• HeaderName-Name of the header field to be modified (or added if not exists)
• HeaderValue-The new field value
modifyIfExistsHeader Modifies a header • HeaderName-Name of the header field to be modified
• HeaderValue-The new field value
addRcpt Adds the rcpt specified in 'currentRcpt' and 'currentRcptFolder'.
• currentRcpt-Address to be added in recipient list
• currentRcptFolder-Delivery folder
discardRcpt Ignores a client's request of adding a RCPT, without responding with an error
149
Copyright © 2008 Gecad Technologies S.A.
http://www.axigen.com
AXIGEN System Administrator's Manual
onHeadersReceived Called after the message header is received.
Variable Type Access Method Explanation Value set Default
smtpPort numeric IN,RO The local listener port the client used to connect
Range: 0 - 65535
Not Applicable
smtpIp ip IN,RO The local interface IP the client used to connect
IP Not Applicable
remoteSmtpPort number IN,RO The remote port the connection was established through
N/A Not Applicable
remoteSmtpIp ip IN,RO The remote IP the connection was established from
IP Not Applicable
isSSLConnection choice IN,RO 'yes' if the connection is encrypted (socket ssl), no if it is not.
Choice:
• yes - the connection is encrypted (socket ssl)
• no - the connection is not encrypted
Not Applicable
ehloHost hostname IN,RO The hostname the client declares
Hostname Not Applicable
isESMTP choice IN,RO 'yes' if the client used EHLO, 'no' for HELO
Choice:
• yes - the client used EHLO
• no - the client used HELO
Not Applicable
authUser text IN,RO Name of sucessfully authenticated user ('' if the Auth command was incorrectly used)
Text string Not Applicable
mailCount numeric IN,RO Verifies if the sender address corresponds to the one used to authenticate.
Range: Not Applicable
totalMailSize numeric IN,RO Total size of email messages sent in the respective
Range: Not Applicable
150
Copyright © 2008 Gecad Technologies S.A.
http://www.axigen.com
AXIGEN System Administrator's Manual
Variable Type Access Method Explanation Value set Default
session (in octets).
remoteDelivery choice IN,RO Specifies which clients can send remote messages.
Choice:
• all - all clients can send remote messages
• none - no clients can send remote messages
• auth - only authenticated clients can send remote messages
auth
localDelivery choice IN,RO Specifies which clients can send messages locally.
Choice:
• all - all clients can send messages locally
• none - no clients can send messages locally
• auth - only authenticated clients can send messages locally
all
maxRcptCount numeric IN,RO The maximum number of recipients for an email.
Range: 0 - 1000
1000
maxDataSize numeric IN/OUT,RW The maximum size of a mail message (KB).
Range: 0 - 4294967295
10240
maxReceivedHeaders numeric IN/OUT,RW The maximum size of 'Received' headers after which the email is considered to be looping.
Range: 0 - 4294967295
30
DNSBLServer text IN,RO The DNSBL server name used by 'checkDNSBL' method.
Text string
DNSBLResult ip OUT,WO The result of a 'checkDNSBL' call; if the client ip is not found using
IP
151
Copyright © 2008 Gecad Technologies S.A.
http://www.axigen.com
AXIGEN System Administrator's Manual
Variable Type Access Method Explanation Value set Default
'DNSBLServer' the result is an empty string
DNSBLExplanation text OUT,WO The explanation associated with the result returned by a 'checkDNSBL' call
Text string
SPFResult choice IN,RO Result of the SPF check (possible values: 'None', 'Neutral', 'Pass', 'Fail', 'SoftFail', 'TempError', 'PermError'; can be set manually or by calling the 'checkSPF' method; if the result is 'Fail', the subsequent 'MAIL FROM' commands will fail.
Choice:
• None - TBD • Neutral - TBD • Pass - the message
meets the domain's definition for legitimate messages
• Fail - the message does not meet the domain's definition for legitimate messages
• SoftFail - TBD • TemprError - TBD • PermError - TBD
None
SenderMXCheckResult choice IN,RO Result of the Sender MX verification (possible values: 'Pass', 'Fail', 'Neutral', 'Error'); see 'checkSenderMX' method.
Choice:
• Pass - The sender has a valid MX
• Fail - The sender does not have a valid MX
• Neutral - No sender specified, is a NDR message
• Error - There was an error determining sender MX
Not Applicable
mailFrom text IN,RO The address specified in mail from.
Text string Not Applicable
mailFromLocalPart text IN,RO The local part of the address specified in mail from.
Text string Not Applicable
mailFromDomain text IN,RO The domain of the mail from address; modified
Text string Not Applicable
152
Copyright © 2008 Gecad Technologies S.A.
http://www.axigen.com
AXIGEN System Administrator's Manual
Variable Type Access Method Explanation Value set Default
automatically along with the 'mailFrom' value.
mailFromAuthUser text IN,RO The authenticated user specified in the mail from command.
Text string Not Applicable
mailFromSize numeric IN,RO The email size specified in the mail from command.
Range: Not Applicable
rcptCount numeric IN,RO Number of recipients communicated by the client up to the given moment.
Range: Not Applicable
HeaderName text OUT,WO See header usage methods.
Text string Not Applicable
HeaderValue text IN/OUT,RW See header usage methods.
Text string Not Applicable
existsHeader choice IN,RO See 'checkExistsHeader' method.
Choice:
• yes - the header specified by 'HeaderName' was found
• no - the header specified by 'HeaderName' was not found
Not Applicable
delayDelivery text OUT,WO Enables and configures delay delivery feature. It may be set to an absolute date (format RFC 2822) or to a relative date exprimated as +[[nnh] nnm]nn[s]
Text string
smtpAction choice OUT,WO Determine what action the smtp engine shoud take for the current command.
Choice:
• accept - the server accepts the current command
• reject - the server rejects the current command and
Takes an action conforming with the internal policies
153
Copyright © 2008 Gecad Technologies S.A.
http://www.axigen.com
AXIGEN System Administrator's Manual
Variable Type Access Method Explanation Value set Default
returns a permanent error
• tmpreject - the server rejects the current command and returns a temporary error
• abort - the server aborts the connection
smtpExplanation text OUT,WO The message sent to the client in case of a reject or tmpreject action.
Text string A default error message
RFCBreak multival IN,RO List of RFC violation permitted or requested.
Values:
• nofolding - Header lines longer than 78 characters are permitted and no folding is perfomed on those lines
• bodycrlfcorrection - SMTP IN service is allowed to modify the body of 7Bit mime messages in order to fix invalid line terminator sequences (the single CR, LF or LFCR and CRCRLF sequences found in mail's body are replaced with CRLF)
filterName text OUT,WO The name of the extenral filter to be added
Text string Not Applicable
filterType choice OUT,WO The type of the external filter to be added
Choice:
• milter - The new external filter is of type MILTER
Not Applicable
filterAddress text OUT,WO The address of the new external filter
Text string Not Applicable
addFilterResult choice IN,RO Choice: Not
154
Copyright © 2008 Gecad Technologies S.A.
http://www.axigen.com
AXIGEN System Administrator's Manual
Variable Type Access Method Explanation Value set Default
• ok - The addFilter call was successfull
• error - The addFilter call failed
Applicable
addFilterExplanation text IN,RO Text string Not Applicable
filterNamePattern text OUT,WO The pattern name of filters to be executed
Text string
'filterName'.result choice IN,RO The execution result of an external smtp filter
Choice:
• pass - The filter was executed and returned a positive result
• fail - The filter was executed and returned a rejection result
• neutral - The filter was not selected for execution by the lass executeFilters call
• error - The filter was not executed because of system errors
Not Applicable
'filterName'.action choice IN/OUT,RW The default action taken by the smtp engine as a result of executing an external smtp filter
Choice:
• accept - The engine accepts the current and the following commands
• continue - The engine accepts the current command
• discard - The engine ignores the current command
• tmpreject - The engine temporary rejects the current command
• reject - The engine permanently rejects the current command
Not Applicable
155
Copyright © 2008 Gecad Technologies S.A.
http://www.axigen.com
AXIGEN System Administrator's Manual
Variable Type Access Method Explanation Value set Default
'filterName'.explanation text IN,RO The explanation associated with the execution of an external smtp filter
Text string Not Applicable
Methods
Name Explanation Input Parameters Output Parameters
addFilter Adds an external smtp filter
• filterName-Specifies the name of the filter to be added
• filterType-Specifies the type of the filter to be added
• filterAddress-Specifies the address of the filter to be added
• addFilterResult-Indicates if the add filter operation was successfull
• addFilterExplanation-Indicates the failure reason of the add filter operation
executeFilters Execute onHeadersReceived method for selected filters
• filterNamePattern-The selection name pattern of filters to be executed
• 'filterName'.result-The execution result of the filter named 'filterName'
• 'filterName'.action-The default smtp action taken as a result of executing the filter named 'filterName'
checkDNSBL Checks if the clinent ip is black-listed in server 'DNSBLServer'
• DNSBLServer-The DNS Black List server used to check the client ip
• DNSBLResult-The ip associated with the client ip in server 'DNSBLServer'
• DNSBLExplanation-Explanation associated with the 'DNSBLResult'
checkSenderMX • SenderMXCheckResult-Result of the Sender MX check
readHeader Read the value of a header specified by 'HeaderName'; the result is stored in 'HeaderValue' variable; if the header has more than one value, the values are separated by new line (CRLF)
• HeaderName-Name of the header field to be read
• HeaderValue-The value of the header; set to empty string if the header is not found
checkExistsHeader • HeaderName-Name of the header field to be searched
• existsHeader-Set to 'yes' if the header is found, 'no' otherwise
156
Copyright © 2008 Gecad Technologies S.A.
http://www.axigen.com
AXIGEN System Administrator's Manual
Name Explanation Input Parameters Output Parameters
addHeader Adds the specified header through the 'HeaderName' and 'HeaderValue' variables
• HeaderName-Name of the header field to be added
• HeaderValue-Value of the added field
addIfNotExistsHeader Adds the heather only if no other field with the same name exists
• HeaderName-Name of the header field to be added
• HeaderValue-Value of the added field
removeFirstHeader Deletes the first instance of a field with the 'HeaderName' name from the header
• HeaderName-Name of the header field to be removed
removeHeader Deletes all instances of the field named 'HeaderName' from the header
• HeaderName-Name of the header field to be removed
removeHeaderValue Deletes a specific instance of the field named 'HeaderName' from the header
• HeaderName-Name of the header field to be removed
• HeaderValue-The value of the specific instance to be removed
modifyHeader Modifies or adds a header
• HeaderName-Name of the header field to be modified (or added if not exists)
• HeaderValue-The new field value
modifyIfExistsHeader Modifies a header • HeaderName-Name of the header field to be modified
• HeaderValue-The new field value
onBodyChunk Called every time a piece of the mail body is received.
Variable Type Access Method Explanation Value set Default
smtpPort numeric IN,RO The local listener port the client used to connect
Range: 0 - 65535
Not Applicable
157
Copyright © 2008 Gecad Technologies S.A.
http://www.axigen.com
AXIGEN System Administrator's Manual
Variable Type Access Method Explanation Value set Default
smtpIp ip IN,RO The local interface IP the client used to connect
IP Not Applicable
remoteSmtpPort number IN,RO The remote port the connection was established through
N/A Not Applicable
remoteSmtpIp ip IN,RO The remote IP the connection was established from
IP Not Applicable
isSSLConnection choice IN,RO 'yes' if the connection is encrypted (socket ssl), no if it is not.
Choice:
• yes - the connection is encrypted (socket ssl)
• no - the connection is not encrypted
Not Applicable
ehloHost hostname IN,RO The hostname the client declares
Hostname Not Applicable
isESMTP choice IN,RO 'yes' if the client used EHLO, 'no' for HELO
Choice:
• yes - the client used EHLO
• no - the client used HELO
Not Applicable
authUser text IN,RO Name of sucessfully authenticated user ('' if the Auth command was incorrectly used)
Text string Not Applicable
mailCount numeric IN,RO Verifies if the sender address corresponds to the one used to authenticate.
Range: Not Applicable
totalMailSize numeric IN,RO Total size of email messages sent in the respective session (in octets).
Range: Not Applicable
158
Copyright © 2008 Gecad Technologies S.A.
http://www.axigen.com
AXIGEN System Administrator's Manual
Variable Type Access Method Explanation Value set Default
remoteDelivery choice IN,RO Specifies which clients can send remote messages.
Choice:
• all - all clients can send remote messages
• none - no clients can send remote messages
• auth - only authenticated clients can send remote messages
auth
localDelivery choice IN,RO Specifies which clients can send messages locally.
Choice:
• all - all clients can send messages locally
• none - no clients can send messages locally
• auth - only authenticated clients can send messages locally
all
maxRcptCount numeric IN,RO The maximum number of recipients for an email.
Range: 0 - 1000
1000
DNSBLServer text IN,RO The DNSBL server name used by 'checkDNSBL' method.
Text string
DNSBLResult ip OUT,WO The result of a 'checkDNSBL' call; if the client ip is not found using 'DNSBLServer' the result is an empty string
IP
DNSBLExplanation text OUT,WO The explanation associated with the result
Text string
159
Copyright © 2008 Gecad Technologies S.A.
http://www.axigen.com
AXIGEN System Administrator's Manual
Variable Type Access Method Explanation Value set Default
returned by a 'checkDNSBL' call
SPFResult choice IN,RO Result of the SPF check (possible values: 'None', 'Neutral', 'Pass', 'Fail', 'SoftFail', 'TempError', 'PermError'; can be set manually or by calling the 'checkSPF' method; if the result is 'Fail', the subsequent 'MAIL FROM' commands will fail.
Choice:
• None - TBD • Neutral - TBD • Pass - the
message meets the domain's definition for legitimate messages
• Fail - the message does not meet the domain's definition for legitimate messages
• SoftFail - TBD • TemprError -
TBD • PermError -
TBD
None
SenderMXCheckResult choice IN,RO Result of the Sender MX verification (possible values: 'Pass', 'Fail', 'Neutral', 'Error'); see 'checkSenderMX' method.
Choice:
• Pass - The sender has a valid MX
• Fail - The sender does not have a valid MX
• Neutral - No sender specified, is a NDR message
• Error - There was an error determining sender MX
Not Applicable
mailFrom text IN,RO The address specified in mail from.
Text string Not Applicable
mailFromLocalPart text IN,RO The local part of the address specified in mail from.
Text string Not Applicable
160
Copyright © 2008 Gecad Technologies S.A.
http://www.axigen.com
AXIGEN System Administrator's Manual
Variable Type Access Method Explanation Value set Default
mailFromDomain text IN,RO The domain of the mail from address; modified automatically along with the 'mailFrom' value.
Text string Not Applicable
mailFromAuthUser text IN,RO The authenticated user specified in the mail from command.
Text string Not Applicable
mailFromSize numeric IN,RO The email size specified in the mail from command.
Range: Not Applicable
rcptCount numeric IN,RO Number of recipients communicated by the client up to the given moment.
Range: Not Applicable
delayDelivery text OUT,WO Enables and configures delay delivery feature. It may be set to an absolute date (format RFC 2822) or to a relative date exprimated as +[[nnh] nnm]nn[s]
Text string
smtpAction choice OUT,WO Determine what action the smtp engine shoud take for the current command.
Choice:
• accept - the server accepts the current command
• reject - the server rejects the current command and returns a permanent error
• tmpreject - the server rejects the current command and returns a
Takes an action conforming with the internal policies
161
Copyright © 2008 Gecad Technologies S.A.
http://www.axigen.com
AXIGEN System Administrator's Manual
Variable Type Access Method Explanation Value set Default
temporary error • abort - the
server aborts the connection
smtpExplanation text OUT,WO The message sent to the client in case of a reject or tmpreject action.
Text string A default error message
filterName text OUT,WO The name of the extenral filter to be added
Text string Not Applicable
Not Applicable
filterType choice OUT,WO The type of the external filter to be added
Choice:
• milter - The new external filter is of type MILTER
filterAddress text OUT,WO The address of the new external filter
Text string Not Applicable
addFilterResult choice IN,RO
4.3.7.3. SMTP Functionalities (III)
onDataReceived Called after receiving the message successfully through the DATA or BDAT commands.
Variable Type Access Method Explanation Value set Default
smtpPort numeric IN,RO The local listener port the client used to connect
Range: 0 - 65535
Not Applicable
smtpIp ip IN,RO The local interface IP the client used to connect
IP Not Applicable
remoteSmtpPort number IN,RO The remote port the connection was established through
N/A Not Applicable
remoteSmtpIp ip IN,RO The remote IP the connection was established from
IP Not Applicable
162
Copyright © 2008 Gecad Technologies S.A.
http://www.axigen.com
AXIGEN System Administrator's Manual
Variable Type Access Method Explanation Value set Default
isSSLConnection choice IN,RO 'yes' if theconnection is encrypted (socket ssl), no if it is not.
Choice: Not Applicable • yes - the
connection is encrypted (socket ssl)
• no - the connection is not encrypted
ehloHost hostname IN,RO The hostname the client declares
Hostname Not Applicable
Not Applicable
isESMTP choice IN,RO 'yes' if the client used EHLO, 'no' for HELO
Choice:
• yes - the client used EHLO
• no - the client used HELO
authUser text IN,RO Name of sucessfully authenticated user ('' if the Auth command was incorrectly used)
Text string Not Applicable
mailCount numeric IN,RO Verifies if the sender address corresponds to the one used to authenticate.
Range: Not Applicable
totalMailSize numeric IN,RO Total size of email messages sent in the respective session (in octets).
Range: Not Applicable
remoteDelivery choice IN,RO Specifies which clients can send remote messages.
Choice:
• all - all clients can send remote messages
• none - no clients can send remote messages
• auth - only authenticated clients can send remote
auth
163
Copyright © 2008 Gecad Technologies S.A.
http://www.axigen.com
AXIGEN System Administrator's Manual
Variable Type Access Method Explanation Value set Default
messages
localDelivery choice IN,RO Specifies which clients can send messages locally.
Choice:
• all - all clients can send messages locally
• none - no clients can send messages locally
• auth - only authenticated clients can send messages locally
all
maxRcptCount numeric IN,RO The maximum number of recipients for an email.
Range: 0 - 1000
1000
maxDataSize numeric IN/OUT,RW The maximum size of a mail message (KB).
Range: 0 - 4294967295
10240
maxReceivedHeaders numeric IN/OUT,RW The maximum size of 'Received' headers after which the email is considered to be looping.
Range: 0 - 4294967295
30
DNSBLServer text IN,RO The DNSBL server name used by 'checkDNSBL' method.
Text string
DNSBLResult ip OUT,WO The result of a 'checkDNSBL' call; if the client ip is not found using 'DNSBLServer' the result is an empty string
IP
DNSBLExplanation text OUT,WO The explanation associated with the result returned by a 'checkDNSBL' call
Text string
164
Copyright © 2008 Gecad Technologies S.A.
http://www.axigen.com
AXIGEN System Administrator's Manual
Variable Type Access Method Explanation Value set Default
SPFResult choice IN,RO Result of the SPF check (possible values: 'None', 'Neutral', 'Pass', 'Fail', 'SoftFail', 'TempError', 'PermError'; can be set manually or by calling the 'checkSPF' method; if the result is 'Fail', the subsequent 'MAIL FROM' commands will fail.
Choice:
• None - TBD • Neutral - TBD • Pass - the
message meets the domain's definition for legitimate messages
• Fail - the message does not meet the domain's definition for legitimate messages
• SoftFail - TBD • TemprError -
TBD • PermError -
TBD
None
SenderMXCheckResult choice IN,RO Result of the Sender MX verification (possible values: 'Pass', 'Fail', 'Neutral', 'Error'); see 'checkSenderMX' method.
Choice:
• Pass - The sender has a valid MX
• Fail - The sender does not have a valid MX
• Neutral - No sender specified, is a NDR message
• Error - There was an error determining sender MX
Not Applicable
mailFrom text IN,RO The address specified in mail from.
Text string Not Applicable
mailFromLocalPart text IN,RO The local part of the address specified in mail from.
Text string Not Applicable
mailFromDomain text IN,RO The domain of the mail fromaddress; modified
Text string Not Applicable
165
Copyright © 2008 Gecad Technologies S.A.
http://www.axigen.com
AXIGEN System Administrator's Manual
Variable Type Access Method Explanation Value set Default
automatically along with the 'mailFrom' value.
mailFromAuthUser text IN,RO The authenticated user specified in the mail from command.
Text string Not Applicable
mailFromSize numeric IN,RO The email size specified in the mail from command.
Range: Not Applicable
rcptCount numeric IN,RO Number of recipients communicated by the client up to the given moment.
Range: Not Applicable
delayDelivery text OUT,WO Enables and configures delay delivery feature. It may be set to an absolute date (format RFC 2822) or to a relative date exprimated as +[[nnh] nnm]nn[s]
Text string
smtpAction choice OUT,WO Determine what action the smtp engine shoud take for the current command.
Choice:
• accept - the server accepts the current command
• reject - the server rejects the current command and returns a permanent error
• tmpreject - the server rejects the current command and returns a temporary error
• abort - the server aborts the connection
Takes an action conforming with the internal policies
166
Copyright © 2008 Gecad Technologies S.A.
http://www.axigen.com
AXIGEN System Administrator's Manual
Variable Type Access Method Explanation Value set Default
smtpExplanation text OUT,WO The message sent to the client in case of a reject or tmpreject action.
Text string A default error message
filterName text OUT,WO The name of the extenral filter to be added
Text string Not Applicable
filterType choice OUT,WO The type of the external filter to be added
Choice:
• milter - The new external filter is of type MILTER
Not Applicable
filterAddress text OUT,WO The address of the new external filter
Text string Not Applicable
addFilterResult choice IN,RO Choice:
• ok - The addFilter call was successfull
• error - The addFilter call failed
Not Applicable
addFilterExplanation text IN,RO Text string Not Applicable
filterNamePattern text OUT,WO The pattern name of filters to be executed
Text string
'filterName'.result choice IN,RO The execution result of an external smtp filter
Choice:
• pass - The filter was executed and returned a positive result
• fail - The filter was executed and returned a rejection result
• neutral - The filter was not selected for execution by the lass executeFilters call
Not Applicable
167
Copyright © 2008 Gecad Technologies S.A.
http://www.axigen.com
AXIGEN System Administrator's Manual
Variable Type Access Method Explanation Value set Default
• error - The filter was not executed because of system errors
'filterName'.action choice IN/OUT,RW The default action taken by the smtp engine as a result of executing an external smtp filter
Choice:
• accept - The engine accepts the current and the following commands
• continue - The engine accepts the current command
• discard - The engine ignores the current command
• tmpreject - The engine temporary rejects the current command
• reject - The engine permanently rejects the current command
Not Applicable
'filterName'.explanation text IN,RO The explanation associated with the execution of an external smtp filter
Text string Not Applicable
Methods
Name Explanation Input Parameters Output Parameters
addFilter Adds an external smtp filter
• filterName-Specifies the name of the filter to be added
• filterType-Specifies the type of the filter to be added
• filterAddress-Specifies the address
• addFilterResult-Indicates if the add filter operation was successfull
• addFilterExplanation-Indicates the failure reason of the add filter operation
168
Copyright © 2008 Gecad Technologies S.A.
http://www.axigen.com
AXIGEN System Administrator's Manual
Name Explanation Input Parameters Output Parameters of the filter to be added
executeFilters Execute onDataReceived method for selected filters
• filterNamePattern-The selection name pattern of filters to be executed
• 'filterName'.result-The execution result of the filter named 'filterName'
• 'filterName'.action-The default smtp action taken as a result of executing the filter named 'filterName'
checkDNSBL Checks if the clinent ip is black-listed in server 'DNSBLServer'
• DNSBLServer-The DNS Black List server used to check the client ip
• DNSBLResult-The ip associated with the client ip in server 'DNSBLServer'
• DNSBLExplanation-Explanation associated with the 'DNSBLResult'
checkSenderMX • SenderMXCheckResult-Result of the Sender MX check
onRelay Called before establishing a relay connection in order to determine the connection parameters.
Variable Type Access Method Explanation Value set Default
localInterface ip IN/OUT,RW Local interface IP from which the connection will be attempted.
IP
remoteSmtpHost text IN/OUT,RW Hostname of the remote relay server.
Text string
remoteSmtpPort numeric OUT,WO The remote port the connection will be established to
Range: 0 - 65535
Not Applicable
remoteSmtpIp ip OUT,WO The remote port IP the connection will be established to
IP Not Applicable
authUser text OUT,WO User name used for authentication
Text string None
169
Copyright © 2008 Gecad Technologies S.A.
http://www.axigen.com
AXIGEN System Administrator's Manual
Variable Type Access Method Explanation Value set Default
to the remote server
atuhPasswd text OUT,WO The user's password used to authenticate
Text string
mailFrom text IN,RO The addressspecified in mail from.
Text string Not Applicable
mailFromLocalPart text IN,RO The local part of the address specified in mail from.
Text string Not Applicable
mailFromDomain text IN,RO The domain of the mail from address.
Text string Not Applicable
mailFromAuthUser text IN,RO The authenticated user specified in the mail from command.
Text string Not Applicable
rcptCount numeric IN,RO Number of recipients communicated by the client.
Range: Not Applicable
isFromLocalDomain choice IN,RO 'yes' if the mail was created locally, 'no' if it was received through SMTPIn
Choice:
• yes - the mail was created locally
• no - the mail was received through SMTPIn
Not Applicable
mailSize numeric IN,RO Mail size in octets.
Range: Not applicable
maxConnections numeric OUT,WO Maximum number of allowed connections to the destination host
Range: 0 - 4294967295
5
maxRcptCount numeric OUT,WO Maxium Range: 0
170
Copyright © 2008 Gecad Technologies S.A.
http://www.axigen.com
AXIGEN System Administrator's Manual
Variable Type Access Method Explanation Value set Default
number of recipients to deliver to in a single SMTP transaction (0 means unlimited)
0 - 1000
smtpConnectTimeout numeric OUT,WO TCP timeout for SMTP relay connection
Range: 300
chunkSize numeric OUT,WO The maximum size of a data block that can be sent through BDAT
Range: 0 - 4294967295
102400B(100KB)
allowStartTLS choice IN/OUT,RW 'yes' if the STARTTLS extension is allowed, 'no' if otherwise.
Choice:
• yes - STARTTLS extension is allowed
• no - STARTTLS extension is not allowed
yes
allowPipelining choice IN/OUT,RW 'yes' if the PIPELINING extension is allowed, 'no' if otherwise.
Choice:
• yes - PIPELINING extension is allowed
• no - PIPELINING extension is not allowed
yes
allow8BitMime choice IN/OUT,RW 'yes' if the 8BIT extension is allowed, 'no' if otherwise.
Choice:
• yes - 8BIT extension is allowed
• no - 8BIT extension is not allowed
yes
allowBinaryData choice IN/OUT,RW 'yes' if the BINARY extension is allowed, 'no' if otherwise.
Choice:
• yes - BINARY extension is
yes
171
Copyright © 2008 Gecad Technologies S.A.
http://www.axigen.com
AXIGEN System Administrator's Manual
Variable Type Access Method Explanation Value set Default
allowed • no - BINARY
extension is not allowed
requestAuth choice OUT,WO 'yes' if authentication is mandatory, 'no' if otherwise
Choice:
• yes - authentication is mandatory
• no - authentication is not mandatory
no
strict7BitMime choice OUT,WO 'yes' if transmitting binary data to clients that do not advertise supporting such data is not allowed
Choice:
• yes - transmitting binary data to clients that do not advertise supporting such data is not allowed
• no - transmitting binary data to clients that do not advertise supporting such data is allowed
yes
sslEnabled choice OUT,WO 'yes' if the purpose is to establish a SSL connection
Choice:
• yes - The connection is established with SSL enabled
• no - The connectin is established with SSL disabled
no
plainConnAuthTypes multival IN/OUT,RW Allowed authentication types for a
Values:
• all - All authenticatio
crammd5
172
Copyright © 2008 Gecad Technologies S.A.
http://www.axigen.com
AXIGEN System Administrator's Manual
Variable Type Access Method Explanation Value set Default
plain connection (possible values: 'all', 'none' or a 'plain', 'login' and 'cram-md5' combination).
n types are allowed for plain connections
• none - No authentication type is allowed for plain connections
• plain - PLAIN authentication is allowed for plain connections
• login - LOGIN authentication is allowed for plain connections
• cram-md5 - CRAM-MD5 authentication is allowed for plain connections
secureConnAuthTypes multival IN/OUT,RW Allowed authentication types for a SSL connection (possible values: 'all', 'none' or a 'plain', 'login' and 'crammd5' combination).
Values:
• all - All authentication types are allowed for secure connections
• none - No authentication type is allowed for secure connections
• plain - Plain authentication is allowed for secure connections
• login - Login authentication is allowed for secure connections
all
173
Copyright © 2008 Gecad Technologies S.A.
http://www.axigen.com
AXIGEN System Administrator's Manual
Variable Type Access Method Explanation Value set Default
• crammd5 - Crammd5 authentication is allowed for secure connections
onDeliveryFailure Called when the mail delivery failed for a certain group of recipients.
Variable Type Access Method Explanation Value set Default
mailFrom text IN,RO The address specified in mail from.
Text string Not Applicable
mailFromLocalPart text IN,RO The local part of the address specified in mail from.
Text string Not Applicable
mailFromDomain text IN,RO The domain of the mail from address.
Text string Not Applicable
mailFromAuthUser text IN,RO The authenticated user specified in the mail from command.
Text string Not Applicable
mailFromSize numeric IN,RO The email size specified in the mail from command.
Range: Not Applicable
sendNDR choice OUT,WO Specifies if the NDR will be sent or not
Choice:
• yes - The NDR will be sent
• no - The NDR will not be sent
yes
ndrAttachSource choice OUT,WO Specifies if the original email message will be attached to the NDR
Choice:
• no - original email is not attached to the NDR
yes
174
Copyright © 2008 Gecad Technologies S.A.
http://www.axigen.com
AXIGEN System Administrator's Manual
Variable Type Access Method Explanation Value set Default
• yes - original mail is entirely attached to the NDR
• header - only the header of the original mail is attached to the NDR
ndrSubject text OUT,WO Email subject sent as NDR (by default it is a hard-coded message)
Text string TBD
ndrSender text OUT,WO The Mail From field of the NDR header
Text string mailer-daemon@'primaryDomain'
ndrMessage text OUT,WO Text of the NDR message
Text string TBD
ndrRcptMessage text OUT,WO Part of the message specified for each recipient individually; it can refer to the 'ndrRcptAddress' and 'ndrRcptFailInfo' fields
Text string TBD
ndrMessageFooter text OUT,WO Message ending of the NDR mail
Text string TBD
ndrRetryCount numeric IN,RO No. of delivery retries.
Range: Not Applicable
ndrRcptAddress text IN,RO Recipient address for which the delivery has failed. - can only be used when setting the 'ndrRctpMessage' variable
Text string
175
Copyright © 2008 Gecad Technologies S.A.
http://www.axigen.com
AXIGEN System Administrator's Manual
Variable Type Access Method Explanation Value set Default
ndrRcptFailInfo text IN,RO Reason for which delivery has failed for a certain user - can only be used when setting the 'ndrRcptMessage' variable
Text string
onTemporaryDeliveryFailure Called when the mail delivery has temporarily failed for a certain group of recipients.
Variable Type Access Method Explanation Value set Default
mailFrom text IN/OUT,RW
The address specified in mail from.
Text string Not Applicable
mailFromLocalPart text IN,RO The local part of the address specified in mail from.
Text string Not Applicable
mailFromDomain text IN,RO The domain of the mail from address.
Text string Not Applicable
mailFromAuthUser text IN,RO The authenticated user specified in the mail from command.
Text string Not Applicable
mailFromSize numeric
IN,RO The email size specified in the mail from command.
Range: Not Applicable
sendNDR choice OUT,WO Specifies if a temporary error NDR will be sent or not
Choice:
• yes - The temporary error NDR will be sent
• no - The temporary error NDR will not be sent
no
176
Copyright © 2008 Gecad Technologies S.A.
http://www.axigen.com
AXIGEN System Administrator's Manual
Variable Type Access Method Explanation Value set Default
ndrAttachSource choice OUT,WO Specifies if the original email message will be attached to the NDR
Choice:
• no - original email is not attached to the NDR
• yes - original mail is entirely attached to the NDR
• header - only the header of the original mail is attached to the NDR
header
ndrSubject text OUT,WO Email subject sent as NDR (by default it is a hard-coded message)
Text string TBD
ndrSender text OUT,WO The Mail From field of the NDR header
Text string mailer-daemon@'primaryDomain'
ndrMessage text OUT,WO Text of the NDR message
Text string TBD
ndrRcptMessage text OUT,WO Part of the message specified for each recipient individually; it can refer to the 'ndrRcptAddress' and 'ndrRcptFailInfo' fields
Text string TBD
ndrMessageFooter text OUT,WO Message ending of the NDR mail
Text string TBD
ndrRescheduleDate numeric
IN,RO Date the email is scheduled to be delivered again
Range:
177
Copyright © 2008 Gecad Technologies S.A.
http://www.axigen.com
AXIGEN System Administrator's Manual
Variable Type Access Method Explanation Value set Default
ndrRetryCount numeric
IN,RO No. of delivery retries.
Range: Not Applicable
ndrRemainingRetryCount
numeric
IN,RO No. of remaining delivery retries after which the mail delivery will be abandoned.
Range: Not Applicable
ndrRcptAddress text IN,RO Recipient address for which the delivery has failed. - can only be used when setting the 'ndrRctpMessage' variable
Text string
ndrRcptFailInfo text IN,RO Reason for which delivery has failed for a certain user -can only be used when setting the 'ndrRcptMessage' variable
Text string
178
Copyright © 2008 Gecad Technologies S.A.
http://www.axigen.com
AXIGEN System Administrator's Manual
Chapter 5. User and Domain Configuration AXIGEN provides you with unmatched configurability for domain, user, group and mailing list configuration. For each type of entity, AXIGEN allows you to configure anything from services to run to advanced parameters regarding mailbox characteristics and WebMail behavior.
5.1. Domains In AXIGEN, domain management has several features that give you full and easy control of administered domains while enabling you to fine tune resource allocation for each of these domains. Two administration tools allow you to create domains:
• WebAdmin - also gives you access to all advanced domain configuration parameters. • CLI - see Configuring AXIGEN using CLI for more details.
Important! When creating domains, one message storage location is recommended for each predicted 20GB of message occupied storage space. For larger spaces, additional message storage locations should be created to correspond to the number of 20GB storages you need. You can add multiple message storage locations using WebAdmin (when creating the domain) or CLI (within the domain creation context). After creating the domain, additional locations cannot be added. When using CLI, the command to create multiple message storage locations is as follows: ADD MessagesLocation <path> Domain settings in AXIGEN are available at the following levels:
• General You can use AXIGEN to create as many domains as allowed by your license type, and for each of these domains. You can also specify the services to run for this domain, assign an IP address to this domain or create a 'catch all' account for all emails sent to inexistent user accounts.
See Domains General Configuration for information on how to configure general domain parameters using WebAdmin.
• Domain Aliases For all domains administered with the AXIGEN Mail Server, you can add as many aliases as you need.
See Defining Domain Aliases to manage existing aliases and add new ones.
• Message Filters For each configured domain, you can manage the existing Antivirus /Antispam Filters and add as many Incoming Message Rules as you like. This way you can implement different security policies for different domains.
For general information on filter types available in AXIGEN, see Mail Filtering.
For detailed information on how to configure filters, see Domain Message Filters page.
179
Copyright © 2008 Gecad Technologies S.A.
http://www.axigen.com
AXIGEN System Administrator's Manual
• Message Appender AXIGEN allows system administrators to define a certain text which is to be appended to all email messages sent from a certain domain. See Message Appender page for details on editing appenders.
• Account Defaults Through Account Defaults, system administrators can set default values for certain parameters that will be automatically inherited by all new accounts and account classes, and can be explicitly set (overridden) in the advanced configuration of the respective account or account class. See Account Defaults for details on how to set their corresponding parameters.
Domains and accounts can also be added using the Command Line Interface, but the best option for domain configuration is WebAdmin, which gives you easy access to all the categories of parameters mentioned above.
5.2. User Accounts In AXIGEN, account and user management has several features that give you full and easy control of administered accounts while enabling you to fine tune resource allocation for each of these accounts.
Note that in order to create an account, you need to first create a domain. For details on how to create domains in AXIGEN, see the Creating a New Domain section.
Two administration tools allow you to create domains and accounts:
• WebAdmin - also gives you access to all advanced account configuration parameters, see Manage Accounts Tab
• CLI - see Configuring AXIGEN using CLI for more details
Account settings in AXIGEN are available at the following levels:
• General You can define as many accounts as allowed by your license type, and for each of these accounts, as many aliases as you need. At the account level, you can also specify the services to run. This is a distinctive feature of AXIGEN, as you can easily selectively restrict access to one or more services (i.e. WebMail) for certain users within one domain. You can also view the current mailbox size for an account, specify the mailbox quota for accounts and limit the number of messages sent per hour from that account. See Accounts General Page for information on how to configure general domain parameters using WebAdmin.
• WebMail For account behavior in WebMail, AXIGEN provides a variety of parameters allowing you to set attachment size and number limits, mail size limits, the maximum number of simultaneous sessions, and the HTML filtering level for email messages. You can make special settings for one account or use the one inherited from domain level.
See Account WebMail Options for information on how to configure WebMail parameters using WebAdmin.
180
Copyright © 2008 Gecad Technologies S.A.
http://www.axigen.com
AXIGEN System Administrator's Manual
• Filtering For each configured account, you can add and activate any number of filters. This way you can implement different security policies for different accounts For general information on filter types available in AXIGEN, see Mail Filtering. For detailed information on how to configure filters, see Managing Message Filters. Further advanced settings, defining Inbox folders, limits and quota for each user account are also available in the Manage Accounts Tab. Accounts can also be added using the Command Line Interface, but the best option for account configuration is WebAdmin, which gives you access to all the categories of parameters mentioned above.
5.3. Groups Groups are functional entities meant to have emails sent to specified email addresses.
Groups do not have an actual mailbox. They are defined with a generic name, such as 'Sales' or 'Team' or 'Office' and an email address is created following the groupname@domain pattern, and then group members are added. Thus you can make sure that several recipients get email from a published email address (i.e. [email protected]). Also, you can change the recipient email addresses without having to change the published email address.
For all managed groups, system administrators can add and remove members at any time. They can also add as many message rules as needed to ensure a proper security policy for any given group.
In AXIGEN, the maximum number of groups that can be defined for a server/domain cannot be greater than the number of licensed mailboxes.
These administration tools allow you to create and configure forwarders:
• WebAdmin - also gives you access to all advanced forwarder configuration parameters, see Groups tab
• CLI - see Configuring AXIGEN using CLI for more details
5.4. Mailing Lists
Mailing List Server Overview In AXIGEN, the integrated list server provides advanced mailing lists administration options. For each list, advanced parameters allow administrators to specify:
• AXIGEN services running, content type, what messages are moderated messages, what headers to remove etc.
• WebMail specific settings allow configuring the way mail lists are viewed and managed on the Web (see Mailing List WebMail Options).
The AXIGEN List Server also provides RFC compliant templates / macros for automated mailing list interaction which allow you to add header text and other types of text before and after the message body.
For each list, standard text messages can be specified to be returned in the following cases: invalid user name, unknown user, request needs confirmation, user already subscribed, rejected response, welcome text, goodbye text, subscribe denied, etc. All these advanced parameters guarantee easy list administration and easily definable
181
Copyright © 2008 Gecad Technologies S.A.
http://www.axigen.com
AXIGEN System Administrator's Manual
custom appearance and behavior for each list. For information how to configure list parameters, see the Mailing Lists Tab.
Administration of the Mail List The current version of AXIGEN Mail Server does not differentiate, from an operational point of view, a list administrator from a list moderator. This operational difference will be featured in a next version of AXIGEN Mail Server. Therefore, currently the person who creates the mail list will act as both administrator and moderator of the list created. Also, please note that, list users are distinct from user mailboxes, even if both entities are administered using AXIGEN Mail Server.
Message Flow for AXIGEN List Server From the moderator / administrator point of view, the folders below describe the flow for a message sent to a list managed with AXIGEN Mail Server:
• INBOX: stores all messages that have been already delivered are to be delivered. • PendingRequests: stores all the requests that have to be confirmed by the
administrator. The administrator can confirm a message in this folder by moving it to ConfirmedRequests.
• Requests: stores all requests that need to be confirmed by their senders (for instance subscription requests). When such a confirmation is received and verified, the request is moved to ConfirmedRequests.
• ConfirmedRequests: stores all requests confirmed by their senders. • Pending: stores all messages that need to be moderated. The moderation is
executed by moving the corresponding message to:
1. INBOX (the message will be published) 2. Reject (the message is automatically rejected), 3. ToBeRejected (the message is stored for a future manual reject)
• Reject: When a message arrives in this folder, the sender of the message receives a reject message and the original message is moved to Deleted.
• ToBeRejected: stores messages that need to be manually rejected by one of the list moderators.
• Deleted: Here are stored all messages that have been rejected by list moderators.
From the mail list user point of view: A mail list user would interact with the list in different stages: when subscribing to the mail list, when confirming his/her subscription, when making a request, when accessing the list WebMail page or root mailbox, etc. The answers received from the list server are generated automatically, depending on the initial configuration of the mail list (done by the administrator) and the administrator's corresponding actions.
Templates explained From a mail list administrator/moderator point of view, most of the messages send as answers on a mail list created and operated with AXIGEN Mail Server are in fact expanded macros or templates.
All macros have the following form: %[-][width][.precision]{macro letter}
Here is the algorithm used when expanding these macros: len = strlen(macro text); width default = 0; precision default = INT_MAX;
182
Copyright © 2008 Gecad Technologies S.A.
http://www.axigen.com
AXIGEN System Administrator's Manual
left pading default = false; if minus => left pading = true; precision = min (len, precision); pading = max (0, min(512, pading - precision)); if left pading => the trailing spaces are inserted before macro text ; if not => the trailing spaces are inserted after the macro text;
Here is the list of macro letters and their meanings:
• l - Name of the list • d - The domain name of the list. • r - A short description of the list. • o - Operation to be executed (this option is valid only for the answers sent to
requests). • e - Address of the original message sender. • i - Identity confirmation. This is a message in the following format: "confirm {ID
message} {random number}" Note that this option can also be used as a boundary when building multipart messages.
• x - Row • M - Original message (populated only for answers to automatically rejected
messages. • f - Sender of the message (can be either a name or an e-mail address). • w - Original message date. • s - Original message subject. • m - Original Message ID • n - The number of the digest message.
For detailed information on how to configure mail lists in WebAdmin, see Mailing Lists. Lists can also be configures using CLI - see Configuring AXIGEN using CLI.
5.5. Public Folders Starting with version 2.0, AXIGEN supports Public Folders for the WebMail and IMAP services. System administrator can also associate email addresses with a domain’s public folder. Thus, emails can be sent directly to the public folder, access being given instantly to all the account users within the respective domain.
Public folders are defined per each domain managed by AXIGEN. For all defined public folders, one or more email addresses can be defined. The Postmaster of each domain can create and/or delete folders and messages within the Public Folder, while the rest of the users have reading rights only on the existing folders and messages.
While they cannot permanently delete messages from the Public Folders, when using WebMail, users can mark the messages they choose as deleted and also hide the emails with such marks. Also, certain email clients (such as Outlook) allow a similar behavior: marking for deletion and hiding such messages. Thus, users are not compelled to view messages that do not interest them.
Users can set other types of flags for their Public Folders, such as Read/Unread or Flagged/Unflagged. These options are available both in WebMail and in email clients (depending on their features), and affect the email messages of the respective individual account, not the actual content of the Public Folders.
For more details on configuring public folders, see Configuring Public Folders.
183
Copyright © 2008 Gecad Technologies S.A.
http://www.axigen.com
AXIGEN System Administrator's Manual
Chapter 6. Working with the WebMail Module in AXIGEN This chapter presents the AXIGEN WebMail Service features and configuration from a user's point of view. The sub-pages of this section will present in detail how to connect to the WebMail interface, manage the respective user account, add contacts to the address book or create and manage email messages and WebMail folders.
When accessing the WebMail interface through a browser, the individual user can configure all parameters relative to their respective account, except for certain limitations imposed by the administrator (in terms of attachment size, mailbox quota, etc.).
For an overview of the WebMail service in AXIGEN, see the corresponding section in the Architecture Chapter.
For tips on how to configure WebMail parameters and behavior using WebAdmin, see the WebMail Tab in the corresponding chapter.
6.1. Accessing/Leaving the WebMail Interface
Connecting to AXIGEN WebMail To connect to AXIGEN WebMail, enter in your browser the IP:port combination where your AXIGEN WebMail service is running. If you are accessing WebMail from the machine on which AXIGEN is installed, this address is by default, http://127.0.0.1:8000.
Remote access If you are accessing the WebMail from a different machine, you need to set in the listener's address parameter the IP address of the machine on which AXIGEN is installed. Or, you can set this parameter to 0.0.0.0 (in this case, the listener will listen to all machine interfaces). When accessing the AXIGEN WebMail, you need to replace the 127.0.0.1 IP from the URL with the IP address of the machine on which the AXIGEN Mail Server is installed. For example, if the machine running AXIGEN has the 192.168.1.1 IP address, change the IP/port data under Server->Webmail->Listeners->Address to match your IP/port:server { ... web { ... listeners = ( { ... address = 192.168.1.1:9000 enable = yes
Remember to reload your AXIGEN Mail Server after each change in the configuration files.
In the window thus displayed, enter the WebMail username and password provided by the system administrator.
184
Copyright © 2008 Gecad Technologies S.A.
http://www.axigen.com
AXIGEN System Administrator's Manual
Note: To have the list of available domains displayed on the WebMail login page, make sure you have the following settings: - the Allow domain selection on login option from the Services > WebMail Tab is checked; - the Include this domain in WebMail's domain selection list option from the Domains >General page corresponding to your existing domains is checked.
Leaving AXIGEN WebMail To close the current WebMail session, click the Logout link (right upper corner, next to the username and the Settings link).
6.2. WebMail Features and Configuration
Navigating in Your WebMail Account The left panel of your WebMail account displays a tree structure containing the folders currently existing in your WebMail account. When first accessing your WebMail account, the structure looks like this:
The folder structure helps you browse and manage the messages in your WebMail account:
185
Copyright © 2008 Gecad Technologies S.A.
http://www.axigen.com
AXIGEN System Administrator's Manual
Browsing trough messages is possible also with the help of the Page navigation buttons (go to first, next, previous, last, or specific (by number) page) above the preview pane. If actions are performed on items in a page the interface will remember the page name so when the user returns to it will be the exact same page.
The headers of the messages from the folder selected in the left panel are displayed on the upper right panel.
When selecting an email from the upper right panel by clicking on it, the message body will be displayed in the lower right Preview Pane. The Preview Pane can also be moved to the right of the message list. By default, the Preview Pane displays the sender, recipient(s) and date details of the email horizontally. To have them displayed vertically, press the "+" icon in front of the Subject line, as shown in the below picture.
Searching within your email account You can search through the existing email messages stored in your account using the quick search option or the Advanced Search option.
For a quick search, go to the left corner of the WebMail page (above the folders tree structure), type your query in the search filed and press the Go button. The search results will be displayed in the same window and can be sorted by all fields displayed in the message list header (From, To, Subject, Date, Size).
For an advanced search, access the more actions menu (under the Settings and Logout links) and choose the Advanced Search option. In the new window choose whether the query should match all or just part of the specified search elements. Add as many search criteria as you need by clicking the add new element link or delete them by hitting their corresponding trash-bin shaped button
186
Copyright © 2008 Gecad Technologies S.A.
http://www.axigen.com
AXIGEN System Administrator's Manual
Use the drop-down menu to select the new search element type. Available options include setting search criteria relative to the subject, sender, body, date, send date, To, Cc, size of the email, flag, header or raw. To select the folders to search in click the Choose folders button and in the new window select them (public folders are not available), they will be displayed in the Selected folders section. Finally click the Search button to find the needed information.
NOTE: The Search function also supports internationalized searches. Having this feature, language-specific characters can now be used when running a search (i.e. using diacritics).
6.3. Working with Messages in WebMail
Main Button Bar
Use the New button to create a new email message. The Reply and Reply to All buttons allow you to reply to a particular email message or to all previously selected messages. Use the Forward button to redirect a received email to a different recipient and the Move button to move an email message to a different folder. The Delete button allows you to delete previously selected messages.
For further actions on email messages, use the More actions drop-down menu, which allows you to access the Advanced search, group email messages by conversation, subject, sender or not group them at all, select all messages, invert a previous selection, deselect all messages or forward an email as attachment.
If any of the 'Group by' views are selected the result list, in the message list window, will be split in pages containing a defined number of messages (set in the WebMail Data tab). Navigation among pages is possible (go to first, next, previous, last, or specific (by number) page) and if actions are performed on items in a page the interface will remember the page name so when the user returns it will be the exact same page.
Composing a new message To compose a new message, press on the New button. A pop-up window similar to the one below is displayed.
187
Copyright © 2008 Gecad Technologies S.A.
http://www.axigen.com
AXIGEN System Administrator's Manual
Steps for editing a new message in AXIGEN WebMail
To edit an email message you need to take the following steps:
1. Enter the email addresses of the recipients in the To: field of the message (separated by commas if multiple) or add them from your existing address book by pressing the Addressbook button. The Addressbook gives users access to contacts defined for their account and also to Public and Domain contacts. First select the needed contact list, then select a specific one. Email addresses can be added automatically to the 'To', 'Cc' or 'Bcc' fields. To do so, click on the address to select it, then click the To, Cc or Bcc buttons. Press the OK button when you are done adding recipients or the Cancel button to quit.
For any of these three address fields, when typing the recipient addresses, if the respective addresses are already in your address book, the autocomplete function will be enabled. Therefore, you can select the correct address and press Enter.
2. Use the Check addresses button to verify the validity of the email addresses you have inserted.
3. Specify the subject of your message in the Subject: field. 4. Use a different originating email address by clicking the Show From link (after the
formatting buttons) and typing the address in the From field.
188
Copyright © 2008 Gecad Technologies S.A.
http://www.axigen.com
AXIGEN System Administrator's Manual
WARNING! This option works only if the user has the 'Send Mail as' permission from the mailbox owner.
For information on how to define 'Send Mail as' permissions please see Sharing permissions.
5. Set the 'Reply-to' header for the email message. When clicking the 'Show Reply-To' link, a new field appears containing the email address defined in the settings window (which the user may override). If no value was defined in the Settings > Personal Data page the input field must be empty.
6. Edit your message in the message body. The user can now use rich text (Bold, Italic, Underline / Strike through, Different font face and size, Colors, Subscript, Superscript, Insert link, Bullets etc.).
7. Add attachments to your message by pressing the Attach button. To add an attachment, press on Browse, specify the path to the attachment and then press on the Upload link. To add multiple attachments, repeat these actions as many times as you need.
8. After adding one or more attachments to a WebMail message, the attachment list is displayed in the lower part of the screen. You can delete the attachments one by one, by clicking on the corresponding [delete] link.
9. You can save a draft of your current message at any time by pressing on the Save button and resume its editing at a later time.
Marking messages To mark a message, you must first select it in the upper panel by clicking on it. Then choose one of the options displayed in the Mark as drop-down box:
• Select Mark as read to set the status of the currently selected message(s) to Read. • Select Mark as not read to set the status of the currently selected message(s) to Not
read. • Select Flagged to add a flag to the currently selected message(s). • Select Not Flagged to delete the flag for the currently selected message(s). This
option is only available for previously flagged messages. • Select Deleted to mark a message as deleted (it will be displayed in strikethrough
style). When marking certain messages as deleted, you can also choose to hide them by pressing the Hide deleted button
• Select Not deleted to remove a deleted mark from a certain email message.
189
Copyright © 2008 Gecad Technologies S.A.
http://www.axigen.com
AXIGEN System Administrator's Manual
Deleting messages To delete one or more messages, select the message(s) and click on the Delete button in the Main button bar. If you do not wish to see the deleted messages click the Hide deleted button. Deleted messages will be permanently deleted or sent to the Trash folder depending on the user setting in WebMail Data or the Move deleted emails to Trash option set by the administrator in Account WebMail Options.
6.4. WebMail Folders
Public Folders Through the Public Folders, users may now share email messages, contacts, tasks etc. by simply copying and/or moving them to a public folder. System administrator can also associate a certain email address with a public folder. Thus, emails can be sent directly to the public folder, archiving options being also available.
While they cannot permanently delete messages from the Public Folders, when using WebMail, users can mark the messages they choose as deleted and also hide the emails with such marks. Thus, users are not compelled to view messages that do not interest them.
Users can set other types of flags for their Public Folders, such as Read/Unread or Flagged/Unflagged. These options affect the email messages of the respective individual account, not the actual content of the Public Folders.
Special Folders From both WebMail and Outlook, one can create a special type of folder: Mail, Calendar, Tasks, Journal, Contacts, Notes. Each special folder has type-specific view to display its contents (i.e. Calendar view(es) for calendar-type folders, Contacts view for contact-type folders and so on).
Aside from its specific view, each special folder type has a list view which consists of a list of objects in that folder. The list view has more pages so the user may view only a few items at a time. When editing an object in the list view, the user interface remembers the page so that after the object is updated the position in the list is not lost.
While in the list view special messages can be copied or moved from one special folder to another, if the folders have the same type. This action can also be performed in Outlook.
NOTE: After creation, the folder type cannot be modified.
For special public folders all action buttons are displayed, regardless of the permissions. When editing an item, the action buttons in the edit pop-up are displayed or not depending on the permissions. For example if the current user does not have 'Edit' (i.e. delete & create) permission, the 'Save' button does not exist; moreover, all input controls are disabled.
For information on how to set folder permissions please access the Sharing Permissions page.
Managing Folders in WebMail Right click on any folder in the folder tree (be it personal, public or shared, mail, calendar, task, journal or notes) brings-up a context menu with the following options: New folder, Rename folder, Move folder, Empty folder, Delete folder, Sharing, Open/Close other user's folder.
190
Copyright © 2008 Gecad Technologies S.A.
http://www.axigen.com
AXIGEN System Administrator's Manual
These options always appear in the context menu, if they work or not depends on the specific permissions set on the selected folders.
When clicking any of these options new pop-up window is displayed allowing you to make the desired changes.
For example when creating a new folder a new window is displayed allowing you to specify the name of the new folder in the Folder name text area, the Folder type (Email, Calendar, Tasks, Journal, Notes or Contacts) and select its location in the folder tree. To finish press the Create button or Cancel if you changed your mind.
All folder options: creating, moving, deleting etc. have explicit instructions in their respective pop-up windows.
Managing Contacts in WebMail To define your address book access the Contacts folder from the folder tree. You can either add them one by one or import an existing address book.
Click the New contact button to create a new contact and fill in the details.
191
Copyright © 2008 Gecad Technologies S.A.
http://www.axigen.com
AXIGEN System Administrator's Manual
General Details
Use the Email, First Name and Last name text fields to specify the name and email address of the new contact you want to add. To specify the contact's nickname, use the Nickname field.
Additional Info
You can specify a personal email, for non-professional purposes in the Personal email field, phone numbers in the Phone and Mobile Phone fields and the home phone and address data in the Home address and Home phone fields.
Using the Business email field you can specify the business email address for your new contact. Use the Business phone and Business address fields to specify the office contact details. Finally the Notes text field can be used to type any information regarding the currently edited contact.
Make sure to press the Save&Close button to save the contact you just added or the details you changed.
192
Copyright © 2008 Gecad Technologies S.A.
http://www.axigen.com
AXIGEN System Administrator's Manual
Edit the contact by double clicking on it. To delete an existing contact, use the Delete icon on the right of the contact you would like to remove. To send a new email to a contact in the list click the letter icon (next to the Delete icon). Click the Details link to see all the information regarding that contact.
Press the Import contacts button to import external address books that were saved locally.
Address book files must be in CSV(Comma Separated Value) format!
Click the Browse button to specify the path to the desired external address book, then click on the Import contacts button. Should you choose to abort, press the Cancel button.
Any new created mailbox has by default two public folders in the root of the public folder: Domain Contacts and Public Contacts.
The Domain Contacts folder is read-only: no items can be modified or created in it, it cannot be deleted or renamed, no folders can be added to it, no permissions may be changed on it.
NOTE: This applies for all users in the domain, including postmaster!
The content of this folder is automatically and dynamically updated by the server and contains all the email addresses for recipients in the domain.
Public contacts can be added only by the domain Postmaster in the same way explained above.
193
Copyright © 2008 Gecad Technologies S.A.
http://www.axigen.com
AXIGEN System Administrator's Manual
6.5. Working with the Personal Organizer in WebMail Having time management and mobility needs in mind, starting with version 4.0, the AXIGEN Mail Server comes with a Personal Organizer module available from both AXIGEN’s WebMail interface and Outlook email client. The Personal Organizer comprises tools such as calendar, tasks, journal, notes and collaborative support.
This section aims to explain how the new management tools can be used. Each of them - calendar, journal, notes, tasks - is described in a separate sub-section, with all its features and usage alternatives.
6.5.1. Working with your Calendar
The Calendar helps users plan and schedule their work-related or personal events and to have a clear and detailed view of their work, thus enabling an improved time management. To access your Calendar, you can either click the Calendar folder in the folder tree structure placed on the left hand side of your WebMail account or click on any day of the calendar displayed in the lower left corner of the interface.
The upper button bar displayed when the Calendar is accessed gives access to the following options:
• New event - creates a new event. To create an event in a certain day, either select it first using the calendar displayed in the lower left corner. Use the left and right arrows to change months of the current year and the double right and left arrows to change the year.
• Today - when hit, it marks the current day events • Day view - displays the events for one day at a time • Work-week view - displays work days, Monday to Friday
194
Copyright © 2008 Gecad Technologies S.A.
http://www.axigen.com
AXIGEN System Administrator's Manual
• Week view - displays the entire week • Month view - displays the events for the whole month • List view - displays the existing list of events.
Creating a New Event When creating a new event, you have to first type a Subject (required) and then a location, specifying where the event takes place. You can either create an event that lasts throughout the day by checking the All day event option, or you can specify limits for the new event. To do so, click the date and time selection boxes for both the Start and End date of your event.
Should you like to be prompted that a certain event is about to start, check the Reminder box and set your desired time interval. You can also use the available text field to type in any details or explanations regarding your current event. Set the events transparency to "Busy" or "Free" using the drop-down menu in the “Show time as” section. This option will affect the resource availability displayed in the Free/Busy tab. More information is available below on this page.
To save your event, press the Save & Close button. To abort configuring the event, hit Cancel. To define a repeating scenario, hit Recurrence and use the Invite button to invite others to attend the event you are creating.
195
Copyright © 2008 Gecad Technologies S.A.
http://www.axigen.com
AXIGEN System Administrator's Manual
Existing events can be edited at any given later date. To do so, select the desired entry by double-clicking it, regardless of the selected view type. After making the needed alterations, hit the Save & Close button. If the entry you want to edit is a recurring event, you will be asked whether you want to edit the entire series or only a single instance (occurrence) of the event:
NOTE: This option is not available while in the list view.
Should you like to delete the entry, press the Delete icon added to the editing window. Additionally, when using the List view, you can use the edit end delete icons appended to each event.
Setting the Recurrence When hitting the Recurrence button, a pop-up window displays the available options. You can set a start and end time for the event by clicking the respective selection boxes. Thus, the Duration of your event will be automatically set.
Click the Start selection box to select the starting date of the recurrence. You can choose to have the event repeated incessantly by checking the No end date option or the event can stop occurring after a number of occurrences (check the End after x occurrences option) or by a certain date (select the End by... option).
You can set the event to o be repeated on a daily, weekly, monthly or yearly bases, according to a defined Recurrence pattern. Depending on the Recurrence pattern you select, you can access more detailed options:
196
Copyright © 2008 Gecad Technologies S.A.
http://www.axigen.com
AXIGEN System Administrator's Manual
• Daily - you can have the event repeated every weekday by checking the corresponding option, Every weekday, or you can have it repeated every 2,3, x days by checking the corresponding option.
• Weekly - you can check a certain day(Monday to Sunday) of every 1/2/etc week(s) for the recurrence
• Monthly - You can specify a certain day of every month (e.g. 25th of every month or every 2 months), or select from the other available options: first/second/third/fourth/last - day/weekday/weekend day/Sunday/Monday etc. of every 1/2/etc months. For example, you can set an event that occurs on the first weekday of every other month.
Important! As the number of days differs depending on the month, if you set an event for the 31st, it will be scheduled in the last day of each month with 30 days.
• Yearly - You can set the event to occur on a certain date of a certain month (e.g. January 25th) or you can select from the other available options: first/second/third/fourth/last - day/weekday/weekend day/Sunday/Monday etc. of every January/February/etc months. For example, you can set a seminar attendance event for each first weekend day of every March.
Finally, set the Range of recurrence for your event. Click the Start selection box to select a date. The event can be repeated incessantly if you choose the No end date option. Alternately, you can have it ended after a number of instances, by checking the End after x occurrences option and setting the desired number of repeats, or set an End by date and selecting the desired end date by clicking the respective selection box.
197
Copyright © 2008 Gecad Technologies S.A.
http://www.axigen.com
AXIGEN System Administrator's Manual
When you are done setting the event recurrence, hit OK. To abort the recurrence, hit Cancel. For already defined recurrence details, hit Remove Recurrence to prevent the event from repeating.
Inviting Attendees When hitting the Invite Attendees button, a new text field and a To button are added in the upper side of the event editing window. If you want to abort inviting process, press the Cancel Invitation button that replaces the initial Invite Attendees option.
You can either type the email addresses of the persons you want to invite at the event, or you can access your existing contacts by hitting the To button. When accessing your contacts using the To button, a new pop-up window appears, allowing you to choose which contacts to display in the left hand pane, as shown below. Available options are 'All contacts', 'My contacts', 'Public contacts' and 'Domain contacts'.
Select the email address of the contact you want to invite with a mouse click, then press the To button. To select several contacts, press Ctrl on your keyboard. To delete a contact from the list of attendees to be invited, click their email address in the right hand pane and press Delete on your keyboard. When you are done selecting attendees, press OK to have the email invitations sent to them. To discard the inviting process, hit Cancel.
198
Copyright © 2008 Gecad Technologies S.A.
http://www.axigen.com
AXIGEN System Administrator's Manual
Attendees will then receive an invitation email in their Inboxes, prompting them to take action:
To view the details of the event they are invited to attend, users need to click on "open details". The available options are to Accept the meeting, to accept it without guaranteeing attendance - Tentative, Reject it, or Propose a change in the event details.
When an attendee takes a certain action, other than Propose, the organizer receives a notification email that requires no further action to be taken.
If, on the other hand, the invited attendees have proposed changes to the event, the organizer will receive an email prompting him/her to take action. The available options are Accept/Reject changes or Propose a new modification of the event specifics.
199
Copyright © 2008 Gecad Technologies S.A.
http://www.axigen.com
AXIGEN System Administrator's Manual
When dealing with proposed changes, attendees have one more option, Tentative, which gives them the possibility to accept the changes partially, without guaranteeing thy will actually take part in the event.
Important! If participants to a certain event take different actions when changes are proposed (i.e. some accept them, while others reject them), the organizer has the final say.
When inviting others to take part in a certain event, the event editing window will also be modified. A new tab called attendees will be added, showing the course of action taken by those invited. The available status options are 'Accepted', 'Declined', 'Tentative' and 'need action'.
In the Free/Busy tab the attendee availability is displayed IF the user editing the event has the 'Read Free/Busy status' permission on the attendee's mailbox. This feature is available only in the WebMail interface.
200
Copyright © 2008 Gecad Technologies S.A.
http://www.axigen.com
AXIGEN System Administrator's Manual
Reminder options If you have chosen to be reminded of a certain event, at the specified time, a pop-up will appear at the given time and date. If no action is taken, it will reappear each time the WebMail interface is automatically refreshed. Hence, it depends on the refresh settings configured in the WebMail Data page. Alternatively, you can have the reminder postponed using the available snooze options, by choosing a repeat interval in the corresponding drop-down menu and by hitting the Snooze button.
Important! If the auto-refresh option is disabled, reminders will not function.
If you want to see the details of an event you are reminded of, press the Open Item button. To dismiss a certain task, select it and press the Dismiss button. Use the Dismiss All button to discard all pending events.
Important! Further settings that determine Calendar behavior need to be set on the WebMail Data page. Each user needs to set the correct Time Zone and the Week start date in order to have deadlines and start times displayed correctly in their Calendar.
6.5.2. Working with your Journal
The Journal allows you to add entries that help you keep track of your day-to-day tasks and actions. To access your Journal, click the corresponding folder in the folder tree structure placed on the left hand side of your WebMail account.
201
Copyright © 2008 Gecad Technologies S.A.
http://www.axigen.com
AXIGEN System Administrator's Manual
The upper button bar displayed when the Journal is accessed gives access to the following options:
• New journal - creates a new journal entry. • Today - when hit, it marks the journal entries for the current day • Day view - displays journal entries for one day at a time • Month view - displays journal entries on a monthly basis • List view - displays the existing list of journal entries.
Creating a New Journal Entry When hitting the New journal button, the options relative to the new entry are displayed in a pop-up window.
To add a new entry, you have to fill in the two required fields: Subject, referring to the entry description, and the Type drop-down menu. There are several available types of entries, such as Phone call, E-mail Message, Task, Conversation, etc:
Click the Start time selection boxes to set a starting date and time for your journal entry. In the displayed calendar, use the left and right arrows to change months of the current year and the double right and left arrows to change the year.
202
Copyright © 2008 Gecad Technologies S.A.
http://www.axigen.com
AXIGEN System Administrator's Manual
Click the Duration selection box to specify a time frame for your journal entry. You can then edit the actual journal note in the available text field. When you are done editing the entry, hit the Save & Close button. If you want to discard the journal entry, press the Cancel button.
Existing Journal entries can be edited at any given later date. To do so, select the desired entry by double-clicking it. After making the needed alterations, hit the Save & Close button. Should you like to delete the entry, press the Delete icon added to the editing window.
When using the List view, journal entries can be edited by double clicking on them and deleted by clicking their corresponding delete icon.
Important! Further settings that determine Journal behavior need to be set on the WebMail Data page. Each user needs to set the correct Time Zone and the Week start date in order to have start and end times displayed correctly in their Journal.
6.5.3. Working with your Notes
The Note tool allows you to add quick notes while working. Notes are best suited when one needs to write down something very quickly and has little time to add more details. To access your Notes, click the corresponding folder in the folder tree structure placed on the left hand side of your WebMail account.
When hitting the New note button, a small pop-up window is displayed.
203
Copyright © 2008 Gecad Technologies S.A.
http://www.axigen.com
AXIGEN System Administrator's Manual
Type the note in the given field and either close the pop-up window using your browsers "x" button, or hit the Close window to save this note link in order to have your text saved.
Notes can be edited by double clicking on them and deleted by clicking their corresponding delete icon.
6.5.4. Working with your Tasks
Tasks helps users organize their work-related tasks and collaborate with others on ongoing projects. By enabling them to permanently check the level of completion, tasks offer a clear and detailed view of their workload. To access your Tasks, click the Tasks folder in the folder tree structure placed on the left hand side of your WebMail account.
The upper button bar displayed when the Tasks are accessed enables the following options:
• New taks - creates a new event. • All tasks - lists all your tasks
204
Copyright © 2008 Gecad Technologies S.A.
http://www.axigen.com
AXIGEN System Administrator's Manual
• Uncompleted tasks - displays the user's uncompleted tasks • Completed tasks - displays the user's completed tasks
Creating a New Task When creating a new task, first type a Subject in the corresponding text field, then set the tasks's completion deadline using the Due Date selection box. Use the left and right arrows of the selection calendar to switch between months of a certain year and the double left and right arrows to switch between different years.
To successfully define a time frame for the task, also configure its Start date, using the corresponding selection box. Furthermore, you can prioritize tasks using the Priority drop-down menu. Available options are: 'Low', 'Normal' and 'High'. To keep track of the completion process, type a percentage in the %Complete text field.
Should you like to be prompted that a certain event is about to start, check the Reminder box and set your desired time interval. You can also use the available text field to type in any details or explanations regarding your current task.
To save your task, press the Save & Close button. To abort configuring the task, hit Cancel. To define a repeating scenario, hit Recurrence and use the Assign task button to have the respective task assigned to different users.
205
Copyright © 2008 Gecad Technologies S.A.
http://www.axigen.com
AXIGEN System Administrator's Manual
Existing tasks can be edited at any given later date by double clicking it. After making the needed alterations, hit the Save & Close button. To mark a task as completed, use the corresponding icon placed next to the Assign task button. Should you like to delete the entry, press the Delete icon in the editing window. Additionally, you can use the delete icons appended to each task or check it as completed.
Setting the Recurrence When hitting the Recurrence button you can set the task to o be repeated on a daily, weekly, monthly, yearly basis or according to a defined Recurrence pattern. Depending on the Recurrence pattern you select you can access more detailed options:
• Daily - have the event repeated every weekday by checking the corresponding option, Every weekday, or you can have it repeated every 2,3, x days by checking the corresponding option.
• Weekly - check a certain day of the week for the recurrence • Monthly - specify a certain day of every month (e.g. 25th of every month or every 2
months), or select from the other available options: first/second/third/fourth/last - day/weekday/weekend day/Sunday/Monday etc. of every 1/2/etc months. For example, you can set an event that occurs on the first weekday of every other month.
Important! As the number of days differs depending on the month, if you set an event for the 31st, it will be scheduled in the last day of each month with 30 days.
• Yearly - set the event to occur on a certain date of a certain month (e.g. January
25th) or you can select from the other available options: first/second/third/fourth/last - day/weekday/weekend day/Sunday/Monday etc. of every January/February/etc months. For example, you can set a seminar attendance event for each first weekend day of every March.
206
Copyright © 2008 Gecad Technologies S.A.
http://www.axigen.com
AXIGEN System Administrator's Manual
Then set the Range of recurrence for your task. Click the Start selection box to select a date. The task can be repeated incessantly if you choose the No end date option. Alternately, you can have it ended after a number of instances, by checking the End after x occurrences option and setting the desired number of repeats, or set an End by date and selecting the desired end date by clicking the respective selection box.
When you are done setting the task recurrence hit OK. To abort the recurrence hit Cancel. For already defined recurrence details, hit Remove Recurrence to prevent the task from repeating.
Assigning tasks When hitting the Assign task button, a new text field and a To button are added in the upper side of the event editing window. If you want to abort inviting process, press the Cancel Assignment button that replaces the initial Assign task option.
You can either type the email addresses of the persons you want to assign the task to, or you can access your existing contacts by hitting the To button. When accessing your contacts using the To button, a new pop-up window appears, allowing you to choose which contacts to display in the left hand pane, as shown below. Available options are 'All contacts', 'My contacts', 'Public contacts' and 'Domain contacts'.
207
Copyright © 2008 Gecad Technologies S.A.
http://www.axigen.com
AXIGEN System Administrator's Manual
Select the email address of the contact you want to have the task assigned to with a mouse click, then press the To button. To select several contacts, press Ctrl on your keyboard. To delete a contact from the list of assignees, click their email address in the right hand pane and press Delete on your keyboard. When you are done selecting assignees, press OK to have the email assignments sent to them. To discard the assigning process, hit Cancel.
Assignees will then receive an assignment email in their Inboxes, prompting them to take action:
To view the details of the event they are invited to attend, users need to click on "open details". The available options are to Accept or Reject the task and the organizer receives a confirmation email.
When assigning tasks to others, the editing window will also be modified. A new tab called Attendees will be added, showing the course of action taken by those you have selected. The available status options are 'accepted', 'declined' and 'need action'.
208
Copyright © 2008 Gecad Technologies S.A.
http://www.axigen.com
AXIGEN System Administrator's Manual
Reminder options If you have chosen to be reminded of a certain task, at a specified time, a pop-up will appear at the given time and date. If no action is taken, it will reappear after the starting time each time the WebMail interface is automatically refreshed. Hence, it depends on the refresh settings configured in the WebMail Data page. Alternatively, you can have the reminder postponed using the available snooze options, by choosing a repeat interval in the corresponding drop-down menu and by hitting the Snooze button.
Important! If the auto-refresh option is disabled, reminders will not function.
If you want to see the details of an event you are reminded of, press the Open Item button. To dismiss a certain task, click to select it, then press the Dismiss button. When a task is dismissed, it is also removed from the Reminder window. Use the Dismiss All button to discard all pending tasks.
Important! Further settings that determine Tasks behavior need to be set on the WebMail Data page. Each user needs to set the correct Time Zone and the Week start date in order to have their Tasks deadlines and start times displayed correctly.
6.6. Configuring Account Settings in WebMail To access the WebMail account parameters, click Settings (right upper corner, WebMail upper right panel), next to the Logout link. In this section users are given access to eight configuration tabs:
• Personal Data - containing options relative to the user's personal details; • WebMail Data - gives access to settings managing the WebMail account behavior
(all these parameters can be configured via WebAdmin from the Account > WebMail Data page);
• Filters - gives access to filter configuration using the AXIGEN Rules Wizard; • Sharing permissions - gives share access to your folders (allow other users to see
your schedule or send emails in your name); • RPOP Connections - this feature allows you to organize user's communication by
retrieving email from other remote accounts; • Account Info - quota related parameters can be viewed in this page; • Blacklist - block email addresses you do not wish to receive messages from;
209
Copyright © 2008 Gecad Technologies S.A.
http://www.axigen.com
AXIGEN System Administrator's Manual
• Temporary email - request one or more temporary email addresses (or alias);
6.6.1. Configuring Personal Data
While on the Personal Data page, users can define personal details such as their first and last name, change the current password to their WebMail account or fill in Business Details.
General Information To set your first and last name, use the two corresponding text fields, First name and Last name. To choose a nickname, use the Nickname field.
210
Copyright © 2008 Gecad Technologies S.A.
http://www.axigen.com
AXIGEN System Administrator's Manual
Define a Reply-To header for all the messages you send (including replies and forwards) so when someone replies your email in the To field the email address set here appears instead of the one in the 'From' header. When composing an email it can be overridden or missing if it was not defined.
Personal Details You can specify a personal email, for non-professional purposes in the Personal email field.
Add your phone numbers in the Phone and Mobile Phone fields and home phone and address data in the Home address and Home phone fields.
Your Password The password previously defined by the administrator when creating the account can be changed from the Personal Data page. To do so, first type the current password in the Old password field, then type a new one using the Password field and finally confirm the new selected password in the Retype password field.
Business Details Use the Business phone, Business address and Business email fields to specify your office contact details.
After modifying any of these parameters, remember to press the Save changes button to save these changes. Use the Cancel button to undo the changes you have just made instead of saving them.
6.6.2. WebMail Data Settings
When accessing the WebMail Data page, users have access to settings used to configure the behavior of their WebMail account.
211
Copyright © 2008 Gecad Technologies S.A.
http://www.axigen.com
AXIGEN System Administrator's Manual
Appearance Use the Skin name drop-down box to select the skin of your WebMail account. At this time three options are available: Classic, Coolwater and Webreflection.
The Language drop-down menu allows you to select the language of the WebMail account. Available choices are English (en), Romanian (ro), German (de), Norwegian (no), Dutch (nl), Spanish (es), Portuguese (pt), Italian (it), Danish (dk), Swedish (se), Chinese (cn), Persian (fa), French (fr), Greek (gr), Hungarian (hu), Macedonian (mk), Polish (pl), Russian (ru), Turkish (tr) and Czech (cz).
The Page size text box allows the user to specify the number of messages displayed on one WebMail page.
The HTML Body Filtering level specifies which HTML filtering level will be used when displaying HTML format messages. The HTML filtering level stand for the following:
• No Filtering • Low level filtering - converts the message to standard XHTML • Medium level filtering - generates the email body based on a list of known/allowed
attributes and tags. Anything that is not on this 'allowed list' is removed. This level removes java script, styles, etc.
• High level filtering - generates the email body based only on text components. This means that only plain text components remain in the message. This forth level is the strictest and may actually damage some formatting, but it is also the safest.
Use the Week start date drop-down menu to select a day to be displayed first in the week for your calendar. To specify your Time Zone, use the corresponding drop-down menu.
The date field is automatically adjusted according to the defined local time zone when displaying a message (in both the message list window and the open message popup).
Preferences Choose to be asked for confirmation before emptying a folder using the Confirm empty folder drop-down box.
Choose to ask for a confirmation when an email message is deleted using the Confirm delete mail drop-down box.
Use the Delete to Trash drop-down box to specify if a message deleted from your WebMail account is saved to Trash folder ("yes") or permanently deleted.
To have a copy of sent messages saved in the Sent folder, choose the value "yes" for the Save to sent parameter.
Set the refresh interval for your WebMail interface by typing the desired value in the Auto-refresh interval text field. Please note that if you set this value to 0 it means that the option is disabled.
Use the Display new email notification drop-down box to choose if you wish to be notified when a new email arrives.
Configuring your signature To configure a signature that will be appended to all your outgoing emails, use the Signature text field.
212
Copyright © 2008 Gecad Technologies S.A.
http://www.axigen.com
AXIGEN System Administrator's Manual
After changing any of the settings above, remember to press the Save changes button to save the new values.
6.6.3. Mail Filtering in WebMail
The filter wizard accessible from the Filters page allows users to easily create a filtering system to manage their email flow. Moreover, auto replies can be set for all or certain received email messages.
When first accessing the Filters page, a list of the already defined filters is displayed. If no filter has been previously set, the list will be blank.
The Sender not in AB Actions allows you to apply certain actions to messages containing recipients that are not in the address book. To enable this option just check the box in front of it and choose either of the Send NDR, Move to Trash or Discard options from the drop-down list.
To delete a filter, use the Delete button on the right of the respective filter. To edit an existing filter, press its corresponding Edit button. Click the New filter button to create a new filter. To create an automatic reply for certain/all messages hit the New responder button.
Whether creating a new filter or editing an existing one the options displayed are the same.
213
Copyright © 2008 Gecad Technologies S.A.
http://www.axigen.com
AXIGEN System Administrator's Manual
Use the name text filed to specify a name for the currently defined filter. You can further select if the messages filtered should match all or any of the defined criteria using the corresponding check boxes.
Next use the drop-down menu to select what conditions should the messages meet for the filter to apply. Available options include setting conditions relative to the subject, sender, receiver, Cc, To or Cc, size of the email, as well as a customization option accessible by choosing Custom.
Finally use the Actions area to define the actions to be taken (i.e. moving, copying, deleting, or redirecting it to a certain email address etc.) if an email message matches the specified criteria.
- use this icon to add a new criterion and/or a new action; - use this icon to remove one of the previously created criteria and/or actions.
To set the order in which defined filters should apply use the up and down arrows in front of them.
When setting a Responder (automatic reply) to be sent to the email messages matching the defined filter, the following fields also need to be configured:
Use the Subject and the Message fields to define the subject and body of the email response to be sent. Set the Days between subsequent responses and Additional own email addresses (use the same responder for other email addresses) by editing their corresponding fields.
When you are done configuring the filter or responder press the Save changes button.
6.6.3.1. WebMail Filters Overview The mail filtering features allow users to create named filters and specify actions to be taken on the matching messages. A filter is composed of a set of 'filtering expressions' or "expressions" and a set of actions.
214
Copyright © 2008 Gecad Technologies S.A.
http://www.axigen.com
AXIGEN System Administrator's Manual
An expression (filtering expression) is composed of a header name, an operator and an optional value. The expression can be applied to a mail message and will give a matching/unmatching response.
A filter contains the following:
• Name • Priority • Enabled/Disabled state • ExpressionOperator: operator to compose multiple filtering expressions (And/Or) • Expressions • Actions
A (filtering) expression contains the following
• Header: the mail message header the expression to witch the matching criteria will be applied
• Operator: operator specific to the header type • Value(optional): a value that the operator may need (depends on the operator)
Supported Headers/Operators/Values
Header(s) Supported operators
(negated or not)
Supported values Comments
Subject To To or Cc Cc Custom
Contains Is Begins with Ends with
String When Custom is selected the name of the custom header must be specified.
From Contains Is Begins with Ends with
String
Size Is greater than Is lower than
String describing size, e.g.: 1024 (bytes) 1K (1 kilobyte = 2^10 bytes 1M (1 megabyte = 2^20 bytes)1.4G (1.4 gygabytes = 1.4 * 2^30 bytes)
Action Data
Action Data Type Description
Move to string The path to the location is given as UTF8
Copy to string The path to the location is given as UTF8
Delete (move to trash)
(none) (none) The message will be moved to trash.
215
Copyright © 2008 Gecad Technologies S.A.
http://www.axigen.com
AXIGEN System Administrator's Manual
Forward to email address The message will be forwarded to the given email address. No copy will be saved.
Vacation days number mininum > 0maximum > 7 (must)maximum > 30 (should)if omitted, days defaults to 7 or minimum (whichever is greater)if given value > maximum, days defaults to maximumif given value < minimum, days defaults to minimum
subject string (utf8) Alternate subject for response.If not given, the incoming mail's subject is used
text string (utf8) Body of the response message.
Filter Container The FilterContainer is responsible for serializing an ordered collection of filters into a file and for parsing a sieve script that contains one or more filters.
The parts of the scripts that are not recognized are stored as raw text in memory. When doing the serialization, the container will reorder the scripts. The ones that were edited by WebMail will be written at the beginning of the file while all 'raw' scripts will be written at the end.
A script is recognized as being a WebMail script if:
• contains only directives that have been implemented in WebMail filters • has a header with the following data:
o Name: user specified string o Id: internal integer to uniquely identify the script o Position: integer used for ordering the scripts o Enabled: boolean
If the script has a header but has been edited by hand to contain other directives it is rejected and put into the raw scripts collection.
If the script does not have a header but can be handled as a WebMail script it will be given an auto-generated id, a last position in the list and an auto-generated name.
216
Copyright © 2008 Gecad Technologies S.A.
http://www.axigen.com
AXIGEN System Administrator's Manual
6.6.4. Setting Sharing Permissions
In the Setting Sharing Permissions tab you can allow share access to your folders, access folders shared by other users, allow other users to see your schedule or send emails in your name.
Global Permissions
Read Free-Busy status If a user editing a calendar event has the 'Read Free-Busy' permission for the attendee's mailbox the availability is displayed. This option is available only for the WebMail interface.
Send Mail As When sending a new email message (from either SMTP, MAPI or WebMail) another 'From' address can be set if the user has the 'Send Mail As' permission for that mailbox.
Folder permissions These permissions can be defined on both folder level and on mailbox level (in this case, they act on all subfolders in the user's mailbox). To share a folder right click on it and choose share.
Share a folder To control a folder's sharing permissions, go to the tree folder on the left, right click on it and choose the Sharing option. When accessing Sharing options for a folder a list of the already defined permissions is displayed. If no permission has been previously set the list will be blank.
217
Copyright © 2008 Gecad Technologies S.A.
http://www.axigen.com
AXIGEN System Administrator's Manual
To edit an existing permission use its corresponding Edit button, to delete it hit the recycle bin shaped Delete button. Click the Add button to add a user or a group of users (only domain contacts are available) and set the permission level on the folder. There are 6 levels to choose from:
• No access (all permissions are denied) • Viewer (view and read folder is allowed) • Contributor (view, read folder and add items is allowed) • Editor (view, read folder, set/clear flags, add items, mark items as deleted/not deleted
and expunge is allowed) • Master (all permissions are allowed) • Custom (each permission is defined individually according to your needs)
Each permission may be allowed explicitly, denied explicitly or not specified. Permissions act hierarchically (are inherited on the group hierarchy). Additionally, resource hierarchies (a folder being parent to another folder) also benefit from the inheritance algorithm. In the Effective Permissions tab you will be able to see what permissions are specifically allowed or not.
218
Copyright © 2008 Gecad Technologies S.A.
http://www.axigen.com
AXIGEN System Administrator's Manual
IMPORTANT! In the same way domain Postmasters set permissions for Public Folders.
Subscribe to folders shared by other users Click the Subscribe button to have access to folders shared by other users. You can either type the email address in the Shared by field or click the Select button to choose it from the contacts list in your domain.
WARNING! This option works only for users in the same domain that have set one of the permissions level (except None) described above.
The folder will appear in the Shared Folders section of your folder tree:
If you do not wish to see the folders shared by a certain user anymore close them by right clicking on the folder displaying the user's name or one of its subfolders and choosing the Close user option.
6.6.5. Configuring WebMail RPOP Connections
When first accessing the RPOP Connections tab, a list of the already defined connections is displayed. If no connections have been previously set, the list will be blank.
219
Copyright © 2008 Gecad Technologies S.A.
http://www.axigen.com
AXIGEN System Administrator's Manual
To delete a RPOP connection, click the Delete icon corresponding to it. To edit a connection, click the Edit icon corresponding to its name. In order to add a new connection, press the Add connection link. Whether you are adding or editing a RPOP connections, the parameters you need to configure are the same.
Connection details Specify the name or IP address of the host from which the emails are retrieved using the Hostname field. To set the port on which the retrieval from the desired hostname is made, use the Port field.
Use the Username and Password fields to specify the authentication details needed to connect for email retrieval.
Retrieval settings Use the Retrieval interval field to specify the minimum interval in minutes between two email retrievals. Then specify a certain folder of your WebMail account where you want the emails stored using the Folder field. You can also select if email messages are deleted or not from the remote server after retrieval, using the Delete on retrieval drop-down box.
Security Select the desired type of encryption used on the RPOP connection you are configuring from the Encryption drop-down box. The available options are 'none', 'SSL' and "TLS'. Use the Enable APOP drop-down box to specify if you want to enable APOP authentication for the respective connection.
RPOP Templates Emails from Yahoo or Gmail accounts are now available in your WebMail account with the RPOP Templates. Click Add Yahoo! Mail/Gmail, fill in the account name, password, set the retrieval settings and click the Save connection button to create a new RPOP entry containing defaults for the selected email provider (Yahoo, Gmail).
220
Copyright © 2008 Gecad Technologies S.A.
http://www.axigen.com
AXIGEN System Administrator's Manual
By default, a new folder is created in Inbox named 'Gmail mail' or 'Yahoo mail' . The user can choose not to use the default but instead pick a folder from the list (in this case no new folder is created).
WARNING: POP3 access is only available for Yahoo! Mail Plus users.
When you are done configuring these parameters, remember to press the Save connection button.
6.6.6. WebMail Account Information
The Account Information page allows users to view data relative to their mailbox quota. They can verify at any time the total quota of their mailbox, their used and remaining quota.
The Total Quota value is set by the server administrator and cannot be modified by the user. For more details see the Account > Quota section. The used and remaining quota values change dynamically as the WebMail account total message size changes.
6.6.7. WebMail Blacklist
When accessing the Blacklist tab in WebMail Settings you can make a list of email addresses you do not wish to receive emails from. When first accessing this page there are no email addresses in the list.
221
Copyright © 2008 Gecad Technologies S.A.
http://www.axigen.com
AXIGEN System Administrator's Manual
To add an address to the Blacklist type it in the Email: text filed and click the Add button.
If you entered your list an email address by accident or you do not wish to block it anymore click its corresponding delete button.
6.6.8. Requesting Temporary Email Addresses
When accessing the Temporary Email tab you can request one or more temporary email addresses (or alias) that can be used for publishing on the web, subscribing to various sites etc.
When you click the Generate button the server automatically creates a random valid alias (out of letters and numbers, in the same domain as the user) and activates it. As long as the addresses exist they are treated as account aliases, meaning mail sent to those email addresses is received in the user's Inbox.
They can be manually deleted by clicking the Recycle Bin button next to it or automatically expire after a specified period. The expiry period as well as the number of temporary email addresses you can request are set by the server administrator at domain or account level and cannot be modified by the user.
For more details see the Configuring Account Quotas and Restrictions and Configuring Quotas and Restrictions sections.
222
Copyright © 2008 Gecad Technologies S.A.
http://www.axigen.com
AXIGEN System Administrator's Manual
Chapter 7. Using AXIGEN WebMail features in Outlook This section describes how you can take full advantage of all AXIGEN's features and capabilities when using Outlook as your email client. The AXIGEN Outlook Connector enhances the communication of Microsoft's email client with the AXIGEN server making available the Personal Organizer, email and contacts management etc.
7.1. Installing the AXIGEN Outlook Connector The AXIGEN Outlook Connector comes with an installation wizard and needs to be setup on each machine using Outlook as an email client and having messaging communications handled by the AXIGEN Mail Server. The installation process is an extremely easy three-step procedure, as shown below.
Important! The AXIGEN Outlook Connector can be installed on the following platforms: • • Windows XP Professional SP 2 with Outlook 2003/SP3 or 2007/SP1 • • Windows Vista Business with Outlook 2007/SP1
To run the wizard, double-click the executable file which will then prompt the wizard welcome window. Click Next to start installing.
The second step consists in reading and agreeing to the End-User License Agreement. Click I Agree to start the actual installation process or Cancel to quit installing the connector. Click Back to go back to the welcome window.
223
Copyright © 2008 Gecad Technologies S.A.
http://www.axigen.com
AXIGEN System Administrator's Manual
If you agree to the product EULA, the AXIGEN Outlook Connector will be installed. To exit the setup wizard, click Finish, as shown below.
After running the setup wizard, you will have to configure Outlook for use with the AXIGEN Outlook Connector. To do so, please follow the steps below:
1. Add a new Outlook profile, if you don't have one:
1.1. Go to Start-> Control Panel -> Mail applet.
1.2. Select 'Show Profiles...' -> 'Add...' , add a name for your new profile, select 'Ok'.
2. Add a new account to the profile you have just added:
2.1. From the 'E-mail' section, choose 'Add a new e-mail account'.
2.2. In the 'E-mail Accounts' dialog, 'Server Type' section choose 'Additional Server Types'.
2.3. In 'E-mail Accounts' dialog, 'Additional Server Types' section choose 'Axigen Mail Server'.
3. Fill all required settings for the 'Axigen Outlook Connector' service:
224
Copyright © 2008 Gecad Technologies S.A.
http://www.axigen.com
AXIGEN System Administrator's Manual
3.1. Fill in the 'Server Name' edit control with the IP or the server name of the AXIGEN Mail Server. If you do not have the required information, please contact your system administrator for more details.
3.2. Fill in the 'IMAP Port' and 'SMTP Port' fields, with the ports on which the IMAP and SMTP services are listening (Example: IMAP - 143 / SMTP - 25). If you do not have the required information, please contact your system administrator for more details.
3.3. Enable the 'Windows Native (kerberos)' option so the connector will use the credentials of the logged in user to authenticate to the AXIGEN account (if the server is configured to allow this type of authentication). Enabling this option disables the account name and password fields since the current user credentials from the kerberos ticket will be used.
3.4. Fill in the 'Account Name' and 'Password' fields with the account name and password provided by your mail server administrator.
3.5. Check the 'Use secure authentication' option to instruct the Connector to use secured authentication. If the server is not configured to allow this type of authentication enabling this option will yield login failure.
3.6. Use the 'Remember Password' option so you won't have to type it in each time you open Outlook.
3.7. Click the 'Test Connection...' button to verify that the details you entered are correct and complete and your account is working.
4. Start Outlook and select the profile name you have added at step 1 from the 'Choose Profile' dialog.
7.2. Server Side Rules Users can easily create a filtering system to manage their email flow with the Server Side Rules. When first accessing the Mail Processing Rules window a list of the already defined filters is displayed. If no filter has been previously set the list will be blank.
To edit or delete an existing filter select it and use the Edit or Delete buttons. Change priorities between filters by selecting them and using the Up and Down buttons.
Click the New button to create a new filter. Whether creating a new filter or editing an existing one the options displayed are the same.
225
Copyright © 2008 Gecad Technologies S.A.
http://www.axigen.com
AXIGEN System Administrator's Manual
- use this icon to add a new criterion and/or a new action;
- use this icon to remove one of the previously created criteria and/or actions.
Select what conditions should the messages meet for the filter to apply. Available options include setting conditions relative to the subject, sender, receiver, Cc, To or Cc, size of the email, as well as a customization option accessible by choosing Custom. Next select if the filtered messages should match all or any of the defined criteria. In the second window edit the conditions previously selected by clicking an underlined value.
Click the Cancel or Next button to quit/continue editing the filter.
Further define the actions to be taken (i.e. moving, copying, deleting, or redirecting it to a certain email address etc.) if an email message matches the previously specified criteria. In the second window edit the selected actions by clicking an underlined value.
Click the Cancel/Next button to quit/continue editing the filter or the Back button to go back to the conditions window.
226
Copyright © 2008 Gecad Technologies S.A.
http://www.axigen.com
AXIGEN System Administrator's Manual
Finally use the name text field to specify a name for the currently defined filter and enable it by checking the Turn on this rule option. Review the rule description to make sure it is defined correctly and click the Finish button.
You can quit editing the rule by clicking Cancel or go back to the Actions window by hitting the Back button.
7.3. Folder Sharing To control a folder's sharing permissions, go to the tree folder on the left, right click on the folder you wish to set permissions on, choose Sharing or Properties and in the new window select the Folder Permissions tab. When accessing this tab for a folder a list of the already defined permissions is displayed. If no permission has been previously set the list will be blank.
Check the Apply to subfolders option so the permissions set for the current folder will be automatically applied to its sub-folders. Click the Add button to add a user or a group of users and set the permission level on the folder. There are 6 levels to choose from:
• No access (all permissions are denied)
227
Copyright © 2008 Gecad Technologies S.A.
http://www.axigen.com
AXIGEN System Administrator's Manual
• Viewer (view and read folder is allowed) • Contributor (view, read folder and add items is allowed) • Editor (view, read folder, set/clear flags, add items, mark items as deleted/not deleted
and expunge is allowed) • Master (all permissions are allowed) • Custom (each permission is defined individually according to your needs)
Each permission may be allowed explicitly, denied explicitly or not specified. Permissions act hierarchically (are inherited on the group hierarchy). Additionally, resource hierarchies (a folder being parent to another folder) also benefit from the inheritance algorithm. In the Effective Permissions tab you will be able to see what permissions are specifically allowed or not.
IMPORTANT! In the same way domain Postmasters set permissions for Public Folders.
228
Copyright © 2008 Gecad Technologies S.A.
http://www.axigen.com
AXIGEN System Administrator's Manual
7.4. Open/Close other user's folders To have access to folders shared by other users go to the Tools menu > Axigen Mail Server > Open other user’s folder… or right click on a folder in the folder tree and choose Open other user's folders... from the contextual menu. A warning will pop-up asking you to allow access to the email addresses stored in Outlook, check the Allow access for option, choose the desired time interval from the drop-down menu and click Yes.
The address book will open and you will be able to select from the list or type the address of the user whose folder you wish to subscribe to.
WARNING! This option works only for users in the same domain that have set one of the permissions level (except No access).
The folder will appear in the Shared Folders section of your folder tree:
229
Copyright © 2008 Gecad Technologies S.A.
http://www.axigen.com
AXIGEN System Administrator's Manual
If you do not wish to see the folders shared by a certain user anymore close them by going to Tools > Axigen Mail Server > Close other user's folders or right click on a folder in the folder tree and choose Close other user's folders from the contextual menu. In the new window that will pop-up select the user and click Ok.
7.5. Manage Global Permissions To manage the Read free/busy status and Send Mail As permissions in Outlook go to Tools > Axigen Mail Server > Manage Global Permissions…. In the new window a list of users that have either of the two permissions defined is displayed. Each user in the list can be deleted or configured using the Delete and Edit buttons.
To add a user to the list click the Add button. In the new window click the Select user… button to open the address book and choose a contact, then check the Allow or Deny options for the two permissions.
When clicking the Select user button a warning will pop-up asking you to allow access to the email addresses stored in Outlook, check the Allow access for option, choose the desired time interval from the drop-down menu and click Yes.
230
Copyright © 2008 Gecad Technologies S.A.
http://www.axigen.com
AXIGEN System Administrator's Manual
In the Effective Permissions tab you will be able to see what permissions are specifically allowed or not.
231
Copyright © 2008 Gecad Technologies S.A.
http://www.axigen.com
AXIGEN System Administrator's Manual
Chapter 8. Administration Tools Overview AXIGEN Mail Server provides several alternatives for mail server administration.
• WebAdmin WebAdmin is a central administration Web interface that allows configuring the mail server using a tab-organized GUI. Allowing secure access (HTTPS protocol), WebAdmin provides fully described parameters (long description, default values, possible values, suggested values).
WebAdmin allows configuring the email server remotely, over the Internet and provides access to most parameters for every module. This configuration method is highly intuitive, has a fast learning curve and can be used by anyone with users-level skills.
For detailed information on how to use WebAdmin, see Configuring AXIGEN using WebAdmin.
• CLI - Command line configuration interface CLI is a TCP service with specified dedicated socket accessible using Telnet applications and Netcat. CLI provides added functionality as, apart from providing an alternate method of performing basic configuration tasks, it allows automating administration tasks using scripts (adding users, migration).
For detailed information on how to use CLI, see Configuring AXIGEN using CLI.
• Delegated Administration Delegated administration enables the easy creation of administrative groups, with predetermined membership hierarchies and permissions, assigned to specific domains. Administrative users can further be created within one or more of the available groups. An administrative user will then automatically inherit the parameters of the group it is being created in. Administrative users can be assigned to one or more groups with a few mouse clicks. Membership can be limited or expanded by the system administrator at any time.
Permissions are assigned to each user through a Quick Add button and allow in-depth configuration. Fine-tune user access by allowing or denying permissions at server and domain management level. For example, a certain user cannot create accounts or access the WebMail service, while being able to create public folders and configure CLI service parameters.
Delegated administration options are implemented by AXIGEN's AACL module, which comes with a distinct storage that handles permissions for all administrative users.
For detailed information on how to set Delegated Administration parameters, see the Administration Rights Section.
• Config file The configuration file allows you to perform extensive configuration by manually editing this text file - axigen.cfg. This administration method allows fine tuning the server functioning to existing hardware configuration and mailing requirements. Experienced System Administrators have a readily accessible method of setting both basic and very advanced parameters directly, without going through an administration interface.
For information on using the axigen.cfg file, see the subsequent page.
232
Copyright © 2008 Gecad Technologies S.A.
http://www.axigen.com
AXIGEN System Administrator's Manual
8.1. Working with axigen.cfg The general server configuration file currently used by AXIGEN Mail Server is located by default in /var/opt/axigen/run/axigen.cfg (Linux/Solaris) or /var/axigen/run/axigen.cfg (*BSD). A sample configuration file can also be found in the /opt/axigen/share/examples directory.
The axigen.cfg file includes the complete specifications for AXIGEN configuration. Besides containing configuration data specific for AXIGEN modules, axigen.cfg is also used for specifying the primary domain for AXIGEN server (primaryDomain).
Using axigen.cfg, you have access to all AXIGEN Mail Server configuration parameters. Using a text editor, you can manually edit the parameter values and modify the server configuration. The configuration file also contains information on default and possible values and a short explanation for each parameter:
The same options are available when using WebAdmin, except that changes to the configuration are made through the Web GUI. Detailed information on how to configure each parameter and information on its functions are given in the Configuring AXIGEN using WebAdmin sub-sections.
Restrictions When working with axigen.cfg file, you need to follow the restrictions listed below:
• maximum attribute name length: 64 • maximum attribute value length: 128 (expressed as string in configuration file). Each
STRING value is limited to this length, 255
Note: Each time you modify the main configuration file, a reload signal must be sent to AXIGEN, in order to load the new configuration settings.
Definitions Important! • All time attributes (timeouts and time intervals) are specified in seconds. • All data sizes are specified in KB.
When working with axigen.cfg file, the following terms should be used with the meanings specified below:
• UINT: an unsigned integer. • STRING: a case insensitive string, possibly quoted using double quotes. • CS_STRING: a case sensitive string, possibly quoted using double quotes. • IP: an IPv4 address in decimal numbers-and-dots format, i.e.: 127.0.0.1 • IP_SET: a set for IPv4 addresses specified in one of the following modes:
1. IP interval 10.0.0.1-10.0.0.20 2. IP address/IP mask 10.0.0.1/255.0.0.0 3. IP address/IP mask size 10.0.0.1/8
• IP_PORT: an IPv4 address in decimal numbers-and-dots format followed by a ":" char and a decimal port number, i.e.: 127.0.0.1:25
• CHOICE: a single STRING from a specified set of STRINGs, i.e.: "yes" from ("yes" "no") set
• CHOICE-SET: a subset of STRINGs from the specified set of STRINGs; the subset must be specified between round parentheses ()
233
Copyright © 2008 Gecad Technologies S.A.
http://www.axigen.com
AXIGEN System Administrator's Manual
Structure of the axigen.cfg file In axigen.cfg, all objects and attributes are commented using a hash character (#) Also, any block inside /* ... */ is treated as comment. Default values, restrictions and examples for each attribute as provided as comments.
The file is structured based on main configuration objects (server, main services). The attributes corresponding to one object are enclosed in curly brackets {}. The values of an attribute are enclosed in parentheses (). When several objects are grouped in a object set, they are also enclosed in parentheses (). Levels of subordination are indicated by indentation (upper levels will be left-aligned).
For instance, this is how the beginning of the section for the SMTP-In service looks in the text file. All you have to do is manually edit the values of the parameters, as instructed in the # lines. # SMTP service
# TYPE: SMTP-OUTGOING-SERVICE OBJECT
smtpOutgoing = {
# maximum number of threads handling remote SMTP delivery
# TYPE: UINT
# MIN-MAX: 1-128
# DEFAULT: 20
maxConnThreads = 20
# minimum number of threads handling remote SMTP delivery
# TYPE: UINT
# MIN-MAX: 1-128
# DEFAULT: 2
minConnThreads = 2
# service's logging level
# TYPE: UINT
# MIN-MAX: 0-31
# DEFAULT: 15
logLevel = 15
# service's logging type
# TYPE: CHOICE internal | system | remote
# DEFAULT: internal
logType = internal
# service's remote logging host (used only if logType=remote)
# TYPE: IP_PORT
# VALIDITY: only host IP addresses
# DEFAULT: 127.0.0.1:2000
logHost = 127.0.0.1:2000
# list of rules to be applied by the relay module when connecting to a relay server
# There is always defined a 'catch all' client rule with the following attributes:
# priority = 1001
234
Copyright © 2008 Gecad Technologies S.A.
http://www.axigen.com
AXIGEN System Administrator's Manual
# patternIn = "*"
# patternOut = "*"
# authUser = ""
# authPass = ""
# maxConnections = 5
# smtpPort = 25
# smtpIp = 0.0.0.0 (use client MX)
# requestAuth = no
# allowStartTLS = yes
# secureConnAuthTypes = ( all )
# plainConnAuthTypes = ( all )
clients = (
{ # priority for this rule, 1 is highest
# TYPE: REQUIRED UINT
# MIN-MAX: 1-1000 (1001 is reserved for catch all clients)
# DEFAULT: N/A
priority = 500
235
Copyright © 2008 Gecad Technologies S.A.
http://www.axigen.com
AXIGEN System Administrator's Manual
Chapter 9. Configuring AXIGEN using WebAdmin WebAdmin Overview AXIGEN WebAdmin is the recommended administration tool for AXIGEN. While alternative methods are provided (Command Line Interface, text-editable configuration file), WebAdmin is the most intuitive and user-friendly tool. WebAdmin is a web-based configuration interface, tested for Mozilla and Internet Explorer, which gives you access to all configuration parameters for all services in AXIGEN Mail Server. Functionally, it is considered an AXIGEN service, and it can be started and stopped at any time.
WebAdmin is enabled by default in the latest versions of AXIGEN Mail Server, and can be accessed by default on the 127.0.0.1:9000 address. For information on how to set the WebAdmin interface and set the WebAdmin admin password using the AXIGEN Configuration Wizard, see the corresponding section of the this manual.
The current chapter Configuring AXIGEN using WebAdmin is dedicated to configuration options provided in WebAdmin, acting as a complete Administration Guide for AXIGEN Mail Server. It provides information on the configuration of all parameters included in the respective tabs.
WebAdmin Features The WebAdmin service, offers a wide range of functionalities which make it extremely configurable and secure.
Thread Management AXIGEN can run on a large variety of systems and machines, in networks with very different traffic loads, structures, domain configurations, user rights, authorization procedures, etc. Depending on your specific network specifications and conditions, you can adapt the workload to the server's processing power, in order to prevent a system overload or to improve server performance by setting different numbers of processing threads for the WebAdmin service, depending on your traffic load. First, system administrators need to set a number of threads to be allotted when the WebAdmin service is started. To efficiently manage peak periods, a corresponding number of threads is allotted for overloads caused by high traffic.
For information on how to configure connection thread control parameters for WebAdmin, see WebAdmin Thread Management.
Log Control Just like all the other AXIGEN main services, the WebAdmin module can log different types of events. The system administrator can specify what events are logged, where and how they are logged.
See Logging service for more details on logging in AXIGEN. For information on how to configure log control parameters for WebAdmin, see WebAdmin Log Control.
WebAdmin Flow Control In WebAdmin, to efficiently manage the traffic flow, you can allow a maximum number of simultaneous connections, a maximum number of connections from a distinct remote IP, and
236
Copyright © 2008 Gecad Technologies S.A.
http://www.axigen.com
AXIGEN System Administrator's Manual
further fine tune your options by limiting the number of total connections or connection from a certain IP in a given time frame.
For information on how to configure flow control parameters for WebAdmin, see Access and Flow Control Rules.
HTTP Protocol Options for WebAdmin WebAdmin allows you to set HTTP limits for any request made to the WebAdmin service. This prevents you from automatically accepting excessive amounts of data (HTTP headers, HTTP body and upload data).
For information on how to configure HTTP limits for WebAdmin, see WebAdmin HTTP Protocol Options.
Session Options for WebAdmin In WebAdmin, you can impose time limits on sessions, either active or idle. By doing this, you can better manage security and resource related issues.
For information on how to configure connection and session control parameters for WebAdmin, see WebAdmin Session Options.
Working with WebAdmin WebAdmin has several tabs, listed on the left hand side, each of them corresponding either to a certain section (Global Settings, Domain &Accounts, Administrative Rights, etc). Sections can be expanded - to see the tabs they contain - and retracted by clicking the section name.
When first logged in, the Overview page displays a server summary (containing version, permission, running services and antivirus/antispam information). It also displays a list of Quick Links for some of the most commonly used configuration pages, grouped under three main sections: Domain & Accounts, Server Maintenance and Services & Security.
237
Copyright © 2008 Gecad Technologies S.A.
http://www.axigen.com
AXIGEN System Administrator's Manual
Below are described some basic principles you should keep in mind while working with AXIGEN WebAdmin.
Saving the Configuration in WebAdmin After changing any parameter value in WebAdmin, you need to save the new values in the configuration files. In order to do this, you need to press the Save Configuration button available on all tabs, pages and sub-pages where needed. In the example below, a random password set for a user account is being saved.
Confirmation / Error Messages After each command issued, you should check the confirmation message displayed in the upper section of the page. In the example below, parameters of an account have been changed successfully.
In the following example, an account creation operation has failed and you are informed on this status both in the upper section of the WebAdmin page:
238
Copyright © 2008 Gecad Technologies S.A.
http://www.axigen.com
AXIGEN System Administrator's Manual
Displaying/Hiding the Contextual Help Starting with version 5.0, the WebAdmin Interface implements a Contextual Help feature, which guides system administrators through their daily actions by explaining all the available options and parameters. Contextual Help is activated by default and displayed in the right hand side of each page.
To close the Contextual Help window, hit the question mark button as shown in the above screenshot. Once deactivated, you can open it again by hitting the same button, as shown below:
239
Copyright © 2008 Gecad Technologies S.A.
http://www.axigen.com
AXIGEN System Administrator's Manual
9.1. Configuring Global Settings
The Global Settings tab gives axed to a few general parameters and to registering the AXIGEN Mail Server with your license key. It also displays all the information concerning the uploaded license key.
In the Primary Domain text field, the domain currently set as primary is displayed. Use this field to change it to another existing domain.
The SSL Random File text field is used to specify the path to the file with random seed data, used first by the SSL library to seed the random number generator.
To have the disk input/output buffering activated, please check the Enable disk I/O buffering option.
To upload a license key file in the WebAdmin interface, hit the Upload new key button and browse to its current location on your computer. After successfully uploading it, all the details relative to the license type - including company, expiry date, version, included add-ons, and different counters for mailboxes, domains, etc - will be displayed.
When you are done configuring these parameters, remember to hit the Save Configuration button to preserve your changes.
240
Copyright © 2008 Gecad Technologies S.A.
http://www.axigen.com
AXIGEN System Administrator's Manual
9.2. Managing AXIGEN Services The “Services” section enables system administrators to manage and configure the SMTP Receiving, SMTP Sending, IMAP, POP3, WebMail, WebAdmin, DNR, Remote POP and CLI services of the AXIGEN Mail Server.
The subsequent configuration pages of this section contain information on logging, error control, thread management and other service-specific parameters.
9.2.1. Configure the Running Services
The Service Management tab allows you to monitor and configure the AXIGEN Mail Server's running services. By default, when installing AXIGEN Mail Server, the following services will be running: SMTP, IMAP, POP3, WebMail and WebAdmin.
Use the Start, Stop and Restart action buttons in the to specify what services should be run by AXIGEN Mail Server. AXIGEN can run with any number of these services inhibited.
9.2.2. SMTP Receiving Tab
The SMTP Receiving tab allows you to configure parameters relative to this specific service's configuration, to add listeners and manage access to the service by adding rules applicable to all existing listeners. For details on listener and rule configuration, see the Listeners chapter.
Through Service Configuration system administrators can manage logging, looping, error and thread control parameters.
241
Copyright © 2008 Gecad Technologies S.A.
http://www.axigen.com
AXIGEN System Administrator's Manual
Logging
You can select several types of messages to be logged for the SMTP Receiving service: critical messages, error messages, warning messages, informational messages and protocol communication. To select which of these are to be logged, click the Log Level slider and move it to the left or to the right. The selected types of messages will change color from whiter to gray.
Log files can be stored using your internal log files, your system's log files or within the log files located on a remote system. Use the Log drop-down menu to select where to have your log files saved.
Email Loop Protection
A looping message is an email sent from one mail server to another, without reaching its destination. Whenever it is received by a mail server, the email message will have a received header added. To prevent such email from increasing your mail server's traffic, check the Email Loop Protection option and set a number of maximum received headers for all received emails. Values range from 1 to 1000, however the default 30 value is recommended.
Error Control
To set a maximum number of errors caused by invalid commands received from clients or by failed authentication attempts, check the respective options in the Error Control area. Use the up and down arrows corresponding to each of these options to set a specific number of errors.
242
Copyright © 2008 Gecad Technologies S.A.
http://www.axigen.com
AXIGEN System Administrator's Manual
Thread Management
Thread management allows you to set different numbers of processing threads for the SMTP Receiving service, depending on your traffic load. First, using the up and down arrows, set a number of threads to be allotted when the SMTP Receiving service is started. To have a different number of threads for peak periods, check the overload option and use the up and down arrows to choose the thread number.
When you are done configuring these parameters, remember to hit the Save Configuration button to preserve your changes.
9.2.3. SMTP Sending Tab
The SMTP Sending tab allows you to configure parameters relative to the log service and thread control.
Logging
You can select several types of messages to be logged for the SMTP Sending service: critical messages, error messages, warning messages, informational messages and protocol communication. To select which of these are to be logged, click the Log Level slider and move it to the left or to the right. The selected types of messages will change color from whiter to gray.
Log files can be stored using your internal log files, your system's log files or within the log files located on a remote system. Use the Log drop-down menu to select where to have your log files saved.
Thread Management
243
Copyright © 2008 Gecad Technologies S.A.
http://www.axigen.com
AXIGEN System Administrator's Manual
Thread management allows you to set different numbers of processing threads for the SMTP Sending service, depending on your traffic load. First, using the up and down arrows, set a number of threads to be allotted when the SMTP Sending service is started. To have a different number of threads for peak periods, check the overload option and use the up and down arrows to choose the thread number.
When you are done configuring these parameters, remember to hit the Save Configuration button to preserve your changes.
9.2.4. IMAP Tab
The IMAP tab allows you to configure parameters relative to this specific service's configuration, to add listeners and manage access to the service by adding rules applicable to all existing listeners. For details on listener and rule configuration, see the Listeners chapter.
Through Service Configuration system administrators can manage logging, authentication and encryption, error and thread control parameters.
Logging
You can select several types of messages to be logged for the IMAP service: critical messages, error messages, warning messages, informational messages and protocol communication. To select which of these are to be logged, click the Log Level slider and move it to the left or to the right. The selected types of messages will change color from whiter to gray.
Log files can be stored using your internal log files, your system's log files or within the log files located on a remote system. Use the Log drop-down menu to select where to have your log files saved.
Encryption and Authentication
244
Copyright © 2008 Gecad Technologies S.A.
http://www.axigen.com
AXIGEN System Administrator's Manual
By checking the Allow StartTLS, you allow sending the STARTTLS command for encrypting the connection if the server supports this command.
Select the allowed authentication types the AXIGEN Mail Server should use for its IMAP secure connections (SSL/TSL) in the SECURE connections check list. Possible options are: normal login, plain, login, cram-md5, digest-md5 and gssapi. By default, all these methods are selected (all types of authentication are allowed on a secure connection). The methods are further divided into two categories: secure and unsecure.
Select the allowed authentication types the AXIGEN Mail Server should use for its IMAP unsecure connections in the UNSECURE connections check list. Possible options are: normal login, plain, login, cram-md5, digest-md5 and gssapi. By default, all these methods are selected (all types of authentication are allowed on an unsecure connection). The methods are further divided into two categories: secure and unsecure.
Error Control
To set a maximum number of errors caused by invalid commands received from clients or by failed authentication attempts, check the respective options in the Error Control area. Use the up and down arrows corresponding to each of these options to set a specific number of errors.
Thread Management
Thread management allows you to set different numbers of processing threads for the IMAP service, depending on your traffic load. First, using the up and down arrows, set a number of threads to be allotted when the IMAP service is started. To have a different number of threads for peak periods, check the overload option and use the up and down arrows to choose the thread number.
When you are done configuring these parameters, remember to hit the Save Configuration button to preserve your changes.
9.2.5. POP3 Tab
The POP3 tab allows you to configure parameters relative to this specific service's configuration, to add listeners and manage access to the service by adding rules applicable to all existing listeners. For details on listener and rule configuration, see the Listeners chapter.
245
Copyright © 2008 Gecad Technologies S.A.
http://www.axigen.com
AXIGEN System Administrator's Manual
Through Service Configuration system administrators can manage logging, authentication and encryption, error and thread control parameters.
Logging
You can select several types of messages to be logged for the POP3 service: critical messages, error messages, warning messages, informational messages and protocol communication. To select which of these are to be logged, click the Log Level slider and move it to the left or to the right. The selected types of messages will change color from whiter to gray.
Log files can be stored using your internal log files, your system's log files or within the log files located on a remote system. Use the Log drop-down menu to select where to have your log files saved.
Encryption and Authentication
By checking the Allow StartTLS, you allow sending the STARTTLS command for encrypting the connection if the server supports this command.
Select the allowed authentication types the AXIGEN Mail Server should use for its POP3 secure connections (SSL/TSL) in the SECURE connections check list. Possible options are: normal login, plain, login, cram-md5, digest-md5 and gssapi. By default, all these methods are selected (all types of authentication are allowed on a secure connection). The methods are further divided into two categories: secure and unsecure.
246
Copyright © 2008 Gecad Technologies S.A.
http://www.axigen.com
AXIGEN System Administrator's Manual
Select the allowed authentication types the AXIGEN Mail Server should use for its POP3 unsecure connections in the UNSECURE connections check list. Possible options are: normal login, plain, login, cram-md5, digest-md5 and gssapi. By default, all these methods are selected (all types of authentication are allowed on an unsecure connection). The methods are further divided into two categories: secure and unsecure.
Error Control
To set a maximum number of errors caused by invalid commands received from clients or by failed authentication attempts, check the respective options in the Error Control area of the POP3 service. Use the up and down arrows corresponding to each of these options to set a specific number of errors.
Thread Management
Thread management allows you to set different numbers of processing threads for the POP3 service, depending on your traffic load. First, using the up and down arrows, set a number of threads to be allotted when the POP3 service is started. To have a different number of threads for peak periods, check the overload option and use the up and down arrows to choose the thread number.
When you are done configuring these parameters, remember to hit the Save Configuration button to preserve your changes.
9.2.6. WebMail Tab
The WebMail Tab allows you to configure parameters relative to this specific service's configuration, to add listeners and manage access to the service by adding rules applicable to all existing listeners. For details on listener and rule configuration, see the Listeners chapter.
Through Service Configuration system administrators can manage logging, HTTP protocol, WebMail session and thread management parameters.
247
Copyright © 2008 Gecad Technologies S.A.
http://www.axigen.com
AXIGEN System Administrator's Manual
Logging
You can select several types of messages to be logged for the WebMail service: critical messages, error messages, warning messages, informational messages and protocol communication. To select which of these are to be logged, click the Log Level slider and move it to the left or to the right. The selected types of messages will change color from whiter to gray.
Log files can be stored using your internal log files, your system's log files or within the log files located on a remote system. Use the Log drop-down menu to select where to have your log files saved.
HTTP Protocol Options
By checking the Allow HTTP Keep-Alive option, you allow permanent HTTP connections for the WebMail service.
Next, you can set the HTTP limits for WebMail requests. Use the Limit HTTP Request header to option in order to specify the maximum allowed size for incoming HTTP headers, and the Limit HTTP Request body to option in order to specify the maximum allowed size for incoming HTTP body. The third option, Limit file uploads, can be used to set the maximum allowed size for incoming upload data. It applies to attachments, mail body and contact import operations. All size values can be set by using the up and down arrows, in KB or MB.
248
Copyright © 2008 Gecad Technologies S.A.
http://www.axigen.com
AXIGEN System Administrator's Manual
Select the appropriate action to be taken when the incoming data is over the set limits by using the If any of the above limits is exceeded option. Use the drop-down menu in order to choose between closing the connection immediately or allowing all data to be sent.
Webmail Options
Use the Allow domain selection on login option in order to display or not the domain list when logging in to WebMail. Enable it by just checking the box in front of the option.
Set the parameters for WebMail sessions by using the two options under Session. You can specify after how many seconds an inactive (idle) WebMail session is closed, and specify after how many seconds a WebMail session is closed, even if activity exists. Values for these parameters can be entered only in seconds, by using the up and down arrows.
Thread Management
Thread management allows you to set different numbers of processing threads for the SMTP Receiving service, depending on your traffic load. First, using the up and down arrows, set a number of threads to be allotted when the SMTP Receiving service is started. To have a different number of threads for peak periods, check the overload option and use the up and down arrows to choose the thread number.
When you are done configuring these parameters, remember to hit the Save Configuration button to preserve your changes.
9.2.7. WebAdmin Tab
The WebAdmin Tab allows you to configure parameters relative to this specific service's configuration, to add listeners and manage access to the service by adding rules applicable to all existing listeners. For details on listener and rule configuration, see the Listeners chapter.
Through Service Configuration system administrators can manage logging, HTTP protocol, WebAdmin session and thread management parameters.
249
Copyright © 2008 Gecad Technologies S.A.
http://www.axigen.com
AXIGEN System Administrator's Manual
Logging
You can select several types of messages to be logged for the WebMail service: critical messages, error messages, warning messages, informational messages and protocol communication. To select which of these are to be logged, click the Log Level slider and move it to the left or to the right. The selected types of messages will change color from whiter to gray.
Log files can be stored using your internal log files, your system's log files or within the log files located on a remote system. Use the Log drop-down menu to select where to have your log files saved.
HTTP Protocol Options
By checking the Allow HTTP Keep-Alive option, you allow permanent HTTP connections for the WebAdmin service.
Next, you can set the HTTP limits for WebMail requests. Use the Limit HTTP Request header to option in order to specify the maximum allowed size for incoming HTTP headers, and the Limit HTTP Request body to option in order to specify the maximum allowed size for incoming HTTP body. The third option, Limit file uploads, can be used to set the maximum allowed size for incoming upload data. It applies to attachments, mail body and contact import operations. All size values can be set by using the up and down arrows, in KB or MB.
250
Copyright © 2008 Gecad Technologies S.A.
http://www.axigen.com
AXIGEN System Administrator's Manual
Select the appropriate action to be taken when the incoming data is over the set limits by using the If any of the above limits is exceeded option. Use the drop-down menu in order to choose between closing the connection immediately or allowing all data to be sent.
WebAdmin Options
Set the parameters for WebAdmin sessions by using the two options under Session. You can specify after how many seconds an inactive (idle) WebAdmin session is closed, and specify after how many seconds a WebAdmin session is closed, even if activity exists. Values for these parameters can be entered only in seconds, by using the up and down arrows.
Thread Management
Thread management allows you to set different numbers of processing threads for the SMTP Receiving service, depending on your traffic load. First, using the up and down arrows, set a number of threads to be allotted when the SMTP Receiving service is started. To have a different number of threads for peak periods, check the overload option and use the up and down arrows to choose the thread number.
When you are done configuring these parameters, remember to hit the Save Configuration button to preserve your changes.
9.2.8. DNR Tab
The DNR tab allows you to configure parameters relative to logging, DNR Options and Nameservers.
Logging
251
Copyright © 2008 Gecad Technologies S.A.
http://www.axigen.com
AXIGEN System Administrator's Manual
You can select several types of messages to be logged for the POP3 service: critical messages, error messages, warning messages, informational messages and protocol communication. To select which of these are to be logged, click the Log Level slider and move it to the left or to the right. The selected types of messages will change color from whiter to gray.
Log files can be stored using your internal log files, your system's log files or within the log files located on a remote system. Use the Log drop-down menu to select where to have your log files saved.
DNR Options
This section allows you to configure the general parameters relative to the DNR service.
Use the First Query Timeout option in order to specify after how many seconds the first DNR query is closed by AXIGEN Mail Server. The values for these parameters can be entered by using the up and down arrows, and are only expressed in seconds, ranging from 1 to 120 seconds.
NOTE: After each retry, the set timeout is doubled.
In the Max. number of retries field you can specify the maximum number of DNR queries retries to be executed by AXIGEN Mail Server. Use the up and down arrows to enter the values of the parameter.
The No. of cached results option enables you to specify the number of results (IP addresses) cached for each DNR query type to be executed by AXIGEN Mail Server. The default value is 1000 IPs.
Nameservers
You can edit the list of known name (DNS) servers (specified in the operating system configuration) used by AXIGEN Mail Server when performing DNR searches.
To edit one of the defined name servers, just change the values of the corresponding fields and then save the configuration. In the Address field, specify the IP address of the name
252
Copyright © 2008 Gecad Technologies S.A.
http://www.axigen.com
AXIGEN System Administrator's Manual
server. The parameters corresponding to the Query Timeout and Retries fields can be configured according using the guidelines in the DNR Options section, available above.
To add a new name server, hit the Add Nameserver button displayed in the upper right corner of the Nameservers section. Type the nameserver address in the text box then click on Quick Add. The Query Timeout and number of Retries can be set when adding the nameserver or later.
The Actions field allows you to specify the priority level for the defined name servers. Use the available up and down arrows in order to set the order in which name servers are searched (the ones with higher priority, to the top of the list, will be queried first).
When you are done configuring these parameters, remember to hit the Save Configuration button to preserve your changes.
9.2.9. Remote POP Tab
The Remote POP tab allows you to configure parameters relative to logging and thread management.
Logging
You can select several types of messages to be logged for the CLI service: critical messages, error messages, warning messages, informational messages and protocol communication. To select which of these are to be logged, click the Log Level slider and move it to the left or to the right. The selected types of messages will change color from whiter to gray.
253
Copyright © 2008 Gecad Technologies S.A.
http://www.axigen.com
AXIGEN System Administrator's Manual
Log files can be stored using your internal log files, your system's log files or within the log files located on a remote system. Use the Log drop-down menu to select where to have your log files saved.
Thread Management
Thread management allows you to set different numbers of processing threads for the RPOP service, depending on your traffic load. First, using the up and down arrows, set a number of threads to be allotted when the RPOP service is started. To have a different number of threads for peak periods, check the overload option and use the up and down arrows to choose the thread number.
When you are done configuring these parameters, remember to hit the Save Configuration button to preserve your changes.
9.2.10. CLI Tab
The CLI tab allows you to configure parameters relative to this specific service's configuration, to add listeners and manage access to the service by adding rules applicable to all existing listeners. For details on listener and rule configuration, see the Listeners chapter.
Through Service Configuration system administrators can manage logging, authentication and encryption, error and thread control parameters.
Logging
You can select several types of messages to be logged for the CLI service: critical messages, error messages, warning messages, informational messages and protocol communication. To select which of these are to be logged, click the Log Level slider and move it to the left or to the right. The selected types of messages will change color from whiter to gray.
Log files can be stored using your internal log files, your system's log files or within the log files located on a remote system. Use the Log drop-down menu to select where to have your log files saved.
254
Copyright © 2008 Gecad Technologies S.A.
http://www.axigen.com
AXIGEN System Administrator's Manual
CLI Options
To set a limit for the number of commands allowed to be issued before having authenticated on CLI, check the respective option under CLI Options and use the up and down arrows to choose the desired numbers. The default value is of 20 commands.
Error Control
To set a maximum number of errors caused by invalid commands received from clients or by failed authentication attempts, check the respective options in the Error Control area. Use the up and down arrows corresponding to each of these options to set a specific number of errors.
Thread Management
Thread management allows you to set different numbers of processing threads for the CLI service, depending on your traffic load. First, using the up and down arrows, set a number of threads to be allotted when the CLI service is started. To have a different number of threads for peak periods, check the overload option and use the up and down arrows to choose the thread number.
When you are done configuring these parameters, remember to hit the Save Configuration button to preserve your changes.
255
Copyright © 2008 Gecad Technologies S.A.
http://www.axigen.com
AXIGEN System Administrator's Manual
9.3. Domains and Accounts
The Domains and Accounts section gives access to managing and configuring domains, accounts, mailing lists, groups, public folders and account classes.
9.3.1. The Manage Domains Tab
When first entering the Domains tab, a list of the previously defined domains is displayed.
If you have defined a large number of domains, you can quickly locate a certain one using the Domain Search option. The domain list is filtered as you type.
To edit an already defined domain, hit the Edit button on the right side of its name. To delete it, hit its respective Delete button. Should you like to add a new domain, hit the Add Domain button displayed in the upper right corner of the Domain list.
256
Copyright © 2008 Gecad Technologies S.A.
http://www.axigen.com
AXIGEN System Administrator's Manual
To add a new domain first type the name of your domain in the Domain Name text box and set the Postmaster Password in its respective text area or click the Set Random button to select a random password combination. When using this button the password randomly assigned is displayed under it.
Check the Enable MACL Support option so users belonging to this domain will be able to set different permission levels on their folders in order to share them. Only on domain creation you have the option to configure storage location details by clicking the Show button. Detailed information on storage is available in the corresponding Mail Server Architecture chapter.
Use the Quick Add button to create the domain using the default settings or hit the Advanced Config link to further fine tune it. When pressing the Edit button for an existing domain or the Advanced Config link, you access the five pages shown in the below screenshot. The name of the configured domain is listed in the upper section of the screen at all times.
9.3.1.1. Domains General Configuration The Manage Domains > General tab allows system administrators to set the running services for a specific domain and other domain related parameters.
Use the Domain name text field to edit the name of the domain you are currently modifying or creating. To edit the IP dedicated to a specific domain, use the Assigned IP text field.
257
Copyright © 2008 Gecad Technologies S.A.
http://www.axigen.com
AXIGEN System Administrator's Manual
Should you like to have the accounts created for a specific domain included in AXIGEN's public address book, make sure to have the corresponding option checked.
To have the domain included in the WebMail interface domain selection list, check the respective option. Check the Automatically create LDAP authenticated users option so the LDAP defined users are created when they login to a service that requests authentication.
To further have a specific login page displayed for certain requests, you will have to add a host header. To do so, type a name for your host header and hit the Add button. To delete one of the host header, use its assigned Delete button.
The services section displays the list of domain services and their current status. To enable or disable a service, use the respective buttons corresponding to that service's name. Please note that at domain level, only services affecting domain behavior are displayed - SMTP Receiving, SMTP Sending, POP3, IMAP, Remote POP and WebMail.
System administrators can further decide how to treat emails sent to users that do not exist in the edited domain within the Catch-all section. The available option in the selection box are to have them rejected, to redirect them to one of the existing public folders or to redirect them to a catch-all account. If the emails are redirected to an account, you can also specify a folder for the emails to be stored in, using the Change folder button.
258
Copyright © 2008 Gecad Technologies S.A.
http://www.axigen.com
AXIGEN System Administrator's Manual
The General page also displays specific details about the currently edited domain in the Info section. The information refers to the MACL Support status, domain creation date and date and time details for the last modification and login.
When you are done configuring these parameters, remember to hit the Save Configuration button to preserve your changes.
9.3.1.2. Defining Domain Aliases The Manage Domains > Domain Aliases page allows system administrators to create a list of aliases for a certain domain.
The page displays a list of previously defined aliases. Each can be edited using the text field listed under Address. To delete an alias, use its corresponding Delete button. To add a new alias, type its name in the upper right corner text field and hit the Add Alias button.
When you are done configuring these parameters, remember to hit the Save Configuration button to preserve your changes.
9.3.1.3. Domain Message Filters Page The Manage Domains > Message Filters page helps system administrators create and manage incoming message rules and AntiVirus / AntiSpam filters for a specific domain.
Important! • Domain level rules for this domain will run after any existing Server level rules (common actions will be overridden) • AntiVirus / AntiSpam filters enabled at domain level provide the accounts in this domain with an additional filtering layer.
When first accessing the page, a list with the already defined rules and filters is displayed. Both lists can be minimized or maximized by clicking the list name bar. Each message and filter has a Enabled/Disabled status displayed and next to it, the Enabled/Disabled button displays the opposite action of the status. Priorities between enabled Antivirus / Antispam filters or Message rules can be changed using the up and down arrows under the Priority section.
259
Copyright © 2008 Gecad Technologies S.A.
http://www.axigen.com
AXIGEN System Administrator's Manual
To add a new rule for the configured domain, click the Add Message Rule button. They can be deleted or further configured using the Delete and Edit buttons. Type a name for the incoming message rule in the Message rule name text filed and check the Enable this incoming rule option to activate it.
260
Copyright © 2008 Gecad Technologies S.A.
http://www.axigen.com
AXIGEN System Administrator's Manual
Further select if the messages filtered should match all or any of the defined criteria set below. You can add as many conditions as you wish by clicking the Add Condition button. Use the Add Action button to define the actions to be taken if an email message matches the specified criteria.
When you are done configuring these parameters, remember to hit the Save Configuration button to preserve your changes.
9.3.1.4. Configuring the Message Appender The Manage Domains > Message Appender page allows system administrators to create an appender that will be attached to all messages sent by the respective domains.
To have the text you want appended to all sent messages, check the Enable Message Appender for this domain option and edit the text in the available text box.
When you are done configuring these parameters, remember to hit the Save Configuration button to preserve your changes.
9.3.1.5. Managing Account Defaults The Manage Accounts > Account Defaults page defines default values for the parameters that will be automatically inherited by all new accounts and account classes, and can be explicitly set (overridden) in the advanced configuration of the respective account or account class.
The page gives access to three different sub-pages:
• General - allowing system administrators to set running services to be inherited • Quotas and Restrictions - enabling admins to set certain limits for mailbox level,
folder level, notification, password policy, etc. • Message Filters - allowing the creation of message rules
261
Copyright © 2008 Gecad Technologies S.A.
http://www.axigen.com
AXIGEN System Administrator's Manual
9.3.1.5.1. Account Defaults General Parameters The Account Defaults > General subpage lists the currently enabled or disabled services at domain level. When such a service is stopped or started at domain level, the accounts within the specific domain will inherit this configuration.
To enable or disable a service, use the respective buttons corresponding to that service's name. Please note that at domain level, only services affecting domain behavior are displayed - SMTP Receiving, SMTP Sending, POP3, IMAP, Remote POP and WebMail.
When you are done configuring these parameters, remember to hit the Save Configuration button to preserve your changes.
9.3.1.5.2. Configuring Account Quotas and Restrictions The Quotas and Restrictions subpage contains parameters relative to mailbox and folder level, notifications to be sent to account users and restrictions imposed at domain level for all created accounts.
Managing Account Quotas
At mailbox level, the total mailbox size, the total number of folders and the total number of messages can be limited by selecting the respective options in the Mailbox area and using the up and down arrows to adjust the limits to the desired value. For the total size limit, use the available drop-down menu to select if you want it calculated in KB, MB or GB.
262
Copyright © 2008 Gecad Technologies S.A.
http://www.axigen.com
AXIGEN System Administrator's Manual
At folder level, system administrators can set limits for the size of each folder and the total number of messages per each folder by checking the respective options in the Folders section and using the up and down arrows to adjust the limits to the desired value. For the folder size limit, use the available drop-down menu to select if you want it calculated in KB, MB or GB.
To have account users notified when they reach a certain level of their allowed quota through a pop-up displayed when accessing the WebMail interface, check the respective option in the Notifications section and use the up and down arrows to increase or decrease the default percentage of the quota. When this option is checked, the users are also notified at every login. You can set the frequency of these login notifications using the up and down arrows corresponding to this additional option. To select if the respective value is calculated in seconds, minutes, hours or days, check the respective drop-down menu.
System administrators can further edit the content of the notification in the Notification email content section. To edit the text displayed, use the Subject and Body text fields. To insert more values in the email body, use the available buttons - Domain, Account, Full name, Notification threshold percentage, Size quota, Size used, Size used (%), Count Quota, Count Used, Count Used (%).
Configuring Restrictions
263
Copyright © 2008 Gecad Technologies S.A.
http://www.axigen.com
AXIGEN System Administrator's Manual
Password Policy Enforcement System administrators can define a Password Policy to be enforced when an account is created for a respective domain. First of all, they can set a minimum and maximum number of characters for each password, using the up and down arrows or editing directly the text field of the Password length parameters. They can further select from the Password must include drop-down menu if passwords should include letters, letters and numbers or letters, numbers and special characters.
Session restrictions The number of POP3, IMAP and WebMail sessions can be limited for all accounts of a certain domain. To select the desired value, use the up and down arrows or directly edit the text fields pertaining to each type of session. POP3 and IMAP sessions take values from 1 to 16, while WebMail sessions take values from 1 to 2048.
WebMail Restrictions
To limit the size of email message attachments, check the respective option in the WebMail section and use the up and down arrows to select the desired size. To have the size measured in KB, MB or GB use the available drop-down menu.
Use the up and down arrows of the Limit number of attachments per message option or edit its corresponding text field to set a maximum number of attachments allowed to email messages sent or received from any account using the WebMail interface.
Check the Limit message size option to set a maximum size for sent and received messages through the WebMail interface. To do so, use the up and down arrows to select the desired size or edit the corresponding text field.
The Limit number of recipients option allows you to configure a maximum number of recipients for WebMail email messages using the up and down arrow to select the desired size or editing the corresponding text field.
To set the HTML Body Filtering Level for all domain accounts when connected via WebMail, use the available slider. The HTML filtering levels stand for the following:
• No Filtering
264
Copyright © 2008 Gecad Technologies S.A.
http://www.axigen.com
AXIGEN System Administrator's Manual
• Low level filtering - converts the message to standard XHTML • Medium level filtering - generates the email body based on a list of known/allowed
attributes and tags. Anything that is not on this 'allowed list' is removed. This level removes java script, styles, etc.
• High level filtering - generates the email body based only on text components. This means that only plain text components remain in the message. This forth level is the strictest and may actually damage some formatting, but it is also the safest.
Message Sending Restrictions
Limits imposed to sent messages offer system administrators an easy possibility to prevent account users from generating spam. They can thus set a maximum number of messages, their total size and the period in which these are sent using the up and down arrows to select the desired size or editing the corresponding text field. To have message size calculated in KB, GB or MB, use the respective drop-down menu. The time frame for the maximum number of messages can be set to be calculated in seconds, minutes, and hours, using the corresponding drop-down menu.
Remote POP Restrictions
System administrators can limit the number of remote POP accounts defined by account users. To do so, use the up and down arrows to select the desired size or edit the corresponding text field. Additionally, you can specify a minimum interval between two email retrievals for each RPOP connection. Use the Minimum message retrieval interval drop-down menu to have it calculated in seconds, minutes or hours.
Temporary Email Addresses Restrictions
The administrator can set some limits on the usage of temporary email addresses. A user may request maximum 16 temporary email addresses (aliases). If the limit is set to '0' the 'Add' button in WebMail (in the 'Temporary Email Addresses' section) will be disabled but old temporary email address will still be available until they expire or are deleted. The time
265
Copyright © 2008 Gecad Technologies S.A.
http://www.axigen.com
AXIGEN System Administrator's Manual
period from the creation of a temporary email address to its automatic deletion can be set between 10 minutes and 1 year.
When you are done configuring these parameters, remember to hit the Save Configuration button to preserve your changes.
9.3.1.5.3. Managing Account Filters The Manage Account Defaults > Message Filters sub-page enables system administrators to create and manage incoming message rules at account level.
Important! Account level rules will run after any existing Domain level rules and Server level rules (common actions will be overridden).
When first accessing the sub-page, a list with the already defined rules is displayed. Each message rule can be deleted or further configured using the Delete and Edit buttons.
Each message rule has a Enabled/Disabled status displayed and next to it, the Enabled/Disabled button displays the opposite action of the status. Priorities between message rules can be changed using the up and down arrows under the Priority section.
To add a new rule for all domain accounts, click the Add Message Rule button. Type a name for the incoming message rule, use the Message rule name and check the Enable this incoming rule option to activate it.
266
Copyright © 2008 Gecad Technologies S.A.
http://www.axigen.com
AXIGEN System Administrator's Manual
Further select if the messages filtered should match all or any of the defined criteria set below. You can add as many conditions as you wish by clicking the Add Condition button. Use the Add Action button to define the actions to be taken if an email message matches the specified criteria.
When you are done configuring these parameters, remember to hit the Save Configuration button to preserve your changes.
9.3.2. Manage Accounts Tab
When first accessing the Manage Accounts tab a list of existing domains is displayed. To be able to manage the accounts first select one of the existing domains.
After selecting a certain domain, the list of previously created accounts is displayed. To run a search for a specific account use the Account Search field.
To edit an existing account use its corresponding Edit button, to delete it hit the Delete button. In order to create a new account, hit the Add Account button.
267
Copyright © 2008 Gecad Technologies S.A.
http://www.axigen.com
AXIGEN System Administrator's Manual
The domain you are creating the account in is displayed in the Domain name field if you have already selected a certain domain. If you press the Add Account button prior to the domain selection you will have to type the desired domain. Specify a name for the account you are creating in the Account Name text field. Type a password of choice in the Account password text field or click the Set Random button to select a random password combination. When using this button the randomly assigned password is displayed under it.
If you are done configuring the account hit the Quick Add button. Alternatively, should you prefer to further fine tune it click the Advanced Config link. This link and the Edit button of already configured link gives access to four configuration pages, General, Quotas and Restrictions, WebMail Options and Message Filters.
9.3.2.1. Accounts General Page
The Manage Accounts >General page allows system administrators to configure basic account settings such as the account name, password and also displays general information regarding the account in question.
Use the First name and Last name text fields to modify the name of the person the account is created for. The account name can also be edited in its respective text field.
To change an account's password, either type another one in the Account password text field or click the Set Random button to select a random password combination. When using this button the password randomly assigned is displayed under it.
To select whether the default settings established at domain level should be inherited by the account you are currently managing or if the account should be associated with an already defined account class use the Inherit configuration details drop-down menu.
268
Copyright © 2008 Gecad Technologies S.A.
http://www.axigen.com
AXIGEN System Administrator's Manual
The services section displays the list of account services and their current status. To enable or disable a service, use the respective buttons corresponding to that service's name. Please note that at account level only services affecting account behavior are displayed - SMTP Receiving, SMTP Sending, POP3, IMAP, Remote POP and WebMail.
The Info section of the account displays details referring to the creation date of the account, used quota and time, date and IP coordinates of the last logins to the respective accounts through IMAP, POP3 and WebMail.
When you are done configuring these parameters, remember to hit the Save Configuration button to preserve your changes.
269
Copyright © 2008 Gecad Technologies S.A.
http://www.axigen.com
AXIGEN System Administrator's Manual
9.3.2.2. Account Aliases
The Manage Accounts > Account Aliases page allows system administrators to create a list of aliases for a certain user account.
Account Aliases Management
An account alias is a secondary account pointing to the account you are editing. For example, if you are currently editing the account [email protected] previously created and you add [email protected] as an alias, all emails sent to [email protected] will be delivered to [email protected].
Each of the previously defined account aliases can be edited in the text filed or deleted using their corresponding Delete buttons. To add a new alias, type its name in the upper right corner text field and hit the Add Alias button.
When you are done configuring these parameters, remember to hit the Save Configuration button to preserve your changes.
9.3.2.3. Configuring Quotas and Restrictions
The Manage Accounts > Quotas and Restrictions page contains parameters relative to mailbox and folder level, notifications to be sent to account users and restrictions imposed to the account being edited.
Managing Account Quotas At mailbox level, the total mailbox size, the total number of folders and the total number of messages can be limited by selecting the respective options in the Mailbox area and using the up and down arrows to adjust the limits to the desired value. For the total size limit, use the available drop-down menu to select if you want it calculated in KB, MB or GB.
At folder level, system administrators can set limits for the size of each folder and the total number of messages per each folder by checking the respective options in the Folders section and using the up and down arrows to adjust the limits to the desired value. For the folder size limit, use the available drop-down menu to select if you want it calculated in KB, MB or GB.
270
Copyright © 2008 Gecad Technologies S.A.
http://www.axigen.com
AXIGEN System Administrator's Manual
To have account user notified when reaching a certain level of their allowed quota through a pop-up displayed when accessing the WebMail interface, check the respective option in the Notifications section and use the up and down arrows to increase or decrease the default percentage of the quota. When this option is checked, the users are also notified at every login. You can set the frequency of these login notifications using the up and down arrows corresponding to this additional option. To select if the respective value is calculated in seconds, minutes, hours or days use the respective drop-down menu.
System administrators can further edit the notification content in the Notification email content section. Edit the text displayed using the Subject and Body text fields. To insert more values in the email body, use the available buttons - Domain, Account, Full name, Notification threshold percentage, Size quota, Size used, Size used (%), Count Quota, Count Used, Count Used (%).
Configuring Restrictions
271
Copyright © 2008 Gecad Technologies S.A.
http://www.axigen.com
AXIGEN System Administrator's Manual
Password Policy Enforcement System administrators can define a Password Policy to be enforced for the currently created account. First of all, a minimum and maximum number of characters for each password can be set using the up and down arrows or directly editing the Password length parameters text field. Further select from the Password must include drop-down menu if passwords should include letters, letters and numbers or letters, numbers and special characters.
Session restrictions The number of POP3, IMAP and WebMail sessions can be limited for the respective account. To do so select the desired value, use the up and down arrows or directly edit the text fields pertaining to each type of session. POP3 and IMAP sessions take values from 1 to 16, while WebMail sessions take values from 1 to 2048.
WebMail Restrictions
To limit the size of email message attachments, check the respective option in the WebMail section and use the up and down arrow to select the desired size. To have the size measured in KB, MB or GB use the available drop-down menu.
Use the up and down arrows of the Limit number of attachments per message option or edit its corresponding text field to set a maximum number of attachments allowed to email messages sent or received using the WebMail interface
Check the Limit message size option to set a maximum size for sent and received messages through the WebMail interface. To do so either use the up and down arrows to select the desired size or edit the corresponding text field.
The Limit number of recipients option allows you to configure a maximum number of recipients for WebMail email messages using the up and down arrows to select the desired size or editing the corresponding text field.
To set the HTML Body Filtering Level for this specific account when connected via WebMail use the available slider. The HTML filtering levels stand for the following:
• No Filtering • Low level filtering - converts the message to standard XHTML • Medium level filtering - generates the email body based on a list of known/allowed
attributes and tags. Anything that is not on this 'allowed list' is removed. This level removes java script, styles, etc.
272
Copyright © 2008 Gecad Technologies S.A.
http://www.axigen.com
AXIGEN System Administrator's Manual
• High level filtering - generates the email body based only on text components. This means that only plain text components remain in the message. This forth level is the strictest and may actually damage some formatting, but it is also the safest.
Message Sending Restrictions
Limits imposed to sent messages offer system administrators an easy possibility to prevent account users from generating spam. They can thus set a maximum number of messages, their total size and the period in which these are sent using the up and down arrows to select the desired size or editing the corresponding text field. To have the message size calculated in KB, GB or MB use the respective drop-down menu. The time frame for the maximum number of messages can be set to be calculated in seconds, minutes, and hours using the corresponding drop-down menu.
Remote POP Restrictions
System administrators can limit the number of remote POP accounts defined by a certain user. To do so, use the up and down arrows to select the desired size or edit the corresponding text field. Additionally, a minimum interval between two email retrievals for each RPOP connection can be specified. Use the Minimum message retrieval interval drop-down menu to have it calculated in seconds, minutes or hours.
Temporary Email Addresses Restrictions
The administrator can set some limits on the usage of temporary email addresses. A user may request maximum 16 temporary email addresses (aliases), if the limit is set to '0' the 'Add' button in WebMail (in the 'Temporary Email Addresses' section) will be disabled but old temporary email address will still be available until they expire or are deleted. The time period from the creation of a temporary email address to its automatic deletion can be set between 10 minutes and 1 year.
Parameter inheritance Parameters or parameter groups that are inherited from the domain's account defaults are automatically marked with the icon, while the ones inherited from an account class are
273
Copyright © 2008 Gecad Technologies S.A.
http://www.axigen.com
AXIGEN System Administrator's Manual
marked with the icon. When explicitly setting the value of an inherited parameter it will be marked with the icon. Moreover, any further changes at parent level (domain's account defaults or account class) will only affect inherited parameters, while explicitly set ones will keep their value. You can, at any time, revert the explicit parameters to their inherited value, by clicking the 'Inherit' link related to the explicitly set parameter (orange) icon.
When you are done configuring these parameters, remember to hit the Save Configuration button to preserve your changes.
9.3.2.4. Account WebMail Options
The Manage Accounts > WebMail Options page allows you to configure an account's appearance, preferences, contact details and signature. These options can also be set by each account user from the WebMail Interface.
Appearance Options
Use the WebMail Skin name drop-down menu to select the WebMail skin that should be used for this account. To configure the WebMail language settings for the respective account use the WebMail Language drop-down menu. The available options are English, German, Romanian, Spanish, Portuguese, Italian, Dutch, Swedish, Norwegian, Polish, Russian, Czech, Greek, Chinese and Persian. The default selected language is English.
You can specify the number of messages to be displayed on a WebMail page for the currently edited mailbox using the Display...messages per page drop-down menu.
Account Preferences
274
Copyright © 2008 Gecad Technologies S.A.
http://www.axigen.com
AXIGEN System Administrator's Manual
You can have a confirmation requested before deleting a message via WebMail from the currently edited account by checking the Ask for confirmation on email deletion option.
Check the Ask for confirmation on empty folder option to request a confirmation on emptying a folder in WebMail for the currently edited account.
To have messages deleted through the WebMail interface sent to Trash check the Move deleted emails to Trash option. If left unchecked messages will be permanently deleted.
Allow the WebMail interface to check for new emails automatically for the configured account by checking the Automatically check for new emails option. Use the available text field or its up and down arrows to define the time frame and the drop-down menu to have the period measured in minutes, hours or days. Check the Display notification when new email arrives option so the user receives a pop-up warning when a new email arrives.
To set the HTML Body Filtering Level for this specific account when connected via WebMail use the available slider. The HTML filtering levels stand for the following:
• No Filtering • Low level filtering - converts the message to standard XHTML • Medium level filtering - generates the email body based on a list of known/allowed
attributes and tags. Anything that is not on this 'allowed list' is removed. This level removes java script, styles, etc.
• High level filtering - generates the email body based only on text components. This means that only plain text components remain in the message. This forth level is the strictest and may actually damage some formatting, but it is also the safest.
Contacts Settings
System administrators can select which contacts to be used for the account they are currently editing. They can either use contacts from the public address-book and/or employ domain contacts. To do so please choose from (or both) available options: Use contacts from public address-book and Use contacts from domain.
275
Copyright © 2008 Gecad Technologies S.A.
http://www.axigen.com
AXIGEN System Administrator's Manual
Defining a Signature
To have a signature defined for all messages sent from the configured account via WebMail type it in the Message Signature text field. The text you define will then be appended to all outgoing email sent from the WebMail interface.
When you are done configuring these parameters, remember to hit the Save Configuration button to preserve your changes.
9.3.2.5. Managing Message Filters
The Manage Domains > Message Filters page enables system administrators to configure a set of rules to be applied to messages received by specific accounts, as well as to view and change any of the similar rules created by the users themselves. The page gives access to other 2 sub-pages:
• Admin Filters - containing the parameters relative to incoming message rules and filters.
• User Filters - containing the parameters relative to incoming message rules and filters set by users in WebMail > Settings > Filters page.
276
Copyright © 2008 Gecad Technologies S.A.
http://www.axigen.com
AXIGEN System Administrator's Manual
9.3.2.5.1. Admin Filters The Message Filters > Admin Filters sub-page enables system administrators to configure incoming message rules and filters for specific user accounts.
Important: • The Rules and Filters configured in this page replace the ones inherited from account
defaults. • For a direct access to the account defaults parameters, click on the underlined account
defaults option available right under the Admin Filters sub-page name.
Incoming Message Rules Important! When first accessing this tab to be able to add filters for this account click the Define explicit link.
To configure a new message rule, hit the Add Message Rule button and then fill in the specific parameters in the new sub-page, New Message Rule. Each message rule has an Enabled/Disabled status displayed, the action displayed by the button next to it is the opposite of the status. Each rule can be deleted or further configured using the Delete and Edit buttons.
To set the order in which defined rules should apply, use their corresponding up and down arrows available under the Priority section.
Important: All message rules available in this section will run after any existing Server Level Rules and Domain Level Rules (common actions will be overridden)
277
Copyright © 2008 Gecad Technologies S.A.
http://www.axigen.com
AXIGEN System Administrator's Manual
General Settings for the New Message Rule
Use the text box under General Settings in order to specify the name of the new rule then enable the new rule by checking the box in front of the option called Enable this incoming rule.
New Message Rule Conditions In the Matches section, first decide the incoming messages for which you want the rule to apply. Next, choose the conditions you want to apply to those messages (e.g. for messages from '[email protected]').
Use the drop-down menu to select the type of the new condition. Available options include setting conditions relative to the subject, sender, receiver, Cc, To or Cc, size of the email, as well as a customization option, accessible by clicking on Custom. To delete one of the newly-added criteria hit its corresponding trash-bin shaped like button.
New Message Rule Actions
By editing the Actions section you can decide what you want to do with the messages that match the above conditions. Use the drop-down menu to specify the actions corresponding to the mail message i.e. moving, copying, deleting, or redirecting it to a certain email address etc.
To add a new action, click on the Add Action button and then fill in all the corresponding details in the newly-displayed menus. To delete an action hit the trash-bin shaped like button displayed on the right hand side of the action in question.
278
Copyright © 2008 Gecad Technologies S.A.
http://www.axigen.com
AXIGEN System Administrator's Manual
When you are done configuring these parameters, remember to hit the Save Configuration button to preserve your changes.
9.3.2.5.2. User Filters The Message Filters > User Filters sub-page enables system administrators to configure incoming message rules and filters for specific user accounts.
Important: • The User Filters subcategory, in particular, gives you access to the rules defined by the
user for this account using the WebMail interface. • Editing these rules will actually edit the user-defined filters, and the changes will be seen
by the user in the WebMail interface. Access to these rules has been introduced in order to allow the administrator to correct potential problems in user-generated rules through shared access.
Incoming Messages Rules
To configure a new message rule hit the Add Message Rule button and then fill in the specific parameters in the new sub-page, New Message Rule. Each message rule has an Enabled/Disabled status displayed, the action displayed by the button next to it is the opposite of the status. Each rule can be deleted or further configured using the Delete and Edit buttons.
To set the order in which defined rules should apply use their corresponding up and down arrows available under the Priority section.
Important: • The message rules below will run after any existing Server level rules and Domain level
rules (common actions will be overridden).
General Settings of the New Message Rule
279
Copyright © 2008 Gecad Technologies S.A.
http://www.axigen.com
AXIGEN System Administrator's Manual
Use the text box under General Settings in order to specify the name of the new rule, then enable the new rule by checking the box in front of the option called Enable this incoming rule.
New Message Rule Conditions In the Matches section first decide the incoming messages for which you want the rule to apply. Next, choose the conditions you want to apply to those messages.
Use the drop-down menu to select the type of the new condition. Available options include setting conditions relative to the subject, sender, receiver, Cc, To or Cc, size of the email, as well as a customization option accessible by clicking on Custom. To delete one of the newly-added criteria hit its corresponding trash-bin shaped button. New message rules can be set to match all or just part of the specified conditions according to your choice.
New Message Rule Actions
By editing the Actions section you can decide what you want to do with the messages that match the above conditions. Use the drop-down menu to specify the actions corresponding to the mail message i.e. moving, copying, deleting, or redirecting it to a certain email address etc.
To add a new action click on the Add action button and then fill in all the corresponding details in the newly-displayed menus. To delete an action hit the trash-bin shaped like button displayed on the right hand of the action in question.
When you are done configuring these parameters, remember to hit the Save Configuration button to preserve your changes.
280
Copyright © 2008 Gecad Technologies S.A.
http://www.axigen.com
AXIGEN System Administrator's Manual
9.3.3. Groups Tab
When first accessing the Groups tab, a list of the existing domains is displayed. To be able to manage the groups you have to first select one of the existing domains.
After selecting a certain domain the list of previously created groups is displayed. To run a search for a specific group use the Group Search field. To edit an existing group use its corresponding Edit button, to delete it hit the Delete button. In order to create a new group press the Add Group button.
The domain you are creating the group in is displayed in the Domain name field if you have already selected a certain domain. If you press the Add Group button prior to the domain selection you will have to type the desired domain. Specify a name for the group you are creating in the Group Name text field. After specifying these two parameters the groups email address will be displayed (generic address is Groupname@Domainname).
Check the Enable this group option if you want to render the group active. If you are done configuring the group hit the Quick Add button. Alternatively, should you prefer to further fine tune it, click the Advanced Config link. This link and the Edit button of already configured link gives access to two configuration pages: General and Message Filters.
281
Copyright © 2008 Gecad Technologies S.A.
http://www.axigen.com
AXIGEN System Administrator's Manual
9.3.3.1. Group General Configuration
The Groups > General page allows you to add and delete group members and also provides information on the group currently edited.
Use the Group Name text field to edit the name you have previously assigned to your group.
To add a group member type his/her email address in the Group members text field. To add more than one member hit the Add member button which will generate additional text fields for email addresses. To delete an already added member use the Delete button. Check the Enable this group option if you want to render the group active.
The Info section displays details referring to the creation and last modification date and time of the group.
When you are done configuring these parameters, remember to hit the Save Configuration button to preserve your changes.
9.3.3.2. Groups Message Filters
The Groups > Message Filters page enables system administrators to create and manage incoming message rules for a specific group.
Important! • Group level rules will run after any existing Domain level rules and Server level rules
(common actions will be overridden).
When first accessing the page a list with the already defined rules and filters is displayed. Both lists can be minimized or maximized by clicking the list name bar.
282
Copyright © 2008 Gecad Technologies S.A.
http://www.axigen.com
AXIGEN System Administrator's Manual
Each message rule has an Enabled/Disabled status displayed, the action displayed by the button next to it is the opposite of the status. Each rule can be deleted or further configured using the Delete and Edit buttons.
To set the order in which defined rules should apply use their corresponding up and down arrows available under the Priority section. To configure a new message rule hit the Add Message Rule button and then fill in the specific parameters in the new sub-page, New Message Rule.
Use the text box under General Settings in order to specify the name of the new rule, then enable the new rule by checking the box in front of the option called Enable this incoming rule.
In the Matches section first decide the incoming messages for which you want the rule to apply. Next, choose the conditions you want to apply to those messages.
Use the drop-down menu to select the type of the new condition. Available options include setting conditions relative to the subject, sender, receiver, Cc, To or Cc, size of the email, as well as a customization option accessible by clicking on Custom. To delete one of the newly-added criteria hit its corresponding trash-bin shaped button. New message rules can be set to match all or just part of the specified conditions according to your choice.
283
Copyright © 2008 Gecad Technologies S.A.
http://www.axigen.com
AXIGEN System Administrator's Manual
By editing the Actions section you can decide what you want to do with the messages that match the above conditions. Use the drop-down menu to specify the actions corresponding to the mail message i.e. moving, copying, deleting, or redirecting it to a certain email address etc.
To add a new action click on the Add action button and then fill in all the corresponding details in the newly-displayed menus. To delete an action hit the trash-bin shaped button displayed on the right hand side of the action in question.
When you are done configuring these parameters, remember to hit the Save Configuration button to preserve your changes.
9.3.4. Mailing Lists
Use the WebAdmin Mailing Lists tab to manage the mail lists in AXIGEN Mail Server. When selecting this tab the currently existing mailing lists are displayed.
If you have defined a large number of mailing lists you can quickly locate a certain one by using the Mailing list Search available in the upper right corner. This field enables you to search by the name of the mailing list, on a filter as you type basis.
You can also search for a mailing list by using the Domain search menu available on the left of the screen. Just fill in the domain name in order to see all the corresponding mailing lists and they will be filtered out as you type. Clicking directly on one of the listed domains will result again in displaying all the mailing lists defined for that specific domain.
To edit an already defined mailing list hit the Edit button on the right side of its name, to delete it hit its respective Delete button. Should you like to add a new mailing list click the Add mailing list button.
284
Copyright © 2008 Gecad Technologies S.A.
http://www.axigen.com
AXIGEN System Administrator's Manual
Fill in the requested details: domain name, list name, list full name, administrator email, then specify a password for the mailing list you wish to create. Hit the Quick Add button in order to create the list using the default settings or the Advanced Config link to further fine tune it.
When pressing the Edit button for an existing mailing list or the Advanced Config link you access the six pages shown in the screen-shot below. The name of the configured mailing list is displayed in the upper section of the screen at all times.
9.3.4.1. Mailing Lists General Configuration
The Manage Lists > General tab allows system administrators to set the running services for a specific domain and other domain related parameters.
Settings
285
Copyright © 2008 Gecad Technologies S.A.
http://www.axigen.com
AXIGEN System Administrator's Manual
Use the List name and List Full Name fields in order to edit the name of the mailing list. The complete name will appear as displayed under these fields. In this example, "Mailing List 1" <[email protected]>.
Use the Account Password text area to manually specify the password for accessing the mailbox of this list, or generate one randomly by hitting the Set Random button. The new randomly generated password will be displayed in the field below: 55Op3tqa, in this case.
Subscription and unsubscription confirmations are automatically accepted for the mailing list displayed under Account Password. Leave blank in the text box if you wish these requests to be confirmed by the administrator.
Services
Use the Services field to specify what services are enabled for this mailing list. To enable or disable a service use the respective buttons corresponding to that service's name. Greyed out options are the ones active.
Info
The General page also displays specific details about the currently edited mailing list in the Info section. The information refers to the account creation date, as well as time details for the last modification and login.
When you are done configuring these parameters, remember to hit the Save Configuration button to preserve your changes.
286
Copyright © 2008 Gecad Technologies S.A.
http://www.axigen.com
AXIGEN System Administrator's Manual
9.3.4.2. Members
The Mailing Lists > Members page allows system administrators to specify the parameters regarding the members of the mailing lists.
The members list is displayed alphabetically taking into account the first letters of the members' email address. You can also use the searching field in order to create a filter and thus be able to locate a certain account faster.
To edit the details of a member address click the Edit button on the right side of its name, to delete it hit its respective Delete button. Should you like to add a new mailing list member hit the Add Member button.
Adding and editing a member address is done by filling in the requested details: the members' email and full name, and then clicking on the Quick Add button.
When you are done configuring these parameters, remember to hit the Save Configuration button to preserve your changes.
9.3.4.3. Subscription and Posting
The Mailing Lists > Subscription and Posting page allows system administrators to set rules regarding subscriptions and unsubscriptions, posting rights, define message headers and templates for mailing lists.
Subscription/Unsubscription In this section, you can set the rules regarding subscriptions and unsubscriptions from a defined mailing list. When checking the Allow subscription/unsubscription via email option you can also decide whether the administrator needs to approve subscriptions and set special email addresses to be used especially for subscribing or unsubscribing.
287
Copyright © 2008 Gecad Technologies S.A.
http://www.axigen.com
AXIGEN System Administrator's Manual
Message posting
Use the drop-down menu from the Messages can be posted by field in order to select who has the right to post messages. Choose one from the three available options: Anyone, Subscribers and Moderator, Moderator Only. Check the Require moderation for option to choose what messages should be moderated: all or those from non subscribers.
Use the content slider available in this section in order to define the type of content a message can have. Move the slider to the left or to the right, in order to make the selection. Enabled types of messages will then change color from whiter to gray.
Message Headers
288
Copyright © 2008 Gecad Technologies S.A.
http://www.axigen.com
AXIGEN System Administrator's Manual
Here you can list or modify the headers you wish to remove from each message. To edit a header hit the Edit button on the right side of its name, to delete it click its respective Delete button. Should you like to add a new header to be removed hit the Define button.
Whether editing or adding a new header for removal you will need to fill in the name of the header, then hit the Quick Add button.
Message Templates
This section enables you to edit the message templates. You can edit headers, footers, error messages and confirmation requests, as well as any automatic messages. Click the button corresponding to the template you are interested in and make the change. Should you like to insert a text at the beginning of each message fill it in the text box available under template types.
When you are done configuring these parameters, remember to hit the Save Configuration button to preserve your changes.
289
Copyright © 2008 Gecad Technologies S.A.
http://www.axigen.com
AXIGEN System Administrator's Manual
9.3.4.4. Configuring Quotas and Restrictions
The Mailing Lists > Quotas and Restrictions page contains parameters relative to parameters at mailbox and folder level, notifications to be sent to the list members and restrictions imposed to the mailing list being edited.
Managing Mailing List Quotas
At mailbox level, the total mailbox size, the total number of folders and the total number of messages can be limited by selecting the respective options in the Mailbox Level area and using the up and down arrows to adjust the limits to the desired value. For the total size limit use the available drop-down menu to select if you want it calculated in KB, MB or GB.
At folder level system administrators can set limits for the size of each folder and the total number of messages per each folder by checking the respective options in the Folder Level section and using the up and down arrows to adjust the limits to the desired value. For the folder size limit use the available drop-down menu to select if you want it calculated in KB, MB or GB.
To have the account user notified when reaching a certain level of their allowed quota, through a pop-up displayed when accessing the WebMail interface, check the respective option in the Notifications section and use the up and down arrows to increase or decrease the default percentage of the quota.
Session Restrictions
290
Copyright © 2008 Gecad Technologies S.A.
http://www.axigen.com
AXIGEN System Administrator's Manual
The number of POP3, IMAP and WebMail sessions can be limited using the up and down arrows or directly editing the text fields pertaining to each type of session. POP3 and IMAP sessions take values from 1 to 16, while WebMail sessions take values from 1 to 2048.
WebMail Restrictions
To limit the attachment and message size check the respective options in the WebMail section and use the up and down arrows to select the desired size. To have the size measured in KB, MB or GB use the available drop-down menu.
Use the up and down arrows of the Limit number of attachments per message and Limit number of recipients options or edit their corresponding text field to set the maximum number of attachments and recipients in an email message.
Message Sending Restrictions
Limits imposed to sent messages offer system administrators an easy possibility to prevent account users from generating spam. They can thus limit the total number of messages to be sent and their size in a time interval. Use the up and down arrows to select the desired size or edit the corresponding text field. To have message size calculated in KB, GB or MB use the respective drop-down menu.
When you are done configuring these parameters, remember to hit the Save Configuration button to preserve your changes.
9.3.4.5. Mailing Lists WebMail Options
The Mailing Lists > WebMail Options page allows setting up of the mailing list's appearance, preferences, contact details and signature.
Appearance Options
291
Copyright © 2008 Gecad Technologies S.A.
http://www.axigen.com
AXIGEN System Administrator's Manual
Use the WebMail Skin name drop-down menu to select the WebMail skin to be used for this account. To configure the WebMail language settings for the respective account use the WebMail Language drop-down menu. The available options are English, German, Romanian, Spanish, Portuguese, Italian, Dutch, Swedish, Norwegian, Polish, Russian, Czech, Creek, Chinese and Persian. The default selected language is English.
You can specify the number of messages to be displayed on a WebMail page for the currently edited mailbox using the Display...messages per page drop-down menu.
Preferences
You can have a confirmation requested before deleting a message via WebMail from the currently edited mailing list by checking the Ask for confirmation on email deletion option.
Check the Ask for confirmation on empty folder option to request a confirmation on emptying a folder in WebMail.
To have messages deleted through the WebMail interface sent to Trash by check the Move deleted emails to Trash option. If left unchecked, messages will be permanently deleted.
Allow the WebMail interface to check for new emails automatically for the configured mailing list check the Automatically check for new emails option. Use the available text field or its up and down arrows to define the time frame and the drop-down menu to have the period measured in minutes, hours or days.
To set the HTML Body Filtering Level for this specific account when connected to via WebMail, use the available slider. The HTML filtering levels stand for the following:
• No Filtering • Low level filtering - converts the message to standard XHTML
292
Copyright © 2008 Gecad Technologies S.A.
http://www.axigen.com
AXIGEN System Administrator's Manual
• Medium level filtering - generates the email body based on a list of known/allowed attributes and tags.
• Thorough filtering - generates the email body
To have a signature defined for all messages sent from the configured mailing list via WebMail type it in the Message Signature text field. The text you define will then be appended to all outgoing email sent from the WebMail interface.
When you are done configuring these parameters, remember to hit the Save Configuration button to preserve your changes.
9.3.4.6. Mailing Lists Message Filters
The Mailing Lists > Message Filters page enables system administrators to create and manage incoming message rules for a mailing list.
Important! • Account level rules will run after any existing Domain level rules and Server level rules
(common actions will be overridden).
When first accessing the sub-page a list with the already defined rules is displayed. Each message rule can be deleted or further configured using the Delete and Edit buttons.
Each message rule has a Enabled/Disabled status displayed and next to it, the Enabled/Disabled button displays the opposite action of the status. To set the order in which defined rules should apply use their corresponding up and down arrows available under the Priority section.
293
Copyright © 2008 Gecad Technologies S.A.
http://www.axigen.com
AXIGEN System Administrator's Manual
To add a new rule for all domain accounts, click the Add Message Rule button. In the new window type a name for the incoming message rule in the Message rule name field and check the Enable this incoming rule option to activate it.
In the Matches section first decide the incoming messages for which you want the rule to apply. Next, choose the conditions you want to apply to those messages (e.g. for messages from '[email protected]').
Use the drop-down menu to select the type of the new condition. Available options include setting conditions relative to the subject, sender, receiver, Cc, To or Cc, size of the email, as well as a customization option accessible by clicking on Custom. To delete one of the newly-added criteria hit its corresponding trash-bin shaped button. New message rule can be set to match all or just part of the specified conditions according to your choice.
By editing the Actions section you can decide what you want to do with the messages that match the above conditions. Use the drop-down menu to specify the actions corresponding to the mail message i.e. moving, copying, deleting, or redirecting it to a certain email address etc.
To add a new action click on the Add action button and then fill in all the corresponding details in the newly-displayed menus. To delete an action click the trash-bin shaped button displayed on the right hand side of the action in question.
When you are done configuring these parameters, remember to hit the Save Configuration button to preserve your changes.
294
Copyright © 2008 Gecad Technologies S.A.
http://www.axigen.com
AXIGEN System Administrator's Manual
9.3.5. Configuring Public Folders
Use the Public Folders tab to manage public folders in AXIGEN Mail Server. When selecting this tab the currently existing public folders and sub-folders are displayed.
If you have defined a large number of public folders, you can quickly locate a certain one by using the Domain search menu available on the left of the screen. Just fill in the domain name in order to see all the corresponding public folders and they will be filtered out as you type. Clicking directly on one of the listed domains will also result in displaying all the public folders defined for that specific domain.
To add a new public folder click on the desired parent in the list and hit the Add Public Folder button at the top. If you don't select a parent the new public folder will be added in the public folder root. To delete an already defined public folder click its respective Delete button.
Fill in the folder name, select the parent folder from the drop-down menu and specify the email address for this public folder. You can insert multiple email addresses: fill in the email address and then click on the Add Address button. Should you like to delete one of the listed email addresses, click on the trash bin icon available on the right of the email address. Hit the Quick Add button in order to complete the creation of the public folder with these settings or use the Advanced Config link to further fine tune it.
295
Copyright © 2008 Gecad Technologies S.A.
http://www.axigen.com
AXIGEN System Administrator's Manual
When pressing the Edit button for an existing public folder or the Advanced Config link when creating it, you will be able to make more settings in the General and Quotas configuration pages.
The name of the configured public folder will be displayed in the upper section of the screen at all times.
9.3.5.1. Public Folders General Configuration
The Public Folders > General page allows system administrators to begin the configuration of a public folder.
Settings
The system administrator can specify here the email address for this public folder. Multiple email addresses can be defined: fill in the email address and then click on the Add button. Should you like to delete one of the listed email addresses, click the Delete button available on the right of the email address.
9.3.5.2. Configuring Public Folders Quotas
The Public Folders > Quotas page contains parameters relative to the mailbox and folder levels of the public folder being edited.
296
Copyright © 2008 Gecad Technologies S.A.
http://www.axigen.com
AXIGEN System Administrator's Manual
System administrators can set limits for the size of each folder and the total number of messages per each folder by checking the respective options and using the up and down arrows to adjust the limits to the desired value. For the folder size limit, use the available drop-down menu to select if you want it calculated in KB, MB or GB.
Important! The values set will be used by any new public folder you create for this domain. You can override them by editing the Quotas section of any specific public folder.
When you are done configuring these parameters, remember to hit the Save Configuration button to preserve your changes.
9.3.6. Account Classes Tab
Use the Account Classes tab to manage the account classes in AXIGEN Mail Server. When selecting this tab the currently existing account classes are displayed.
If you have defined a large number of account classes you can quickly locate a certain one by using the Domain search menu available on the left of the screen. Just fill in the domain name in order to see all corresponding account classes, they will be filtered out as you type. Clicking directly on one of the listed domains will also result in displaying all the account classes defined for that specific domain. The above screen-shot displays all the account classes created for the mycompany.com domain: Marketing_Accounts, Management_Accounts and Sales_Accounts.
To edit an already defined account class hit the Edit button on the right side of its name, to delete an already defined account class click its corresponding Delete button. Should you like to add a new account class hit the Add Account Class button displayed in the upper right corner of the screen.
297
Copyright © 2008 Gecad Technologies S.A.
http://www.axigen.com
AXIGEN System Administrator's Manual
Add a new account class for the currently selected domain, in our case the mycompany.com domain, which is also automatically filled in the Domain Name field and can be edited.
For successfully creating a new account class fill in its name in the Account Class Name field, then hit the Quick Add button in order to create it using the default domain inherited parameters or the Advanced Config link to explicitly define account parameters. When pressing the Edit button for an existing account class or the Advanced Config link, you access the three pages shown in the below screenshot. The name of the configured account class is listed in the upper section of the screen at all times.
9.3.6.1. Account Classes General Parameters
The Account Class > General page displays the list of class services and their current status.
To enable or disable a service use the respective buttons corresponding to that service's name. Please note that at account class level only services affecting account class behavior are displayed - SMTP Receiving, SMTP Sending, POP3, IMAP, Remote POP and WebMail.
When you are done configuring these parameters, remember to hit the Save Configuration button to preserve your changes.
298
Copyright © 2008 Gecad Technologies S.A.
http://www.axigen.com
AXIGEN System Administrator's Manual
9.3.6.2. Configuring Quotas and Restrictions
The Account Classes > Quotas and Restrictions page contains parameters relative to mailbox and folder level, notifications to be sent to users and restrictions imposed for all created account classes.
Important! Changing the parameters below will affect the account classes that have inherited parameters. Explicitly set parameters will not be affected.
Managing Account Quotas
The total mailbox size, the total number of folders and the total number of messages can be limited by selecting the respective options in the Mailbox level area and using the up and down arrows to adjust the limits to the desired value. For the total size limit use the available drop-down menu to select if you want it calculated in KB, MB or GB.
System administrators can set limits for the size of each folder and the total number of messages per each folder by checking the respective options in the Folder level section and using the up and down arrows to adjust the limits to the desired value. For the folder size limit use the available drop-down menu to select if you want it calculated in KB, MB or GB.
To have account users notified when they reach a certain level of their allowed quota, through a pop-up displayed when accessing the WebMail interface, check the respective option in the Notifications section and use the up and down arrows to increase or decrease the default percentage of the quota. When this option is checked the users are also notified at every login. You can set the frequency of these login notifications using the up and down arrows corresponding to this additional option. To select if the respective value is calculated in seconds, minutes, hours or days check the respective drop-down menu.
299
Copyright © 2008 Gecad Technologies S.A.
http://www.axigen.com
AXIGEN System Administrator's Manual
System administrators can further edit the content of the notification in the Notification email content section. To edit the text displayed use the Subject and Body text fields. To insert more values in the email body use the available buttons - Domain, Account, Full name, Notification threshold percentage, Size quota, Size used, Size used (%), Count Quota, Count Used, Count Used (%).
Configuring Restrictions
Password Policy Enforcement System administrators can define a Password Policy to be enforced when an account is created for a respective account class. First of all, a minimum and maximum number of characters for each password can be set using the up and down arrows or directly editing the Password length parameters. Further select from the Password must include drop-down menu if passwords should include letters, letters and numbers or letters, numbers and special characters.
Session restrictions The number of POP3, IMAP and WebMail sessions can be limited for all accounts in a certain account class. To do so select the desired value, use the up and down arrows or directly edit the text fields pertaining to each type of session. POP3 and IMAP sessions take values from 1 to 16, while WebMail sessions take values from 1 to 2048.
300
Copyright © 2008 Gecad Technologies S.A.
http://www.axigen.com
AXIGEN System Administrator's Manual
WebMail Restrictions
To limit the size of email message attachments check the respective option in the WebMail section and use the up and down arrows to select the desired size. To have the size measured in KB, MB or GB use the available drop-down menu.
Use the up and down arrows of the Limit number of attachments per message option or edit its corresponding text field to set a maximum number of attachments allowed to email messages sent or received from any account using the WebMail interface.
Check the Limit message size option to set a maximum size for sent and received messages through the WebMail interface. To do so, use the up and down arrow to select the desired size or edit the corresponding text field.
The Limit number of recipients option allows you to configure a maximum number of recipients for WebMail email messages using the up and down arrow to select the desired size or editing the corresponding text field.
To set the HTML Body Filtering Level for this specific account when connected to via WebMail, use the available slider. he HTML filtering level stand for the following:
• No Filtering • Low level filtering - converts the message to standard XHTML • Medium level filtering - generates the email body based on a list of known/allowed
attributes and tags. Anything that is not on this 'allowed list' is removed. This level removes java script, styles, etc.
• High level filtering - generates the email body based only on text components. This means that only plain text components remain in the message. This forth level is the strictest and may actually damage some formatting, but it is also the safest.
Message Sending Restrictions
301
Copyright © 2008 Gecad Technologies S.A.
http://www.axigen.com
AXIGEN System Administrator's Manual
Limits imposed to sent messages offer system administrators an easy possibility to prevent account users from generating spam. They can thus set a maximum number of messages, their total size and the period in which these are sent using the up and down arrows to select the desired size or editing the corresponding text field. To have the message size calculated in KB, GB or MB use the respective drop-down menu. The time frame for the maximum number of messages can be set to be calculated in seconds, minutes, and hours using the corresponding drop-down menu.
Remote POP Restrictions
System administrators can limit the number of remote POP accounts for account classes. To do so use the up and down arrows to select the desired size or edit the corresponding text field. Additionally you can specify a minimum interval between two email retrievals for each RPOP connection. Use the Minimum message retrieval interval drop-down menu to have it calculated in seconds, minutes or hours.
Temporary Email Addresses Restrictions
The administrator can set some limits on the usage of temporary email addresses. A user may request maximum 16 temporary email addresses (aliases), if the limit is set to '0' the 'Add' button in WebMail (in the 'Temporary Email Addresses' section) will be disabled but old temporary email address will still be available until they expire or are deleted. The time period from the creation of a temporary email address to its automatic deletion can be set between 10 minutes and 1 year.
Parameter inheritance Parameters or parameter groups that are inherited from the domain's account defaults are automatically marked with the icon. When explicitly setting the value of an inherited parameter it will be marked with the icon. Moreover, any further changes at parent level (domain's account defaults) will only affect inherited parameters, while explicitly set ones will keep their value. You can, at any time, revert the explicit parameters to their inherited value, by clicking the 'Inherit' link related to the explicitly set parameter (orange) icon.
Any parameter change in this account class will propagate on all the accounts that are set to inherit this class. The inherited values can be overridden (set explicitly) at account level, thus allowing you to create exceptions from the account class. Please note that if you explicitly
302
Copyright © 2008 Gecad Technologies S.A.
http://www.axigen.com
AXIGEN System Administrator's Manual
set a parameter at account level, further changes of that parameter (in the parent account class) will not affect the respective account.
When you are done configuring these parameters, remember to hit the Save Configuration button to preserve your changes.
9.3.6.3. Managing Message Filters
The Account Classes > Message Filters page enables system administrators to create and manage incoming message rules for an account class.
Important! Changing the parameters below will affect the account classes that have inherited parameters. Explicitly set parameters will not be affected. • Account level rules will run after any existing Domain level rules and Server level rules
(common actions will be overridden). Important! When first accessing this tab to be able to add filters for this account class click the Define explicit link.
Each message rule has a Enabled/Disabled status displayed and next to it, the Enabled/Disabled button displays the opposite action of the status. To set the order in which defined rules should apply use their corresponding up and down arrows available under the Priority section.
Message rules can be deleted or further configured using the Delete and Edit buttons. To add a new message rule click the Add Message Rule button. In the new window type a name for the incoming message rule in the Message rule name field and check the Enable this incoming rule option to activate it.
In the Matches section first decide the incoming messages for which you want the rule to apply. Next, choose the conditions you want to apply to those messages (e.g. for messages greater than 5000kb).
303
Copyright © 2008 Gecad Technologies S.A.
http://www.axigen.com
AXIGEN System Administrator's Manual
By editing the Actions section, you can decide what you want to do with the messages that match the above conditions. Use the drop-down menu to specify the actions corresponding to the mail message, i.e. moving, copying, deleting, or redirecting it to a certain email address etc.
Several actions to be performed can be added, click on the Add action button and fill in all the corresponding details in the newly-displayed menus. To delete an action click the trash-bin shaped button displayed on the right hand side of the action in question.
When you are done configuring these parameters, remember to hit the Save Configuration button to preserve your changes.
304
Copyright © 2008 Gecad Technologies S.A.
http://www.axigen.com
AXIGEN System Administrator's Manual
9.4. Security & Filtering The "Security & Filtering" section comprises tabs relative to AXIGEN Mail Server's integration with antivirus/antispam applications, as well as the management of its global access control, acceptance and routing policies, Sieve filtering and message rules. The comprised configuration options allow you to define and maintain a comprehensive security policy by employing Antivirus and AntiSpam applications, the incoming message rules wizard, custom blacklists and other filtering tools.
9.4.1. AntiVirus and AntiSpam Tab
The Security & Filtering >AntiVirus and AntiSpam tab allows system administrators to view and configure the AntiVirus and AntiSpam applications supported by AXIGEN Mail Server.
Accessing this tab leads to the following 3 sub-pages:
• Supported Applications • AntiVirus Actions • AntiSpam Configuration
305
Copyright © 2008 Gecad Technologies S.A.
http://www.axigen.com
AXIGEN System Administrator's Manual
9.4.1.1. Supported AV/AS Applications
The AntiVirus and AntiSpam > Supported Applications page allows you to view and enable the AntiVirus and AntiSpam applications that you wish to run with AXIGEN Mail Server.
Under Supported Applications choose which of the available AntiVirus and AntiSpam applications should run by simply clicking on their corresponding Enable or Disable buttons.
Consider the following: SpamAssassin does not modify headers, no matter how SpamAssassin is configured; AXIGEN integrates X-AXIGEN-SpamLevel depending on the SpamAssassin score and can be used within spamtest and virustest SIEVE filters. Also, Bundled SpamAssassin is the same with the SpamAssassin option, just that it is integrated (bundled) within the AXIGEN kit.
To set the order in which enabled Antivirus and AntiSpam filters should apply, use the up and down arrows available under Actions. To update the AntiVirus and AntiSpam detection status refresh the current page by hitting the click here option.
Enabled applications will run simultaneously and act according to the general settings made in the next pages: AntiVirus Actions and AntiSpam Configuration. Additional antivirus/antispam protection can be granted for specific resources such as a domain or account, by enabling one or more extra applications only for that resource in its Message Filters section.
9.4.1.2. Setting the AntiVirus Actions
The AntiVirus and AntiSpam > AntiVirus Actions page enables system administrators to set the actions to be taken by enabled AntiVirus applications in AXIGEN Mail Server.
306
Copyright © 2008 Gecad Technologies S.A.
http://www.axigen.com
AXIGEN System Administrator's Manual
Use the drop-down menus in this section to set the specific actions that enabled antivirus applications should take when detecting a suspicious e-mail or one that cannot be cleaned. Choose between allowing the e-mail to be delivered, discarding it or moving it to the Trash folder.
When you are done configuring these parameters, remember to hit the Save Configuration button to preserve your changes.
9.4.1.3. AntiSpam Configuration
The AntiVirus and AntiSpam > AntiSpam Configuration page allows system administrators to configure lists of safe email addresses (whitelists) and spam threshholds.
Setting a WhiteList
Use this section in order to configure the WhiteList, the list of e-mail addresses from which e-mails should always be accepted. To edit the details of an already set email address, hit the Edit button on the right side of its name, to delete it hit its respective Delete button. Should you like to add a new e-mail address hit the Add Email button, type it and then click Quick Add.
The asterisk symbol ( * ) can be used as a substitution of any characters in an email address (e.g.: *sale*@mycompany.com, *@mycompany.com, etc.). For example setting *@mycompany.com, will result in delivering all emails received from any email address in mycompany.com domain.
Spam Thresholds Use the sliders or the up and down arrows to set the maximum value for the Spam Thresholds. Available values range between 1 to 10, according to the SpamAssasin score, where 1 is associated to legitimate emails (Not Spam) and 10 to clearly spam e-mails (Spam). Exceeding the set values will result in moving the respective email to the Spam folder, respectively in deleting the email.
307
Copyright © 2008 Gecad Technologies S.A.
http://www.axigen.com
AXIGEN System Administrator's Manual
When you are done configuring these parameters, remember to hit the Save Configuration button to preserve your changes.
9.4.2. Additional AntiSpam Methods
The Additional AntiSpam Methods tab gives access to system administrators to additional antispam filters such as email and DNS blacklists, Sender Policy Filters and Domain Keys filters, lists of safe IPs and DNS checks.
BlackList
Use this section in order to configure the BlackList, the list of e-mail addresses from which e-mails should always be rejected. To edit the details of an already set email address hit the Edit button on the right side of its name, to delete it click its respective Delete button. Should you like to add a new e-mail address, hit the Add Email button and then Quick Add.
The asterisk symbol ( * ) can be used as a substitution of any characters in an email address (e.g.: *sale*@example.com, *@example.com, etc.). For example setting *@example.com, will result in rejecting all emails received from any email address in example.com domain.
308
Copyright © 2008 Gecad Technologies S.A.
http://www.axigen.com
AXIGEN System Administrator's Manual
Sender Policy Framework
Enable the SPF (Sender Policy Framework) authentication method by checking the box in front of it, then use the drop-down menus in order to select the actions to be taken if no SPF records are published and if SPF records cannot be checked. Choose between allowing to deliver the message or deleting the message.
Domain Keys authentication
Enable the DK (Domain Keys) e-mail authentication by checking the box in front of it, then use the drop-down menus in order to select the actions to be taken when no DK records are published and if DK records cannot be checked. Choose between allowing to deliver the message, deleting the message or moving the message to the SPAM folder.
DNSBL (DNS BlackList)
Use the options in this section in order to configure the DNS blacklist. To edit the details of an already added DNS Blacklist, hit its corresponding Edit button, to delete it click its respective Delete button. Available DNS BlackLists can be enabled or disabled by simply clicking on their corresponding Enable or Disable buttons.
Should you like to add a new DNS Blacklist press the Add DNS BlackList button, fill in the Operator Name and DNS BlackList text boxes, then check the Enable this Blacklist option and hit the Quick Add button.
309
Copyright © 2008 Gecad Technologies S.A.
http://www.axigen.com
AXIGEN System Administrator's Manual
Safe IPs/IP Ranges Configure the list of IPs or IP ranges to be skipped by the DNS BlackList lookup by adding the respective IPs in this section. To edit the details of an already added IP or IP range hit its corresponding Edit button, to delete it click its respective Delete button.
Should you like to add a new safe IP or IP range, hit the Add IP/Range button, select one of the available options: Network/Mask, IP Range or Single IP and fill in its corresponding details in the displayed text box.
DNS Check
Available actions for this section include rejecting emails received from domains with no MX entry or emails from originating IP with no reverse DNS entry. Just check the box in front of the option that you want to enable in order to activate it.
When you are done configuring these parameters, remember to hit the Save Configuration button to preserve your changes.
310
Copyright © 2008 Gecad Technologies S.A.
http://www.axigen.com
AXIGEN System Administrator's Manual
9.4.3. Global Access Control
The Security & Filtering > Global Access Control tab allows system administrators to configure the parameters relative to the global access control such as access restrictions and others.
Access Restriction
Use the options in this section to configure the IP/IP Ranges for which all services are to be denied access. To edit the details of an already set IP/IP Range hit its corresponding Edit button, to delete it click its respective Delete button.
Should you like to add a IP/IP Range hit the Add IP/Range button, select one of the available options: Network/Mask, IP Range or Single IP and fill in its corresponding details in the displayed text box, then hit the Quick Add button.
Important! Global Access Restrictions will be automatically applied to all the services and their respective listeners. You can also set individual permissions for each service and each existing listener from the specific service configuration sections found under the Services tab.
When you are done configuring these parameters, remember to hit the Save Configuration button to preserve your changes.
9.4.4. Acceptance & Routing Tab
The Security & Filtering > Acceptance & Routing tab allows system administrators to configure the message acceptance settings and routing rules. This tab gives access to three pages:
• Acceptance Basic Settings - containing the basic policies for emails acceptance. • Routing Basic Settings - containing the basic policies for emails routing. • Advanced Settings - containing the advanced policies for emails acceptance and
routing.
311
Copyright © 2008 Gecad Technologies S.A.
http://www.axigen.com
AXIGEN System Administrator's Manual
9.4.4.1. Acceptance Basic Settings
The Acceptance & Routing > Acceptance Basic Settings page allows system administrator to configure a set of basic acceptance policies at SMTP-connection level such as the maximum size for received emails, the allowed ESMTP commands, rules for local delivery and settings relative to the default SMTP banner.
Incoming connections established via SMTP and the message flow can be easily managed using the established policies. Moreover, they allow adding headers, changing addresses and other such actions.
Received messages
Check the Limit message size option and then use the up and down arrows in order to specify the maximum size for received messages. Then use the drop-down menu to select one of the available options: bytes, KB, MB or GB as necessary. Maximum value: 4096 MB.
Use the up and down arrows or fill in the text box in order to specify the maximum number of received headers. This will result in denying looping emails when the number of received headers exceeds the specified value (30 in this example). Available values range from 1 to 999.
Check the Limit no. of recipients per message option in order to specify the maximum number of recipients for received emails. Fill in the text box or use the corresponding up and down arrows in order to set the specific value, between 1 and 1000.
Allowed ESMTP Commands
Specify the allowed ESMTP Commands using the options in this section. Enable the StartTLS, 8-bit MIME, binary or pipelining extensions by simply checking their corresponding boxes.
312
Copyright © 2008 Gecad Technologies S.A.
http://www.axigen.com
AXIGEN System Administrator's Manual
Allow/Disallow local delivery
Set the parameters for local delivery using the options under Allow/Disallow local delivery. Here you can choose to enable/disable the local delivery and mandatory authentication. Check the box for the option that you want to activate.
Override default SMTP banner
Should you like to set a new SMTP banner check the box in front of the Override default SMTP banner option and then fill in the details of the new SMTP banner in the corresponding text box. The newly-added SMTP banner will automatically override the parameters of the default one.
When you are done configuring these parameters, remember to hit the Save Configuration button to preserve your changes.
9.4.4.2. Routing Basic Settings
The Acceptance & Routing > Routing Basic Settings page allows system administrators to configure a set of basic policies for message routing and thus customize SMTP Outgoing actions for all or part of the relayed email communication: specifying a smart host, outgoing connections settings, enabling remote delivery or setting a new SMTP connection timeout.
Setting a Smart Host
Check the box in front of the Enable smart host delivery option and fill in the requested details in the Host and Port text-boxes. As a result the smart host delivery will be enabled and all outgoing messages will be sent to the specified host.
Should you like to enable username/password authentication before relaying emails to a certain address check the box in front of the option called Authenticate using and then fill in the username and password details in the available text boxes. You can also use a SSL connection by checking the box in front of the corresponding option, Use SSL connection.
313
Copyright © 2008 Gecad Technologies S.A.
http://www.axigen.com
AXIGEN System Administrator's Manual
Remote delivery
Enable remote delivery and mandatory authentication using the options under the Allow/Disallow remote delivery section. Just check the box in front of the option that you want to activate.
Outgoing connection settings
To allow the use of the StartTLS extension check the Use StartTLS if available option. Should you like to have messages sent through a specific network interface check the box in front of the option called Send messages through network interface, then use the drop-down menu to select between using the system default network interface or using a custom one. In the latter case also specify the corresponding IP in the available text box.
Should you like to set a new SMTP connection timeout for outgoing messages check the box in front of the option called Override default outgoing SMTP connection timeout, then use the up and down arrows to specify the parameter of the new timeout. Use the drop-down menu to select the value of the timeout (seconds, minutes or hours).
When you are done configuring these parameters, remember to hit the Save Configuration button to preserve your changes.
9.4.4.3. Advanced Settings
The Acceptance & Routing > Advanced Settings page allows system administrators to configure a set of advanced message acceptance and routing policies for incoming and outgoing SMTP modules.
Advanced Settings
314
Copyright © 2008 Gecad Technologies S.A.
http://www.axigen.com
AXIGEN System Administrator's Manual
Use the options under Advanced Settings to further tune any of the already set SMFL filters. Advanced acceptance rules will override the basic acceptance policy settings for the specified conditions.
To edit or delete a specific acceptance/routing rule, just use the Edit or the Delete buttons available on the right side of the filter in question. To set the order in which available rules will be applied use the up and down arrows under Priority.
Adding a new acceptance or routing rule
Hitting the Add Acceptance/Routing Rule button will lead you to another page called New Acceptance/Routing rule. Use the text box under General in order to specify the name of the new rule, then enable the new rule by checking the box in front of the Enabled option.
New rule conditions
Use the options under Conditions in order to specify the type of the new condition you wish to create, then hit the Add condition button and use the available text boxes and menus to configure the parameters of the newly-added condition. To delete one of the newly-added conditions click the recycle bin shaped icon on its right. Created conditions can match all or just part of the specified criteria according to your choice.
315
Copyright © 2008 Gecad Technologies S.A.
http://www.axigen.com
AXIGEN System Administrator's Manual
Use the options under Conditions in order to specify the type of the new action that you wish to add, then hit the Add action button and use the available text boxes and menus to configure the parameters of the newly-added condition. To delete one of the newly-added conditions, hit the x button.
When you are done configuring these parameters, remember to hit the Save Configuration button to preserve your changes.
9.4.5. Incoming Message Rules Tab
The Security & Filtering > Incoming Message Rules tab allows system administrators to configure a set of message rules instructing the AXIGEN Mail Server to take certain actions on processed email messages based on pieces of information contained by the message headers.
Important! Server level message rules can be overridden by specific domain/account/mail list/group level rules.
To edit or delete any of the available rules just use the Edit or the Delete buttons, available on the right side of the rules in question. To add a new message rule click the Add Message Rule button and fill in the requested details. To set the order in which available rules will be applied use the up and down arrows under the Priority section.
316
Copyright © 2008 Gecad Technologies S.A.
http://www.axigen.com
AXIGEN System Administrator's Manual
When you are done configuring these parameters, remember to hit the Save Configuration button to preserve your changes.
9.4.5.1. New Message Rule Page
The Incoming Message Rules > New Message Rules tab allows system administrators to specify a new rule for incoming messages.
Use the text box under General in order to specify the name of the new rule, then enable the new rule by checking the box in front of the Enabled option.
New rule conditions
Use the drop-down menu to select the type of new condition. Available options include setting criteria relative to the connection, local address, remote address, recipient, sender, DNS checks, session, extensions and delivery . To delete one of the newly-added conditions hit its corresponding recycle bin shaped icon on its right. New message rule can be set to match all or just part of the specified criteria according to your choice.
Further configure the rule by using one of the options displayed by the drop-down menu and then fill in the text box with the corresponding details.
317
Copyright © 2008 Gecad Technologies S.A.
http://www.axigen.com
AXIGEN System Administrator's Manual
Actions
Message rules extract information from the mail header and take actions according to the pre-defined rules. Use the drop-down menu available under Actions to set the actions corresponding to the conditions set above.
To add a new action click on the Add action option and then fill in all the corresponding details in the newly-displayed menus.
When you are done configuring these parameters remember to hit the Save Configuration button to preserve your changes.
9.5. Queue The Queue section gives access to settings, defining, processing and viewing options for messages within the queue and also allows system administrators to take specific actions on certain emails.
318
Copyright © 2008 Gecad Technologies S.A.
http://www.axigen.com
AXIGEN System Administrator's Manual
9.5.1. Processing Tab
The Processing tab allows you to adjust mail scheduling parameters according to your needs.
Logging
You can select several types of messages to be logged: critical messages, error messages, warning messages, informational messages and protocol communication. To select which of these are to be logged click the Log Level slider and move it to the left or to the right. The selected types of messages will change color from whiter to gray.
Log files can be stored using your internal log files, your system's log files or within the log files located on a remote system. Use the Log drop-down menu to select where to have your log files saved.
Email Delivery
Use the options in the Email Delivery area in order to set the parameters for rescheduling emails in case of a non-critical delivery error in AXIGEN Mail Server.
The First delivery retry timeout for an email field allows you to specify the time interval for rescheduling a message in case of a non-critical delivery error in AXIGEN Mail Server. The default value corresponds to 5 minutes, this means that the queue is rechecked after 5 minutes in order to attempt sending the message. The value for this parameter can be entered in seconds, minutes or hours. For each subsequent retry this timeout is doubled.
You can also specify the maximum time interval when the retry timeout is no longer doubled. This option is available in the Stop doubling retry timeout when it reaches field. The
319
Copyright © 2008 Gecad Technologies S.A.
http://www.axigen.com
AXIGEN System Administrator's Manual
default value corresponds to 8 hours, meaning that once the retry timeout reaches 8 hours all subsequent retries will still be made after 8 hours and not after 16. The value for this parameter can be entered in seconds, minutes or hours.
Use the Max. number of retries field to specify the number of times AXIGEN server should try to deliver a mail message in case of a non-critical delivery error in AXIGEN Mail Server.
The Temporary delivery error reports area enables you to specify when you should first be notified about the failed attempts to deliver a message. The default value is 4. Change this value by using the up and down arrows or by simply entering the new parameter in the text box available after the Send notification after field.
The notification format can also be defined by filling in the Notification Sender, Notification Subject, Notification Body begins with, Append this text for each failed recipient and Notification body ends with text fields.
Check the Also attach to notification option so the notification email will include either entire original message or just its header.
In the Permanent delivery error reports area, you can also define the the NDR (Non-Delivery Receipt) text and the conditions when such a message is returned. As an example, NDR responses are sent when the specified recipient of an email message is invalid.
320
Copyright © 2008 Gecad Technologies S.A.
http://www.axigen.com
AXIGEN System Administrator's Manual
You can further define the content of the error notification by inserting a number of variables covering the recipient address, failure reason, sender address, email size, as well as the text to be added to the end of the notification body. Use the drop-down menu to also select whether to include the header of the original message or the entire original message.
Queue Parameters
The Queue path field allows you to specify the path to the internal server queue. If the string does not represent a valid path the queue will not be stored. By default the AXIGEN server queue is stored in /var/opt/axigen/queue. Changing the already set path will take effect only after restarting the server.
Use the Max. number of queue subdirectories field in order to specify the upper limit for the number of subdirectories in the internal queue. The default value is 64, the maximum is 256.
In the Processing queue size field specify the size of the internal processing queue. When too many messages have to be processed and this queue is full the next messages will be rescheduled.
321
Copyright © 2008 Gecad Technologies S.A.
http://www.axigen.com
AXIGEN System Administrator's Manual
Use the Local delivery threads field to specify the number of threads handling the local SMTP delivery. Thus you can fine tune the server behavior to your usage scenario. If you want to use your server mainly for local delivery you can set a higher number of delivery threads, top limit is 128.
When you are done configuring these parameters, remember to hit the Save Configuration button to preserve your changes.
9.5.2. View Queue
The Queue > View Queue tab allows you to view the email processing queue with extensive information relative to the emails in the queue.
Viewing the Queue When first accessing this tab a list of emails in the queue is displayed. Email filtering options include searching the queued emails depending on their sender, receiver, email size, sending date, retry data, status. Next Retry field has the following format: dd mmm yyyy (ie. 1 Jan 1970).
Use the drop-down menus and text boxes to specify the filtering parameters, then hit the Go button to activate them. As a result all emails meeting the specified criteria will be displayed.
To view all emails in the queue again or set different filters click the Reset Filter button and then fill in your new searching criteria.
Detailed message information For details related to a specific email in the queue hit the Info button on the right hand of the email in question and check the fields of the displayed text box.
322
Copyright © 2008 Gecad Technologies S.A.
http://www.axigen.com
AXIGEN System Administrator's Manual
Actions to be taken for selected items Several actions can be applied to a specific email or number of emails. These include retrying their delivery on the spot, deleting them or sending NDRs (non-delivery receipts) for the selected items.
Hitting the Force Queue button will result in forcing the delivery of all emails in the queue no matter their retry schedules.
When you are done configuring these parameters, remember to hit the Save Configuration button to preserve your changes.
9.6. Status & Monitoring The Status & Monitoring section gives access to configuring the reporting service, viewing charts reflecting different server parameters and extensive details on overall and domain-specific storage.
• Reporting Service - for configuring the AXIGEN Mail Server logging service, including the logging levels and logging types.
• Charts - containing the basic policies for emails routing. • Storage Charts - containing the advanced policies for emails acceptance and
routing.
9.6.1. Reporting Service Tab
The Status & Monitoring > Reporting Service tab allows system administrators to configure the AXIGEN Mail Server logging service including the logging levels and logging types.
323
Copyright © 2008 Gecad Technologies S.A.
http://www.axigen.com
AXIGEN System Administrator's Manual
SNMP is a networking management protocol used to monitor network-attached devices. SNMP allows messages (called protocol data units) to be sent to various parts of a network. Upon receiving these messages SNMP-compatible devices (called agents) return data specific to certain parameters that are monitored to the SNMP manager.
To access SNMP listener configuration in WebAdmin, go to the Status&Monitoring module >Reporting Service tab. A list of the already configured listeners (if any) will be displayed, sorted by their IP addresses (lowest first). To enable/disable any of the existing listeners just click on the corresponding button under Status. To edit/delete any of them click on the corresponding Edit or Delete buttons under Actions.
To add a new listener hit the Add Listener button and then fill in the text boxes with the IP address and port details. Should you like the new listener to have the Enabled status check the box in front of the Enable this listener option. To finalize the adding of the new listener click on Quick Add.
For a detailed view of listeners usage in AXIGEN see the Listeners section.
Logging
The log level can be set in the Logging section with the use of the slider, by moving it to the left or to the right, depending on how much detailed the logging information should be. The selected types of messages will change color from transparent to gray. Please note that the log level values are cumulative (i.e. setting the log level to Warning messages will also log Critical messages and Error messages).
324
Copyright © 2008 Gecad Technologies S.A.
http://www.axigen.com
AXIGEN System Administrator's Manual
Log types Use the drop-down menu under Log to select one of the available logging types. You can log (internally, remotely or using the system log) the activity of all services available in AXIGEN.
Use remote log option: AXIGEN Log Service can log internal data coming from other AXIGEN modules/services or data coming from the UDP port 2000 (default option). Use the drop-down menu to select the custom option if you wish to specify another port.
Data Collection
The Reporting Service is responsible with collecting events relevant for the System Administrator. Use the up and down arrows in order to specify the time interval when the logging information should be collected. The collected samples will be aggregated and stored according to each chart's configuration.
SNMP Parameters
In this section SNMP can be enabled by checking the box in front of it. Version 6.0 of AXIGEN now supports SNMP Traps that can be set either for connected managers or specific IPs by checking the SNMP Send Traps To All Managers option or defining a SNMP Community and adding IP:Port combinations to it. To add a new trap destination fill the details in the corresponding text field and click the Add button. Trap Destinations can be edited directly in the field they are displayed in or deleted by clicking their corresponding Delete button.
Download AXIGEN MIB File to see all parameters monitored by the reporting service, their description and other relevant details.
325
Copyright © 2008 Gecad Technologies S.A.
http://www.axigen.com
AXIGEN System Administrator's Manual
When you are done configuring these parameters, remember to hit the Save Configuration button to preserve your changes.
9.6.2. Charts Tab
The Status & Monitoring > Charts tab allows system administrators to configure sets of parameters to be monitored and view their corresponding graphical activity charts.
Defined charts When accessing the Charts tab a list of the already configured graphics is displayed, if none has been previously created the list will be empty.
To edit or delete any of the already defined charts use the options under the Actions section: to edit the details of an already defined chart hit the Edit hit its button on the right side of its name, to delete it click the corresponding Delete button. Should you like to add a chart hit the Add Chart button and fill in the requested details.
326
Copyright © 2008 Gecad Technologies S.A.
http://www.axigen.com
AXIGEN System Administrator's Manual
Use the drop-down menu to select one of the available chart groups or create a new one by filling in its name in the corresponding text box. Then specify the desired name for your chart and hit the Next step button. This will result in displaying two new pages: Chart Parameters and Display Settings. The same pages will also appear when wishing to edit the parameters of an already defined chart.
Available Chart Groups
The defined Chart Groups allow quick and comprehensive browsing through all the displayed graphs: clicking on one of the available groups will result in displaying all the charts defined for that specific group to ease the search and configuration.
Refresh options
For an accurate representation an automatic refresh option is available alongside a manual refresh button.
9.6.2.1. Chart Parameters Configuration
The Charts > Chart Parameters page allows system administrators to specify the parameters relative to a new or an already defined chart.
General settings Use the options under the General Settings section in order to configure the parameters relative to the Chart Group and Chart Name.
Use the drop-down menu on the right side of the Chart Group option in order to specify the name of the group within which the new chart will be created. Choose one of the already defined charts or use the Custom group option. The latter option will allow you to create a new chart group and fill in its name in the accompanying text-box on the right.
327
Copyright © 2008 Gecad Technologies S.A.
http://www.axigen.com
AXIGEN System Administrator's Manual
Data Aggregation Use the options under the Data Aggregation section in order to specify the parameters to be collected, the aggregation function and interval, as well as the database storage details.
Use the drop-down menu available on the right hand side of the Parameter to collect option in order to select the new parameter to be monitored.
Use the drop-down menu to select one of the available Aggregation Functions: average, maximum, minimum or total.
Use the drop-down menu to specify the Aggregation Interval. You can set the aggregation to be made every minute, hour or day, or choose the custom option in order to specify another interval ranging from 60 seconds to 60 days.
A rotation criterion can be enforced on the database by using the up and down arrows on the right side of the option called Rotate database after storing.
When you are done configuring these parameters, remember to hit the Save Configuration button to preserve your changes.
328
Copyright © 2008 Gecad Technologies S.A.
http://www.axigen.com
AXIGEN System Administrator's Manual
9.6.2.2. Display Settings
The Charts > Display Settings page allows system administrators to specify the parameters relative to a new or an already defined chart.
Predefined styles
To choose one of the predefined graphic types use the Chart Type drop-down box. Available options are bars, discrete dots, discrete lines, fill, fill with outline, and outline types.
You can further customize the colors of your defined graphic using the Fill color and Outline color drop-down menus. Available options include black and white, gray, as well as red, orange, blue, magenta and green and their darker and lighter nuances.
Live Preview
Preview the display of the selected chart type by checking the Live Preview section. In this case, for example, you can view the Discrete lines chart type.
When you are done configuring these parameters, remember to hit the Save Configuration button to preserve your changes.
329
Copyright © 2008 Gecad Technologies S.A.
http://www.axigen.com
AXIGEN System Administrator's Manual
9.6.3. Storage Charts
The Status & Monitoring > Storing Charts tab allows system administrators to view graphical charts of the AXIGEN Mail Server space usage for both overall storage and per domain storage.
Overall Storage Check this chart to view the aggregated disk storage and space usage information. Storage values will be displayed in KB and percentages.
Per Domain Storage This section displays the space usage information for each of the domains hosted by AXIGEN. To ease the search use the Domain Search option and fill in the name of the domain that you want to check. The information available for that specific domain will be displayed on a filter as you type basis.
Check the graphical bars to view the total storage information and space usage percentage for the selected domain. Should you like to view additional storage information click the Detailed Info button on the right side of the domain in question, in the Actions section.
This will result in accessing another page with Detailed Storage Info, meaning the storage charts for the selected domain (such as localdomain.com in this example).
Important! The storage size on disk will automatically grow to its maximum configured expandable size, provided the disk has enough free space.
9.6.3.1. Detailed Storage Info
The Storage Charts > Detailed Storage Info page allows system administrators to view the storage information for the selected domain: the total storage files as well as details relative to the domain, object and message storages.
330
Copyright © 2008 Gecad Technologies S.A.
http://www.axigen.com
AXIGEN System Administrator's Manual
All Storage Files & Domain Storage
To view the information related to all the storage files for the selected domain check the details under the All Storage Files section. Should you like some detailed information about the domain storage only look in the Domain Storage section. You will thus be able to see the location of the domain storage files as well as the maximum number and size of domain storage files. The Domain Storage and Overall Usage Information are also available as a graphical bar with the corresponding values in KB and percentages.
For additional information about the location and name of the domain storage files hit the Show domain storage files button. To hide this option click the Hide domain storage files button.
Object Storage & Message Storage
331
Copyright © 2008 Gecad Technologies S.A.
http://www.axigen.com
AXIGEN System Administrator's Manual
For detailed information about the object and message storage check the details available under the corresponding sections: Object Storage and Message Storage. Again you will be able to see the location of the corresponding storage files as well as the maximum number and size allowed for such files.
The Domain Storage and Overall Usage Information are also available as a graphical bar with the corresponding values in KB and percentages. For more information about the location and name of the corresponding storage files with the use of the Show button.
To get back to the previous page, Storage Charts, use the Back to: Storage Charts button available at the top of the current page.
9.7. Logging The Logging section gives access to viewing, deleting, downloading log information for each AXIGEN Mail Server module and adding or configuring log collection rules.
332
Copyright © 2008 Gecad Technologies S.A.
http://www.axigen.com
AXIGEN System Administrator's Manual
9.7.1. Local Services Log
The Logging > Local Services Log tab allows systems administrators to view the log information for each of the AXIGEN Mail Server modules.
Local Services Log Overview
Check the options under the Local Services Log Overview section to view the AXIGEN modules and their logging levels and files. Displayed Log Levels are the ones configured into the Reporting Service tab from the Status & Monitoring section.
For each AXIGEN module information messages related to the processed data and connections are stored by default under the 'default.txt' file. To change the implicit location of the file click the Change button, then fill in the new file name and click on Save.
9.7.2. Log Collection Rules
The Logging > Log Collection Rules tab allows system administrators to view or add log collection rules.
Log Collection Rules When accessing this page, a list of the already defined log collection rules will be displayed. To edit one of the rules use the Edit button available on the right side of the rule in question, to delete it use its corresponding Delete button.
333
Copyright © 2008 Gecad Technologies S.A.
http://www.axigen.com
AXIGEN System Administrator's Manual
To set the order in which the defined log collection rules will be applied use the up and down arrows displayed on the right hand of the Delete option.
The default rule found in this context will store the data logged from all the AXIGEN modules into the default.txt file. For specific logging needs additional collection rules can added by clicking on the Add Rule option. Adding or editing a log collection rule implies configuring the same set of parameters available in a new page that will be displayed: Configure Log Collection Rule.
9.7.2.1. Log Collection Rule Configuration
The Log Collection Rules > Configure Log Collection Rule page contains the parameters relative to the configuration of new log collection rules including the services for which logs are to be created, log levels and rotation criteria.
Settings section
Use the drop-down menu under the Collect messages from option in order to select the general type of services for which logs are to be kept. Available options include local services and remote host. When choosing the latter option you will also have to specify the remote host details in an additional text box.
334
Copyright © 2008 Gecad Technologies S.A.
http://www.axigen.com
AXIGEN System Administrator's Manual
The Collect logs from service option enables you to select the specific service for which logs are to be created. Use the drop-down menu to make your choice.
Use the in file option to view or change the file that will store all the information messages related to the processed data and connections. To change it just fill in the new details in available the text box.
Logging
The log level can be set in the Logging section with the use of the slider, by moving it to the left or to the right, based on how detailed the logged information should be. The selected types of messages will change color from transparent to gray.
Rotation Parameters
In the Rotation parameters section options such as destination file size, maximum lifetime for the destination file and also the limit number of old log files kept can be defined. To enable any of these options check the boxes in front of them, then use the up and down arrows to set their specific values. Note that that the default setting for the Limit no. of old log files kept to option indicates that all old rotated log files will be kept.
Important: When selecting a predefined rotation interval (Daily/ Weekly /Monthly) the rotation will be performed at midnight, when the rotation interval ends.
When you are done configuring these parameters remember to hit the Save Configuration button to preserve your changes.
To go back to the Log Collection Rules tab hit the Back to: Log Collection Rules option available in the top left corner of this page.
335
Copyright © 2008 Gecad Technologies S.A.
http://www.axigen.com
AXIGEN System Administrator's Manual
9.7.3. View Log Files
The Logging > View Log Files tab enables system administrators to view, delete or download all the log files storing the information for defined log collection rules.
Log files When accessing this tab a list of all the available log files will be displayed. To change the number of displayed logs use the drop-down menu available for the Show...files per page option. To view another page of logs click on its corresponding number or on the Next option.
Viewing, deleting or downloading a log file To see the contents of a log file click the View option available on its left side. A new section with the logged information will appear and useful scrolling options to be used for viewing the entire content of the log file.
To delete a specific log file click on its corresponding Delete button. To download a certain log file hit the button available on the right side of its Delete option. A helpful note will also appear to announce you that you can use this button with the purpose to Download the log file in question.
336
Copyright © 2008 Gecad Technologies S.A.
http://www.axigen.com
AXIGEN System Administrator's Manual
9.7.4. Log Server Settings
The Logging > Log Server Settings page allows you to configure parameters relative to this specific service's configuration, to add listeners and further manage and define logging parameters.
Listeners Currently, UDP listeners are only available for the Logging service, the only AXIGEN UDP Service. A list of the already configured listeners (if any) will be displayed, sorted by their IP addresses (lowest first). They are used to specify the socket to listen to for connecting to the Log service. To enable/disable any of the existing listeners just click on the corresponding button under Status. To edit/delete any of them hit the corresponding Edit or Delete buttons under Actions.
To define a new listener, use the Add Listener button and fill in the text boxes with the IP address and port details.. The default value for this parameter is 127.0.0.1:2000.
Should you like the new listener to have the Enabled status check the box in front of the Enable this listener option. To finalize the adding of the new listener click on Quick Add.
For a more detailed view see the Listeners section.
Logging Settings
To set the Log Level click the slider and move it to the left or to the right. The selected types of messages will change color from transparent to gray. Please note that the log level values
337
Copyright © 2008 Gecad Technologies S.A.
http://www.axigen.com
AXIGEN System Administrator's Manual
are cumulative (i.e. setting the log level to Informational Messages will also log Critical messages, Error messages and Warning Messages.)
Log files can be stored using your internal log files, your system's log files or within the log files located on a remote system. Use the Log drop-down menu to select where to have your log files saved.
When you are done configuring these parameters, remember to hit the Save Configuration button to preserve your changes.
9.8. Backup and Restore Tab The FTP Backup & Restore tab allows you to configure parameters relative to this specific service's configuration, add listeners and manage access to the service by adding rules applicable to all existing listeners. For details on listeners and rule configuration, see TCP Listeners and Control Rules chapter.
Through Service Configuration system administrators can manage logging, error and thread control parameters.
Logging
You can select several types of messages to be logged for the Backup & Restore service: critical messages, error messages, warning messages, informational messages and protocol communication. To select which of these are to be logged click the Log Level slider and move it to the left or to the right, the selected types of messages will change color from whiter to gray.
Log files can be stored using your internal log files, your system's log files or within the log files located on a remote system. Use the Log drop-down menu to select where to have your log files saved.
Error Control
338
Copyright © 2008 Gecad Technologies S.A.
http://www.axigen.com
AXIGEN System Administrator's Manual
To set a maximum number of errors caused by invalid commands received from clients or by failed authentication attempts check the respective options in the Error Control area of the Backup & Restore service. Use the up and down arrows corresponding to each of these options to set a specific number of errors.
Thread Management
Thread management allows you to set different numbers of processing threads for the Backup & Restore service depending on your traffic load. First, using the up and down arrows, set a number of threads to be allotted when the Backup & Restore service is started. To have a different number of threads for peak periods check the overload option and use the up and down arrows to choose the thread number.
When you are done configuring these parameters, remember to hit the Save Configuration button to preserve your changes.
9.9. Automatic Migration Tab The Automatic Migration tab allows system administrators to enable and configure the automatic migration of domains previously managed with a different mail server to the AXIGEN Mail Server. When first accessing the tab an alphabetical list of existing domains is displayed. The current status of the migration is displayed - Migration Enabled/Disabled - and the opposite action button - Disable/Enable - is available for each domain.
If the domain list is quite large and you need to locate a certain domain type its name in the Domain Search text field and hit Enter on your keyboard. Should you like to return to the prior alphabetical list click the Reset Filter button displayed after the search filter has been successfully applied.
In order to enable the migration process for a certain domain you have to first configure its parameters. To do so, first hit the Configure button corresponding to each domain name. The options in the below screen capture will appear:
339
Copyright © 2008 Gecad Technologies S.A.
http://www.axigen.com
AXIGEN System Administrator's Manual
To turn on the migration process please check the Enable automatic migration for this domain option. For the migration process to work you should also configure the connection to the old mail server. Therefore please specify the IP/Hostname of the priorly used server and its SMTP and IMAP Ports in the corresponding text fields. To preserve these connection details please hit the Quick Save button.
Important! Some mail servers allow you to create folder names containing the "/" character. AXIGEN cannot migrate folders whose names contain this specific character, therefore you need to rename them before migrating so that the process is completed successfully.
9.10. Clustering Section The Clustering section allows system administrators to setup the AXIGEN Mail Server clustering support. Clustering support is based on OpenLDAP integration with AXIGEN and allows routing for the POP3 Proxy and IMAP proxy services. This new feature enables system administrators to spread mailboxes on several AXIGEN servers and have a separate machine that routes POP3/IMAP connections to the appropriate mailbox server. It also supports the LDAP Authentication mechanism for the AXIGEN Mail Server. For further details on the Clustering Support features and functionalities, please see the corresponding section in the Architecture chapter.
9.10.1. Clustering Setup
The Clustering Setup tab gives access to three different pages:
• LDAP Connectors - allows system administrator to create and manage LDAP Connectors and to also set some general parameters relative to logging and connection threads.
• User Maps - the page gives access to creating, editing and deleting user maps. • Routing and Authentication - containing parameters relative to routing possibilities
through POP3 Proxy, IMAP Proxy and SMTP.
340
Copyright © 2008 Gecad Technologies S.A.
http://www.axigen.com
AXIGEN System Administrator's Manual
9.10.1.1. LDAP Connectors Page
The LDAP Connectors Page allows system administrators to manage existing LDAP connectors and to create new ones as well as to configure some general parameters that direct logging and threading behavior for the connectors.
When first accessing the LDAP Connectors Page a list of already defined connectors is displayed. To change the settings for an already defined LDAP connector hit its corresponding Edit button, to delete it use the Delete button.
To create a new LDAP connector click the Add Connector button. Whether adding or editing a connector the same configuration window pops up.
341
Copyright © 2008 Gecad Technologies S.A.
http://www.axigen.com
AXIGEN System Administrator's Manual
To specify a name for you newly defined connector use the LDAP Connector name text field. Proceed with specifying a combination of IP/Hostname and port for your connector using the dedicated fields in the LDAP Server Parameters section. Under these fields the generated LDAP host URL will be displayed. This URL follows the ldap://IP/Hostname:Port pattern.
The next step in configuring the LDAP connector is to select if an anonymous bind or an administrative DN is to be used. Should you check the Use administrative DN option you will also have to specify in the same LDAP Search Parameters section your selected values for four other fields: Admin DN, Admin DN Password, Search Base and Search Filter.
Should you like an error to be returned when more entries match a search filter check the respective option in the LDAP Search Parameters section. If this option is left unchecked the first entry matching the search filter will be used.
The final step is to specify a Password Attribute and a Hostname attribute for the currently configured connector in the LDAP Attributes Mapping section. After completing this step press the Quick Add button to save your settings.
Logging Parameters
You can select several types of messages to be logged for the LDAP Connectors: critical messages, error messages, warning messages, informational messages and protocol communication. To select which of these are to be logged click the Log Level slider and move it to the left or to the right. The selected types of messages will change color from transparent to gray.
Log files can be stored using your internal log files, your system's log files or within the log files located on a remote system. Use the Log drop-down menu to select where to have your log files saved.
Thread Management
Thread management allows you to set different numbers of processing threads for the LDAP Connectors depending on your traffic load. Set a number of threads to be allotted when the LDAP Connectors are started using the up and down arrows.
When you are done configuring these parameters, remember to hit the Save Configuration button to preserve your changes.
342
Copyright © 2008 Gecad Technologies S.A.
http://www.axigen.com
AXIGEN System Administrator's Manual
9.10.1.2. User Maps Page
Through the User Maps page system administrators can manage existing user maps and also add new ones. When first accessing this page a list of already defined user maps is displayed.
To modify an existing user map use the corresponding Edit button, to delete it click the Delete button. To add a new one simply hit the Add User Map button. Whether adding a new map or editing and existing one the same configuration window pops up.
Specify a name for the map you are currently configuring in the User Map name text field. Then select a type for your user map using the User Map type drop-down menu. Available options are local file, LDAP Password and LDAP Bind. Should you choose local file you have to specify the path to the respective file's location in the second text field of this parameter. For LDAP Password and LDAP Bind the text field turns into a second drop-down menu used to select one of the LDAP connectors defined on the LDAP Connectors page.
After configuring these parameters, hit the Quick Add button (if adding a new user map) or the Update button (if editing an existing one) to save your settings.
9.10.1.3. Routing and Authentication Page
The Routing and Authentication page allows system administrators to select the authentication type performed for all services of the AXIGEN Mail Server and to also set parameters managing routing behavior at POP3 Proxy, IMAP Proxy and SMTP level.
The authentication can be of three types (available in a drop-down menu) - internal, LDAP Password and LDAP Bind. When selecting internal the authentication will be performed
343
Copyright © 2008 Gecad Technologies S.A.
http://www.axigen.com
AXIGEN System Administrator's Manual
through the internal user database. If LDAP Password or LDAP Bind is selected one of the LDAP connectors defined on the LDAP Connectors page must be selected.
Routing and proxy redirect requests are performed through one of the user maps previously defined. Therefore, please select one of the existing user maps using the corresponding drop-down menu from the Routing configuration section.
In some cases no match will be found for a certain request within the selected user maps. For these particular cases please specify an IP/port combination to redirect POP3 requests to and one for IMAP requests to be redirected to.
To have routing at SMTP level enabled check the respective option in the Routing configuration section and select an existing user map in the dedicated drop-down menu. In some cases no match will be found for a certain request within the selected user maps. For these particular cases please specify an IP/port combination to redirect SMTP requests to.
When you are done configuring these parameters, remember to hit the Save Configuration button to preserve your changes.
9.10.2. POP3 Proxy Tab
The POP3 Proxy tab allows you to configure parameters relative to this specific service's configuration, add listeners and manage access to the service by adding rules applicable to all existing listeners. For details on listener and rule configuration see the TCP Listeners and Control Rules chapter.
Through Service Configuration system administrators can manage logging, authentication and encryption, error and thread control parameters and backend server connection settings.
Logging
344
Copyright © 2008 Gecad Technologies S.A.
http://www.axigen.com
AXIGEN System Administrator's Manual
You can select several types of messages to be logged for the POP3 Proxy service: critical messages, error messages, warning messages, informational messages and protocol communication. To select which of these are to be logged click the Log Level slider and move it to the left or to the right. The selected types of messages will change color from transparent to gray.
Log files can be stored using your internal log files, your system's log files or within the log files located on a remote system. Use the Log drop-down menu to select where to have your log files saved.
Encryption and Authentication
The POP3 Proxy service allows only one authentication method which is PLAIN. Therefore as it is recommended to use StartTLS or SSL to enhance connection security, please check the Allow StartTLS option in the Encryption and Authentication section. Should you like your proxy to handle the authentication, check the Perform authentication on proxy option. Alternatively, the authentication will be performed on the back-end server.
Error Control
To set a maximum number of errors caused by invalid commands received from clients or by failed authentication attempts check the respective options in the Error Control area of the POP3 Proxy service. Use the up and down arrows corresponding to each of these options to set a specific number of errors.
Thread Management
345
Copyright © 2008 Gecad Technologies S.A.
http://www.axigen.com
AXIGEN System Administrator's Manual
Thread management allows you to set different numbers of processing threads for the POP3 Proxy service depending on your traffic load. First, using the up and down arrows, set a number of threads to be allotted when the POP3 Proxy service is started. To have a different number of threads for peak periods check the overload option and use the up and down arrows to choose the thread number.
Back-end Server Connection Settings
To set a specific sending and receiving timeout first check the respective option in the Back-end Server Connection Settings section. The timeout is computed in miliseconds (use the up and down arrows or edit the respective text field to increase or decrease the default value) and ranges between 10 and 65535.
The total number of connections established on the back-end server can be limited by checking the corresponding option. Use the up and down arrows or edit the respective text field to increase or decrease the default value - possible values range between 1 and 65535 connections.
In order to overwrite the default local network interface used for back-end server connections check the corresponding option and type the respective interface in the Local network interface IP address field.
Use a secure (SSL enabled) connection when accessing the back-end server by checking the corresponding option in the Back-end Server Connection Settings section.
When you are done configuring these parameters, remember to hit the Save Configuration button to preserve your changes.
9.10.3. IMAP Proxy Tab
The IMAP Proxy tab allows you to configure parameters relative to this specific service's configuration, add listeners and manage access to the service by adding rules applicable to all existing listeners. For details on listener and rule configuration, see TCP Listeners and Control Rules chapter.
Through Service Configuration system administrators can manage logging, authentication and encryption, error and thread control parameters and backend server connection settings.
346
Copyright © 2008 Gecad Technologies S.A.
http://www.axigen.com
AXIGEN System Administrator's Manual
Logging
You can select several types of messages to be logged for the IMAP Proxy service: critical messages, error messages, warning messages, informational messages and protocol communication. To select which of these are to be logged, click the Log Level slider and move it to the left or to the right. The selected types of messages will change color from transparent to gray.
Log files can be stored using your internal log files, your system's log files or within the log files located on a remote system. Use the Log drop-down menu to select where to have your log files saved.
Encryption and Authentication
The IMAP Proxy service allows only one authentication method which is PLAIN. Therefore, as it is recommended to use StartTLS or SSL to enhance connection security check the Allow StartTLS option in the Encryption and Authentication section. Should you like your proxy to handle the authentication check the Perform authentication on proxy option, alternatively the authentication will be performed on the back-end server.
Error Control
To set a maximum number of errors caused by invalid commands received from clients or by failed authentication attempts check the respective options in the Error Control area of the
347
Copyright © 2008 Gecad Technologies S.A.
http://www.axigen.com
AXIGEN System Administrator's Manual
IMAP Proxy service. Use the up and down arrows corresponding to each of these options to set a specific number of errors.
Thread Management
Thread management allows you to set different numbers of processing threads for the IMAP Proxy service depending on your traffic load. First, using the up and down arrows, set a number of threads to be allotted when the IMAP Proxy service is started. To have a different number of threads for peak periods check the overload option and use the up and down arrows to choose the thread number.
Back-end Server Connection Settings
To set a specific sending and receiving timeout first check the respective option in the Back-end Server Connection Settings section. The timeout is computed in milliseconds (use the up and down arrows or edit the respective text field to increase or decrease the default value) and ranges between 10 and 65535.
You can limit the total number of connections established on the back-end server by checking the corresponding option. Use the up and down arrows or edit the respective text field to increase or decrease the default value - possible values range between 1 and 65535 connections. In order to overwrite the default local network interface used for back-end server connections check the corresponding option and type the respective interface in the Local network interface IP address field.
To use a secure (SSL enabled) connection when accessing the back-end server, please check the corresponding option in the Back-end Server Connection Settings section.
When you are done configuring these parameters, remember to hit the Save Configuration button to preserve your changes.
348
Copyright © 2008 Gecad Technologies S.A.
http://www.axigen.com
AXIGEN System Administrator's Manual
9.11. Administration Rights Section Starting with version 5.0, the AXIGEN Mail Server features Delegated Administration options which enable the easy creation of administrative groups, with predetermined membership hierarchies and permissions, assigned to specific domains. The Administration Rights section gives access to parameters configuring the behavior of such administrative users or imposing the limitations for each type of administrative user created.
9.11.1. Administrative Groups Tab
The Administration Rights > Administrative Groups tab allows system administrators to create administrative groups and further define their attributes and specific permissions.
Administrative Groups When first accessing this tab a list of the already defined administrative groups is displayed.
Groups are listed in alphabetical order to ease the search and editing of a specific group. To edit/delete an existing administrative group use the Edit and Delete options available under Actions, on the right hand side of the group in question.
To define a new administrative group hit the Add administrative group button, then fill in the group name and display name in the corresponding text boxes. Use the Quick Add option to save the details directly or click on Advanced config to further tune it: choose its membership hierarchy and assign the permissions you want the group to have.
Whether editing an already defined administrative group or trying to create a new one you will make use of the same options available in three sub-pages called General, Membership, respectively Permissions.
9.11.1.1. General
The Administrative Groups > General sub-page allows system administrators to specify the name and display name of the configured administrative group.
349
Copyright © 2008 Gecad Technologies S.A.
http://www.axigen.com
AXIGEN System Administrator's Manual
General parameters
Whether creating a new administrative group or editing an already created one use the available text boxes under the Settings section to specify the Administrative groupname and Display name.
When you are done configuring these parameters remember to hit the Save Configuration button to preserve your changes.
9.11.1.2. Membership
The Administrative Groups > Membership sub-page allows system administrators to further configure administrative groups by specifying their hierarchy among the other existing groups.
Membership hierarchy
Use the options under Membership hierarchy to set the hierarchy of the configured administrative group (AccountAdministrators in this example). Thus, the configured group can an be assigned as a member of the existing available groups or removed from an already existing group member list by using the two arrows. Example: check the box in front of the CustomPermissions group and then click on the green arrow; as a result, the AccountAdministrators group will be moved to the list of administrative groups to which this group belongs to, as a member.
Members of the configured group
350
Copyright © 2008 Gecad Technologies S.A.
http://www.axigen.com
AXIGEN System Administrator's Manual
The Members of this group section gives you an overview of this childs (both administrative groups and users which inherit permissions from the current group).
Parents of the configured group
Check the Parents of this group section in order to view the groups from which the currently configured group, AccountAdministrators, inherits permissions. Click the '+' sign corresponding to the group that interests you in order see further details relative to its child groups and their hierarchy.
Important! • Please note that cyclic inclusion is not permitted (i.e. if group A is a member of group B and group B is a member of group C, then group C will not be allowed as a member of group A).
When you are done configuring these parameters remember to hit the Save Configuration button to preserve your changes.
9.11.1.3. Permissions
The Administrative Groups>Permissions sub-page allows system administrators to specify the parameters relative to server and domain permissions for the configured administrative group.
Explicit Permissions Two classes of permissions can be delegated to an administrative group: server permissions allow administrative users based on this group to modify certain server modules; domain management permissions include management rights on all domains or on any specific domain (previously created).
Setting explicit permissions at server level
Check the Explicit server permissions section for a list of the already defined server permissions for the configured administrative group. Should you like to edit or delete any of the existing permissions use the corresponding Change and Remove options.
351
Copyright © 2008 Gecad Technologies S.A.
http://www.axigen.com
AXIGEN System Administrator's Manual
Should you like to delete all permissions relative to a certain service just hit the Remove all button. To add new server permissions for the configured administrative group, click on the Add server permission button and fill in the requested details.
Adding server permissions
Click on the Add server permission button, then use the available drop-down menus to configure the new permission by choosing the service and action to be taken relative to the selected module. Available actions are: Allow and Deny. Hit the Quick Add button to finalize the adding of the new configuration.
Setting explicit permissions at domain level
Check the Explicit domain permissions section for a list of the already defined server domain permissions for the configured administrative group. Should you like to edit or delete any of the existing permissions use the corresponding Change and Remove options. To delete all permissions relative to a certain service just hit the Remove all button. To add new server permissions for the configured administrative group click the Add domain permission button and fill in the requested details.
352
Copyright © 2008 Gecad Technologies S.A.
http://www.axigen.com
AXIGEN System Administrator's Manual
Adding domain permissions
Click on the Add domain permission button and use the available drop-down menus to configure the new permission by choosing the service and action relative to the selected module. Available actions are: Allow and Deny. Hit the Quick Add button to finalize the adding of the new configuration.
Effective permissions
Check the Effective Permissions section for complete information about the permissions available for the configured administrative group at different levels (resources): server, any domain, a specific domain. Displayed information will include all information for a certain resource as they result from the inheritance of its parents' permissions combined with the permissions assigned directly to this group.
353
Copyright © 2008 Gecad Technologies S.A.
http://www.axigen.com
AXIGEN System Administrator's Manual
9.11.2. Administrative Users Tab
The Administration Rights > Administrative Users tab enables system administrators to configure the parameters relative to administrative users.
Administrative users' list When first accessing the Administrative Users tab a list of the already defined administrative users is displayed, in alphabetical order to ease the search of a specific user. Should you like to edit or delete any of the existing administrative users hit the Edit and/or Delete buttons corresponding to the users in question.
Adding a new administrative user Should you like to add a new user click the Add administrative user option and fill in the available text-boxes with the requested information: Administrative username, Password and Display name.
Set a password manually by simply entering the desired password combination in the Password text box or hit the Set Random button in order for AXIGEN to automatically assign a password to the configured administrative user. The automatically generated password will also be displayed for informative purposes.
Should you like to add the new administrative user with the newly-configured details click on the Quick Add button, to further fine tune its parameters hit the Advanced Config option.
354
Copyright © 2008 Gecad Technologies S.A.
http://www.axigen.com
AXIGEN System Administrator's Manual
You will then be able to access three new pages: General, Membership and Permissions. The same three pages will also appear when editing an already existing administrative user by hitting the above-mentioned Edit button.
9.11.2.1. General
The Administrative Users > General sub-page allows system administrators to configure general data regarding administrative users such as username, password and display name details.
General settings
Whether creating a new administrative user or editing an already created one use the text boxes in the Settings section to specify the Administrative username and Display name. The password can be either typed in the corresponding field or automatically assigned by AXIGEN when hitting the Set Random button.
When you are done configuring these parameters remember to hit the Save Configuration button to preserve your changes.
9.11.2.2. Membership
The Administrative Users >Membership page allows system administrators to set the membership hierarchy of the configured administrative users.
Membership hierarchy
355
Copyright © 2008 Gecad Technologies S.A.
http://www.axigen.com
AXIGEN System Administrator's Manual
Use the options under Membership hierarchy to set the hierarchy of the configured administrative user (DomainAdministrator1 in this example). Thus, the configured user can an be assigned as a member of the existing available administrative groups or removed from an already existing group list, by using the two arrows.
Example: check the box in front of the Server Administrators and then click on the green arrow; as a result the Server Administrators group will be moved to the list of administrative groups to which the DomainAdministrator1 user will belong to, as a member.
When you are done configuring these parameters remember to hit the Save Configuration button to preserve your changes.
9.11.2.3. Permissions
The Administrative Users>Permissions page allows system administrators to specify the parameters relative to the server and domain permissions for the configured administrative user.
Explicit Permissions Two classes of permissions can be delegated to an administrative user: server permissions allow administrative users to modify certain server modules; domain management permissions can include management rights on all domains or a specific domain.
Setting explicit permissions at server level Check the Explicit server permissions section for a list of the already defined server permissions for the configured administrative group user. Should you like to edit or delete any of the existing permissions, use the corresponding Change and Remove options. Clicking on the Change button will result in changing the permission from Allow to Deny or back, as the case may be.
Should you like to delete all permissions relative to a certain service just hit the Remove all button. To add new server permissions for the configured administrative user click on the Add server permission button and fill in the requested details.
Adding server permissions Click on the Add server permission button, then use the available drop-down menus to configure the new permission by choosing the service and action to be taken relative to the selected module. Available actions are: Allow and Deny. Hit the Quick Add button to finalize the adding of the new configuration.
356
Copyright © 2008 Gecad Technologies S.A.
http://www.axigen.com
AXIGEN System Administrator's Manual
Setting explicit permissions at domain level Check the Explicit domain permissions section for a list of the already defined domain permissions for the configured administrative user. Should you like to edit or delete any of the existing permissions, use the corresponding Change and Remove options. Clicking on the Change button will result in changing the permission from Allow to Deny or back, as the case may be.
Should you like to delete all permissions relative to a certain service just hit the Remove all button. To add new server permissions for the configured administrative user click on the Add server permission button and fill in the requested details.
357
Copyright © 2008 Gecad Technologies S.A.
http://www.axigen.com
AXIGEN System Administrator's Manual
Adding domain permissions
Click on the Add domain permission button, then use the available drop-down menus to configure the new permission by choosing the service and action relative to the selected module. Available actions are: Allow and Deny. Hit the Quick Add button to finalize the adding of the new configuration.
Effective permissions
Check the Effective Permissions section for complete information about the permissions available for the configured administrative user at different levels (resources): server, any domain, a specific domain.
358
Copyright © 2008 Gecad Technologies S.A.
http://www.axigen.com
AXIGEN System Administrator's Manual
9.11.3. Domain Admin Limits Configuration
The Administration Rights > Domain Admin Limits tab allows you to set the domain level limits or restrictions to be applied to the administrative users with permissions on the respective domain.
Domain Admin Limits When first accessing this tab a list of the available domains is displayed, in alphabetical order. To quickly locate a certain domain use the Domain Search option available in the upper right corner. This field enables you to search by the name of the domain, on a filter as you type basis.
To configure the parameters relative to the limits and restrictions set at domain level for specific administrative users hit the Configure button. This will lead you to a new page, Configure Admin Limits, with several fields to be filled in with the corresponding parameters.
The Configure Domain Admin Limits sub-page
Services In the Services section you can limit the list of services that can be allowed by delegated administrators for this domain. To allow or deny any of the listed services hit the corresponding options available on the right hand of the screen: Allowed, respectively Denied. In the displayed example delegated admins for the configured domain have administration rights for all corresponding services except IMAP.
359
Copyright © 2008 Gecad Technologies S.A.
http://www.axigen.com
AXIGEN System Administrator's Manual
Accounts and Account Classes
Use the options under the Accounts/Account Classes section to restrict the value ranges within which the delegated administrators of this domain can operate at account/account class level. You can set limits for the following: total number of accounts and account classes, total number of folders, total number of messages in all folders, total mailbox size limitation, total number of messages per folder, as well as a maximum ranges for each folder size.
Use the up and down arrows to configure the necessary values and, where needed, the drop-down menu to select the corresponding measurements, KB, MB or GB, for the specified limitations.
Groups
To restrict the number of groups an admin of this domain can create check the box in front of the option under Groups, then use the up and down arrows to specify the desired values.
360
Copyright © 2008 Gecad Technologies S.A.
http://www.axigen.com
AXIGEN System Administrator's Manual
Mailing Lists
Use the options under the Mailing Lists section to restrict the value ranges in which the delegated administrators of this domain can operate at mailing list level. Check the boxes in front of the displayed options and then use the up and down arrows to specify the parameters relative to the number of mailing lists, total number of folders, total number of messages in all folders, total mailbox size, total number of messages per folder, as well as the maximum size for each folder.
Public Folders
361
Copyright © 2008 Gecad Technologies S.A.
http://www.axigen.com
AXIGEN System Administrator's Manual
Use the options under Public Folders section to restrict the value ranges in which the delegated administrators of this domain can operate at public folder level. Check the boxes in front of the displayed options and then use the up and down arrows to specify the parameters relative to the maximum number of email addresses per public folder, total number of folders, total number of messages in all folders, the total mailbox size and total number of messages per folder, as well as the maximum size for each public folder.
When you are done configuring these parameters hit the Save Configuration button to preserve the newly-specified values.
9.12. TCP Listeners and Control Rules AXIGEN Mail Server can use different Listeners for its TCP services (SMTP Receiving, POP3, IMAP, WebMail, WebAdmin, CLI and FTP Backup& Restore) and UDP services (Log and Reporting).
Listeners are network points of entry associated with an interface address and port number that grant access to a specific TCP or UDP service.
Listeners add extra flexibility and configurability to each AXIGEN service as they can be used to grant differentiated access to the same services for different categories of users (e.g users within a specific domain). Moreover, listeners can be associated with a variety of rules that allow defining specific limitations for connections coming from IPs within specified IP sets.
Listeners can be defined, using various parameters corresponding to that TCP service, from the configuration file (as of type "TcpListener" OBJECT-SET) or through WebAdmin (the web configuration interface). UDP service listeners have fewer parameters associated as connection related parameters do not apply to them.
For more information, please check the following pages:
• Listeners • Access and Flow Control Rules
362
Copyright © 2008 Gecad Technologies S.A.
http://www.axigen.com
AXIGEN System Administrator's Manual
9.12.1. Listeners
In AXIGEN, it is possible to configure TCP listeners for all TCP services: SMTP Receiving, POP3, IMAP, WebMail, WebAdmin, FTP Back-up&Restore, and CLI.
To access listener configuration in WebAdmin, first click on the service tab (SMTP Receiving, POP3, IMAP, WebMail, WebAdmin, FTP Back-up&Restore or CLI). A list of the already defined listeners (if any) will be displayed under the dedicated section Listeners, sorted by their IP addresses.
Editing one of the existing listeners will result in accessing two configuration pages: General and SSL Settings. The same pages will also be displayed when hitting the Add Listener button and choosing the Advanced Config option.
Example: SMTP Receiving listeners
No matter if you are adding or editing a listener, no matter on what service tab you are on, the same parameters are available in two dedicated pages: General and SSL Settings.
9.12.1.1. Configuring General Parameters
The General page enables system administrators to set a list of general parameters relative to the listener being configured such as the listener bind address, connection parameters, access control rules.
General settings
363
Copyright © 2008 Gecad Technologies S.A.
http://www.axigen.com
AXIGEN System Administrator's Manual
To enable the currently configured listener check the box in front of the Enable this listener option. To edit or specify the listener address use the IP related text boxes. Listeners are uniquely identified by their address attribute. Two or more listeners cannot have the same address value - only the first object correctly defined is considered. This will be the IP address followed by a colon and the port number.
Flow control
Within the Flow Control section you can enforce global access limitations to this listener by setting the maximum number of: simultaneous connections, concurrent connections from each remote IP address, new connections made in a defined time interval and connections from each remote IP address in a defined time interval. The default time interval is set to 1 minute. Use the up and down arrows and drop-drown menus to specify the necessary parameters and time values.
Note: • You can also set up Flow Control for specific IP sets by creating Access Rules for this listener.
Access Control
Under Access Control you can define simple access lists to restrict the access to this service trough the defined listener. By clicking the Add Rule button addresses can be entered in a Network/Mask, Single IP address or IP Range format and the actions that can be taken are Allow and Deny.
Further use the up and down arrows (next to the Delete button) to set priorities between the rules and click the Flow Control button in order to enforce global access limitations to the rule, using the same options as the ones described in the above section. All defined listeners
364
Copyright © 2008 Gecad Technologies S.A.
http://www.axigen.com
AXIGEN System Administrator's Manual
have created by default a rule allowing any IP address if no other rules match Service Rules.
Note: • Listener level access rules will override for this listener any existing global access rules and service access rules.
Other settings
An inactivity period threshold can be defined for connections made to this listener to ensure that unused resources will be free and used to provide access for other clients. Check the box in front of the option under Other and then use the up and down arrows and drop-down menu to specify the time limit.
For a general description of listeners and their usage in AXIGEN see the Listeners sub-section in the Architecture chapter.
9.12.1.2. SSL Parameters for Listeners
For each TCP listener created you can enable SSL support and further configure SSL settings using the SSL Settings page. AXIGEN implements OpenSSL compliant SSL settings for all TCP listeners.
SSL configuration
This context allows you to configure the SSL settings for this listener. To enable the SSL on the configured listener check the box in front of the Enable SSL for this listener option.
Use the checkboxes available under the Allow the following SSL versions section to specify the SSL versions to be used by AXIGEN Mail Server. Possible values are: SSL2, SSL3 and TLS1. While SSL 3 and TLS1 are the most recent versions you can use any combination of these you may find useful. All three versions are enabled by default.
Path to certificate file/authorities For all SSL / TLS connections a certificate file (containing the certificate chain used for the current listener) is a mandatory field that must be addressed with the use of the Path to certificate file attribute. The certificate chain refers to a chain of intermediate certificate issuers, that is, Certificate Authority certificates that are followed while verifying the remote server certificate.
365
Copyright © 2008 Gecad Technologies S.A.
http://www.axigen.com
AXIGEN System Administrator's Manual
By default, on all supported operating systems and platforms AXIGEN's initscript will create, at first run, a self-signed certificate automatically saved in the data directory with the axigen_cert.pem name.
If you have another certificate file, provided by an authority, you can enter the path to this certificate and also provide the Path to certificate authorities. AXIGEN must be able to access these locations.
Additional attributes such as the Path to DH (Diffie-Hellman) parameter, Max chain verification depth, Cipher suite, Ephemeral Key and certificate-based authentication requests can be used for more specific implementations.
Use the Path to DH (Diffie-Hellman) parameter file to specify the path in local file system to the file containing the (OpenSSL) Diffie-Hellman parameter used by this listener. If keyword value "none" is used no file will be used. The Diffie-Hellman key agreement protocol (also called exponential key agreement) allows two users to exchange a secret key over an insecure medium without any prior secrets. Find more information about this protocol and how to configure this protocol, on the RSA Laboratories website.
Use the Max. chain verification depth field to specify the depth of verification for the certificate chain. The depth refers the maximum number of intermediate certificate issuers i.e. the maximum number of CA certificates which are allowed to be followed when verifying the remote server certificate. For instance, a depth of 1 means the remote server certificate can be self-signed or has to be signed by a CA which is directly known to the server. The default value of 4 means that 4 intermediate certificate issuers are accepted.
AXIGEN implements cipher suites active in OpenSSL, except for idea, rc5 and mdc2. Click here to see the corresponding OpenSSL documentation file listing ciphers and their OpenSSL equivalents.
Tick the Use ephemeral key check-box to specify whether ephemeral keys should be used or not. This option allows generating ephemeral keys which actually transform all keys exchanged during one connection session into ephemeral keys (valid only for the current connection).
Use the Request certificate-based authentication from client option to specify if client certificate-based authentication should be requested or not.
When you are done configuring these parameters remember to hit the Save Configuration button to preserve your changes.
366
Copyright © 2008 Gecad Technologies S.A.
http://www.axigen.com
AXIGEN System Administrator's Manual
9.12.2. Access and Flow Control Rules
For each TCP service you can define Access and Flow Control rules to impose limitations on accepted connections. Configuration parameters are identical for all TCP services.
Example: Access Control rules for the SMTP Receiving module
Service Level Use the options under Service Level to specify a set of rules for allowing specific IP addresses on the currently configured service. To edit/delete any of the already defined rules hit their corresponding Edit or Delete buttons, on the right hand side of the listener. To add a new rule use the Add Rule button.
Editing or adding a new rule will result in displaying the same configuration fields: the action to be taken for connections made through the configured parameter (choose between allowing or denying them the access) and the type of the connections the specified action will apply to (connections from single IP, an entire IP range, or Network/Mask).
Use the drop-down menus to select the allowed/denied connections and fill in the corresponding IP values. To enable the newly-configured rule check the box in front of the Enable this rule option, then hit the Save rule button.
Further use the up and down arrows (next to the Delete button) to set priorities between the rules and click the Flow Control button in order to enforce global access limitations to the rule, using the same options as the ones described in the section below. All TCP services have created by default a rule allowing any IP address.
367
Copyright © 2008 Gecad Technologies S.A.
http://www.axigen.com
AXIGEN System Administrator's Manual
Flow Control
Within the Flow Control section you can enforce global access limitations to this listener by setting the maximum number of: simultaneous connections, concurrent connections from each remote IP address, new connections to the listener made in a defined time period and maximum connections from each remote IP address in a defined time interval. The default time interval is set to 1 minute.
Use the up and down arrows and drop-down menus to specify the desired parameters and values.
Note: You can also find the same configuration options in the Access Control section of the Configuring General Parameters page; the first out of the two pages available when wishing to make the editing or the advanced configuration of a listener.
After making the configurations hit the Save Configuration button to preserve your changes.
368
Copyright © 2008 Gecad Technologies S.A.
http://www.axigen.com
AXIGEN System Administrator's Manual
Chapter 10. Configuring AXIGEN using CLI The Command Line Interface (in short CLI) is an interface for configuring AXIGEN remotely. In order to do that, a socket will listen on a specified address for connections, thus the commands can be issued using common tools such as Telnet, Netcat, etc.
Service Description CLI is for AXIGEN another service, more precisely a TCP service, just like SMTP, IMAP, POP3, etc. The CLI service can be configured in its turn similarly to the other services, either by editing the configuration files or by using the remote configuration tools like CLI and WebAdmin. It has common parameters such as maxErrors, logLevel, etc. and also a list of listeners for configuring incoming connections.
The connection to the service must be authenticated using the default ‘admin’ username and the password previously set for it. For more details on how to set the admin password using the AXIGEN Configuration Wizard see this section. For details on how to set the admin password manually, please read this section. See Connecting to CLI for a detailed login procedure.
CLI is structured in contexts, each of them including a specific set of commands. CLI also uses a common set of commands. Each context provides commands allowing switching to the previous and next context and a HELP command to view the available commands at that specific location. When connected, the login context is activated and an username and password must be provided; after activation, the initial context becomes active. The initial context is the only one not having a name in the command prompt.
Commands are not case sensitive, meaning that you can enter HELP, help, Help, HeLP, it will still mean HELP. Also, when you need to assign values to parameters of certain commands, these values can be entered in 3 ways:
1. escaped 2. quoted 3. double quoted.
This is useful when entering regular expressions and spaces and is very similar to the way the strings are entered in unix bash.
1. escaped string: in this form, the string cannot contain not printable characters, and the characters that must be escaped with a backslash are: spaces, quotes and double-quotes.
2. quoted string: (e.g.: 'something') in this form, the string will preserve the literal value of each character within the quotes. A single quote may not occur between single quotes, even when preceded by a backslash
3. double quoted string: (e.g. "something"): in this form, the string will behave just like in the escaped form, ignoring the backslash before any character. The difference is that all the characters, including non-printables, are accepted and that the spaces and single quotes need not be escaped.
In the escaped and double-quoted form, the backslash character must be escaped in order to have a backslash as a result. The CLI parent / child contexts follow the structure of the configuration file where some objects are children of other parent objects. In general, a context that uses COMMIT for saving changes is considered a parent and a context that uses DONE for saving changes is considered a child.
369
Copyright © 2008 Gecad Technologies S.A.
http://www.axigen.com
AXIGEN System Administrator's Manual
Contexts are, with a few exceptions, associated with configuration objects that appear in the config file.
The notion of key parameter-value pair is related to the primary key concept. It uniquely identifies an object in a list of objects. The key value cannot be changed if the context was created using an ADD command.
The configuration contexts corresponding config objects (like server, all services, etc.) update only when entering and leaving the respective context and when one of the reset commands is issued. Thus, if anything is changed using another version of CLI or WEBADMIN, the change will be present only when leaving and entering the context again or after a reset command is issued.
When leaving the context using COMMIT and the commit fails, update of the context is NOT performed. This happens because any modifications made before commit would be lost. As a result, invalid settings may appear to exist in config. If you want to reset the configuration for that context, issue a CANCEL or a RESET command.
Any changes made to a TCP service like: CLI, WEBMAIL, WEBADMIN, etc. affect only new connections to that service and not the active ones.
The sub-sections of this chapter contain the following:
• Special Contexts - the most important contexts in CLI are explained • Common commands - commands used in all AXIGEN contexts • Context Specific Commands - a list of all contexts and commands available in CLI
you can use for reference to see all the different operations you can perform using CLI
Important! Within all CLI contexts and commands, the term "Script Filters" refers to Message rules, "Socket Filters" refers to Antivirus/Antispam Filters, while "SMTP Filters" generically defines Message Acceptance, Processing and Relay Policies.
10.1. Special Contexts
The action of each command may differ in specific contexts that represent exceptions to the general behavior. As said before, some contexts have additional commands that have an exceptional character. Thus a detailed overview of each context is presented below.
Login Context prompt: <login> parent: none
The login context is used only for authentication and has the following commands: HELP, USER, EXIT/QUIT, SET. The USER command usage is USER <username>.
This context is associated with the maxAuthErrors config parameter: when this parameter is exceeded, the connection is closed; the maxAuthCommands parameter also applies to this context: if the number of commands issued is greater (with or without error), the connection is closed.
In this context, global options can be set. The CONSOLE-CODES option allows console codes used for colors to be turned on/off. The QUIET option, if set to on, will display in all contexts and with all commands only the minimum amount of text needed to present the information, thus making the output script friendly.
370
Copyright © 2008 Gecad Technologies S.A.
http://www.axigen.com
AXIGEN System Administrator's Manual
WARNING: If the CONSOLE_CODES option is set to off, the password will also be visible in the command line (not applicable if connecting through a script).
Initial Context prompt: <#> parent: none
The initial context is the starting point of configuring the server. Here, several actions can be started: domain configuration (including accounts and lists), server configuration and also reports can be viewed. Also, the Commands context is accessible from here where some commands can be issued to the server.
This context does not have COMMIT/DONE or CANCEL commands because it is the first context. It neither has SHOW without parameters because it is not related to any config object.
From the Initial context, we can access the REPORTING, MIGRATION and COMMANDS contexts which are detailed below. The LIST DOMAINDATA command is here because a domain database location must be provided when adding a domain.
The ADD DOMAIN command, takes 2 parameter-value pairs, one for setting the domain name and one for specifying in which domain database location the domain should be created.
Reporting Context prompt: <reporting#> parent: Initial
This context is for viewing various reports for the server. It has the BACK command for switching back to the Initial context but does not have COMMIT/DONE because it is a read-only context.
The commands available are: VIEW CONTORS with a parameter of all, others and domain. If domain is the parameter, a value must be specified, that is, a list of domains separated by '+'. The list must be in double quoted format. Another command is VIEW QUEUE which displays a snapshot of the mail queue and information on the emails in processing stage.
The VIEW CONTORS domain command, makes a sum of all counter of the domains given as parameters. If a domain does not exist, it will not be counted in the sum. This means, to an extent, that if the list is made of one or more domains that do not exist, the list will show for all counters, a value of 0.
Server Context prompt: <server#> parent: Initial
The server context is where the server configuration is started. It has commands for entering the configuration context of every service for configuring filters and domain database locations, etc.
It has the common commands CANCEL, COMMIT, HELP, QUIT/EXIT, and SHOW. The SHOW command will show the value parameters of the server like services, primaryDomain, etc. In the case of the services parameter, it will show the services started but it is updated only when the server context is entered or left with commit or cancel. So if a service was stopped while in the server context, it will not show up stopped.
371
Copyright © 2008 Gecad Technologies S.A.
http://www.axigen.com
AXIGEN System Administrator's Manual
The SET command, will set the one or more param-value pairs that are given as parameters. In the case of the services value parameter, it will stop or start the services only when COMMIT is issued. If CLI is removed from the list of services, it will be stopped at COMMIT but it will show up as started when SHOW is issued.
The ADD FILTER command, takes 3 parameter-value pairs because the respective values are required.
The commands for configuring the services are CONFIG <SERVICE_NAME> and the context will switch to the one corresponding to that specific service.
From this context domains database locations can be managed. Thus there are functions to LIST, ADD, REMOVE, CREATE and DESTROY a domain database location. Before a location can be added, it must be created, otherwise the commit command will fail and no location will be added. The CREATE command, aside from the path, takes an additional parameter: an unique id that has to be from 0 to 255. It is impossible to add two locations with the same id on the server's list.
Commands Context prompt: <commands#> parent: Initial
The Commands context is a special context that allows the remote administrator to issue commands to the server. It has two sub-contexts, the Server and Storage contexts that will be described below.
Directly from the Commands context, the password for the CLI and WebAdmin sessions can be changed and the two sub-contexts can be entered.
As in the case of MIGRATION and REPORTING contexts, the COMMANDS context has the BACK command for switching back to the Initial context and does not have COMMIT/DONE commands.
Commands-Server Context prompt: <commands-server#> parent: Commands
The Server sub-context is used to issue server-related commands to AXIGEN. There is a command for trying to force all mail in the queue to be processed and/or sent, regardless of their rescheduled time. This command is FORCE QUEUE.
The command SAVE CONFIG, saves the configuration. If no parameter is given, it will be saved in the default location. If a path parameter is given, it will be saved in that location but for security reasons, a suffix will be added to the file. The SHOW CONFIG command will dump the configuration as it is written in the config file. This command is also available from the Initial and Initial-Server contexts.
The START/STOP service command will start/stop a service immediately without the need for COMMIT command as in the case where services are modified from the Initial-Server context.
Commands-Storage Context prompt: <commands-storage#> parent: Commands
This context allows several operations with the AXIGEN Storage System. The storage system is composed of Message Containers, where messages for a certain domain are kept.
372
Copyright © 2008 Gecad Technologies S.A.
http://www.axigen.com
AXIGEN System Administrator's Manual
The operations available are LIST containers, CHECK container, COMPACT container, LOCK container and UNLOCK container.
The LIST container command takes as parameter the domain name and lists all message containers available for that domain.
The LOCK and UNLOCK container commands, as their names suggest, lock and unlock the container given as parameter, meaning respectively that messages can or cannot be stored. These commands are useful when a snapshot of the container needs to be saved.
The CHECK container command, starts a check on the structure of a certain container. After a check is started, the status can be seen by issuing the LIST containers command.
The COMPACT container command, will start a defragmentation of the specified container and, similarly to CHECK, issuing the LIST command will show the status of the container.
The optional parameter priority, if set to high, will increase the speed of that operation but the container will be unavailable to any service, even for reading. The default value is low.
Migration Context prompt: <migration#> parent: Initial
The Migration context, allows messages to be migrated from other servers to AXIGEN. The common commands are the same as in the case of REPORTING and COMMANDS and it has one command with many parameters for migration.
The MIGRATE command will migrate all emails from an account on a remote server using the IMAP protocol. The migration is completed when the entire directory structure is migrated.
The mandatory domain and account parameters, will identify an account into which the messages will be migrated. The remoteHost, remotePort, remoteUser and remotePass parameters are self explanatory.
All the optional parameters have the default value of no. A complete list of commands available in each AXIGEN context is available in the CLI Context Specific Commands page.
10.2. Common commands The following commands are common to a subset of contexts: HELP, QUIT, EXIT, CANCEL, BACK, COMMIT|DONE, SHOW, LIST, SET, ADD, REMOVE, UPDATE, CONFIG, RESET.
Some of the commands described below apply only to a set of contexts, others apply to all contexts, and others have different flavors according to certain contexts. Below are listed only the common and most important commands used in CLI, but other commands are also available.
• HELP - the help command is present in all contexts, including Login and is used for displaying a list of available commands in that context
• QUIT - this command exits CLI. It is available from all contexts • EXIT - the same as QUIT • BACK - this command, cancels any changes (where it applies) and switches back to
the previous context. This is available from every context except Login and Initial. • COMMIT - this command saves the changes and also writes these changes to the
server configuration. This also includes the changes done in child contexts and saved with DONE. A switch back to the previous context is also done.
373
Copyright © 2008 Gecad Technologies S.A.
http://www.axigen.com
AXIGEN System Administrator's Manual
• DONE - this command saves the changes for a child context and switches back to the previous context but does not write anything to the server's configuration.
• SHOW - the SHOW command has two flavors, one without parameters, and in this case, the value parameters (that means not the children or child lists) are shown, and one with parameters, in this case, the value parameters of a child from a child list are shown. In both cases, there is an optional ATTR parameter which, if present, will only show the specified attribute.
• LIST - this command lists the members of a given child list in the form of a table. If the list has a separate context, some parameters are put in the table, otherwise all value parameters are present.
• SET - the SET command sets a value for a specified value parameter of the given object associated with the context (if there is one). To the SET command, one or several parameter-value pair can be given.
• ESET - the ESET command (SET Extended) enters a new context in which large amounts of data can be entered. The context can be left with <empty line> <.> <empty line>, the same as in the case of the SMTP protocol. This command is useful for parameters that require large amounts of text.
• ADD - This command has several flavors. The simplest one is for adding values to a value list. In this case, the parameter is the name of the value list and a value (for instance ADD nameserver ip). Another form is used to add objects to list of objects. This form has three versions: one that takes the list and the key parameter-value pair of the object and changes the context; another that is the same except it takes additional required parameter-value pairs; and one that takes the key param-value pair and other optional pairs and doesn't change context but directly adds the object to the list.
• UPDATE - This command changes an object from a list of objects. It is similar to add, except it does not apply to value lists.
• REMOVE - This usually takes as parameters the list name, and key param-value pair for object lists, and list name and value for value lists and as the name suggests, removes an object from a list. It does not change the context.
• CONFIG - The config command changes the context for configuring a child object. A child object is different form a list by the fact that it is a single object and it exists permanently. A list may have one, none or several objects.
• RESET - The RESET command will update the context to the active one on the server. This also means that any changes made to that part of the context will be lost. The reset command, depending on the parameter, will reset the value attributes, or a list of objects or values.
• ENTER - This command, changes a context, entering a sub-context. This usually applies to contexts unrelated to the object-child object configuration hierarchy.
The action of each command may differ in specific contexts that represent exceptions to the general behavior. As said before, some contexts have additional commands that have an exceptional character. Thus a detailed overview of each context is presented in the Special Contexts section.
10.3. Connecting to CLI To connect to AXIGEN command line interface (CLI), after installing AXIGEN with its default settings, please enter in your terminal, while logged as root: [root@example ~]# telnet 127.0.0.1 7000
In order to be able to connect to AXIGEN CLI, you should enable the CLI listener and connect to the correct IP:port address. You can verify the CLI listeners using the CLI > Listeners page in WebAdmin.
374
Copyright © 2008 Gecad Technologies S.A.
http://www.axigen.com
AXIGEN System Administrator's Manual
You should see a welcome message similar to the one below: Connected to <hostname> (127.0.0.1).
Escape character is '^]'.
Welcome to AXIGEN's Command Line Interface
You must login first. For a list of available commands, type HELP
<login>
Enter the username (admin) and password set in WebAdmin, for instance. A list of commands available in different contexts and sub-contexts of AXIGEN command-line interface is included in CLI Commands section.
10.4. Troubleshoot the CLI Connection If you cannot connect to CLI, please check if:
• You have enabled the CLI service (open the Server>Global Settings page in WebAdmin, for instance, CLI is enabled in the Running Services area)
• You have correctly configured the CLI listener (the list with the listeners currently defined in AXIGEN can be found in the CLI > Listeners page in WebAdmin; check if your listener is enabled);
• You’re connecting using the correct username: for the current version, please use the “admin” username and the password you have previously configured using WebAdmin and CLI.
10.5. Context Specific Commands This section lists all CLI contexts and their specific commands, as displayed in the Command Line Interface. You may use this list as reference to find out what operations you can perform using CLI.
Important! • All time attributes (timeouts and time intervals) are specified in seconds. • All data sizes are specified in KB.
Login Context <login> The commands available for the Login context are:
HELP - prints this help message EXIT/QUIT - exits CLI and closes connection to AXIGEN USER <user> - CLI username, (in this version only "admin" username is implemented) GET VERSION - gets the AXIGEN version SET CONSOLE-CODES on|off - sets the color and other console codes on/off SET QUIET off|on - enables/disables detailed information SHOW - shows the options for this context
Initial Context <#> The commands available for the Initial context are:
EXIT/QUIT - exits CLI and closes connection to AXIGEN HELP - prints this help message LIST Domains [wildcard (ex: domain*)] - lists the domains of this server
375
Copyright © 2008 Gecad Technologies S.A.
http://www.axigen.com
AXIGEN System Administrator's Manual
LIST Requests - lists the requests made for domain reqistration CLEAR Requests - clear the list of requests not pending SAVE CONFIG [<path>] - saves the server's running configuration (a suffix will be added) CONFIG SERVER - enters the Server context ENTER REPORTING - enters the Reporting context ENTER MIGRATION - enters the Migration context ENTER COMMANDS - enters the Commands context ENTER DEBUG - enters the Debug context CREATE Domain name <name> domainLocation <path> postmasterPasswd <pass> - creates a domain (changes context) REGISTER Domain domainLocation <path> - registers a domain to the server (changes context) UNREGISTER Domain name <domainName> - unregisters a domain from the server UPDATE Domain name <domainName> - updates a domain from the server (changes context) SHOW Domain name <domainName> [ATTR <param>] - shows the given domain
Server Context <server#>
The commands available for the Server context are:
EXIT/QUIT - exits CLI and closes connection to AXIGEN HELP - prints this help message BACK - cancels any changes made and switches back to the previous context COMMIT - commits the changes made in this context SHOW [ATTR <param>] - shows information about this context SAVE CONFIG [<path>] - saves the server's running configuration (a suffix will be added) SET [services (list of services)] - sets the services for the server SET [primaryDomain <name>] - sets the server's primary domain SET [sslRandomFile <file>] - sets file for entropy data used when generating random RESET - resets the service to the currently active configuration CONFIG LOG - enters the Log context CONFIG CLI - enters the CLI context CONFIG SMTP-INCOMING - enters the SMTP-Incoming context CONFIG SMTP-OUTGOING - enters the SMTP-Outgoing context CONFIG PROCESSING - enters the Processing context CONFIG POP3 - enters the POP3 context CONFIG IMAP - enters the IMAP context CONFIG WEBMAIL - enters the Webmail context CONFIG WEBADMIN - enters the Webadmin context CONFIG FTP-BACKUP - enters the FTP-Backup context CONFIG DNR - enters the DNR context CONFIG REPORT - enters the Report context
CONFIG FILTERS - enters the Filters context
376
Copyright © 2008 Gecad Technologies S.A.
http://www.axigen.com
AXIGEN System Administrator's Manual
CLI Context <server-cli#>
The commands available for the CLI context are:
EXIT/QUIT - exits CLI and closes connection to AXIGEN HELP - prints this help message BACK - cancels any changes made and switches back to the previous context COMMIT - commits the changes made in this context SHOW [ATTR <param>] - shows information about this context LIST Listeners - lists available listeners SET [maxErrors <maxErrors>] - sets max no. of wrong commands SET [maxAuthErrors <maxErrors>] - sets max no. of failed authentications SET [maxAuthCommands <maxCmds>] - sets max no. of commands that can be issued before authentication SET [maxConnThreads <maxThreads>] - sets max no. of threads handling the conn. SET [minConnThreads <minThreads>] - sets min no. of threads handling the conn. SET [logLevel <level>] - sets the service's logging level SET [logType <type>] - sets the service's logging type SET [logHost <host>] - sets the service's remote logging host RESET - resets the service to the currently active configuration ADD Listener address <address> - adds a listener to the service (changes context) UPDATE Listener address <address> - updates a listener from the service (changes context) REMOVE Listener address <address> - removes a listener from the service SHOW Listener address <address> [ATTR <param>] - shows the given listener
Listener context <server-(service_name)-listener#>
The commands available for the Listener context are:
EXIT/QUIT - exits CLI and closes connection to AXIGEN HELP - prints this help message BACK - cancels any changes made and switches back to the previous context COMMIT - commits the changes made in this context SHOW [ATTR <param>] - shows information about this context LIST AllowRules - lists the allow rules for this listener LIST DenyRules - lists the deny rules for this listener SET [address <address>] - sets the listener's address - only usable in an UPDATE operation SET [enable <yes|no>] - enable/disable the listener SET [maxConnections <maxConn>] - sets max number of connections SET [timeInterval <interval>] - sets the time interval SET [maxIntervalConnections <interval>] - sets max connections in time interval SET [peerMaxConnections <maxConnr>] - sets sets max connections no. from a single host SET [peerTimeInterval <interval>] - sets the time interval - single host SET [peerMaxIntervalConnections <interval>] - sets max connections in time interval - single host
377
Copyright © 2008 Gecad Technologies S.A.
http://www.axigen.com
AXIGEN System Administrator's Manual
SET [idleTimeout <timeout>] - sets the inactivity timeout SET [sslEnable <yes|no>] - enable/disable SSL on the listener CONFIG SSLCONTROL - enters the SslControl context ADD DenyRule ipSet <ipRange> [enable <yes|no>] [priority <priority>] - adds a deny rule to the listener(changes context) UPDATE DenyRule ipSet <ipRange> [enable <yes|no>] [priority <priority>] - updates a deny rule from the listener(changes context) REMOVE DenyRule ipSet <ipRange> - removes a deny rule from the listener SHOW DenyRule ipSet <ipRange> - shows the given rule ADD AllowRule ipSet <ipRange> - adds an allow rule to the listener(changes context) UPDATE AllowRule ipSet <ipRange> - updates an allow rule from the listener(changes context) REMOVE AllowRule ipSet <ipRange> - removes an allow rule from the listener SHOW AllowRule ipSet <ipRange> - shows the given rule
Allow Rule Context <server-(service_name)-listener-allowrule#>
The commands available for the AllowRule context are:
EXIT/QUIT - exits CLI and closes connection to AXIGEN HELP - prints this help message BACK - cancels any changes made and switches back to the previous context DONE - saves the changes and switches back to previous context SHOW [ATTR <param>] - shows information about this context SET [ipSet <ipSet>] - sets the ipSet parameter - only usable in an UPDATE operation SET [enable <yes|no>] - enable/disable the rule SET [priority <priority>] - sets the rule's priority SET [maxConnections <maxConn>] - sets max number of connections SET [timeInterval <interval>] - sets the time interval SET [maxIntervalConnections <interval>] - sets max connections in time interval SET [peerMaxConnections <maxConnr>] - sets sets max connections no. from a single host SET [peerTimeInterval <interval>] - sets the time interval - single host SET [peerMaxIntervalConnections <interval>] - sets max connections in time interval - single host
SSL Control Context <server-(service_name)-listener-sslcontrol#> The commands available for the SSLControl context are:
EXIT/QUIT - exits CLI and closes connection to AXIGEN HELP - prints this help message BACK - cancels any changes made and switches back to the previous context DONE - saves the changes and switches back to previous context SHOW [ATTR <param>] - shows information about this context SET [allowedVersions (version list)] - sets SSL versions allowed SET [maxChainDepth <maxDepth>] - sets max depth of verification SET [chipherSuite <chipher>] - sets the chipher suite to be used
378
Copyright © 2008 Gecad Technologies S.A.
http://www.axigen.com
AXIGEN System Administrator's Manual
SET [useEphemeralKey <yes|no>] - use/not use ephemeral keys SET [certFile <file>] - sets path for certification chain file SET [caFile <file>] - sets path for certificate authorities file SET [dhParamFile <file>] - sets path to Diffie-Hellman param file SET [requestClientAuth <yes|no>] - request/not request client authentication
Log Context <server-log#>
The commands available for the Log context are:
EXIT/QUIT - exits CLI and closes connection to AXIGEN HELP - prints this help message BACK - cancels any changes made and switches back to the previous context COMMIT - commits the changes made in this context SHOW [ATTR <param>] - shows information about this context LIST Listeners - lists available listeners LIST Rules - lists rules SET [logLevel <level>] - sets the service's logging level SET [logType <type>] - sets the service's logging type SET [logHost <host>] - sets the service's remote logging host RESET - resets the service to the currently active configuration ADD Listener address <address> - adds a listener to the service (changes context) UPDATE Listener address <address> - updates a listener from the service (changes context) REMOVE Listener address <address> - removes a listener from the service SHOW Listener address <address> [ATTR <param>] - shows the given listener ADD Rule priority <priority> - adds a rule (changes context) UPDATE Rule priority <priority> - updates a rule (changes context) REMOVE Rule priority <priority> - removes a rule SHOW Rule priority <priority> [ATTR <param>] - shows the given rule
Rule Context <server-log-rule#> The commands available for the Rule context are:
EXIT/QUIT - exits CLI and closes connection to AXIGEN HELP - prints this help message BACK - cancels any changes made and switches back to the previous context DONE - saves the changes and switches back to previous context SHOW [ATTR <param>] - shows information about this context SET [priority <priority>] - sets the rule's priority - only usable in an UPDATE operation SET [hostname <hostname>] - sets hostname of the user of this rule SET [module <module>] - sets module of the user of this rule SET [logLevel <level>] - sets the log level SET [fileName <name>] - sets the name of the destination file SET [fileSize <size>] - sets the maximum duration the destination file is used in seconds
379
Copyright © 2008 Gecad Technologies S.A.
http://www.axigen.com
AXIGEN System Administrator's Manual
SET [fileTime <time>] - sets the maximum duration the destination file is used in seconds SET [fileCount <count>] - sets the maximum number of old (saved) files kept SET [rotatePeriod <period>] - sets the period after which a file change is forced (choice:day|week|month)
SMTP-Incoming Contxt <server-smtpIncoming#>
The commands available for the SMTP-Incoming context are:
EXIT/QUIT - exits CLI and closes connection to AXIGEN HELP - prints this help message BACK - cancels any changes made and switches back to the previous context COMMIT - commits the changes made in this context SHOW [ATTR <param>] - shows information about this context LIST Listeners - lists available listeners SET [maxErrors <maxErrors>] - sets max no. of wrong commands SET [maxAuthErrors <maxErrors>] - sets max no. of failed authentications SET [maxConnThreads <maxThreads>] - sets max no. of threads handling the conn. SET [minConnThreads <minThreads>] - sets min no. of threads handling the conn. SET [logLevel <level>] - sets the service's logging level SET [logType <type>] - sets the service's logging type SET [logHost <host>] - sets the service's remote logging host SET [maxReceivedHeaders <maxHeaders>] - sets max no. of received headers for a mail RESET - resets the service to the currently active configuration ADD Listener address <address> - adds a listener to the service (changes context) UPDATE Listener address <address> - updates a listener from the service (changes context) REMOVE Listener address <address> - removes a listener from the service SHOW Listener address <address> [ATTR <param>] - shows the given listener
SMTP-Outgoing Context <server-smtpOutgoing#>
The commands available for the SMTP-Outgoing context are:
EXIT/QUIT - exits CLI and closes connection to AXIGEN HELP - prints this help message BACK - cancels any changes made and switches back to the previous context COMMIT - commits the changes made in this context SHOW [ATTR <param>] - shows information about this context SET [maxConnThreads <maxThreads>] - sets max no. of threads handling the conn. SET [minConnThreads <minThreads>] - sets min no. of threads handling the conn. SET [logLevel <level>] - sets the service's logging level SET [logType <type>] - sets the service's logging type SET [logHost <host>] - sets the service's remote logging host RESET - resets the service to the currently active configuration
380
Copyright © 2008 Gecad Technologies S.A.
http://www.axigen.com
AXIGEN System Administrator's Manual
Processing Context <server-processing#>
The commands available for the Processing context are:
EXIT/QUIT - exits CLI and closes connection to AXIGEN HELP - prints this help message BACK - cancels any changes made and switches back to the previous context COMMIT - commits the changes made in this context SHOW [ATTR <param>] - shows information about this context SET [maxSchedInterval <maxInterval>] - sets max interval for rescheduling a mail SET [schedInterval <interval>] - sets interval for rescheduling queue checking SET [maxRetryCount <count>] - sets max no. of times for trying to deliver SET [queuePath <path>] - sets path to internal server queue SET [queueEntryCount <count>] - sets upper limit for no. of subdirectories in queue SET [deliveryThreads <threads>] - sets no. of threads handling SMTP delivery SET [logLevel <level>] - sets the service's logging level SET [logType <type>] - sets the service's logging type SET [logHost <host>] - sets the service's remote logging host SET [procQueueSize <size>] - sets the size of internal processing queue SET [messagesPerSecond <no>] - sets the maximum number of messages a mail box can receive in one second SET [disableInterval <no>] - sets the time interval a mail box will be disabled if messagesPerSecond limit is exceded RESET - resets the service to the currently active configuration
POP3 Context <server-pop3#> The commands available for the POP3 context are:
EXIT/QUIT - exits CLI and closes connection to AXIGEN HELP - prints this help message BACK - cancels any changes made and switches back to the previous context COMMIT - commits the changes made in this context SHOW [ATTR <param>] - shows information about this context LIST Listeners - lists available listeners SET [maxErrors <maxErrors>] - sets max no. of wrong commands SET [maxAuthErrors <maxErrors>] - sets max no. of failed authentications SET [maxConnThreads <maxThreads>] - sets max no. of threads handling the conn. SET [minConnThreads <minThreads>] - sets min no. of threads handling the conn. SET [logLevel <level>] - sets the service's logging level SET [logType <type>] - sets the service's logging type SET [logHost <host>] - sets the service's remote logging host SET [allowStartTLS <yes|no>] - allow|not allow secure connections (STLS command) RESET - resets the service to the currently active configuration ADD Listener address <address> - adds a listener to the service (changes context)
381
Copyright © 2008 Gecad Technologies S.A.
http://www.axigen.com
AXIGEN System Administrator's Manual
UPDATE Listener address <address> - updates a listener from the service (changes context) REMOVE Listener address <address> - removes a listener from the service SHOW Listener address <address> [ATTR <name>] - shows the given listener
IMAP Context <server-imap#> The commands available for the IMAP context are:
EXIT/QUIT - exits CLI and closes connection to AXIGEN HELP - prints this help message BACK - cancels any changes made and switches back to the previous context COMMIT - commits the changes made in this context SHOW [ATTR <param>] - shows information about this context LIST Listeners - lists available listeners SET [maxErrors <maxErrors>] - sets max no. of wrong commands SET [maxAuthErrors <maxErrors>] - sets max no. of failed authentications SET [maxConnThreads <maxThreads>] - sets max no. of threads handling the conn. SET [minConnThreads <minThreads>] - sets min no. of threads handling the conn. SET [logLevel <level>] - sets the service's logging level SET [logType <type>] - sets the service's logging type SET [logHost <host>] - sets the service's remote logging host SET [allowStartTLS <yes|no>] - allow/not allow secure connections SET [secureConnAuthTypes <types>] - sets types of authentication on secure conn. SET [plainConnAuthTypes <types>] - sets types of authentication on plain conn. SET [secureConnAllowLogin <yes|no>] - allow/not allow plain text login on secure conn. SET [plainConnAllowLogin <yes|no>] - allow/not allow plain text login on plain conn. RESET - resets the service to the currently active configuration ADD Listener address <address> - adds a listener to the service (changes context) UPDATE Listener address <address> - updates a listener from the service (changes context) REMOVE Listener address <address> - removes a listener from the service SHOW Listener address <address> [ATTR <param>] - shows the given listener
Webmail Context <server-webmail#>
The commands available for the Webmail context are:
EXIT/QUIT - exits CLI and closes connection to AXIGEN HELP - prints this help message BACK - cancels any changes made and switches back to the previous context COMMIT - commits the changes made in this context SHOW [ATTR <param>] - shows information about this context LIST Listeners - lists available listeners LIST UrlRedirects - lists the rules used for secure login LIST HostNameResolvers - lists the hostname resolvers
382
Copyright © 2008 Gecad Technologies S.A.
http://www.axigen.com
AXIGEN System Administrator's Manual
SET [maxErrors <maxErrors>] - sets max no. of wrong commands SET [maxAuthErrors <maxErrors>] - sets max no. of failed authentications SET [maxConnThreads <maxThreads>] - sets max no. of threads handling the conn. SET [minConnThreads <minThreads>] - sets min no. of threads handling the conn. SET [logLevel <level>] - sets the service's logging level SET [logType <type>] - sets the service's logging type SET [logHost <host>] - sets the service's remote logging host SET [path <path>] - sets the location of HSP files SET [sessionIdleTimeout <timeout>] - sets the inactivity timeout SET [sessionActivityTimeout <timeout>] - sets maximum living time for a session SET [allowKeepAlive <yes|no>] - enables/disables persistent connection SET [allowLargeIncomingData <yes|no>] - enables/disables receiving incoming data after the limit is exceeded SET [httpHeadersMaxSize <size>] - sets the maximum allowed size for received HTTP headers SET [httpBodyMaxSize <size>] - sets the maximum allowed size for incoming HTTP body SET [uploadMaxSize <size>] - sets the maximum allowed size for incoming upload data SET [showDomainList <yes|no>] - enables/disables displaying domains list at user login RESET - resets the service to the currently active configuration ADD Listener address <address> - adds a listener to the service (changes context) UPDATE Listener address <address> - updates a listener from the service (changes context) REMOVE Listener address <address> - removes a listener from the service SHOW Listener address <address> [ATTR <param>] - shows the given listener ADD HostNameResolver host <host> domain <domain> UPDATE HostNameResolver host <host> domain <domain> REMOVE HostNameResolver host <host> ADD UrlRedirect address <address> port <port> host <host> UPDATE UrlRedirect address <address> [port <port>] [host <host>] REMOVE UrlRedirect address <address>
Webadmin Context <server-webadmin#> The commands available for the Webadmin context are:
EXIT/QUIT - exits CLI and closes connection to AXIGEN HELP - prints this help message BACK - cancels any changes made and switches back to the previous context COMMIT - commits the changes made in this context SHOW [ATTR <param>] - shows information about this context LIST Listeners - lists available listeners LIST UrlRedirects - lists the rules used for secure login SET [maxErrors <maxErrors>] - sets max no. of wrong commands SET [maxAuthErrors <maxErrors>] - sets max no. of failed authentications
383
Copyright © 2008 Gecad Technologies S.A.
http://www.axigen.com
AXIGEN System Administrator's Manual
SET [maxConnThreads <maxThreads>] - sets max no. of threads handling the conn. SET [minConnThreads <minThreads>] - sets min no. of threads handling the conn. SET [logLevel <level>] - sets the service's logging level SET [logType <type>] - sets the service's logging type SET [logHost <host>] - sets the service's remote logging host SET [path <path>] - sets the location of HSP files SET [sessionIdleTimeout <timeout>] - sets the inactivity timeout SET [sessionActivityTimeout <timeout>] - sets maximum living time for a session SET [allowKeepAlive <yes|no>] - enables/disables persistent connection SET [allowLargeIncomingData <yes|no>] - enables/disables receiving incoming data after the limit is exceeded SET [httpHeadersMaxSize <size>] - sets the maximum allowed size for received HTTP headers SET [httpBodyMaxSize <size>] - sets the maximum allowed size for incoming HTTP body SET [uploadMaxSize <size>] - sets the maximum allowed size for incoming upload data RESET - resets the service to the currently active configuration ADD Listener address <address> - adds a listener to the service (changes context) UPDATE Listener address <address> - updates a listener from the service (changes context) REMOVE Listener address <address> - removes a listener from the service SHOW Listener address <address> [ATTR <param>] - shows the given listener ADD UrlRedirect address <address> port <port> host <host> UPDATE UrlRedirect address <address> [port <port>] [host <host>] REMOVE UrlRedirect address <address>
FTP Backup Context <server-ftpBackup#>
The commands available for the FTP-Backup context are:
EXIT/QUIT - exits CLI and closes connection to AXIGEN HELP - prints this help message BACK - cancels any changes made and switches back to the previous context COMMIT - commits the changes made in this context SHOW [ATTR <param>] - shows information about this context LIST Listeners - lists available listeners SET [maxErrors <maxErrors>] - sets max no. of wrong commands SET [maxAuthErrors <maxErrors>] - sets max no. of failed authentications SET [maxConnThreads <maxThreads>] - sets max no. of threads handling the conn. SET [minConnThreads <minThreads>] - sets min no. of threads handling the conn. SET [logLevel <level>] - sets the service's logging level SET [logType <type>] - sets the service's logging type SET [logHost <host>] - sets the service's remote logging host RESET - resets the service to the currently active configuration ADD Listener address <address> - adds a listener to the service (changes context)
384
Copyright © 2008 Gecad Technologies S.A.
http://www.axigen.com
AXIGEN System Administrator's Manual
UPDATE Listener address <address> - updates a listener from the service (changes context) REMOVE Listener address <address> - removes a listener from the service SHOW Listener address <address> [ATTR <param>] - shows the given listener
DNR Context <server-dnr#>
The commands available for the DNR context are:
EXIT/QUIT - exits CLI and closes connection to AXIGEN HELP - prints this help message BACK - cancels any changes made and switches back to the previous context COMMIT - commits the changes made in this context SHOW [ATTR <param>] - shows information about this context LIST Nameservers - lists the nameservers SET [timeout <timeout>] - sets the timeout SET [retries <retries>] - sets the number of retries SET [cacheSize <cacheSize>] - sets the cache size SET [logLevel <level>] - sets the service's logging level SET [logType <type>] - sets the service's logging type SET [logHost <host>] - sets the service's remote logging host RESET - resets the service to the currently active configuration ADD Nameserver priority <priority> - adds a nameserver to the service (changes context) UPDATE Nameserver priority <priority> - updates a nameserver from the service (changes context) REMOVE Nameserver priority <priority> - removes a nameserver from the service SHOW Nameserver priority <priority> [ATTR <param>] - shows the given nameserver
Name Server Context <server-dnr-nameserver#>
The commands available for the NameServer context are: EXIT/QUIT - exits CLI and closes connection to AXIGEN HELP - prints this help message BACK - cancels any changes made and switches back to the previous context DONE - saves the changes and switches back to previous context SHOW [ATTR <param>] - shows information about this context SET [priority <priority>] - sets the priority of the nameserver SET [address <address>] - sets the IP of the nameserver SET [timeout <timeout>] - sets the timeout for first DNS query SET [retries <retries>] - sets the maximum number of DNS queries retries
Report Context <server-report#>
The commands available for the Report context are:
EXIT/QUIT - exits CLI and closes connection to AXIGEN HELP - prints this help message BACK - cancels any changes made and switches back to the previous context
385
Copyright © 2008 Gecad Technologies S.A.
http://www.axigen.com
AXIGEN System Administrator's Manual
COMMIT - commits the changes made in this context SHOW [ATTR <param>] - shows information about this context SET [logLevel <level>] - sets the service's logging level SET [logType <type>] - sets the service's logging type SET [logHost <host>] - sets the service's remote logging host RESET - resets the service to the currently active configuration
Filters Context <server-filters#>
The commands available for the Filters context are:
EXIT/QUIT - exits CLI and closes connection to AXIGEN HELP - prints this help message BACK - switches back to the previous context LIST ScriptFilters - lists the script filters defined LIST SocketFilters - lists the socket filters defined LIST ActiveFilters - lists the active filters LIST Filters - lists all three categories of filters ADD ScriptFilter name <name> file <file> - adds a script filter (changes context) UPDATE ScriptFilter name <name> - updates a script filter (changes context) REMOVE ScriptFilter name <name> - removes a script filter from the listener SHOW ScriptFilter name <name> [ATTR <param>] - shows the given script filter ADD SocketFilter name <name> address <addr> protocolFile <file> - adds a socket filter (changes context) UPDATE SocketFilter name <name> - updates a socket filter (changes context) REMOVE SocketFilter name <name> - removes a socket filter from the listener SHOW SocketFilter name <name> [ATTR <param>] - shows the given socket filter ADD ActiveFilter priority <no.> filterName <name> filterType <type> - adds an active filter to the active filter list (changes context) UPDATE ActiveFilter priority <no.> - updates a filter (changes context) REMOVE ActiveFilter priority <no.> - removes a filter from the active filter list SHOW ActiveFilter priority <no.> [ATTR <param>] - shows the given filter
Script Filters Context <server-filters-script#>
The commands available for the ScriptFilter context are:
EXIT/QUIT - exits CLI and closes connection to AXIGEN HELP - prints this help message BACK - cancels any changes made and switches back to the previous context DONE - saves the changes and switches back to previous context SHOW [ATTR <param>] - shows information about this context SET [name <name>] - sets the name of the filter - only usable in an UPDATE operation SET [type <type>] - sets the type of the script filter SET [file <path>] - sets the path to the file where the script is located
386
Copyright © 2008 Gecad Technologies S.A.
http://www.axigen.com
AXIGEN System Administrator's Manual
Socket Filter Context<server-filters-socket#>
The commands available for the SocketFilter context are:
EXIT/QUIT - exits CLI and closes connection to AXIGEN HELP - prints this help message BACK - cancels any changes made and switches back to the previous context DONE - saves the changes and switches back to previous context SHOW [ATTR <param>] - shows information about this context SET [name <name>] - sets the name of the filter - only usable in an UPDATE operation SET [address <addr>] - sets the address of the filter, used to communicate with the filter SET [protocolFile <path>] - sets the path to the ASFL file that describes the communication protocol SET [idleTimeout <timeout>] - sets the inactivity timeout of the connection (in seconds) SET [actionOnMatch <action>] - sets the action to be taken in case the filter matches an email SET [maxConnections <no.>] - sets the maximum numnber of connections that will be made to the filter
Active Filter Context <server-filters-active#>
The commands available for the ActiveFilter context are:
EXIT/QUIT - exits CLI and closes connection to AXIGEN HELP - prints this help message BACK - cancels any changes made and switches back to the previous context DONE - saves the changes and switches back to previous context SHOW [ATTR <param>] - shows information about this context SET [priority <priority>] - sets the priority of the filter - only usable in an UPDATE operation SET [filterName <name>] - sets the name of the filter as defined in the socket/script object sets SET [filterType <type>] - sets type of the filter (to which object set belongs) SET [applyOnRelay <yes|no>] - specifies if a relay message will be filterd with this filter
Domain Context <domain#>
Important! When creating domains, one message storage location is recommended for each predicted 20GB of message occupied storage space. For larger spaces, additional message storage locations should be created to correspond to the number of 20GB storages you need. You can add multiple message storage locations using CLI only within the domain creation context. After creating the domain, additional locations cannot be added. The command to create multiple message storage locations is as follows: ADD MessagesLocation <path>
The commands available for the Domain context are:
EXIT/QUIT - exits CLI and closes connection to AXIGEN HELP - prints this help message BACK - cancels any changes made and switches back to the previous context
387
Copyright © 2008 Gecad Technologies S.A.
http://www.axigen.com
AXIGEN System Administrator's Manual
COMMIT - commits the changes made in this context SHOW [ATTR <param>] - shows information about this context LIST Aliases - lists aliases for current domain LIST Accounts [wildcard (ex: user*)] - lists accounts for current domain LIST Forwarders [wildcard (ex: user*)] - lists forwarders for current domain LIST FolderRcpts [wildcard (ex: user*)] - lists folder recipients for current domain LIST Lists [wildcard (ex: user*)] - lists mail lists for current domain SHOW RegistryInformation - shows registry information SET [name <name>] - sets the domain's name - only usable in an UPDATE operation SET [assignedIp <ip>] - sets the assigned ip SET [services (list of services)] - sets the services for this domain SET [showWebmailLogin <yes|no>] - enables/disables displaying this domain at Webmail login CONFIG MIGRATIONDATA - enters the migrationdata context CONFIG FILTERS - enters the filters context CONFIG PUBLIC-FOLDER - enters the Public Folder context CONFIG QUOTAS - enters the quotas context ADD Account name <name> passwd <passwd> - adds an account to the domain (changes context) UPDATE Account name <name> - updates an account from the domain (changes context) REMOVE Account name <name> - removes an account from the domain SHOW Account name <name> [ATTR <param>] - shows the given account ADD Forwarder name <name> - adds a forwarder to the domain (changes context) UPDATE Forwarder name <name> - updates a forwarder from the domain (changes context) REMOVE Forwarder name <name> - removes a forwarder from the domain SHOW Forwarder name <name> [ATTR <param>] - shows the given forwarder ADD FolderRcpt name <name> - adds a folder recipient to the domain (changes context) UPDATE FolderRcpt name <name> - updates a folder recipient from the domain (changes context) REMOVE FolderRcpt name <name> - removes a folder recipient from the domain SHOW FolderRcpt name <name> [ATTR <param>] - shows the given folder recipient ADD List name <listName> passwd <passwd> adminEmail <email> - adds a list to this domain changes context) UPDATE List name <listName> - updates a list from this domain (changes context) REMOVE List name <listName> - removes a list from this domain SHOW List name <listName> [ATTR <param>] - shows the given list ADD Alias <aliasName> - adds an alias for the domain REMOVE Alias <aliasName> - removes an alias from the domain
388
Copyright © 2008 Gecad Technologies S.A.
http://www.axigen.com
AXIGEN System Administrator's Manual
Fillters Context <parent_context-filters#>
The commands available for the Filters context are:
EXIT/QUIT - exits CLI and closes connection to AXIGEN HELP - prints this help message BACK - switches back to the previous context LIST ScriptFilters - lists the script filters defined LIST SocketFilters - lists the socket filters defined LIST ActiveFilters - lists the active filters LIST Filters - lists all three categories of filters ADD ScriptFilter name <name> file <file> - adds a script filter (changes context) UPDATE ScriptFilter name <name> - updates a script filter (changes context) REMOVE ScriptFilter name <name> - removes a script filter from the listener SHOW ScriptFilter name <name> [ATTR <param>] - shows the given script filter ADD SocketFilter name <name> address <addr> protocolFile <file> - adds a socket filter (changes context) UPDATE SocketFilter name <name> - updates a socket filter (changes context) REMOVE SocketFilter name <name> - removes a socket filter from the listener SHOW SocketFilter name <name> [ATTR <param>] - shows the given socket filter ADD ActiveFilter priority <no.> filterName <name> filterType <type> - adds an active filter to the active filter list (changes conte UPDATE ActiveFilter priority <no.> - updates a filter (changes context) REMOVE ActiveFilter priority <no.> - removes a filter from the active filter list SHOW ActiveFilter priority <no.> [ATTR <param>] - shows the given filter
Script Filter Context <parent_context-filters-script#>
The commands available for the ScriptFilter context are:
EXIT/QUIT - exits CLI and closes connection to AXIGEN HELP - prints this help message BACK - cancels any changes made and switches back to the previous context DONE - saves the changes and switches back to previous context SHOW [ATTR <param>] - shows information about this context SET [name <name>] - sets the name of the filter - only usable in an UPDATE operation SET [type <type>] - sets the type of the script filter SET [file <path>] - sets the path to the file where the script is located
SocketFilter Context /<parent_context-filters-socket#>
The commands available for the SocketFilter context are:
EXIT/QUIT - exits CLI and closes connection to AXIGEN HELP - prints this help message BACK - cancels any changes made and switches back to the previous context DONE - saves the changes and switches back to previous context SHOW [ATTR <param>] - shows information about this context
389
Copyright © 2008 Gecad Technologies S.A.
http://www.axigen.com
AXIGEN System Administrator's Manual
SET [name <name>] - sets the name of the filter - only usable in an UPDATE operation SET [address <addr>] - sets the address of the filter, used to communicate with the filter SET [protocolFile <path>] - sets the path to the ASFL file that describes the communication protocol SET [idleTimeout <timeout>] - sets the inactivity timeout of the connection (in seconds) SET [actionOnMatch <action>] - sets the action to be taken in case the filter matches an email SET [maxConnections <no.>] - sets the maximum numnber of connections that will be made to the filter
ActiveFilter Context <parent_context-filters-active#> The commands available for the ActiveFilter context are:
EXIT/QUIT - exits CLI and closes connection to AXIGEN HELP - prints this help message BACK - cancels any changes made and switches back to the previous context DONE - saves the changes and switches back to previous context SHOW [ATTR <param>] - shows information about this context SET [priority <priority>] - sets the priority of the filter - only usable in an UPDATE operation SET [filterName <name>] - sets the name of the filter as defined in the socket/script object sets SET [filterType <type>] - sets type of the filter (to which object set belongs)
Note: “parent_context” refers to any of the domain or account contexts.
Accounts Context <domain-account#>
The commands available for the Account context are:
EXIT/QUIT - exits CLI and closes connection to AXIGEN HELP - prints this help message BACK - cancels any changes made and switches back to the previous context COMMIT - commits the changes made in this context SHOW [ATTR <param>] - shows information about this context LIST Aliases - lists aliases for current account SHOW RegistryInformation - shows registry information SET [name <name>] - sets the account's name - only usable in an UPDATE operation SET [services (list of services)] - sets the services for this account SET [passwd <passwd>] - sets password for the account SET [firstName <firstName>] - sets the first name of the user SET [lastName <lastName>] - sets the last name of the user CONFIG WEBMAILDATA - enters the webmaildata context CONFIG FILTERS - enters the filters context CONFIG QUOTAS - enters the quotas context CONFIG LIMITS - enters the limits context SHOW ContactInfo [ATTR <param>] - shows the firstName and lastName parameters
390
Copyright © 2008 Gecad Technologies S.A.
http://www.axigen.com
AXIGEN System Administrator's Manual
ADD Alias <aliasName> - adds an alias for the account REMOVE Alias <aliasName> - removes an alias from the account
WebmailData Context <domain-account-webmaildata#> The commands available for the WebmailData context are:
EXIT/QUIT - exits CLI and closes connection to AXIGEN HELP - prints this help message BACK - cancels any changes made and switches back to the previous context DONE - saves the changes and switches back to previous context SHOW [ATTR <param>] - shows information about this context SET [skin <skin>] - sets the skin for webmail SET [pageSize <pageSize>] - sets page size SET [saveToSent <yes|no>] - sets keep a mail copy in "Sent" folder SET [deleteToTrash <yes|no>] - sets delete mail to trash SET [confirmMailDelete <yes|no>] - sets confirmation of mail delete SET [confirmFolderEmpty <yes|no>] - sets confirmation of empty folder SET [htmlFilterLevel <no.>] - sets the security level for a html mail body SET [signature <signature>] - sets the account's signature SET [language <language>] - sets the webmail's language
Quotas Context<domain-account-quotas#> The commands available for the Quotas context are:
EXIT/QUIT - exits CLI and closes connection to AXIGEN HELP - prints this help message BACK - cancels any changes made and switches back to the previous context DONE - saves the changes and switches back to previous context SHOW [ATTR <param>] - shows information about this context SET [mboxCount <count>] - sets the maximum number of folders SET [totalMessageCount <count>] - sets maximum number of messages in all folders SET [totalMessageSize <size>] - sets maximum size in KB of all messages in all folders SET [messageCount <count>] - sets default maximum number of messages in a folder SET [messageSize <size>] - sets default maximum size in KB of messages in a folder LIST Mboxes - list the available mboxes for this account SET MboxQuota mboxName <name> messageCount <count> messageSize <size> - sets quotas for a given mbox SHOW MboxQuota mboxName <name> - shows quotas for a given mbox
Limits Context<domain-account-limits#> help
The commands available for the Limits context are:
EXIT/QUIT - exits CLI and closes connection to AXIGEN HELP - prints this help message BACK - cancels any changes made and switches back to the previous context
391
Copyright © 2008 Gecad Technologies S.A.
http://www.axigen.com
AXIGEN System Administrator's Manual
DONE - saves the changes and switches back to previous context SHOW [ATTR <param>] - shows information about this context SET [sentMessagesCount <count>] - max. no. of mails a user can send in a specified interval SET [sentMessagesSize <size>] - max. size of mails a user can send in a specified interval SET [sentMessagesInterval <interval>] - specified interval in seconds SET [pop3ConnectionCount <count>] – SET [imapConnectionCount <count>] – SET [webmailRCPTCount <count>] - max. no. of recipients for an email conposed using Webmail SET [webmailSessionCount <count>] - webmail sessions number limit for an account SET [webmailAttSize <size>] - sets the attachments number limit for a composed mail SET [webmailAttCount <count>] - sets the size limit for a mail (body + attachments) SET [webmailMessageSize <size>] - sets the Webmail sessions number limit
Forwarder Context <domain-forwarder#>
The commands available for the Forwarder context are:
EXIT/QUIT - exits CLI and closes connection to AXIGEN HELP - prints this help message BACK - cancels any changes made and switches back to the previous context COMMIT - commits the changes made in this context SHOW [ATTR <param>] - shows information about this context LIST Addresses - lists addresses for current forwarder SHOW RegistryInformation - shows registry information SET [name <name>] - sets the forwarder's name - only usable in an UPDATE operation SET [enabled <yes|no>] - enables/disables the forwarder CONFIG FILTERS - enters the filters context ADD Address <address> - adds an address for the forwarder REMOVE Address <address> - removes an address from the forwarder
Folder Recipient Context <domain-folderRcpt#> The commands available for the Folder Recipient context are:
EXIT/QUIT - exits CLI and closes connection to AXIGEN HELP - prints this help message BACK - cancels any changes made and switches back to the previous context COMMIT - commits the changes made in this context SHOW [ATTR <param>] - shows information about this context SHOW RegistryInformation - shows registry information SET [name <name>] - sets the folder recipient's name - only usable in an UPDATE operation SET [enabled <yes|no>] - enables/disables the folder recipient SET [mboxName <name>] - sets the mbox name of this folder recipient) CONFIG FILTERS - enters the filters context
392
Copyright © 2008 Gecad Technologies S.A.
http://www.axigen.com
AXIGEN System Administrator's Manual
Lists Context<domain-list#>
The commands available for the List context are:
EXIT/QUIT - exits CLI and closes connection to AXIGEN HELP - prints this help message BACK - cancels any changes made and switches back to the previous context COMMIT - commits the changes made in this context SHOW [ATTR <param>] - shows information about this context LIST Users - lists available users for this list LIST RemoveHeaders - shows the list of headers that will be removed from a mail SHOW RegistryInformation - shows registry information SET [name <name>] - sets the list's name - only usable in an UPDATE operation SET [services (list of services)] - sets the services enabled for this list SET [passwd <string>] - sets the list's mailbox access password SET [subscribeRcpt <rcpt>] - sets the RCPT used for subscription SET [unsubscribeRcpt <rcpt>] - sets the RCPT used for unsubscription SET [requestRcpt <rcpt>] - sets the RCPT used for making a request SET [enabledRcpts (choice set)] - sets the RCPTs enabled for this list SET [description <description>] - sets the description of the list SET [adminConfirm <yes|no>] - sets the adminConfirm parameter SET [senderAllow <choice>] - sets the senderAllow parameter SET [moderate <choice>] - sets the moderate parameter SET [ctypeAllow <choice>] - sets the ctypeAllow parameter SET [adminEmail <email>] - sets the email for the admin
The following parameters' value describe text that will be inserted in the mail:
ESET addHeader - sets the the headers that will be added to the mail - enters text context ESET bodyBegin - sets the text that will be inserted before the body - enters text context ESET bodyEnd - sets the text that will be added to the body to the mail - enters text context
The following parameters' value describe text that will be included in the NDR:
ESET unknownCommand - sets the descrition of the error in case of a unknown command - enters text context ESET invalidUserName - sets the descrition of the error in case of an invalid user name - enters text context ESET notAUser - sets the descrition of the error in case the user does not belong to the list - enters text context ESET badConfirmation - sets the descrition of the error in case of a bad confirmation - enters text context ESET userAlreadySubscribed - sets the descrition of the error in case the user already exists - enters text context ESET invalidFormat - sets the descrition of the error in case of an invalid format - enters text context
393
Copyright © 2008 Gecad Technologies S.A.
http://www.axigen.com
AXIGEN System Administrator's Manual
The following parameters' value should be a RFC2822 compliant mail ESET requestNeedsConfirmation - sets the template that will ask the user for a confirmation - enters text context ESET requestNeedsAdminConfirmation - sets the template that will tell the user to wait for admin's confirmation - enters text context ESET autoRejectResponse - sets the template that will tell the user that his mail is rejected ESET welcome - sets the template that will tell the user that he has been created - enters text context ESET goodbye - sets the template that will tell the user that he has been deleted - enters text context ESET subscribeDenied - sets the template that will tell the user that he has not been created - enters text context CONFIG WEBMAILDATA - enters the webmaildata context CONFIG FILTERS - enters the filters context ADD User email <email> name <name> - adds an user to the list (changes context) UPDATE User email <email> - updates an user from the list (changes context) REMOVE User email <email> - removes an user from the list SHOW User email <email> [ATTR <param>] - shows an user from the list ADD RemoveHeader <name> - adds a header to the list of headers to be removed
REMOVE RemoveHeader <name> - removes a header from the list of headers to be removed
WebmailData Context <domain-list-webmaildata#>
The commands available for the WebmailData context are:
EXIT/QUIT - exits CLI and closes connection to AXIGEN HELP - prints this help message BACK - cancels any changes made and switches back to the previous context DONE - saves the changes and switches back to previous context SHOW [ATTR <param>] - shows information about this context SET [skin <skin>] - sets the skin for webmail SET [pageSize <pageSize>] - sets page size SET [saveToSent <yes|no>] - sets keep a mail copy in "Sent" folder SET [deleteToTrash <yes|no>] - sets delete mail to trash SET [confirmMailDelete <yes|no>] - sets confirmation of mail delete SET [confirmFolderEmpty <yes|no>] - sets confirmation of empty folder SET [htmlFilterLevel <no.>] - sets the security level for a html mail body SET [signature <signature>] - sets the account's signature
User Context<domain-list-user#>
The commands available for the User context are:
EXIT/QUIT - exits CLI and closes connection to AXIGEN HELP - prints this help message BACK - cancels any changes made and switches back to the previous context DONE - saves the changes and switches back to previous context
394
Copyright © 2008 Gecad Technologies S.A.
http://www.axigen.com
AXIGEN System Administrator's Manual
SHOW [ATTR <param>] - shows information about this context SET [email <email>] - sets the user's email - only usable in an UPDATE operation SET [name <name>] - sets the user's name
WebmailData Context <domain-webmaildata#>
The commands available for the WebmailData context are:
EXIT/QUIT - exits CLI and closes connection to AXIGEN HELP - prints this help message BACK - cancels any changes made and switches back to the previous context DONE - saves the changes and switches back to previous context SHOW [ATTR <param>] - shows information about this context SET [skin <skin>] - sets the skin for webmail SET [pageSize <pageSize>] - sets page size SET [saveToSent <yes|no>] - sets keep a mail copy in "Sent" folder SET [deleteToTrash <yes|no>] - sets delete mail to trash SET [confirmMailDelete <yes|no>] - sets confirmation of mail delete SET [confirmFolderEmpty <yes|no>] - sets confirmation of empty folder SET [htmlFilterLevel <no.>] - sets the security level for a html mail body
MigrationData Context <domain-migrationdata#>
The commands available for the MigrationData context are:
EXIT/QUIT - exits CLI and closes connection to AXIGEN HELP - prints this help message BACK - cancels any changes made and switches back to the previous context DONE - saves the changes and switches back to previous context SHOW [ATTR <param>] - shows information about this context SET [enable <yes|no>] - enables migration of accounts from this domain SET [remoteImapHost <host>] - sets the name of remote IMAP machine from which the domain's accounts are migrated SET [remoteImapPort <port>] - sets the IMAP server's port on the remote machine SET [remoteSmtpHost <host>] - sets the name of remote SMTP machine from which the domain's accounts are migrated SET [remoteSmtpPort <port>] - sets the SMTP server's port on the remote machine
PublicFolder Context <domain-publicFolder#>
The commands available for the Public Folder context are:
EXIT/QUIT - exits CLI and closes connection to AXIGEN HELP - prints this help message BACK - cancels any changes made and switches back to the previous context COMMIT - commits the changes made in this context SHOW [ATTR <param>] - shows information about this context LIST MBoxes - list the available mboxes SET [name <name>] - sets the name of the public folder
395
Copyright © 2008 Gecad Technologies S.A.
http://www.axigen.com
AXIGEN System Administrator's Manual
CONFIG QUOTAS - enters the quotas context ADD Mbox <name> - adds a mbox the Public Folder REMOVE Mbox <name> - removes a mbox from the Public Folder
Quotas Context <domain-publicFolder-quotas#>
The commands available for the Quotas context are:
EXIT/QUIT - exits CLI and closes connection to AXIGEN HELP - prints this help message BACK - cancels any changes made and switches back to the previous context DONE - saves the changes and switches back to previous context SHOW [ATTR <param>] - shows information about this context SET [mboxCount <count>] - sets the maximum number of folders SET [totalMessageCount <count>] - sets maximum number of messages in all folders SET [totalMessageSize <size>] - sets maximum size in KB of all messages in all folders SET [messageCount <count>] - sets default maximum number of messages in a folder SET [messageSize <size>] - sets default maximum size in KB of messages in a folder LIST Mboxes - list the available mboxes for this account SET MboxQuota mboxName <name> messageCount <count> messageSize <size> - sets quotas for a given mbox SHOW MboxQuota mboxName <name> - shows quotas for a given mbox
Quotas Context<domain-quotas#> The commands available for the Quotas context are:
EXIT/QUIT - exits CLI and closes connection to AXIGEN HELP - prints this help message BACK - cancels any changes made and switches back to the previous context DONE - saves the changes and switches back to previous context SHOW [ATTR <param>] - shows information about this context SET [mboxCount <count>] - sets the maximum number of folders SET [totalMessageCount <count>] - sets maximum number of messages in all folders SET [totalMessageSize <size>] - sets maximum size in KB of all messages in all folders SET [messageCount <count>] - sets default maximum number of messages in a folder SET [messageSize <size>] - sets default maximum size in KB of messages in a folder LIST Mboxes - list the available mboxes for this account SET MboxQuota mboxName <name> messageCount <count> messageSize <size> - sets quotas for a given mbox SHOW MboxQuota mboxName <name> - shows quotas for a given mbox
Reporting Context <reporting#> The commands available for the Reporting context are:
EXIT/QUIT - exits CLI and closes connection to AXIGEN HELP - prints this help message BACK - switches back to the previous context
396
Copyright © 2008 Gecad Technologies S.A.
http://www.axigen.com
AXIGEN System Administrator's Manual
VIEW QUEUE - displays queue information
Migration Context <migration#>
The commands available for the Migration context are:
EXIT/QUIT - exits CLI and closes connection to AXIGEN HELP - prints this help message BACK - switches back to the previous context MIGRATE - migrate command which has the following parameters: domain <domainName> - the domain name for migration account <accountName> - the account name for migration remoteHost <host> - the host of the migration server remotePort <port> - the port of the migration server remoteUser <imap-user> - the imap username of the migration server remotePass <imap-pass> - the imap password of the migration server [overrideQuota <yes|no>] - specifies if the mailbox quota should be overriden (default: no) [deleteOriginal <yes|no>] - enables/desables deletion of all migrated messages on the remote server [structureOnly <yes|no>] - enables migration of only the directory structure [verbose <yes|no>] - specifies if the command should be verbose (default: no)
WARNING! The migrate command, when the parameter overrideQuota is set to its "no" default, will migrate mails until the mailbox Quota is reached. If overrideQuota is set to yes, all the mails will be migrated but the mailbox Quota could be exceeded, in which case, the user will no longer receive any more mails.
Commands Context <commands#>
The commands available for the Commands context are: EXIT/QUIT - exits CLI and closes connection to AXIGEN HELP - prints this help message BACK - switches back to the previous context ENTER SERVER - enters the Server context SET passwd <password> - sets the admin password for CLI/Webadmin (max. 32 chars)
Server context <commands-server#>
The commands available for the Server context are:
EXIT/QUIT - exits CLI and closes connection to AXIGEN HELP - prints this help message BACK - switches back to the previous context SHOW Config - shows the entire server's running configuration SAVE CONFIG [<path>] - saves the server's running configuration (a suffix will be added) STOP service <name> - stops a certain service START service <name> - starts a certain service FORCE QUEUE - tries to force all mails in queue to be processed/sent
397
Copyright © 2008 Gecad Technologies S.A.
http://www.axigen.com
AXIGEN System Administrator's Manual
Chapter 11. Command Line Parameters for AXIGEN The following command line parameters are available in the current version of AXIGEN. These parameters are common to all platforms.
Display version Use the -v, --version command to print the version currently installed and exit.
Run in foreground Use the --foreground command to run the program in foreground.
Crash control Use the --drop-core command to specify the full path (maximum length is 256 characters) to an existing directory where to drop the core (section in memory containing relevant information about resident processes).
This is useful in case of errors causing the program to exit. No default value is set, meaning the core is not saved by default.
Process ID Use the -P, --pidfile command to specify the full path to pid file. The default value is /var/opt/axigen/run/axigen.pid (Linux/Solaris) or /var/axigen/run/axigen.pid (*BSD)
Path to configuration file Use the -C, --configfile command to specify the path where the server configuration file resides. Default value is:
• Linux/Solaris: /var/opt/axigen/run/axigen.cfg • *BSD: /var/axigen/run/axigen.cfg
Using mqview tool to view status for messages in the queue The AXIGEN queue contains for each message stored in the queue, besides the message itself, a file with a status report for the message. You can view the status report for the files currently in the AXIGEN queue using the mqview tool: /var/opt/axigen/queue/0F/S12BE (Linux/Solaris) /var/axigen/queue/0F/S12BE (*BSD)
Solution 1: cd /var/opt/axigen/queue/0F /opt/axigen/bin/mqview @ S12BE
Solution 2: /opt/axigen/bin/mqview /var/opt/axigen/queue 0F12BE
Each of these commands displays an output similar to the one below: johnd /var/opt/axigen/queue/00 # mqview @ S5F4E Mail Queue view of file : ../00/S5F4E ID : 005F4E State : RECEIVED Flags : 00 Last Data Version : 00 Number of RCPTs : 1 Next Send Schedule : As Soon As Possible
398
Copyright © 2008 Gecad Technologies S.A.
http://www.axigen.com
AXIGEN System Administrator's Manual
Retry Count : 0 Reverse Path : root@localdomain Authenticated Path: root@localdomain RCPT information for: johnd@localdomain State: RECEIVED Data Version: 00 Filter Info : Destination mbox: INBOX Failure Info : Local Delivery :
POP3 Authentication The next examples illustrate the usage of POP3 authentication system.
Example 1: The primary domain is 'primary.com', user 'john' has the mail address '[email protected]'. In order to authenticate itself, the POP3 client may use the following commands: USER john USER [email protected] [email protected] john md5digest APOP <john> md5digest APOP [email protected] md5digest
For secondary domains and their aliases, the POP3 clients must use the entire mail address.
Example 2: One of the secondary domains is 'secondary.com', user 'john1' has the mail address ’[email protected]’. In this case the authentication commands can be: USER [email protected] APOP [email protected] md5digest
399
Copyright © 2008 Gecad Technologies S.A.
http://www.axigen.com
AXIGEN System Administrator's Manual
Chapter 12. RFCs Currently Implemented by AXIGEN POP3 RFC 1939 - Post Office Protocol (version 3) RFC 2449 - POP3 Extension Mechanism RFC 1734 - POP3 AUTHentication command
POP3 and IMAP Specifications RFC 2195 - IMAP/POP AUTHorize Extension for Simple Challenge/Response RFC 2595 - Using TLS with IMAP, POP3 and ACAP
SMTP specifications RFC 2821 - Simple Mail Transfer Protocol RFC 821 - Simple Mail Transfer Protocol (obsolete) RFC 822 - Format of ARPA Internet text messages RFC 974 - Mail routing and the domain system RFC 3501 - Internet message access protocol (version 4rev1) RFC 3848 - ESMTP and LMTP Transmission Types Registration
SMTP service extensions RFC 2821 - Simple Mail Transfer Protocol RFC 1869 - SMTP Service Extensions RFC 2554 - SMTP Service Extension for Authentication RFC 1830 - SMTP Service Extensions for Transmission of Large and Binary MIME Messages RFC 2920 - SMTP Service Extension for Command Pipelining RFC 1652 - SMTP Service Extension for 8bit-MIME transport RFC 1870 - SMTP Service Extension for Message Size Declaration
IMAP specifications RFC 3501 - INTERNET MESSAGE ACCESS PROTOCOL - VERSION 4rev1 RFC 2342 - IMAP4 Namespace RFC 2180 - IMAP4 Multi-Accessed Mailbox Practice RFC 2683 - IMAP4 Implementation Recommendations RFC 2087 - IMAP4 QUOTA extension RFC 2359 - IMAP4 UIDPLUS extension RFC 2088 - IMAP4 non-synchronizing literals RFC 2177 - IMAP4 IDLE command RFC 3502 - Internet Message Access Protocol (IMAP) - MULTIAPPEND Extension RFC 3348 - The Internet Message Action Protocol (IMAP4) Child Mailbox Extension RFC 4314 - IMAP4 Access Control List (ACL) Extension
HTTP specifications: RFC 2616 - Hypertext Transfer Protocol -- HTTP/1.1 RFC 2965 - HTTP State Management Mechanism RFC 2396 - Uniform Resource Identifiers (URI): Generic Syntax
400
Copyright © 2008 Gecad Technologies S.A.
http://www.axigen.com
AXIGEN System Administrator's Manual
DNS specifications RFC 1034 - Domain names, Concepts and Facilities RFC 1035 - Domain names, Implementation and Specification
Sieve extensions implemented in AXIGEN RFC 3028 - Sieve: A Mail Filtering Language (Extensions defined in the base RFC: fileinto, eject, envelope) RFC 3894 - Sieve Extension: Copying without Side Effects RFC 3431 - Sieve Extension: Relational Tests; Comparator extension: i;numeric-comparator RFC 3598 - Sieve Email Filtering -- Subaddress Extension
Generic RFCs RFC 2822 - Internet message format RFC 2045 - MIME Part One: Format of Internet Message Bodies RFC 2046 - MIME Part Two: Media Types RFC 2047 - MIME Part Three: Message Header Extensions for Non-ASCII Text
Mailing Lists RFC 2919 - List-Id: A Structured Field and Namespace for the Identification of Mailing Lists RFC 2369 - The Use of URLs as Meta-Syntax for Core Mail List Commands and their Transport through Message Header Fields
FTP RFC 959 - FILE TRANSFER PROTOCOL (FTP)
Groupware RFC 2445 - Internet Calendaring and Scheduling Core Object Specification (iCalendar) RFC 2446 - iCalendar Transport-Independent Interoperability Protocol (iTIP) Scheduling events, BusyTime, To-dos and Journal Entries RFC 2447 - iCalendar Message-Based Interoperability Protocol (iMIP) RFC 3283 - Guide to Internet Calendaring RFC 2426 - vCard MIME Directory Profile
SNMP RFC 1157 - A Simple Network Management Protocol (SNMP) RFC 3416 - Version 2 of the Protocol Operations for the Simple Network Management protocol (SNMP) RFC 1213 - Management Information Base for Network Management of TCP/IP-based internets: MIB-II RFC 3418 - Management Information Base (MIB) for the Simple Network Management Protocol (SNMP)
401
Copyright © 2008 Gecad Technologies S.A.
http://www.axigen.com