axigen mail server system administrator's manual€¦ · files provided for...

AXIGEN System Administrator's Manual

AXIGEN® Mail Server System Administrator's

Manual

Product version 6.0

Last update on: 3/20/2008 6:52:15 PM Document version: 1.0

Copyright © 2008 Gecad Technologies S.A.

http://www.axigen.com


Copyright & trademark notices

This edition applies to version 6.0 of the licensed program AXIGEN and to all subsequent releases and modifications until otherwise indicated in new editions.

Notices

References in this publication to GECAD TECHNOLOGIES S.A. products, programs, or services do not imply that GECAD TECHNOLOGIES S.A. intends to make these available in all countries in which GECAD TECHNOLOGIES S.A. operates. Evaluation and verification of operation in conjunction with other products, except those expressly designated by GECAD TECHNOLOGIES S.A., are the user's responsibility. GECAD TECHNOLOGIES S.A. may have patents or pending patent applications covering subject matter in this document. Supplying this document does not give you any license to these patents. You can send license inquiries, in writing, to the GECAD TECHNOLOGIES S.A. sales department, [email protected].

Copyright Acknowledgement (c) GECAD TECHNOLOGIES S.A. 2008. All rights reserved.

All rights reserved. This document is copyrighted and all rights are reserved by GECAD TECHNOLOGIES S.A. No part of this document may be reproduced or transmitted in any form or by any means, electronic or mechanical, including photocopying and recording, or by any information storage and retrieval system without the permission in writing from GECAD TECHNOLOGIES S.A.

The information contained in this document is subject to change without notice. If you find any problems in the documentation, please report them to us in writing. GECAD TECHNOLOGIES S.A. will not be responsible for any loss, costs or damages incurred due to the use of this documentation.

AXIGENTM Mail Server is a SOFTWARE PRODUCT of GECAD TECHNOLOGIES S.A. GECAD TECHNOLOGIES and AXIGENTM are trademarks of GECAD TECHNOLOGIES S.A. Other company, product or service names may be trademarks or service marks of others.

GECAD TECHNOLOGIES S.A. 10A Dimitrie Pompeiu Blvd., Connect Business Center, 2nd fl., Bucharest 2,

ROMANIA; phone: +40-21-303-2080; fax: +40-21-303-2081; e-mail: Sales: [email protected]

Technical support: [email protected]: http://www.axigen.com

(c) Copyright GECAD TECHNOLOGIES S.A. 2008. All rights reserved.

2



mailto:[email protected]



http://www.axigen.com/


Table of Contents Introduction ......................................................................................................................... 21

Purpose of this Document......................................................................................................21

Structure of this document .....................................................................................................21

Audience and knowledge requirements .................................................................................21

Related documentation ..........................................................................................................22

Chapter 1. Mail Server Overview ....................................................................................... 23

OS Compatibility ....................................................................................................................23

Integrated Messaging Solution ..............................................................................................23

High Configurability................................................................................................................23

Innovative Storage .................................................................................................................23

Advanced Security Tools .......................................................................................................23

Automation Options ...............................................................................................................24

Clustering Support .................................................................................................................24

Chapter 2. Getting Started with AXIGEN .......................................................................... 25

2.1. Software and Hardware requirements ............................................................................25

Software requirements ................................................................................................... 25

Hardware requirements.................................................................................................. 25

Supported platforms...............................................................................................................25

Tested platforms ....................................................................................................................27

2.2. Installing on Linux ...........................................................................................................27

General installation steps.......................................................................................................27

Files Provided for Installation .................................................................................................28

2.2.1. Installing under RHEL, Fedora Core, Mandrake and SUSE (gcc3)...................... 29

2.2.2. Installing under Fedora Core, Mandriva and SUSE (gcc4) .................................. 29

2.2.3. Installing under Debian 3.1................................................................................... 30

2.2.4. Installing under Debian 4.0 and Ubuntu ............................................................... 31

2.2.5. Installing under Gentoo ........................................................................................ 32

2.2.6. Installing under Slackware ................................................................................... 32

2.3. Installing on BSD ............................................................................................................33

2.3.1. Installing on FreeBSD .......................................................................................... 33

2.3.2. Installing on NetBSD ............................................................................................ 34

2.3.3. Installing on OpenBSD 4.1 ................................................................................... 35

2.3.4. Installing on OpenBSD ......................................................................................... 35

2.4. Installing on Solaris i386 and Sparc................................................................................36

2.5. Uninstalling under Linux..................................................................................................37

3




2.5.1. Uninstalling under RHEL, Fedora Core, Mandriva /Mandrake and SUSE (gcc3, gcc4)............................................................................................................................... 37

2.5.2. Uninstalling under Debian / Ubuntu...................................................................... 38

2.5.3. Uninstalling under Gentoo.................................................................................... 38

2.5.4. Uninstalling under Slackware ............................................................................... 38

2.6. Uninstalling under BSD ...................................................................................................39

2.6.1. Uninstalling under FreeBSD................................................................................. 39

2.6.2. Uninstalling under NetBSD................................................................................... 40

2.6.3. Uninstalling under OpenBSD................................................................................ 40

2.7. Uninstalling under Solaris ...............................................................................................41

2.8. Starting / Stopping / Restarting the Server .....................................................................41

2.9. Initial Server Configuration..............................................................................................42

2.9.1. Setting the Admin Password ................................................................................ 42

2.9.2. Logging on to the WebAdmin Interface ................................................................ 42

2.9.3. Creating a New Domain ....................................................................................... 43

2.9.4. Adding an Account to an Existing Domain ........................................................... 45

2.9.5. Automated Configuration with AXIGEN Configuration Wizard ............................. 47

Chapter 3. Mail Server Architecture .................................................................................. 51

Services and Modules............................................................................................................51

Architecture Features.............................................................................................................51

Administration Tools ..............................................................................................................51

Security ..................................................................................................................................51

3.1. Generic Server Configuration .........................................................................................52

3.1.1. Running Services ................................................................................................. 52

3.1.2. Other Generic Server Parameters........................................................................ 52

Primary domain ......................................................................................................................52

SSL Random File ...................................................................................................................52

3.1.3. DNR Settings........................................................................................................ 53

Logging ..................................................................................................................................53

DNR Options ..........................................................................................................................53

Nameservers..........................................................................................................................53

3.2. Services and Modules.....................................................................................................53

3.2.1. SMTP Receiving................................................................................................... 53

Listeners ................................................................................................................................54

Access Control .......................................................................................................................54

Authentication ........................................................................................................................54

Message Acceptance Rules ..................................................................................................54

4




Flow Control ...........................................................................................................................54

Milter ......................................................................................................................................55

Logging ..................................................................................................................................55

Email Loop Protection ............................................................................................................55

Error Control ..........................................................................................................................55

Thread Management..............................................................................................................55

3.2.2. Processing............................................................................................................ 55

Logging ..................................................................................................................................56

Email Delivery ........................................................................................................................56

Delivery Reports ....................................................................................................................56

Queue Parameters.................................................................................................................56

Message statuses ..................................................................................................................56

3.2.3. SMTP Sending ..................................................................................................... 57

Routing Rules ........................................................................................................................57

Logging ..................................................................................................................................57


3.2.4. POP3.................................................................................................................... 58

Listeners ................................................................................................................................58

Access Control .......................................................................................................................58

Flow Control ...........................................................................................................................59

Logging ..................................................................................................................................59

Encryption and Authentication ...............................................................................................59

Error Control ..........................................................................................................................59


Compatibility with various POP3 Mail Clients ........................................................................59

3.2.5. IMAP..................................................................................................................... 60

Listeners ................................................................................................................................60

Access Control .......................................................................................................................60

Flow Control ...........................................................................................................................60

Logging ..................................................................................................................................60


Error Control ..........................................................................................................................61


Compatibility with various IMAP Mail Clients .........................................................................61

Public Folders ........................................................................................................................61

Internationalized Search ........................................................................................................61

3.2.6. Logging................................................................................................................. 61

5




Log Service Overview ............................................................................................................61

Log Types ..............................................................................................................................62

AXIGEN Log levels ................................................................................................................62

Logging format .......................................................................................................................63

Rules......................................................................................................................................63

Attributes of the Log service ..................................................................................................64

3.2.7. Reporting.............................................................................................................. 64

3.2.8. WebMail ............................................................................................................... 65

Listeners ................................................................................................................................66

Access Control .......................................................................................................................66

Flow Control ...........................................................................................................................66

Logging ..................................................................................................................................66

HTTP Protocol Options ..........................................................................................................66

WebMail Options....................................................................................................................66


3.2.9. Storage................................................................................................................. 68

Filling the Containers .............................................................................................................68

Space saving filling procedure ...............................................................................................69

3.2.10. FTP Backup Service........................................................................................... 69

Listeners ................................................................................................................................69

Access Control .......................................................................................................................70

Flow Control ...........................................................................................................................70

Logging ..................................................................................................................................70

Error Control ..........................................................................................................................70


3.2.11. RPOP Service .................................................................................................... 70

Logging ..................................................................................................................................71


3.3. Connectivity and Threading ............................................................................................71

3.3.1. Listeners............................................................................................................... 71

3.3.2. Rules .................................................................................................................... 72

Allow/Deny Rules ...................................................................................................................72

Rule Enforcement Policy........................................................................................................73

3.3.3. Threads ................................................................................................................ 73

3.4. Clustering Support ..........................................................................................................74

3.4.1. Cluster Overview .................................................................................................. 74

3.4.1.1. LDAP Introduction .........................................................................................74

6




Setting up a new directory service for the cluster ..................................................................74

Integrating an existing directory service with the cluster........................................................74

3.4.1.1.1. Basic Directory Setup.................................................................................75

3.4.1.1.2. LDAP Entry Structure .................................................................................76

3.4.1.1.3. LDAP Authentication ..................................................................................77

3.4.1.2. AXIGEN Mapping System .............................................................................78

3.4.1.3. AXIGEN Authentication System ....................................................................79

3.4.1.4. AXIGEN Front-End Services Setup ..............................................................81

3.4.1.4.1. The SMTP Proxy ........................................................................................81

3.4.1.4.2. The IMAP and POP3 Proxies.....................................................................82

3.4.1.4.3. The WebMail Proxy ....................................................................................82

3.4.1.4.4. Mapping Setup ...........................................................................................82

3.4.1.5. AXIGEN Back-End Services Setup ...............................................................83

3.4.2. LDAP Routing....................................................................................................... 84

1. Configuring OpenLDAP for AXIGEN..................................................................................84

2. Configuring LDAP Connectors in AXIGEN ........................................................................85

3.4.2.1. Configuring Mapping Parameters .................................................................85

3.4.2.2. POP3 Proxy Service .....................................................................................86

Listeners ................................................................................................................................86

Access Control .......................................................................................................................86

Flow Control ...........................................................................................................................86

Logging ..................................................................................................................................86


Error Control ..........................................................................................................................86


Back-end Server Connection Settings ...................................................................................87

3.4.2.3. IMAP Proxy Service ......................................................................................87

Listeners ................................................................................................................................87

Access Control .......................................................................................................................87

Flow Control ...........................................................................................................................87

Logging ..................................................................................................................................87


Error Control ..........................................................................................................................87


Back-end Server Connection Settings ...................................................................................88

3.4.3. AXIGEN LDAP Authentication.............................................................................. 88

3.4.4. Integrating Active Directory into a cluster environment ........................................ 89

7




3.4.5. Exotic Cluster Setups ........................................................................................... 91

3.5. Groupware and collaboration ..........................................................................................91

3.5.1. Personal Organizer & AXIGEN Outlook Connector.............................................. 91

3.5.2. User folders and permissions............................................................................... 91

Computing permissions .........................................................................................................92

Permissions description .........................................................................................................92

Types of permissions .............................................................................................................92

Chapter 4. Mail Server Security ......................................................................................... 94

Routing Rules ........................................................................................................................95

4.1. Authentication and Encryption ........................................................................................95

Secure/Plain Connections and Authentication Methods ........................................................95

SSL parameters .....................................................................................................................96

Prerequisites and Settings for Each Active Directory User Defined for AXIGEN...................97

4.2. SPF and DomainKeys.....................................................................................................98

Command line parameters.....................................................................................................99

DomainKeys Verifier configuration.........................................................................................99

DomainKeys Signer configuration........................................................................................ 100

Starting/Stopping/Restarting the Domain Keys Daemons ................................................... 101

4.3. Mail Filtering.................................................................................................................. 101

Filter Types .......................................................................................................................... 101

Active Filters ........................................................................................................................ 102

Filtering Levels..................................................................................................................... 102

4.3.1. Message Acceptance Rules............................................................................... 103

4.3.2. Routing Rules..................................................................................................... 104

4.3.3. Antivirus / Antispam Filters ................................................................................. 105

4.3.4. Message Rules................................................................................................... 106

4.3.4.1. SIEVE Overview and Implementation in AXIGEN....................................... 108

SIEVE Overview .................................................................................................................. 108

The AXIGEN SIEVE interpreter ........................................................................................... 108

Action interaction ................................................................................................................. 109

Vacation interaction ............................................................................................................. 109

Vacation Extension .............................................................................................................. 110

4.3.5. The AXIGEN Filtering Module ............................................................................ 111

4.3.5.1. Filtering Module Implementation in AXIGEN............................................... 111

4.3.5.2. Configuring the AXIGEN Filtering Module................................................... 112

AXIMilter configuration......................................................................................................... 112

4.3.5.3. AXIGEN Filtering Module Commands......................................................... 114

8




Command line parameters................................................................................................... 114

4.3.6. Activating and Prioritising Filters and Rules ....................................................... 114

Filter Priority ......................................................................................................................... 114

Activation Inheritance........................................................................................................... 114

4.3.7. Language Specifications for Policy Configuration .............................................. 114

Basic structure ..................................................................................................................... 115

SMTP Events ....................................................................................................................... 115

Methods ............................................................................................................................... 116

Contexts ............................................................................................................................... 116

Variables .............................................................................................................................. 116

Structures............................................................................................................................. 118

Conditions ............................................................................................................................ 118

Functions ............................................................................................................................. 119

4.3.7.1. SMTP Functionalities (I) .............................................................................. 119

onConnect............................................................................................................................ 119

onEhlo.................................................................................................................................. 124

onMailFrom .......................................................................................................................... 132

4.3.7.2. SMTP Functionalities (II) ............................................................................. 140

onRcptTo ............................................................................................................................. 140

onHeadersReceived ............................................................................................................ 150

onBodyChunk ...................................................................................................................... 157

4.3.7.3. SMTP Functionalities (III) ............................................................................ 162

onDataReceived .................................................................................................................. 162

onRelay................................................................................................................................ 169

onDeliveryFailure ................................................................................................................. 174

onTemporaryDeliveryFailure................................................................................................ 176

Chapter 5. User and Domain Configuration ................................................................... 179

5.1. Domains ........................................................................................................................ 179

5.2. User Accounts............................................................................................................... 180

5.3. Groups .......................................................................................................................... 181

5.4. Mailing Lists .................................................................................................................. 181

Mailing List Server Overview ............................................................................................... 181

Administration of the Mail List .............................................................................................. 182

Message Flow for AXIGEN List Server ................................................................................ 182

Templates explained ............................................................................................................ 182

5.5. Public Folders ............................................................................................................... 183

9




Chapter 6. Working with the WebMail Module in AXIGEN ............................................ 1846.1. Accessing/Leaving the WebMail Interface .................................................................... 184

6.2. WebMail Features and Configuration ........................................................................... 185

Navigating in Your WebMail Account................................................................................... 185

Searching within your email account ................................................................................... 186

6.3. Working with Messages in WebMail ............................................................................. 187

Main Button Bar ................................................................................................................... 187

Composing a new message................................................................................................. 187

Steps for editing a new message in AXIGEN WebMail ....................................................... 188

Marking messages............................................................................................................... 189

Deleting messages .............................................................................................................. 190

6.4. WebMail Folders ........................................................................................................... 190

Public Folders ...................................................................................................................... 190

Special Folders .................................................................................................................... 190

Managing Folders in WebMail ............................................................................................. 190

Managing Contacts in WebMail ........................................................................................... 191

6.5. Working with the Personal Organizer in WebMail......................................................... 194

6.5.2. Working with your Journal .................................................................................. 201

6.6. Configuring Account Settings in WebMail ..................................................................... 209

6.6.1. Configuring Personal Data ................................................................................. 210

6.6.2. WebMail Data Settings....................................................................................... 211

6.6.3. Mail Filtering in WebMail .................................................................................... 213

6.6.3.1. WebMail Filters Overview ........................................................................... 214

6.6.4. Setting Sharing Permissions .............................................................................. 217

Global Permissions .............................................................................................................. 217

Folder permissions............................................................................................................... 217

Share a folder ...................................................................................................................... 217

Subscribe to folders shared by other users ......................................................................... 219

6.6.5. Configuring WebMail RPOP Connections.......................................................... 219

Connection details ............................................................................................................... 220

Retrieval settings ................................................................................................................. 220

Security ................................................................................................................................ 220

RPOP Templates ................................................................................................................. 220

6.6.6. WebMail Account Information ............................................................................ 221

6.6.7. WebMail Blacklist ............................................................................................... 221

6.6.8. Requesting Temporary Email Addresses........................................................... 222

10




Chapter 7. Using AXIGEN WebMail features in Outlook ............................................... 2237.1. Installing the AXIGEN Outlook Connector .................................................................... 223

7.2. Server Side Rules ......................................................................................................... 225

7.3. Folder Sharing .............................................................................................................. 227

7.4. Open/Close other user's folders.................................................................................... 229

7.5. Manage Global Permissions ......................................................................................... 230

Chapter 8. Administration Tools Overview .................................................................... 232

8.1. Working with axigen.cfg ................................................................................................ 233

Restrictions .......................................................................................................................... 233

Definitions ............................................................................................................................ 233

Structure of the axigen.cfg file ............................................................................................. 234

Chapter 9. Configuring AXIGEN using WebAdmin........................................................ 236

WebAdmin Overview ........................................................................................................... 236

WebAdmin Features ............................................................................................................ 236

Thread Management............................................................................................................ 236

Log Control .......................................................................................................................... 236

WebAdmin Flow Control ...................................................................................................... 236

HTTP Protocol Options for WebAdmin ................................................................................ 237

Session Options for WebAdmin ........................................................................................... 237

Working with WebAdmin ...................................................................................................... 237

Saving the Configuration in WebAdmin ............................................................................... 238

Confirmation / Error Messages ............................................................................................ 238

Displaying/Hiding the Contextual Help................................................................................. 239

9.1. Configuring Global Settings .......................................................................................... 240

9.2. Managing AXIGEN Services ......................................................................................... 241

9.2.1. Configure the Running Services......................................................................... 241

9.2.2. SMTP Receiving Tab ......................................................................................... 241

Logging ................................................................................................................................ 242

Email Loop Protection .......................................................................................................... 242

Error Control ........................................................................................................................ 242


9.2.3. SMTP Sending Tab ............................................................................................ 243

Logging ................................................................................................................................ 243


9.2.4. IMAP Tab ........................................................................................................... 244

Logging ................................................................................................................................ 244

Encryption and Authentication ............................................................................................. 244

11




Error Control ........................................................................................................................ 245


9.2.5. POP3 Tab........................................................................................................... 245

Logging ................................................................................................................................ 246


Error Control ........................................................................................................................ 247


9.2.6. WebMail Tab ...................................................................................................... 247

Logging ................................................................................................................................ 248

HTTP Protocol Options ........................................................................................................ 248

Webmail Options.................................................................................................................. 249


9.2.7. WebAdmin Tab................................................................................................... 249

Logging ................................................................................................................................ 250

HTTP Protocol Options ........................................................................................................ 250

WebAdmin Options .............................................................................................................. 251


9.2.8. DNR Tab ............................................................................................................ 251

Logging ................................................................................................................................ 251

DNR Options ........................................................................................................................ 252

Nameservers........................................................................................................................ 252

9.2.9. Remote POP Tab ............................................................................................... 253

Logging ................................................................................................................................ 253


9.2.10. CLI Tab............................................................................................................. 254

Logging ................................................................................................................................ 254

CLI Options .......................................................................................................................... 255

Error Control ........................................................................................................................ 255


9.3. Domains and Accounts ................................................................................................. 256

9.3.1. The Manage Domains Tab................................................................................. 256

9.3.1.1. Domains General Configuration .................................................................. 257

9.3.1.2. Defining Domain Aliases ............................................................................. 259

9.3.1.3. Domain Message Filters Page .................................................................... 259

9.3.1.4. Configuring the Message Appender............................................................ 261

9.3.1.5. Managing Account Defaults ........................................................................ 261

9.3.1.5.1. Account Defaults General Parameters..................................................... 262

12




9.3.1.5.2. Configuring Account Quotas and Restrictions ......................................... 262

Managing Account Quotas................................................................................................... 262

Configuring Restrictions....................................................................................................... 263

Password Policy Enforcement ............................................................................................. 264

Session restrictions.............................................................................................................. 264

WebMail Restrictions ........................................................................................................... 264

Message Sending Restrictions ............................................................................................ 265

Remote POP Restrictions .................................................................................................... 265

Temporary Email Addresses Restrictions ............................................................................ 265

9.3.1.5.3. Managing Account Filters......................................................................... 266

9.3.2. Manage Accounts Tab ....................................................................................... 267

9.3.2.1. Accounts General Page .............................................................................. 268

9.3.2.2. Account Aliases........................................................................................... 270

Account Aliases Management ............................................................................................. 270

9.3.2.3. Configuring Quotas and Restrictions .......................................................... 270









Parameter inheritance.......................................................................................................... 273

9.3.2.4. Account WebMail Options ........................................................................... 274

Appearance Options ............................................................................................................ 274

Account Preferences............................................................................................................ 274

Contacts Settings................................................................................................................. 275

Defining a Signature ............................................................................................................ 276

9.3.2.5. Managing Message Filters .......................................................................... 276

9.3.2.5.1. Admin Filters ......................................................................................... 277

Incoming Message Rules..................................................................................................... 277

General Settings for the New Message Rule ....................................................................... 278

New Message Rule Conditions ............................................................................................ 278

New Message Rule Actions ................................................................................................. 278

9.3.2.5.2. User Filters ............................................................................................ 279

Incoming Messages Rules ................................................................................................... 279

13




General Settings of the New Message Rule ........................................................................ 279

New Message Rule Conditions ............................................................................................ 280

New Message Rule Actions ................................................................................................. 280

9.3.3. Groups Tab ........................................................................................................ 281

9.3.3.1. Group General Configuration ...................................................................... 282

9.3.3.2. Groups Message Filters .............................................................................. 282

9.3.4. Mailing Lists........................................................................................................ 284

9.3.4.1. Mailing Lists General Configuration ............................................................ 285

Settings ................................................................................................................................ 285

Services ............................................................................................................................... 286

Info ....................................................................................................................................... 286

9.3.4.2. Members ..................................................................................................... 287

9.3.4.3. Subscription and Posting ............................................................................ 287

Subscription/Unsubscription ................................................................................................ 287

Message posting.................................................................................................................. 288

Message Headers ................................................................................................................ 288

Message Templates............................................................................................................. 289


Managing Mailing List Quotas.............................................................................................. 290

Session Restrictions ............................................................................................................ 290



9.3.4.5. Mailing Lists WebMail Options .................................................................... 291

Appearance Options ............................................................................................................ 291

Preferences.......................................................................................................................... 292

9.3.4.6. Mailing Lists Message Filters ...................................................................... 293

9.3.5. Configuring Public Folders ................................................................................. 295

9.3.5.1. Public Folders General Configuration ......................................................... 296

Settings ................................................................................................................................ 296

9.3.5.2. Configuring Public Folders Quotas ............................................................. 296

9.3.6. Account Classes Tab ......................................................................................... 297

9.3.6.1. Account Classes General Parameters ........................................................ 298






14








Parameter inheritance.......................................................................................................... 302

9.3.6.3. Managing Message Filters .......................................................................... 303

9.4. Security & Filtering ........................................................................................................ 305

9.4.1. AntiVirus and AntiSpam Tab .............................................................................. 305

9.4.1.1. Supported AV/AS Applications.................................................................... 306

9.4.1.2. Setting the AntiVirus Actions ....................................................................... 306

9.4.1.3. AntiSpam Configuration .............................................................................. 307

Setting a WhiteList ............................................................................................................... 307

Spam Thresholds ................................................................................................................. 307

9.4.2. Additional AntiSpam Methods ............................................................................ 308

BlackList............................................................................................................................... 308

Sender Policy Framework .................................................................................................... 309

Domain Keys authentication ................................................................................................ 309

DNSBL (DNS BlackList)....................................................................................................... 309

Safe IPs/IP Ranges.............................................................................................................. 310

DNS Check .......................................................................................................................... 310

9.4.3. Global Access Control ........................................................................................ 311

Access Restriction ............................................................................................................... 311

9.4.4. Acceptance & Routing Tab................................................................................. 311

9.4.4.1. Acceptance Basic Settings.......................................................................... 312

Received messages............................................................................................................. 312

Allowed ESMTP Commands................................................................................................ 312

Allow/Disallow local delivery ................................................................................................ 313

Override default SMTP banner ............................................................................................ 313

9.4.4.2. Routing Basic Settings ................................................................................ 313

Setting a Smart Host ............................................................................................................ 313

Remote delivery ................................................................................................................... 314

Outgoing connection settings............................................................................................... 314

9.4.4.3. Advanced Settings ...................................................................................... 314

Advanced Settings ............................................................................................................... 314

Adding a new acceptance or routing rule............................................................................. 315

New rule conditions.............................................................................................................. 315

9.4.5. Incoming Message Rules Tab............................................................................ 316

15




9.4.5.1. New Message Rule Page............................................................................ 317

New rule conditions.............................................................................................................. 317

Actions ................................................................................................................................. 318

9.5. Queue ........................................................................................................................... 318

9.5.1. Processing Tab .................................................................................................. 319

Logging ................................................................................................................................ 319

Email Delivery ...................................................................................................................... 319

Queue Parameters............................................................................................................... 321

9.5.2. View Queue........................................................................................................ 322

Viewing the Queue............................................................................................................... 322

Detailed message information ............................................................................................. 322

Actions to be taken for selected items ................................................................................. 323

9.6. Status & Monitoring....................................................................................................... 323

9.6.1. Reporting Service Tab........................................................................................ 323

Logging ................................................................................................................................ 324

Log types ............................................................................................................................. 325

Data Collection..................................................................................................................... 325

SNMP Parameters ............................................................................................................... 325

9.6.2. Charts Tab.......................................................................................................... 326

Defined charts ...................................................................................................................... 326

Available Chart Groups ........................................................................................................ 327

Refresh options .................................................................................................................... 327

9.6.2.1. Chart Parameters Configuration ................................................................. 327

General settings................................................................................................................... 327

Data Aggregation ................................................................................................................. 328

9.6.2.2. Display Settings .......................................................................................... 329

Predefined styles ................................................................................................................. 329

Live Preview......................................................................................................................... 329

9.6.3. Storage Charts ................................................................................................... 330

Overall Storage .................................................................................................................... 330

Per Domain Storage ............................................................................................................ 330

9.6.3.1. Detailed Storage Info .................................................................................. 330

All Storage Files & Domain Storage .................................................................................... 331

Object Storage & Message Storage .................................................................................... 331

9.7. Logging ......................................................................................................................... 332

9.7.1. Local Services Log ............................................................................................. 333

Local Services Log Overview............................................................................................... 333

16




9.7.2. Log Collection Rules .......................................................................................... 333

Log Collection Rules ............................................................................................................ 333

9.7.2.1. Log Collection Rule Configuration............................................................... 334

Settings section.................................................................................................................... 334

Logging ................................................................................................................................ 335

Rotation Parameters ............................................................................................................ 335

9.7.3. View Log Files .................................................................................................... 336

Log files................................................................................................................................ 336

Viewing, deleting or downloading a log file .......................................................................... 336

9.7.4. Log Server Settings............................................................................................ 337

Listeners .............................................................................................................................. 337

Logging Settings .................................................................................................................. 337

9.8. Backup and Restore Tab .............................................................................................. 338

Logging ................................................................................................................................ 338

Error Control ........................................................................................................................ 338


9.9. Automatic Migration Tab ............................................................................................... 339

9.10. Clustering Section ....................................................................................................... 340

9.10.1. Clustering Setup............................................................................................... 340

9.10.1.1. LDAP Connectors Page ............................................................................ 341

Logging Parameters............................................................................................................. 342


9.10.1.2. User Maps Page ....................................................................................... 343

9.10.1.3. Routing and Authentication Page.............................................................. 343

9.10.2. POP3 Proxy Tab .............................................................................................. 344

Logging ................................................................................................................................ 344


Error Control ........................................................................................................................ 345


Back-end Server Connection Settings ................................................................................. 346

9.10.3. IMAP Proxy Tab ............................................................................................... 346

Logging ................................................................................................................................ 347


Error Control ........................................................................................................................ 347


Back-end Server Connection Settings ................................................................................. 348

9.11. Administration Rights Section ..................................................................................... 349

17




9.11.1. Administrative Groups Tab............................................................................... 349

Administrative Groups.......................................................................................................... 349

9.11.1.1. General ..................................................................................................... 349

General parameters ............................................................................................................. 350

9.11.1.2. Membership .............................................................................................. 350

Membership hierarchy ......................................................................................................... 350

Members of the configured group ........................................................................................ 350

Parents of the configured group........................................................................................... 351

9.11.1.3. Permissions............................................................................................... 351

Explicit Permissions ............................................................................................................. 351

Setting explicit permissions at server level .......................................................................... 351

Adding server permissions................................................................................................... 352

Setting explicit permissions at domain level ........................................................................ 352

Adding domain permissions ................................................................................................. 353

Effective permissions ........................................................................................................... 353

9.11.2. Administrative Users Tab ................................................................................. 354

Administrative users' list....................................................................................................... 354

Adding a new administrative user ........................................................................................ 354

9.11.2.1. General ..................................................................................................... 355


9.11.2.2. Membership .............................................................................................. 355

Membership hierarchy ......................................................................................................... 355

9.11.2.3. Permissions............................................................................................... 356

Explicit Permissions ............................................................................................................. 356

Setting explicit permissions at server level .......................................................................... 356

Adding server permissions................................................................................................... 356

Setting explicit permissions at domain level ........................................................................ 357

Adding domain permissions ................................................................................................. 358

Effective permissions ........................................................................................................... 358

9.11.3. Domain Admin Limits Configuration ................................................................. 359

Domain Admin Limits ........................................................................................................... 359

Services ............................................................................................................................... 359

Accounts and Account Classes ........................................................................................... 360

Groups ................................................................................................................................. 360

Mailing Lists ......................................................................................................................... 361

Public Folders ...................................................................................................................... 361

9.12. TCP Listeners and Control Rules ............................................................................... 362

18




9.12.1. Listeners........................................................................................................... 363

9.12.1.1. Configuring General Parameters .............................................................. 363


Flow control.......................................................................................................................... 364

Access Control ..................................................................................................................... 364

Other settings....................................................................................................................... 365

9.12.1.2. SSL Parameters for Listeners ................................................................... 365

SSL configuration................................................................................................................. 365

Path to certificate file/authorities .......................................................................................... 365

9.12.2. Access and Flow Control Rules........................................................................ 367

Service Level ....................................................................................................................... 367

Flow Control ......................................................................................................................... 368

Chapter 10. Configuring AXIGEN using CLI................................................................... 369

Service Description .............................................................................................................. 369

10.1. Special Contexts ......................................................................................................... 370

Login Context ....................................................................................................................... 370

Initial Context ....................................................................................................................... 371

Reporting Context ................................................................................................................ 371

Server Context ..................................................................................................................... 371

Commands Context ............................................................................................................. 372

Commands-Server Context ................................................................................................. 372

Commands-Storage Context ............................................................................................... 372

Migration Context ................................................................................................................. 373

10.2. Common commands ................................................................................................... 373

10.3. Connecting to CLI ....................................................................................................... 374

10.4. Troubleshoot the CLI Connection ............................................................................... 375

10.5. Context Specific Commands....................................................................................... 375

Login Context <login> .......................................................................................................... 375

Initial Context <#> ................................................................................................................ 375

Server Context <server#> .................................................................................................... 376

CLI Context <server-cli#> .................................................................................................... 377

Listener context <server-(service_name)-listener#>............................................................ 377

Allow Rule Context <server-(service_name)-listener-allowrule#> ....................................... 378

SSL Control Context <server-(service_name)-listener-sslcontrol#> .................................... 378

Log Context <server-log#> .................................................................................................. 379

Rule Context <server-log-rule#> .......................................................................................... 379

19




Chapter 11. Command Line Parameters for AXIGEN .................................................... 398Display version..................................................................................................................... 398

Run in foreground ................................................................................................................ 398

Crash control........................................................................................................................ 398

Process ID ........................................................................................................................... 398

Path to configuration file ...................................................................................................... 398

Using mqview tool to view status for messages in the queue.............................................. 398

POP3 Authentication............................................................................................................ 399

Chapter 12. RFCs Currently Implemented by AXIGEN.................................................. 400

POP3 ................................................................................................................................... 400

POP3 and IMAP Specifications ........................................................................................... 400

SMTP specifications ............................................................................................................ 400

SMTP service extensions .................................................................................................... 400

IMAP specifications.............................................................................................................. 400

HTTP specifications: ............................................................................................................ 400

DNS specifications............................................................................................................... 401

Sieve extensions implemented in AXIGEN .......................................................................... 401

Generic RFCs ...................................................................................................................... 401

Mailing Lists ......................................................................................................................... 401

FTP ...................................................................................................................................... 401

Groupware ........................................................................................................................... 401

SNMP................................................................................................................................... 401

20




Introduction Purpose of this Document Congratulations on your decision to choose AXIGEN Mail Server as your messaging solution. This document serves as guide for AXIGEN Mail Server version 6.0 and subsequent versions until specified otherwise. Full information about AXIGEN product versions and licensing options can be found on the AXIGEN website.

For an overview of AXIGEN Mail Server architecture and functionalities, see Chapter 3. Mail Server Architecture.

Intended as reference guide for system administrators, this manual includes full documentation on mail server architecture, functionalities and configuration options.

Structure of this document This document is divided in 12 main Chapters as follows:

• Chapter 1 - Brief overview of main AXIGEN features (commercial and technical differentiators)

• Chapter 2 –Server startup instructions (requirements / install / uninstall / initial configuration)

• Chapters 3 through 7 – Descriptions of architecture (modules/services), security functions and user management. These chapters provide general information about the server capabilities and functionalities. They also include direct references to configuration instructions for each feature/set of parameters in Chapter 9.

• Chapter 8 – Brief overview of all existing AXIGEN configuration tools and description of the Configuration file (axigen.cfg).

• Chapter 9 – WebAdmin (Web configuration interface) Administration Guide. This chapter provides detailed configuration instructions for all functionalities mentioned in Chapters 3-5. It also maps Configuration options provided by WebAdmin to configuration parameters present in the axigen.cfg file, the AXIGEN text-editable configuration file.

• Chapters 10 through 11 – Description of the Command Line Interface possible configurations and available Command Line Parameters that allow you to perform different basic administration tasks.

• Chapter 12 – List of RFCs currently implemented by AXIGEN

Audience and knowledge requirements The intended audience for this manual is represented by administrators of the mail servers in companies where the version 6.0 of AXIGEN Mail Server is installed and evaluated.

In order to build, extract and acquire the correct information from this manual, a regular audience should have:

• A detailed knowledge of general mail server abilities and functions

• Knowledge of network protocols

21



http://www.axigen.com/


Related documentation Additional information regarding AXIGEN can be found in the following sources:

• AXIGEN HSP manual - Contains detailed instructions on HSP – AXIGEN proprietary server-side scripting language information. This provides administrators with expansion capabilities for the AXIGEN WebAdmin / WebMail modules. (On demand only)

• AXIGEN Online documentation – an online version of this manual

• AXIGEN Quick Installation and Configuration guide – everything you need to get your server up and running

• AXIGEN Knowledgebase – articles containing specific instructions in response to Support queries and troubleshooting procedures

22



http://www.axigen.com/docs/en/

http://www.axigen.com/usr/files/AXIGEN_Quick_Install_and_Config_Guide_v6.0_v1.0.pdf

http://www.axigen.com/knowledgebase/


Chapter 1. Mail Server Overview AXIGEN Mail Server is a fully self developed solution, truly innovative in several respects, particularly scalable and configurable. This messaging solution offers the entire range of mail services -SMTP, POP3, IMAP, WebMail - includes List server, Logging, Reporting and FTP Backup modules and provides various, flexible administration options (including a central Web administration interface - WebAdmin).

OS Compatibility It is currently available for several Linux distributions, FreeBSD, OpenBSD, NetBSD and Solaris, working on several architectures, such as x86, SPARC and PowerPC. Development roadmap includes versions for Windows, Mac OS and other operating systems. AXIGEN uses MPA (Multi Platform Architecture), a proprietary cutting-edge technology that allows porting the AXIGEN server on multiple platforms while keeping the same set of features. This makes it possible to adapting the product to any demanded platform, while guaranteeing stability, and makes it easier for users to switch to a different platform, whenever their requirements change.

Integrated Messaging Solution AXIGEN is an integrated service server, being able to successfully replace a solution based on several Open Source solutions. It is also modular, as it can run with any number of services inhibited. For instance, if you only want to run the SMTP service, AXIGEN can run with all other services inhibited by allocating all processing threads to SMTP. Thus, AXIGEN can accommodate any usage scenario - main mail server, backup server, mail relay server.

High Configurability Built with administration needs in mind, AXIGEN provides System Administrators with unmatched configuration possibilities for each and every module and feature. For each and every AXIGEN module and feature, you can fine tune connection control, client management and make advanced settings for every domain and account you are managing. An example of advanced service configuration options in AXIGEN would be WebMail account and domain settings: mailbox quota, attachment size limit, mail size limit, session idle & activity timeout, maximum number of messages sent per hour by one account, HTML filtering level for HTML email messages, etc.

Innovative Storage AXIGEN Mail Storage uses a proprietary technology which optimizes space and mail flow. This innovative storage architecture, doubled by a similar queue architecture, with index based access reduces I/O operations and disk access. Messages are stored in container files, a proprietary format that supports an effective space-saving filling procedure, allowing system administrator to specify the locations and number of directories/files allowed for message storage.

Advanced Security Tools In terms of security, an extensive security tool set is implemented, which is also highly configurable. System Administrators can flexibly use the filtering rules available at server, domain and user level, by specifying what filters to use, the order of applicable filters and the actions to be taken according to the results of the scanning process. Filtering in AXIGEN includes Antivirus/Antispam, Antispoofing (SPF authentication rules) Domain Keys and custom SIEVE scripts. AXIGEN integrates at present connectors for Open source Antispam and Antivirus applications (SpamAssassin and ClamAV) but thanks to its script interface for external connectors, it can integrate with virtually any AS/AV application requested by users.

23




Automation Options AXIGEN addresses automation requirements of System Administrators by providing them with an alternative configuration interface - CLI (Command Line Interface). Apart from providing an alternate method of performing basic configuration tasks, CLI automates repetitive tasks, which can be really time-consuming when performed manually. Automatic domain data migration is also available in WebAdmin, where you can easily set migration related parameters.

Clustering Support AXIGEN allows system administrators to route SMTP, POP and IMAP connections to different machines running our messaging solutions. This new feature is based the integration of AXIGEN with OpenLDAP and it makes use of the SMTP In, POP3 Proxy and IMAP Proxy services.

These are some of the distinctive AXIGEN features - to read more about them, their configuration procedures, and many more facilities and configuration options provided by AXIGEN, browse through this online documentation.

24




Chapter 2. Getting Started with AXIGEN This section gets you started with AXIGEN Mail Server, by outlining the software and hardware requirements your system needs to fulfill before you can install AXIGEN, the install and uninstall procedure for all available Linux distributions, BSD and Solaris platforms and initial configuration steps needed for the initial server run.

2.1. Software and Hardware requirements

Software requirements AXIGEN has the following minimal software requirements:

• Linux OS, kernel 2.4/2.6 • glibc version 2.2.93 or later • libstdc++ version 3.2 or later

For BSD platforms requirements are as follows:

• FreeBSD 6.x • NetBSD 3.0 or NetBSD 3.1 • OpenBSD 4.1 or OpenBSD 4.2

For Solaris requirements are as follows:

• Solaris 10

For all platforms:

• Internet Explorer 6 or later/ Firefox 2.0

Hardware requirements

AXIGEN has the following minimal hardware requirements:

• Processor: x86, minimum frequency 300 MHz • RAM: 128 MB. • Available space on HDD: 50 MB free space for installation purposes and default

configuration files. The actual space AXIGEN will take on your hard disk depends on the number of accounts, domains, mailboxes and the size of messages stored on the mail server.

Supported platforms Linux (x86, 32-bit)

RedHat Enterprise

• Redhat Enterprise Linux 5 • Redhat Enterprise Linux 4 • Redhat Enterprise Linux 3

Fedora

• 8 • 7

25




CentOS

• 5.x • 4.x

SUSE

• SUSE Linux Enterprise Server • SLES 10 • SLES 9

• SUSE Linux • 10.3 • 10.2 • 10.1

Gentoo

• 2007.0 • 2006.1

Novell

• OES

Ubuntu

• Server 7.10 • Server 7.04 • Server 6.10 • Server 6.06

Debian

• 4.0 • 3.1

Mandriva

• 2008.0 • 2007.1 • 2007.0 • Corporate Server 4

Slackware

• 12.0 • 11.0

BSD (x86, 32-bit)

FreeBSD

• 6.x

OpenBSD

• 4.2 • 4.1

26




NetBSD

• 3.1 • 3.0

Solaris

• Solaris 10

SPARC

Solaris

• Solaris 10

PPC

Fedora

• 8

RedHat Enterprise

• Redhat Enterprise Linux 4

Tested platforms AXIGEN has been tested extensively and is guaranteed to work on the following Linux distributions: Gentoo, RedHat/Fedora, Slackware, Debian, Ubuntu, Mandrake/Mandriva, SUSE. AXIGEN also runs on BSD platforms (FreeBSD, NetBSD and OpenBSD) and on Solaris 10. AXIGEN runs on three different architectures: x86, PowerPC and SPARC.

2.2. Installing on Linux The following section describes the general installation steps for AXIGEN on RedHat and SUSE distributions. For instructions related to a specific Linux distribution, please refer to the Install file included in the installation kit or read the sections corresponding to the respective Linux distribution.

General installation steps Here are the general steps to be taken in order to install AXIGEN.

• Unzip the original installation package. Read the Installing AXIGEN under RedHat and SUSE section for an example on how to unzip the installation files.

• Install AXIGEN files. Read the Installing AXIGEN under RedHat and SUSE section for an example on how to install the product.

• Configure axigen.cfg, as explained in the Configuring AXIGEN using axigen.cfg file section in order to adjust axigen.cfg file to your specific environment.

• Start the AXIGEN server (Read the Starting/Stopping/Restarting AXIGEN section for information on how to start AXIGEN).

• Create domains/accounts for your AXIGEN installation (more information can be found in the User and Domain Configuration section).

• Reconfigure axigen.cfg (if needed). • Reload AXIGEN server. This way the changes committed in the main axigen.cfg file

can take effect (changes to domains and accounts are made on the fly). Read the Starting/Stopping/Restarting AXIGEN section for information on how to reload AXIGEN.

• After the installation, no daemons or related application are started.

27




Files Provided for Installation The installation kit consists of the following files:

• INSTALL • UNINSTALL • README • Distribution-specific package file(s).

The following table shows the files and directories provided in the installation kit required for AXIGEN to run correctly:

Directory/File Description

/etc/init.d/ /etc/init.d/axigen

This is the initscript for AXIGEN. The script will start the daemon for the Gentoo, Debian, RedHat and SUSE distributions.

/etc/rc.d/rc3.d/S80axigen /etc/rc.d/rc4.d/S80axigen /etc/rc.d/rc5.d/S80axigen

Symbolic links to the above mentioned initscript file, needed to start the daemon in the respective run levels (only for RedHat and SUSE distributions).

/etc/rc.d/rc.axigenThis is the initscript for AXIGEN in the Slackware distribution.

/etc/conf.d/axigenThis is the configuration file used by the AXIGEN initscript in the Gentoo distribution

/etc/opt/ /etc/opt/axigen/ /etc/opt/axigen/axigen.cfg

This is the main configuration file for AXIGEN.

/opt/axigen/ /opt/axigen/bin/ /opt/axigen/bin/axigen

This is the AXIGEN daemon.

/opt/axigen/bin/mqview

This is the executable to be used for viewing the status of the queued messages. Please refer to the Command Line Parameters section for instructions on using this tool.

/opt/axigen/share/ /opt/axigen/share/doc/ /opt/axigen/share/doc/README

Document containing the release notes for this version of AXIGEN.

/opt/axigen/share/doc/INSTALLDocument containing the installation instructions for AXIGEN

/opt/axigen/share/doc/UNINSTALLDocument containing the instructions for uninstalling AXIGEN.

/opt/axigen/share/doc/LICENSE Document containing the license for AXIGEN.

/opt/axigen/share/examples/ /opt/axigen/share/examples/axigen.cfg/opt/axigen/share/examples/domain.cfg/opt/axigen/share/examples/account.cfg

Sample configuration files, containing the default values for AXIGEN parameters, as presented in this Manual.

/var/opt/ /var/opt/axigen/ /var/opt/axigen/Webmail/

Default directory used for storing files pertaining to AXIGEN WebMail module.

28




2.2.1. Installing under RHEL, Fedora Core, Mandrake and SUSE (gcc3)

In order to install the AXIGEN Mail Server on RHEL, Fedora Core, Mandrake and SUSE follow these instructions:

1. Unzip installation file

Unzip the downloaded file by issuing the following command in the same directory as the downloaded file: tar xzvf <install kit file>

For example, to unpack the AXIGEN RPM package for the i386 architecture type in the directory where the file is located: tar xzvf axigen-6.0.0.i386.rpm.gcc3.tar.gz

2. Installation

In order to install the RPM package, you must issue (while logged in as root) the following command, from the same directory with the rpm file: rpm -ivh axigen-version-build.i386.rpm

For instance, the corresponding command for the 6.0 AXIGEN version will be: rpm -ivh axigen-6.0.0-1.gcc3-1.i386.rpm

After the installation no daemons or related application will be started.

3. Configuration

Before you start AXIGEN, you need to configure it. You can do that by modifying the main configuration file (please refer to the Initial Configuration section for more information).

4. Start AXIGEN

In both RedHat and SUSE, the AXIGEN server can be started via its initscript, by issuing this command: /etc/init.d/axigen start The above installation steps apply for the following gcc3 distributions: Redhat Enterprise Linux 3 and 4 SUSE Linux Enterprise Server 9

These installation instructions apply for all RPM based distros (RHEL, SUSE).

2.2.2. Installing under Fedora Core, Mandriva and SUSE (gcc4)

In order to install the AXIGEN Mail Server on gcc4 based distributions (RHEL, Fedora Core, Mandriva, SUSE), follow these instructions:


Issue the following command, in the same directory as the downloaded file, to unzip the installation file: tar xzvf <install kit file>

29




For example, to unpack the AXIGEN installation file type the command below in the directory where the file is located: tar xzvf axigen-6.0.0.i386.rpm.tar.gz

2. Installation

Issue (while logged in as root) the following command, from the same directory as the rpm file: rpm -ivh axigen-version-build.i386.rpm

For instance, the corresponding command for the 6.0 AXIGEN version will be: rpm -ivh axigen-6.0.0-1.i386.rpm

After the installation, no daemons or related application will be started.

3. Configuration

Before you start AXIGEN, you need to configure it. You can do that by modifying the main configuration file (please refer to the Initial Configuration section for more information).

4. Start AXIGEN

In RHEL, Fedora Core and Mandriva the AXIGEN server can be started via its initscript, by issuing this command: /etc/init.d/axigen start The above installation steps apply for the following gcc4 distributions: Redhat Enterprise Linux 5 Fedora Core 7 or higher SUSE Linux 10.0 or higher Mandriva 2007.0 or higher

2.2.3. Installing under Debian 3.1

In order to install the AXIGEN Mail Server on Debian 3.1, follow these instructions:



For example, to unpack the AXIGEN installation file for Debian 3.1 architecture, type the command below in the directory where the file is located: tar xzvf axigen-6.0.0.i386.deb31.tar.gz

2. Installation

In order to install the DEB package, you must issue (while logged in as root) the following command, from the same directory with the deb file: dpkg -i axigen_version-build_i386.deb

For instance, the corresponding command for the 6.0 AXIGEN version will be: dpkg -i axigen_6.0.0-1_i386.deb

After the installation no daemons or related application will be started.

30




3. Configuration

Before you start AXIGEN, you need to configure it. You can do that by modifying the main configuration file and the other specific configuration files (please refer to the README file from the installation kit, for more information about their names and locations). More information about each configuration setting can be found in the sample configuration files installed by default, as comments.

4. Start AXIGEN

In Debian 3.1, AXIGEN can be started via its initscript, by issuing: /etc/init.d/axigen start

The above installation steps apply for the following distributions: Debian 3.1 architecture

2.2.4. Installing under Debian 4.0 and Ubuntu

In order to install the AXIGEN Mail Server on Debian 4.0 and Ubuntu follow these instructions:



For example, to unpack the AXIGEN installation file for Debian architecture type the command below in the directory where the file is located: tar xzvf axigen-6.0.0.i386.deb.tar.gz

2. Installation

In order to install the DEB package, you must issue (while logged in as root) the following command, from the same directory with the deb file: dpkg -i axigen_version-build_i386.deb

For instance, the corresponding command for the 6.0 AXIGEN version will be: dpkg -i axigen_6.0.0-1_i386.deb


3. Configuration

Before you start AXIGEN, you need to configure it. You can do that by modifying the main configuration file and the other specific configuration files (please refer to the README file from the installation kit for more information about their names and locations). More information about each configuration setting can be found in the sample configuration files installed by default, as comments.

4. Start AXIGEN

In Debian, AXIGEN can be started via its initscript, by issuing: /etc/init.d/axigen start

These same instructions also apply to the Ubuntu distribution.

31




The above installation steps apply for the following distributions: Debian 4.0 Ubuntu Server 6.06, 6.10, 7.04, 7.10

2.2.5. Installing under Gentoo

In order to install the AXIGEN Mail Server on Gentoo follow these instructions:



For example, to unpack the AXIGEN installation file for Gentoo architecture, type the command below in the directory where the file is located: tar xzvf axigen-6.0.0.i386.ebuild.tar.gz

2. Installation

In order to install the ebuild package, you must issue the following commands (while logged in as root) from the same directory as the ebuild file: ./prepare.sh emerge axigen

After the installation, no daemons or related applications are started.

3. Configuration

Before you start AXIGEN, you need to configure it. You can do that by modifying the main configuration file and the other specific configuration files (please refer to the README file from the installation kit for more information about their names and locations). More information about each configuration setting can be found in the sample configuration files installed by default, as comments.

4. Start AXIGEN

In Gentoo, AXIGEN can be started via its initscript, by issuing: /etc/init.d/axigen start

Several settings for the AXIGEN initscript are available via the following file (please read the comments from this file for information about using them): /etc/conf.d/Axigen

The above installation steps apply for the following distributions: Gentoo 2006.1, 2007

2.2.6. Installing under Slackware

In order to install the AXIGEN Mail Server on Slackware, follow these instructions:



32




For example, to unpack AXIGEN TGZ for the Slackware architecture, type the command below in the directory where the file is located: tar xzvf axigen-6.0.0.i386.slack.tar.gz

2. Installation

In order to install the Slackware TGZ package, you must issue (while logged in as root) the following command, from the same directory with the tgz file: installpkg axigen-version.i386-1.tgz

For instance, the corresponding command for the 6.0 AXIGEN version will be: installpkg axigen-6.0.0-i386-1.tgz

After the installation, no daemons or related applications are started.

3. Configuration

Before you start AXIGEN, you need to configure it using the AXIGEN Configuration Wizard. For more details on this subject see the Automated Configuration with AXIGEN Configuration Wizard section.

4. Start AXIGEN

In Slackware, AXIGEN can be started via its initscript, by issuing: /etc/rc.d/rc.axigen start

In order to start AXIGEN initscript at boot time, you need to add the following line in the /etc/rc.d/rc.local file: [ -x /etc/rc.d/rc.axigen ] && /etc/rc.d/rc.axigen start

and set the executable bit for the script: chmod +x /etc/rc.d/rc.axigen

2.3. Installing on BSD AXIGEN is available for several BSD platforms: FreeBSD, NetBSD and OpenBSD. As a general rule, for BSD platforms, the install command is: pkg_add axigen-version.tgz

2.3.1. Installing on FreeBSD

In order to install the AXIGEN Mail Server on FreeBSD, follow these instructions:



For example, to unpack AXIGEN TGZ for the FreeBSD architecture type the command below in the directory where the file is located: tar xzvf axigen-6.0.0.i386.freebsd.tar.gz

2. Installation

Issue (while logged in as root), the following command, from the same directory as the tgz file: pkg_add axigen-version.tgz

33




For instance, the corresponding command for the 6.0 AXIGEN version will be: pkg_add axigen-6.0.0.tgz


3. Configure AXIGEN

Before you start the AXIGEN server, you need to configure it. You can do that by modifying the main configuration file and the other specific configuration files (please refer to the README file from the installation kit for more information about their names and locations).

More information on each configuration setting can be found in the sample configuration files installed by default, as comments.

4. Start the AXIGEN server

In FreeBSD, the AXIGEN server can be started via its initscript, by issuing: /usr/local/etc/rc.d/axigen.sh start

2.3.2. Installing on NetBSD

In order to install the AXIGEN Mail Server on NetBSD, follow these instructions:



For example, to unpack AXIGEN TGZ for the NetBSD architecture, type the command below in the directory where the file is located: tar xzvf axigen-6.0.0.i386.netbsd.tar.gz

2. Installation

In order to install the NetBSD package, you must issue (while logged in as root), the following command from the same directory as the tgz file: pkg_add axigen-version.tgz



3. Configure AXIGEN

Before you start the AXIGEN server you need to configure it. You can do that by modifying the main configuration file and the other specific configuration files (please refer to the README file from the installation kit for more information about their names and locations).

More information about each configuration setting can be found in the sample configuration files installed by default, as comments.

34





In NetBSD, the AXIGEN server can be started via its initscript, by issuing: /etc/rc.d/axigen start

2.3.3. Installing on OpenBSD 4.1

In order to install the AXIGEN Mail Server on OpenBSD 4.1, follow these instructions:



For example, to unpack AXIGEN TGZ for the OpenBSD 4.1 architecture, type the command below in the directory where the file is located: tar xzvf axigen-6.0.0.i386.openbsd41.tar.gz

2. Installation

In order to install the OpenBSD package, you must issue (while logged in as root), the following command, from the same directory as the tgz file: pkg_add axigen-version.tgz



3. Configure AXIGEN

Before you start the AXIGEN server, you need to configure it. You can do that by modifying the main configuration file and the other specific configuration files (please refer to the README file from the installation kit, for more information about their names and locations).

More information about each configuration setting, can be found in the sample configuration files installed by default, as comments.


In OpenBSD, the AXIGEN server can be started via its initscript, by issuing: /usr/local/bin/axigen.sh start

The above installation steps apply for the following distributions: OpenBSD 4.1

2.3.4. Installing on OpenBSD

In order to install the AXIGEN Mail Server on OpenBSD, follow these instructions:



35




For example, to unpack AXIGEN TGZ for the OpenBSD architecture type the command below in the directory where the file is located: tar xzvf axigen-6.0.0.i386.openbsd.tar.gz

2. Installation

In order to install the OpenBSD package, you must issue (while logged in as root), the following command from the same directory as the tgz file: pkg_add axigen-version.tgz



3. Configure AXIGEN

Before you start the AXIGEN server, you need to configure it. You can do that by modifying the main configuration file and the other specific configuration files (please refer to the README file from the installation kit, for more information about their names and locations).



In OpenBSD, the AXIGEN server can be started via its initscript, by issuing: /usr/local/bin/axigen.sh start

The above installation steps apply for the following distributions: OpenBSD 4.2

2.4. Installing on Solaris i386 and Sparc In order to install the AXIGEN Mail Server on Solaris, follow these instructions:

1. Installation

In order to install the Solaris/SunOS package, you must issue (while logged in as root), the following command, from the same directory as the AXIGEN uncompressed installation kit: gunzip axigen-version.tar.gz tar xvf axigen-version.tar pkgadd -d .

For instance, for the 6.0 AXIGEN version the corresponding command will be:

For Solaris i386: gunzip axigen-6.0.0.i386.solaris.tar.gz tar xvf axigen-6.0.0.i386.solaris.tar pkgadd -d .

For Solaris Sparc: gunzip axigen-6.0.0.sparc.solaris.tar.gz tar xvf axigen-6.0.0.sparc.solaris.tar pkgadd -d.

36





2. Configuration

Before you start the AXIGEN server you need to configure it. You can do that by modifying the main configuration file and the other specific configuration files (please refer to the README file from the installation kit for more information about their names and locations).



In Solaris/SunOS, the AXIGEN server can be started via its initscript, by issuing: /etc/init.d/axigen start

2.5. Uninstalling under Linux This section provides instructions on how to uninstall the AXIGEN Mail Server under all available Linux distributions.

2.5.1. Uninstalling under RHEL, Fedora Core, Mandriva /Mandrake and SUSE (gcc3, gcc4)

To uninstall the AXIGEN mail server under RHEL, Fedora Core, Mandriva/Mandrake and SUSE:

1. Remove the AXIGEN RPM package

In order to remove the AXIGEN package and its related files and directories issue the following command, while logged in as root: rpm -e axigen

The command explained above will also stop the AXIGEN daemon.

2. Optional: Remove the rest of the files/directories

The command from the first step does not automatically remove the files that were modified after the installation (such as configuration files), non-empty directories and other files or directories that were not created as a result of the installation. All the files and/or directories that are contained in the following locations must be deleted manually: /etc/opt/axigen/ /var/opt/axigen/

The above installation steps apply for the following gcc3 distributions: Redhat Enterprise Linux 3 and 4 SUSE Linux Enterprise Server 9 and the following gcc4 distributions: Fedora Core 7 or 8 SUSE Linux 10.0 or higher Mandriva 2007.0 or higher

37




2.5.2. Uninstalling under Debian / Ubuntu

To uninstall AXIGEN under Debian or Ubuntu, go through the following steps:

1. Remove the AXIGEN package

In order to remove AXIGEN package and its related files and directories, you have two options:

o while logged in as root, issue the command: dpkg -P AXIGEN (to "purge" the package - this is the recommended option)

o while logged in as root, issue the command: dpkg -r AXIGEN (to "remove" the package).

These commands also stop AXIGEN daemon.


The commands at Step 1 do not automatically remove the files that were modified after the installation (such as configuration files), non-empty directories and other files or folders that were not created as a result of the installation. All the files and/or directories that are contained in the following locations must be deleted manually: /etc/opt/axigen/ /var/opt/axigen/ /opt/axigen/

2.5.3. Uninstalling under Gentoo

Here are the steps to be taken in order to uninstall AXIGEN under Gentoo:

1. Remove AXIGEN ebuild package

In order to remove AXIGEN package and its related files and directories issue the following command, while logged in as root: emerge --unmerge AXIGEN

This command also stops the AXIGEN daemon.


The command at Step 1 does not automatically remove the files that were modified after the installation (such as configuration files), non-empty directories and other files or folders that were not created as a result of the installation. All the files and/or directories that are contained in the following locations must be deleted manually: /etc/opt/axigen/ /var/opt/axigen/ /opt/axigen/

2.5.4. Uninstalling under Slackware

Here are the steps to be taken in order to uninstall AXIGEN under Slackware:

1. Remove the AXIGEN Slackware TGZ package

In order to remove the AXIGEN package and its related files and directories issue the following commands, while logged in as root:

38




First, stop the AXIGEN daemon: /etc/rc.d/rc.axigen stop

Then remove AXIGEN package: removepkg axigen-version-i386

For instance, to remove AXIGEN version 6.0.0, the corresponding command will be: removepkg axigen-6.0.0-i386


The command at Step 1 does not automatically remove the files that were modified after the installation (such as configuration files), non-empty directories and other files or folders that were not created as a result of the installation. All the files and/or directories that are contained in the following locations must be deleted manually: /etc/opt/axigen/ /var/opt/axigen/ /opt/axigen/

Also, you can remove the following line from the /etc/rc.d/rc.local: [ -x /etc/rc.d/rc.axigen ] && /etc/rc.d/rc.axigen start

2.6. Uninstalling under BSD The generic command used to uninstall the AXIGEN Mail Server for BSD platforms is: pkg_delete axigen-version

2.6.1. Uninstalling under FreeBSD

To uninstall AXIGEN Mail Server, follow these instructions:



First, stop the AXIGEN daemon: /usr/local/etc/rc.d/axigen.sh stop

Then remove the package pkg_delete axigen-version

To uninstall version 6.0.0 the corresponding command is: pkg_delete axigen-6.0.0


The command from the first step does not automatically remove the files that were modified after the installation (such as configuration files), non-empty directories and other files or folders that were not created as a result of the installation. These files must be removed manually.

39




2.6.2. Uninstalling under NetBSD




First, stop the AXIGEN daemon: /etc/rc.d/axigen stop

Then remove the package: pkg_delete axigen-version

For AXIGEN Mail Server version 6.0.0 the corresponding command would be: pkg_delete axigen-6.0.0


The command at the first step does not automatically remove the files that were modified after the installation (such as configuration files), non-empty directories and other files or folders that were not created as a result of the installation. These files must be removed manually.

2.6.3. Uninstalling under OpenBSD




First, stop the AXIGEN daemon: /usr/local/bin/axigen.sh stop

Then remove the package: pkg_delete axigen-version

To remove AXIGEN Mail Server version 6.0.0, the corresponding command is: pkg_delete axigen-6.0.0



40




2.7. Uninstalling under Solaris Here are the steps to be taken in order to uninstall AXIGEN under Solaris:



First, stop the AXIGEN daemon: /etc/init.d/axigen stop

Then remove the package: pkgrm GCADAxigen



2.8. Starting / Stopping / Restarting the Server This section lists common commands meant to start / stop / restart the server the axigenfilters script for various Linux distributions and FreeBSD.

The 'axigenfilters' script manages (starts, stops and restarts) the Bundled SpamAssassin, the AXiMilter, the AXIGEN Signing Module and the AXIGEN Verifying Module. For the 'axigenfilters' script commands, replace axigen with axigenfilters in all the commands below.

1. Linux

• For RedHat, Debian, Gentoo and SUSE distributions

You can start the server with the following command: /etc/init.d/axigen start

To stop the server issue: /etc/init.d/axigen stop

In order to restart the AXIGEN daemon (in order to reload the new configuration settings, for instance), you can use the 'restart' parameter: /etc/init.d/axigen restart

To view the status of the AXIGEN demon, you can pass the 'status' parameter: /etc/init.d/axigen status

• In Slackware use the same commands applied to the /etc/rc.d/rc.axigen initscript, instead of /etc/init.d/axigen. For instance, to start the server issue: /etc/rc.d/rc.axigen start

2. FreeBSD

In FreeBSD, the AXIGEN server can be started via its initscript, by issuing: usr/local/etc/rc.d/axigen.sh start

3. Solaris

In Solaris/SunOS, the AXIGEN server can be started via its initscript, by issuing: etc/init.d/axigen start

41




To stop the server, you can issue: /etc/init.d/axigen stop

In order to restart the AXIGEN daemon, you can use: /etc/init.d/axigen restart

To reload the AXIGEN daemon (i.e. for new configuration settings to take effect), you can pass the 'reload' parameter to the initscript: /etc/init.d/axigen reload

To view the AXIGEN daemon status, you can pass the 'status' parameter: etc/init.d/axigen status

2.9. Initial Server Configuration This section describes basic server configurations that you need to do in order to get your server up and running: setting the admin password, enabling the Web configuration interface, creating a domain and adding accounts. Some of these actions can also be performed automatically using the AXIGEN Configuration Wizard, also described in this section.

2.9.1. Setting the Admin Password

Before accessing the WebAdmin interface it is mandatory to set the password for the AXIGEN admin account. To do that, go through these steps:

1. If the AXIGEN server is running, first stop it, using the following command: /etc/init.d/axigen stop

2. Run AXIGEN only with -A (or --admin-passwd) option.

3. Example: /opt/axigen/bin/axigen -A <password>

4. Restart the server. /etc/init.d/axigen restart

Note: Currently you can use this password only with the admin username.

For details on how to set the password using the Configuration Wizard, see the corresponding section.

2.9.2. Logging on to the WebAdmin Interface

In AXIGEN 6.0, the WebAdmin service is enabled by default. The WebAdmin module, according to the default configuration listens to the 9000/tcp port. When typing in the IP/port combination to WebAdmin in your browser, the following login window will be displayed:

42




To configure the WebAdmin service for remote access, you can either do so when configuring it within the AXIGEN Configuration Wizard, or by modifying the IP/port combination in the axigen.cfg configuration file. For the configuration file option, follow the procedure below:

1. In the webadmin {} context, configure the default listener: webadmin = { ... listeners = ( { address = 127.0.0.1:9000 enable = yes ... }

2. You need to set in the listener's address parameter the IP address of the machine on which AXIGEN is installed. Or, you can set this parameter to 0.0.0.0 (in this case, the listener will listen to all machine interfaces). When accessing the AXIGEN WebMail, you need to replace the 127.0.0.1 IP from the URL with the IP address of the machine on which the AXIGEN Mail Server is installed. For example, if the machine running AXIGEN has the 192.168.1.1 IP address, change the IP/port data under Server->WebAdmin->Listeners->Address to match your IP/port: server { ... webadmin { ... listeners = ( { ... address = 192.168.1.1:9000 enable = yes

Remember to reload your AXIGEN Mail Server after each change in the configuration files.

3. Check the system log file(s) for confirmation that the WebAdmin service is correctly loaded. The system log file should display a message similar to the one below: ...INFO: WEBADMIN: listener added 192.168.1.1:9000 ...SUCCESS: WEBADMIN: started

You can now login to WebAdmin. Start your favorite browser and enter the IP/port pair you have configured. In the example set above, the default address is http://192.168.1.1:9000. Login using the admin username and the password you have previously set.

For details on how to set the WebAdmin interface automatically, see the AXIGEN Configuration Wizard section.

2.9.3. Creating a New Domain

The AXIGEN mail server stores each created domain in a unique domain location. The default location in AXIGEN is /var/opt/axigen/domains (for Linux/Solaris) and /var/axigen/domains (for *BSD).

Important! When creating domains, one message storage location with the default 32GB size is recommended for each predicted 20GB of message occupied storage space. For larger spaces, additional message storage locations should be created or the default parameters modified in order to increase total average size for the location to correspond to the number of 20GB storages you need. It is recommended that the occupied space is 2/3 out of the storage location size.

43




You can add multiple message storage locations using WebAdmin (when creating the domain) or CLI (within the domain creation context). After creating the domain, additional locations cannot be added. When using CLI, the command to create multiple message storage locations is as follows: ADD MessagesLocation <path>

To create a new Domain, please follow the steps presented below:

1. Click on the Manage Domains tab. The following page is displayed.

2. To add a new domain hit the Add Domain button displayed in the upper right corner

of the Domain list. 3. Type the name of your domain in the New domain name text box.

Note: AXIGEN is RFC compliant in terms of characters you can use when creating new domains and/or accounts. Please refer to the relevant RFC standard, Internet message format, available for instance on http://www.faqs.org/rfcs/rfc2822.html.

4. Specify a password to protect the selected domain in the Postmaster Password text area or click the Set Random button to select a random password combination. When using this button the password randomly assigned is displayed under it.

5. Check the Enable MACL Support option so users in belonging to this domain will be able to set different permission levels on their folders in order to share them.

6. Only on domain creation you have the option to configure storage location details by clicking the Show button. Detailed information on storage is available in the corresponding Mail Server Architecture chapter.

7. Hit the Quick Add button to have the domain created with all the default parameters.

44



http://www.faqs.org/rfcs/rfc2822.html


6. Hit the Advanced Config button to edit the domain-specific parameters according to your preferences. The following pages will be displayed:

7. Press the Save Configuration button (lower window section) to save your changes.

You have successfully created a new domain. You can see the domains you have created on the server at any time by clicking the Manage Domains tab.

Note: After defining your first domain, it will be set as primary domain. This will be considered your default domain for all incoming mail. You can make any domain primary at any time by pressing the corresponding Make primary button in the Domain list.

To find out more about Domain configuration, see Domains section.

2.9.4. Adding an Account to an Existing Domain

To add a new account to an existing domain:

1. In the WebAdmin page click on Manage Accounts tab. 2. Click on the domain for which you want to display the existing accounts or to add a

new account. In the screenshot below no domain was selected.

3. In order to create a new account click the Add Account button. The domain you are creating the account in is displayed in the Domain name field if you have already selected a certain domain. If you press the Add Account button prior to the domain selection you will have to type the desired domain. Specify a name for the account

45




you are creating in the Account Name text field. Type a password of choice in the Account password text field or click the Set Random button to select a random password combination. When using this button the password randomly assigned is displayed under it.

4. To add the account press the Quick Add button. For advanced account settings click the Advanced Config link and the pages below will be displayed:

5. Press the Save Configuration button to save your changes.

You have successfully added the 'patricia.miller' account to the 'mycompany.com' domain. For further details on accounts advanced settings, see the Accounts section.

46




2.9.5. Automated Configuration with AXIGEN Configuration Wizard

Aiming to enhance, simplify and render the initial setup automatic, starting with version 1.2.6 the AXIGEN Mail server includes the AXIGEN Configuration Wizard. In eleven easy steps the wizard enables system administrators to instantly set the admin password, configure the primary domain and set up an interface for the WebAdmin management tool and also for the POP3 and IMAP services. These actions were previously performed partly manually, partly using the WebAdmin interface.

The AXIGEN Configuration Wizard is provided as part of all the AXIGEN Mail Server 6.0 installation packages, available for download on the AXIGEN site.

Firstly, the wizard needs to be launched by issuing one of the following commands, depending on the platform you have installed the AXIGEN Mail Server on:

1. On Solaris and all Linux platforms: /opt/axigen/bin/axigen-cfg-wizard

2. On OpenBSD and FreeBSD: /usr/local/bin/axigen-cfg-wizard

3. On NetBSD: /usr/pkg/bin/axigen-cfg-wizard

1. Configuring the Admin Password After launching the AXIGEN Configuration Wizard, the first step you are prompted to take is specify the admin password. The password is required and therefore system administrators must type at least one character.

Use the Password field to type your password and the Validate field to retype it for validation.

To move from one field to another, please use the Tab or Enter keys. To proceed to the next step, when located on the Next button, press the Enter key.

2. Configuring your Primary Domain The next stage of running the wizard consists in configuring AXIGEN’s primary domain. The wizard will automatically detect the machine’s FQDN (Fully Qualified Domain Name) and based on it will propose the domain name as primary. If no domain can be detected, the default ‘localdomain’ will be displayed. System administrators can edit the fields of this tab at any time.

In the Primary Domain field, the wizard will display the automatically detected domain. Use the Domain Location field to edit the default storage path for the primary domain,

47




/var/opt/axigen/domains. To configure the primary domain password for the account postmaster, use the Postmaster account password field.

To move from one field to another, please use the Tab or Enter keys. To proceed to the next step, when located on the Next button, press the Enter key. 3. Alias Configuration When running the wizard, this steps allows system administrators to select the alias they would like to configure for the primary domain defined at the previous step. There are three available options:

• Redirect all mails for root account to postmaster

• Add the 'localhost' alias to this domain • Add the 'localhost.localdomain' alias to

this domain

To select or deselect one of the listed options, press Enter. 4. Configuring the WebAdmin Interface

This following step performed by the AXIGEN Configuration Wizard is to select the WebAdmin Interface. The wizard will list all the existing interfaces with their respective IP addresses and ports, enabling system administrators to select a listener for WebAdmin. In the previous versions, the WebAdmin was initially accessed on its default listener, http://127.0.0.1:9000/.

Select one of the listed interfaces, then move to the OK button (using the Tab or Enter keys) and then press Enter again. If you choose the first option, all, all the listed interfaces will be used as listeners for the WebAdmin management tool. If you choose a different interface, you will be prompted to confirm the choice you have made. 5. Configuring the SMTP Interface The next step performed by the AXIGEN Configuration Wizard is to select the SMTP Interface. The wizard will list all the existing interfaces with their respective IP addresses and ports, enabling system administrators to select a listener for SMTP.

Select one of the listed interfaces, then move to the OK button (using the Tab or Enter keys) and then press Enter again. If you choose the first option, all, all the listed interfaces will be used as listeners for the SMTP service. If you choose a different interface, you will be prompted to confirm the choice you have made.

48




6. Services Selection The sixth step of the automatic configuration process allows system administrators to select the active services for the AXIGEN server. For each of the selected services, POP3, IMAP or WebMail, further settings are available within the following steps. If none of the three services is enabled, the wizard will skip directly to step 10 of the configuration. To select or deselect one of the listed options, press Enter.

7. Configuring the POP 3 Interface The next step performed by the AXIGEN Configuration Wizard is to select the POP3 Interface. The wizard will list all the existing interfaces with their respective IP addresses and ports, enabling system administrators to select a listener for the POP3 service.

Select one of the listed interfaces, then move to the OK button (using the Tab or Enter keys) and then press Enter again. If you choose the first option, all, all the listed interfaces will be used as listeners for the POP3 service. If you choose a different interface, you will be prompted to confirm the choice you have made. 8. Configuring the IMAP Interface Step 8 performed by the AXIGEN Configuration Wizard is to select the IMAP Interface. The wizard will list all the existing interfaces with their respective IP addresses and ports, enabling system administrators to select a listener for the POP3 service.

Select one of the listed interfaces, then move to the OK button (using the Tab or Enter keys) and then press Enter again. If you choose the first option, all, all the listed interfaces will be used as listeners for the POP3 service. If you choose a different interface, you will be prompted to confirm the choice you have made.

9. Configuring the WebMail Interface For the next step, the AXIGEN Configuration Wizard will allow system administrators to select the WebMail Interface. The wizard will list all the existing interfaces with their respective IP addresses and ports, enabling system administrators to select a listener for the WebMail service.

49




Select one of the listed interfaces, then move to the OK button (using the Tab or Enter keys) and then press Enter again. If you choose the first option, all, all the listed interfaces will be used as listeners for the WebMail service. If you choose a different interface, you will be prompted to confirm the choice you have made.

10. Configuring Relay Policies The AXIGEN Configuration Wizard will then prompt system administrators to select the networks allowed to relay emails through the AXIGEN server without prior authentication. To select or deselect one of the listed options, press Enter.

When one of the available networks is selected, a script configuring a Relay Policy is automatically created. For details on Relay Polices, please see the corresponding section of the online documentation.

11. Sendmail Wrapper Configuration This configuration steps is required if system administrators want command line applications such as mailix to be able to send emails via AXIGEN. Such applications use the Sendmail Wrapper which thus needs to be configured to work correctly with AXIGEN.

The Wizard describes in detail the actions taken when selecting "Yes" at this step.

The Wizard will initially display a message prompting you to wait for the changes to be applied to your existing configuration and will then respond with a successful operation message. After completing these steps, the wizard will display a message summarizing the steps just taken. It will also instruct system administrators to start the AXIGEN service and then access the WebAdmin interface on the selected IP-port combination. Troubleshooting Firstly, on some distributions, the operating system sets the console display encoding to UTF-8. Thus all the wizard’s messages would be displayed incorrectly. For troubleshooting, please consult this Knowledgebase article.

Secondly, if any other message except the successful one is displayed by the wizard after taking the configuration steps, please contact the AXIGEN Support team at [email protected].

50



http://www.axigen.com/docs/en/Routing-Rules_258.html

http://www.axigen.com/docs/en/Routing-Rules_258.html

http://www.axigen.com/knowledgebase/AXIGEN-Configuration-Wizard-displays-strange-characters_51.html



Chapter 3. Mail Server Architecture AXIGEN is an integrated service SMTP, IMAP, POP, secured SSL/TLS, WebMail and list server, integrating advanced technologies and messaging services.

Services and Modules AXIGEN Mail Server is an Internet-based mail server that provides messaging services over the Internet via connections using a Transmission Control Protocol/Internet Protocol (TCP/IP) network. AXIGEN Mail Server sends mail messages using the Simple Mail Transfer Protocol (SMTP). The messages can be retrieved using the Post Office Protocol version 3 (POP3), the Internet Message Access Protocol (IMAP) and WebMail. AXIGEN Mail Storage integrates a proprietary technology that allows storing messages in a special directory structure, guaranteeing an effective, fast mail flow and optimizing space-saving.

Architecture Features AXIGEN incorporates a multi-threaded engine, which can break server activity into multiple parallel processing threads. This enables system administrators to allocate a certain number of processing threads to specific modules (SMTP incoming / SMTP outgoing / WebMail / IMAP, etc.) Running services can be configured at service, domain and account level.

Most AXIGEN services (SMTP Incoming, SMTP Outgoing, POP, IMAP, WebMail) make use of configurable listeners to define rules for accepting or denying connections.

Administration Tools The administration tools enable both centralized configuration (WebAdmin and Command Line Interface) and manual configuration (configuration file).

For each service described in the Architecture chapter, configuration options are available in each of these tools (WebAdmin, CLI and the configuration file, axigen.cfg).

Security AXIGEN incorporates an advanced filtering system and other innovative security tools (Antivirus, AntiSpam, Antispoofing - SPF Authentication, SSL/TLS authentication).

Highly configurable logging and reporting services are also available, and an FTP Backup service allowing you to securely backup and restore your domain and user configuration.

Below you can find a schema illustrating all AXIGEN components.

51




3.1. Generic Server Configuration In AXIGEN, there are a number of generic server settings referring to overall server behavior and functionalities, such as Running services, SSL and DNR related settings.

3.1.1. Running Services

AXIGEN is a modular server running either as integrated service server or with certain services inhibited.

When using AXIGEN as main mail server, it is recommended to run all services provided by AXIGEN - Processing, SMTP Incoming, SMTP Outgoing, POP3, IMAP, WebMail, WebAdmin, CLI, Log, Report, FTP Backup - in order to take full benefit of functionalities offered by the server. By default, when installing mail services the following services will be running: SMTP, IMAP, POP3, WebMail and WebAdmin. SMTP stands for all AXIGEN SMTP services: SMTP Incoming, SMTP Outgoing and Processing.

To see configuration options on this parameter see the Configure the Running Services section.

A similar option is available in WebAdmin at domain and account/mail list level with relevant choices for the respective level - see the Domains&Accounts section for configuration options.

3.1.2. Other Generic Server Parameters

Primary domain In AXIGEN Mail Server you can specify a primary domain name, and than add as many domains (secondary domains) as your license type allows.

The primary domain is the default domain for your mail server. This means that email sent to "user_name" will automatically be transmitted to "user_name@primarydomain"

The primary domain default value is the result of the 'getdomainname' function, which is the current domain name (local domain).

SSL Random File In order to establish SSL connections, a file containing entropy data is used for generating random numbers. The path to this file needs to be defined in the Server Global settings. SSL parameters are also provided when defining listeners (see corresponding section). For more information on SSL in AXIGEN, see Authentication and Encryption.

For more information on how to set generic server parameters using WebAdmin, see Configure the Running Services.

52




3.1.3. DNR Settings

AXIGEN includes a Domain Name Resolver (DNR) module used to extract information from domain servers. The module implements the specifications from RFC1034 and RFC1035 and communicates with Domain Name Servers using UDP sockets on port 53.

AXIGEN services using DNR:

• The SMTP Receiving service uses DNR for performing the SPF tests (this action involves PTR and TXT queries).

• The SMTP Sending service queries DNR for MX and A information about the domain where to relay the mail messages.

Logging All AXIGEN main services can log different types of events. The system administrator can specify what events are logged, where and how they are logged.

See Logging service for more details on logging in AXIGEN.

DNR Options In this section you can configure the time period after the first DNR query is closed, maximum number of DNR query retries to be executed and number of results (IP addresses) cached for each DNR query type to be executed.

Nameservers When performing DNR searches AXIGEN uses a list of known nameservers (specified in the OS configuration). In order to limit bandwidth and time consumed with DNS traffic a list of known hosts can be defined. Different priority values can be assigned to nameserver IP’s to set the order in which you wish to query nameservers (the servers with the higher priority are queried first).

For information on how to configure these parameters, please see DNR Tab.

3.2. Services and Modules This section includes brief overviews of all services and modules included in AXIGEN Mail Server.

3.2.1. SMTP Receiving

The SMTP Receiving module in AXIGEN establishes the dialogue with other entities via SMTP/ESMTP protocols, receives the mail message (if all conditions set by the System Administrator are fulfilled) and forwards the mail message to the Processing module.

53




This module protects the Mail Server against attacks and ensures a good functionality (adjusted to the processing power of the hardware, the bandwidth, and other factors) due to functions as configurable listeners, thread and client management, user authentication and a built-in SPF authentication procedure.

In AXIGEN, at SMTP Receiving level, SPF tests are being performed, thus ensuring basic email sorting before reaching the queue. The SMTP Receiving module accepts connections as specified by SMTP listeners defined in the configuration file, receives the message and performs the SPF test. If the message passes the test it is placed in the Queue. By default the server accepts connections on 127.0.0.1:25.

Listeners Listeners can be defined and managed to add extra flexibility and configurability to this service. For that, global access limitations, SSL Settings and access lists can be enforced on the address used by this service for binding.

Access Control Access rules allow you to control connection to this service by defining simple access lists for specific Networks / IP Ranges / IP’s. Service level access rules are automatically applied to all its listeners and will override for this service any existing Global Access rules.

Authentication Authentication is a method for preventing non-desirable actions by granting access to AXIGEN server's SMTP Receiving features to authenticated users only.

Note: The AXIGEN server supports authentication, meaning it can be instructed to accept only connections/messages from authenticated entities. However, not all mail clients support this feature. If your mail client does not support SMTP authentication, this feature will not be available.

SMTP-Receiving Authentication parameters allow you to specify the authentication methods to be used for secured or unsecured connections. The available types are: Plain, Login, CramMD5, DigestMD5 and/or GSSAPI.

For information on how to configure authentication parameters for SMTP-Receiving using the SMTP filtering system, see Acceptance and Routing Advanced Settings.

Message Acceptance Rules At SMTP-connection level message acceptance rules can be configured and implemented to best suit security requirements. Incoming connections established via SMTP and the message flow can be easily managed, using already established policies, to help save space and resources for email processing.

The Message Acceptance Rules section provides more details on this subject.

Flow Control Flow control parameters can be adjusted to fine tune the server’s performance and avoid overloading it. Global access limitations to this listener can be enforced by setting the total number of simultaneous connections, concurrent connections from each remote IP address, number of new connections to the listener made in a time period interval, number of total connections from each remote IP address on a time interval period. The default interval for this time period is set to 1 minute.

54




Milter As an additional security enhancement, the SMTP Policy system can call external milter type filters. More information on functions defined for using external Milter filters are available in the SMTP Functionalities (I) chapter.



Email Loop Protection To prevent looping emails from increasing your mail server's traffic set a number of maximum received headers for all received emails.

Error Control To protect the server the number of failed/wrong commands, received from SMTP clients during one session, can be limited. When these limits are exceeded, incomplete connections or connections that are not RFC compliant will be dropped thus freeing important bandwidth.

Important! If you do not specify a limit for the maximum number of (authentication) errors allowed for a SMTP client's session, security risks may arise.

Thread Management AXIGEN Mail Server is designed to run on different machine configurations and operating systems, on networks with various traffic loads, structures, domain configurations, user rights etc. That is why, depending on all these variables, you can adapt the workload to the server’s processing power to improve its performance or avoid overload by setting the minimum and maximum number of threads that can be opened at a specific moment of time.

For more details on how to configure SMTP Receiving parameters using WebAdmin see SMTP Receiving Tab.

3.2.2. Processing

The Processing module manages the mail messages, transmitted from the SMTP Incoming and WebMail modules, in the AXIGEN Queue and delivers them to AXIGEN Storage (for local delivery) and to the SMTP Sending module (for external delivery).

55




The processing module interacts with:

1. the IMAP module uses the AXIGEN Processing module for Append operations executed on mailboxes;

2. the WebMail module uses the AXIGEN Processing module for Compose operations (after the message is composed, it is placed in AXIGEN Queue);



Email Delivery In case message can not be delivered for some non-critical reason, it can be re-scheduled, meaning AXIGEN will try to re-send it after a defined time interval is elapsed. AXIGEN mail scheduling feature can be adjusted in terms of: first delivery retry timeout for an email, stop doubling retry timeout when it reaches and max. number of retries.

Delivery Reports Temporary and permanent delivery error reports can be configured to be sent automatically when reaching a number of failed delivery attempts. The message can be customized by setting a specific notification sender, subject, beginning and ending body, or appending variables. Also the headers or even the entire original message can be set to be attached to your notification.

Queue Parameters The messages received from SMTP clients are stored in a queue that is processed by AXIGEN according to specific rules. Different operations can be executed on this queue, such as inspecting the queue, specifying/modifying the path where the queue is stored, setting the maximum number of queue subdirectories, processing size (number of messages) and number of local delivery threads for local SMTP transactions.

Note: Currently any change in the parameters specific to the Processing module requires a sever restart to become effective.

Message statuses A message in the queue can have one of the following statuses:

• Incoming: The message is currently being received. It has not been treated in either way by AXIGEN.

• Received: The email has been received. No action has been taken on it yet. • Processing: Message processing is underway. • Processed: The email processing ended, successfully or not. If the message is

successfully processed, the next specific action (for instance delivery) specified for the message is carried out. If the email processing ends unsuccessfully, the message remains in Processed status.

• Sending: The process of sending the message is underway. • Send Failure: The email sending failed. • Sent: The message has been sent. • Raw received: The email was received from the WebMail module.

56




• Relay error: The SMTP Sending module did not manage to send the message to the addressing server.

• Local error: The SMTP Sending module did not manage to send the email to the AXIGEN Storage.

• Filter reject: The message was rejected by a configured filter. • Filter discard: The email was deleted by a filter without any notification. • Cleanup error: The NDR message could not be send to the sender. • New mail: The email has just arrived in the queue. • Removed: The message was deleted. • IO Error: The message could not be read from the disk.

For more details on how to configure Processing parameters using WebAdmin see Processing Tab.

3.2.3. SMTP Sending

The SMTP Sending module is responsible for sending messages directly to message recipients. AXIGEN SMTP Sending uses DNR (Domain Name Resolver) for mapping domain names to IP addresses and includes complete rescheduling procedures.

By default, AXIGEN is configured not to allow open relaying. This means that the server does not automatically dispatch mail that is neither for nor from a local user. By using client management, SMTP Sending blocks spammers' attempts to relay large quantities of mail.

Routing Rules Configuring Routing Rules allows system administrators to customize SMTP Sending actions for all or a part of the transmitted email communication. For further information, see Routing Rules in the Mail Server Security chapter.

If AXIGEN fails to send messages to a specific domain because this domain was down for some time, when the domain is up again, the first message that goes successfully to that domain will also queue the rest of the pending messages from the queue and will force delivery of all messages.



57





For more details on how to configure SMTP Sending parameters using WebAdmin see SMTP Sending Tab.

3.2.4. POP3

AXIGEN POP3 module establishes connection with POP3 clients and retrieves mail messages from the storage unit. The server accepts connections as specified by the POP3 listeners defined in the configuration file. By default the server accepts connections on 127.0.0.1:110 .

In AXIGEN the POP3 module works as follows:

• shows only the messages that existed in the mailbox when the mailbox was opened; • keeps zombie copies for the messages deleted during the current session; the

module shows them as zero size messages, and the module reports an error when a client application tries to retrieve a deleted message;

• messages are retrieved using the RETR command and the message is marked with the "Seen" flag (you can view this flag when using an IMAP or WebMail client);

Note: The server only manages mail messages in AXIGEN Storage format. For more information on this format, please consult the AXIGEN Storage section.



58







Encryption and Authentication Various authentication types can be used in AXIGEN for IMAP secured (SSL/TLS) or unsecured connections. Possible options are: normal login, plain, login, CramMD5, DigestMD5 and GSSAPI. By default, all these methods are selected (all types of authentication are allowed).

Error Control To protect the server the number of failed/wrong commands, received from POP3 clients during one session, can be limited. When these limits are exceeded, incomplete connections or connections that are not RFC compliant will be dropped thus freeing important bandwidth.

Important! If you do not specify a limit for the maximum number of (authentication) errors allowed for a POP3 client's session, security risks may arise.


Compatibility with various POP3 Mail Clients AXIGEN has been thoroughly tested and it is proven to work with Mozilla, Outlook, Outlook Express, ThunderBird, The BAT!, Eudora. For information on how to set up your POP3 account, see the corresponding section of the AXIGEN website.

For more details on how to configure POP3 parameters using WebAdmin see POP3 Tab.

59



http://www.axigen.com/mail-server/pop3.php


3.2.5. IMAP

AXIGEN IMAP module establishes connection with IMAP clients and retrieves mail messages from the storage unit. The server accepts connections as specified by the IMAP listeners defined in the configuration file. By default the server accepts connections on 127.0.0.1:143 .

The IMAP module now implements a new extension, QUOTA, as described by the RFC 2087 standard. IMAP clients implementing the QUOTA extension can display mail box quota for a specific user account. So far, users were able to find out what their current mailbox quota was (space occupied/total space) only via WebMail.






60




Encryption and Authentication Various authentication types can be used in AXIGEN for IMAP secured (SSL/TLS) / unsecured connections. Possible options are: normal login, plain, login, cram-md5, digest-md5 and gssapi. By default, all these methods are selected (all types of authentication are allowed).

Error Control To protect the server the number of failed/wrong commands, received from IMAP clients during one session, can be limited. When these limits are exceeded, incomplete connections or connections that are not RFC compliant will be dropped thus freeing important bandwidth.

Important! If you do not specify a limit for the maximum number of (authentication) errors allowed for a IMAP client's session, security risks may arise.


Compatibility with various IMAP Mail Clients AXIGEN has been thoroughly tested and it is proven to work with Mozilla, Outlook, Outlook Express, ThunderBird, The BAT!, Eudora. For information on how to set up your IMAP account, see the corresponding section of the AXIGEN website.

Public Folders Users may now share email messages by simply copying and/or moving them to a public folder. System administrators can also associate a certain email address with a public folder. Thus, emails can be sent directly to the public folder, archiving options being also available.

Internationalized Search When running an IMAP search for any IMAP client, the search text may contain language-specific characters (i.e. using diacritics).

For more details on how to configure IMAP parameters using WebAdmin see IMAP Tab.

3.2.6. Logging

Log Service Overview AXIGEN offers an extremely flexible logging service, allowing you to select among different logging levels (how detailed the information logged should be), logging types (internal, external and system services are available) and where to store the information logged. You can set all these options for each AXIGEN TCP service and for the Log Service itself. The Log Service is responsible with collecting events relevant for the System Administrator. You can log (internally, remotely or using the system log) the activity of all services available in AXIGEN.

AXIGEN Log Service can log internal data coming from other AXIGEN modules/services or data coming from the UDP port 2000 (default option). This data can be logged in the same

61



http://www.axigen.com/mail-server/imap.php


location or in different locations for separate services, depending on the configuration applied by the system administrator.

For AXIGEN Log service, you can also specify the following information:

• on what address the Log listener should be listening (see the Log Listener section for more information);

• what hosts should be rejected by the Log service (using the listener denyRules, a priority and an enable/disable switch);

• what hosts should be accepted by the Log service (using the listener allowRules, a priority and an enable/disable switch).

Log Types AXIGEN modules should define the log type using the "logtype" parameter, which can have any single values from the following three:

- "internal", - "remote" or - "system" log.

Use the "internal" option to send events to the Log Service running on the same AXIGEN server. The Server should have the Log Service activated.

Use the "remote" option to send events to a Log Service running in another AXIGEN server, remotely, at the address specified using the "hostname" attribute. This AXIGEN Server must have the Log Service activated.

Use the "system" option to send events to the syslog (for instance sysklogd) with facility "LOG_MAIL" and levels mapped as:

• 0 - no message sent • 1 - LOG_CRIT • 2 - LOG_ERR • 4 - LOG_WARNING • 8 - LOG_INFO • 16 - LOG_DEBUG

AXIGEN Log levels In AXIGEN the events are organized in 6 categories and you can select which category of events to collect. AXIGEN modules must define the "loglevel" parameter. In order to specify the desired sets of events to log you have to specify the correspondent log levels or a combination of thereof. The log levels in AXIGEN Mail Server are:

• 0: no messages are logged • 1: log critical messages • 2: log errors • 4: log warnings • 8: log informative messages • 16: log protocol communication

and the corresponding one-time combinations. Therefore the accepted values for the loglevel parameter are from 0 to 31.

Example 1 - Combining log levels in AXIGEN Mail Server: If you set loglevel=15 = 1+2+4+8

62




AXIGEN Mail Server will log the following information: critical errors and errors and warnings and information.

Example 2 Disabling the log service for one AXIGEN service Remember the log service is configured separately for AXIGEN Mail Server main services (IMAP, POP3, SMTP Incoming), so if you set loglevel = 0 in the IMAP log service section, no data for that specific service will be logged by the Log Server for the AXIGEN IMAP service. However, the Log server will continue logging other AXIGEN Mail Server services according to the settings defined for logging the respective services.

Logging format The format used for data logging is the following: 'date hostname modulename:sessionId: user_message\n'

AXIGEN Log service then transforms this data in a format similar to the one described below: 'date loglevel hostname modulename:sessionId: user_message\n' 05-19 17:08:01 0300 08 johnd-l SMTP:00000005: connection accepted from [127.0.0.1]

Example of log service configuration using the axigen.cfg file: • loglevel = 01-31 • hostname = 'yourcompany.com' (this is the result of the standard 'hostname'

command) • modulename = 'SMTP' (other accepted values are: POP3, IMAP, WEBMAIL, RELAY,

PROCESSING) • sessionId (this is an UINT value written in hexa incremented separately for each

connection of a protocol. For the processing module, as there is no relevant protocol, the value is currently 0; future versions will provide however as value the ID of the message in the working queue.

• loglevel is a 5 bits mask for the following values: LOG_none = 0x00, /// critical LOG_crit = 0x01, /// errors LOG_err = 0x02, /// warnings LOG_warn = 0x04, /// information LOG_info = 0x08, /// log protocol communication LOG_proto = 0x10,

Rules Log Rules are used to define circumstances under which certain restrictions will be imposed on log files and the log level. Rules can be associated with host names, module names or both. For instance, a rule can be defined in order to specify the size, duration and number of old files kept for logs generated on a certain host, for a certain module (e.g. SMTP In). An ordered list is created with all log rules configurations using the 'priority' parameters as ordering key.

You can define the Log rules at the AXIGEN main module's level, in the corresponding sections of the configuration file.

The Log Service will check if the information sent by the modules is the information that is supposed to receive, according to the Log Service configuration.

63




A log rule set includes the following information:

• the rule's priority ("1" means the rule has the highest priority possible) • the hostname of the user of this rule • the module of the user of this rule • the level of log generated by the user of this log • the name of the destination file • the maximum size of the destination file in KB • the maximum duration the destination file is used in seconds • the maximum number of old files (saved) to be kept • the rotate period (how often a new log file is created - daily, monthly, yearly)

Attributes of the Log service AXIGEN Log service can log internal data coming from other modules/services or data coming from the UDP port 2000 (default value). This data can be logged in the same location or in different locations for separate services, depending on the configuration applied by system administrator.

AXIGEN main modules must define the log type to be used by that specific module. The definition is executed via the "logtype" parameter that can have any of the following three values: "internal", "remote" or "system" log.

The value for the loglevel parameter from the log clients (the services sending information for logging to AXIGEN Log service) specifies for themselves the log levels sent to the Log service.

The value for the loglevel parameter from the log service's rule specifies the log levels accepted by the service from clients.

Therefore if:

• clientlevel = 15 (the log level specified in the SMTP-In service page in WebAdmin for instance)

and

• rulelevel = 9 (the log level specified in the rule defined for the SMTP-In module)

the Log service will only log the lines on level 9 (critical information), even if the information retrieved from client also contains errors and warnings (this information is ignored).

For information on how to configure log rules using WebAdmin, see the Adding and Editing Log Rules.

3.2.7. Reporting

The reporting service can help you check server activity at global traffic and module level. The server jobs can be overseen by assigning the reporting service to collect data for parameters such as:

- Inbound WebMail Connections - IMAP Append Requests - POP3 Inbound Connection - Queue Size - SMTP Outbound Connections - SYSTEM Load Average - Messages rejected by built-in filters

64




and many others.

Data is temporary collected according to the time value, called synctime, (defined in the Data Collection section of the Reporting Service tab) and placed into a buffer. For each collected parameter, the buffer size is equal to the integer value from the division of the aggregation interval to the data collection time. For instance, if synctime is 120 seconds and aggregation interval is 25 minutes, 12 samples will be collected each 2 minutes.

For each type of report, the aggregation function (average, maximum, minimum, total) is applied to the temporary data in the buffer and the result is stored in the database, the buffer is emptied and the process is repeated as many times as defined in the aggregation interval. Using the same example (and considering that the aggregation function is ‘average’), after 25 minutes the arithmetic mean of the 12 samples is computed, stored in the database and the buffer is reset.

After the database filled all its records the newest value will replace oldest one, meaning the database rotates. Thus databases have fixed sizes and fixed periods of time, the size is equal to the value defined by the Rotate database after storing parameter and the time is equal to the product of the aggregation interval and number of collected values. For instance, in the above example considering that the number of collected samples is 7, the size of the database will be 7 in terms of number of stored values and 7 X 25 = 175 minutes in terms of time.

History for each collected parameter is displayed in a chart. The administrator can control some of the chart’s properties such as colors and line styles from the ‘Display settings’ tab of the ‘Configure Chart’ section.

The displayed chart has the following properties:

• Ox axis: o Scale: 1 hour, 1 day or 1 week, the first larger value than the aggregation

interval X the rotate database parameter. So it is possible that the displayed interval is larger than the collected data interval, in this case the graphic the zone where there is no collected data will be empty.

o Origin: the oldest value in the database o Value: timestamp for each collected value

• Oy axis: o Scale: selected automatically based on the highest value in the interval o Origin: 0 o Value: the collected value associated with the timestamp on the Ox axis

For information on how to modify reporting settings as well as to define your own set of reporting data and graphics see the Reporting Tab chapter. For details on charts view in WebAdmin see Charts Tab.

3.2.8. WebMail

AXIGEN WebMail establishes connection with the mail server via Web browsers, sends and retrieves mail messages to and from the storage unit.

AXIGEN WebMail works with major web browsers such as Internet Explorer and Mozilla. With this module the users can securely access their mailboxes from Internet browsers, while the system administrators are in complete control of the content, functionality and look of the web pages.

65









HTTP Protocol Options WebMail allows you to set HTTP limits for any request made to the WebMail service. This prevents you from automatically accepting excessive amounts of data (HTTP headers, HTTP body and upload data).

WebMail Options To facilitate login procedures for multi-domain environments, AXIGEN implements login domain selection. Users can select the domain from a drop-down list and then login with their username and password only.

66




To better manage security and resource related issues persistent connections can be allowed/denied and time limits on active/idle sessions imposed.


Other AXIGEN WebMail Features include: • Complex customization - simple change of skin and behavior; • Easy to use, secure and user-friendly – due to Features like tree structure for

folders view, common actions applied on folders (rename, delete, move, create), built in HTTP server etc.;

• Server Side Scripting Language - called HSP, used to generate HTML code; • Personal Address Book - WebMail Contacts give users the possibility to select

recipients from their personal contact list when composing new email messages. New addresses can be added to the existing address book either manually or automatically, when receiving new emails;

• Personal Organizer - comprises tools such as calendar, tasks, journal, notes and collaborative support. Through AXIGEN Outlook Connector, the Personal Organizer is synchronized between Outlook and AXIGEN's WebMail;

• Public Address Book - contains contacts set at domain level, that are also available when composing an email;

• Automatic filters and replies – can be set trough WebMail interface wizards. Vacation/ out-of-office messages can be defined and enabled to be sent automatically as a response to all received emails.

• Internationalized search and multiple languages support - language-specific characters can now be used when running a search;

• Public folders - users may now share email messages by simply copying and/or moving them to a public folder. System administrators can also associate a certain email address with a public folder. Thus, emails can be sent directly to the public folder, archiving options being also available.

• Compose while attach - using IFrame technology users can continue the Compose action while attaching files to their messages.

• URL redirect rules and virtual host support - URL redirect rules are used for redirecting plain connections established on one listener towards a secure domain:port location. Redirects can also be used to redirect connections from a specified listener to a virtual host. This way, several domain names can be defined for the same IP address and several domains hosted on one single IP. This is useful, for instance, when you wish to have two different WebMail login pages for two different local domains hosted at the same IP.

• HTML mail filtering levels - parses the HTML code from the e-mails and generates a safer (i.e. removes possibly unsafe scripts) and cleaner (i.e. converts to XHTML-like) HTML code. This provides WebMail account users with the ability to set the HTML filtering level to be applied to all mail in HTML format.

For more details on how to configure WebMail parameters using WebAdmin see WebMail Tab.

67




3.2.9. Storage

AXIGEN Storage is a specific file structure with index based access allowing fast mail delivery, retrieve and query.

AXIGEN Mail Storage checks the consistency of the messages placed in the storage and empties the queue only if the mail message is correctly stored.

All domain and user configuration along with user messages are stored in AXIGEN specific storage.

Each AXIGEN storage is defined by three elements:

• Storage directory: the directory where all storage file will be created • Max. file size: maximum size of a data file (Storage Container). The default value is

256 MB. • Max. files: maximum number of files. The default value is 128 files.

Therefore the maximum capacity of each storage is Max. file size * Max. files and the default capacity is 32 GB.

Inside storage directory, a list of files, named with 2 hexa digits followed by the .hsf extension -- e.g. 2A.hsf -- are created. There is also a file named hsf.dat which contains an unique id of the storage and the relation with other storages of the same domain. This information is useful in case some of the storage directories are moved to other locations.

Another feature of AXIGEN storage is that it supports transactions, so that some critical operations of domain configuration changes are made safely.

Filling the Containers When a Storage Container approaches its maximum size, (defined by the Max. file size parameter), another Storage Container will be created and the new messages will be stored herein. If the number of Storage Containers reaches the maximum value (defined by the Max. files parameter) and all of them have reached the maximum size, the storage is considered full and no more messages will be inserted.

The data in the Storage Containers is written in blocks of 4KB, therefore usually the files size is a multiple of 4KB. These memory blocks are called nodes. Smaller blocks of memory are also available, for message parts smaller than 4KB. These smaller blocks are called formatted nodes.

Each storage file can contain a maximum of 16 millions messages, and the maximum theoretical file size is 64GB (some limitations might apply, depending on your system configuration; currently AXIGEN limits this maximum size to 2GB). There can be maximum 128 files in one storage, and one domain can have over 4 billion message storages defined.

The actual maximum capacity in terms of total message count and size depends on the specific messages in the storage. For more details, see Domains section.

For each domain, at least three storages are used:

• one storage for domain configuration, where all domain specific configuration, the public folder and the list of domain objects (users, maillist, forwarders, etc) are stored;

• one storage for domain objects configuration, where all domain objects configurations and folders are stored;

68




• one or more storages for messages, where all mails and other data associated with mails are stored; it is recommended to define each message storage on a different physical disk, since AXIGEN will use these storages in parallel.

Space saving filling procedure The storage files with more free space have a priority when it comes to selecting the files in which a new message is added. The usage of the free space is also enhanced by message deletion.

Each message in a storage file is identified by a pointerID (type UINT). The information related to these pointers-to-messages is stored in the same storage file.

3.2.10. FTP Backup Service

AXIGEN Mail Server provides a FTP backup/restore service meant to enable regular backup operations for your entire domain and user configuration. This service is based on FTP (File Transfer Protocol, standard RFC 959).

The FTP Backup service allows using any FTP client (including standard Web browsers) in order to connect to the backup machine using the admin username and password. You can replicate the entire domain and user (accounts, lists forwarders, folder recipients) folder structure on the backup machine. The FTP service generates a virtual structure, from which you can retrieve files whenever you need them.

The directory structure created by the FTP service is similar to the one given below:

/ domains -> domains root director |-example.org -> domain name directory |-domainRegistry.bin -> domain config file (binary) |-domainCoreConfig.cfg -> domain config file (text) |-users -> users root directory |-postmaster -> user directory |-Registry.bin -> user config file (binary) |-CoreConfig.cfg -> user config file (text) |-folders -> user folders root directory |-INBOX -> user folder |-... -> other user folders |-maillists -> maillists root directory |-... -> same folder structure as for `users |-forwarders -> forwarders root directory |-... -> same folder structure as for `users' |-publicFolder -> domain public folder root


69








Error Control To protect the server the number of failed/wrong commands, received from FTP clients during one session, can be limited. When these limits are exceeded, incomplete connections or connections that are not RFC compliant will be dropped thus freeing important bandwidth.

Important! If you do not specify a limit for the maximum number of (authentication) errors allowed for a FTP client's session, security risks may arise.


For more details on how to configure FTP Backup parameters using WebAdmin see Backup and Restore Tab.

3.2.11. RPOP Service

The AXIGEN RPOP module establishes remote POP connections to already existing email accounts and retrieves all incoming traffic to the AXIGEN account.

Each AXIGEN account user can configure and add RPOP connections when connected to WebMail. In order to establish such a connection, the user must specify the hostname and port for the existing email account and the username and password required to login. Users can choose the folder to which the retrieved emails will be directed, the time interval between subsequent retrievals and if the email is deleted from the remote account or not after being transferred. Encryption options are also available.

More details about adding and configuring RPOP connections are available in the Configuring WebMail RPOP Connections section.

70







For more details on how to configure Remote POP parameters using WebAdmin see RPOP Tab.

3.3. Connectivity and Threading All AXIGEN modules implement a set of connectivity and threading functionalities and features that make it faster and easier to manage.

3.3.1. Listeners

AXIGEN Mail Server can use different Listeners for its TCP services (SMTP Receiving, POP3, IMAP, WebMail, WebAdmin, CLI and FTP Backup) and UDP services (Log and Reporting).

Listeners are network points of entry, associated with an interface address and port number that grant access to a specific TCP or UDP service.

Listeners add extra flexibility and configurability to each AXIGEN service, as they can be used to grant differentiated access to the same services for different categories of users (e.g users within a specific domain). Moreover, listeners can be associated with a variety of rules that allow defining specific limitations for connections coming from IPs within specified IP sets.

Listeners can be defined, using various parameters corresponding to that TCP service, from the configuration file (as of type "TcpListener" OBJECT-SET) or through WebAdmin (the web configuration interface). UDP service listeners have fewer parameters associated as connection related parameters do not apply to them.

The following attributes are available for each listener:

• address - the "point of entry" address and port number

• enable - specifies whether the listener is enabled or not (this way you won't have to delete the listener when you want to discontinue its use)

• max. number of simultaneous connections and max. number of new connections in a defined time interval (seconds/minutes/hours/days) - parameters specifying limitations for network connections accepted for this listener

• max. connections from each remote IP address and max. connections from each remote IP address in a defined time interval (seconds/minutes/hours/days) - parameters specifying limitations for network connections from the same IP address accepted for this listener

71




TCP listeners can also be set to support SSL connections. Further SSL parameters are available for TCP listeners in AXIGEN:

• allowed SSL versions • certificate file • Max. chain verification depth • Use Ephemeral Key • Request certificate-based authentication from client

and others.

Below you can find a scheme for a quick understanding of the Log listeners: (in this context ':' can be translated as 'of type'):

TCP service: • 'listeners' : 'TcpListener' OBJECT-SET • 'allowRules' : 'TcpAllowRule' OBJECT-SET • 'denyRules' : 'IpRule' OBJECT-SET

UDP service:

• 'listeners' : 'IpListener' OBJECT-SET

For more information about the usage of these parameters in WebAdmin and specific details on their values and how to set them see Adding and Editing TCP Listeners. You can also configure listeners using the CLI tool, for more information see Configuring AXIGEN using CLI.

3.3.2. Rules

Different rules can be associated with listeners, meant to sort connections based on various parameters, and to reject (deny rules) or accept (allow rules) them accordingly. Using deny and allow rules you can automatically accept/deny connections from specific IP addresses.

Allow/Deny Rules Allow/Deny rules enable you to specify the rules for accepting/rejecting connections when these connections follow the limitations imposed by the listener.

Allow/Deny Rules are defined using the following general attributes:

• specify a network/mask, IP range or single IP for which the reject/allow rule is applied • check or uncheck the 'enable' option to specify if the rule is enabled or not

You can then set priorities for when applying the rules and impose further connection limitations using the flow control parameters described below:

• max. number of simultaneous connections and max. number of new connections in a defined time interval (seconds/minutes/hours/days) - these parameters impose limitations on the number of connections initiated by any address within the rule IP set

• max. connections from each remote IP address and max. connections from each remote IP address in a defined time interval (seconds/minutes/hours/days) - these parameters impose limitations on the number of connections initiated by the same address within the rule IP set

72




Rule Enforcement Policy The policy for applying accept and deny rules for connections to listeners is described below:

1. The IP address from which the connection has been initiated is exposed. 2. AXIGEN verifies if this IP address is part of a set of IP addresses associated to one

or more deny rules; if yes, the deny rule with the highest priority (meaning LOWEST value for the priority attribute) is applied.

3. AXIGEN verifies if this IP address is part of a set of IP addresses associated to one or more accept rules; if yes, the accept rule with the highest priority (meaning LOWEST value for priority attribute) is applied.

4. If the IP address from which the connection has been initiated is associated only with a deny rule, the connection is denied (closed)

5. If the IP address from which the connection has been initiated is associated with both a deny AND an allow rule, the rule with the highest priority is applied. If the rule with the highest priority is a deny rule, the connection is denied (closed). If the rule with the highest priority is an allow rule, the limitations (if any) for the specified connections from the allow rule are applied. If the allow rule and the deny rule have the same priority, the connection is accepted.

6. If the IP address from which the connection has been initiated is associated only with an accept rule, the verifications defined for connections in the accept rule are applied, and if fulfilled, the connection is accepted.

After applying the limitations imposed by the rules, the global limitations defined at listener level are applied. Only then the connection is accepted (and the respective service protocol is applied on the accepted connection).

If no allow rule is defined for the IP address from which the connection has been initiated, then the connection is considered as fulfilling the rules and the verifications defined globally (if any) for the current listener are applied.

For details on how to configure rules using WebAdmin, see Adding and Editing TCP Rules. You can also configure Rules using CLI, for more details see Configuring AXIGEN using CLI.

3.3.3. Threads

AXIGEN has a multi-threaded engine which allows separate module thread allocation. Combined with Linux OS multi processor capabilities, the multi-threaded engine can break server activity into multiple parallel processing threads. By allocating a number of threads to certain modules, (SMTP Receiving / SMTP Sending / WebMail / IMAP, etc.) resource (memory/CPU) distribution is adapted to usage scenario (main mail server / backup server / gateway mail server) and hardware resources.

Thread allocation is performed using the connection thread control parameters available for most AXIGEN modules. Depending on your network specifications and conditions the workload can be adapted to the server's processing power, in order to prevent a system overload and/or improve its performance. More details on connection thread management using WebAdmin are available in each service description tab.

These parameters are also accessible for configuration in each service section from axigen.cfg (see Configuring AXIGEN using the Configuration File).

You can also configure connection thread parameters in each service context from CLI, for more information please see Configuring AXIGEN using CLI.

73




3.4. Clustering Support Having the system administrators' needs in mind, AXIGEN provides Clustering Support starting with version 3.0. Clustering support is based on OpenLDAP integration with AXIGEN and allows routing for the SMTP Incoming, POP3 Proxy and IMAP proxy services. This new feature enables system administrators to spread mailboxes on several AXIGEN servers and have a separate machine that routes POP3/IMAP connections to the appropriate mailbox server. Another important feature of the OpenLDAP integration with the AXIGEN Mail Server is the LDAP Authentication mechanism. This new method is available for all the AXIGEN services that require authentication: SMTP In, POP3, IMAP, WebMail, POP3 Proxy and IMAP Proxy.

For a detailed example on how to setup a high availability distributed solution see this related article: Implementing, Deploying and Managing a High Availability Distributed Solution on AXIGEN Mail Server.

3.4.1. Cluster Overview

This section includes a brief LDAP introduction, AXIGEN Mapping and Authentication systems, as well as front-end and back-end services setup in AXIGEN.

3.4.1.1. LDAP Introduction During the first stages of cluster planning the most important service that needs to be considered is the LDAP directory. The LDAP server will be a part of the cluster back-end section and will be set to make use of the high-availability clustering ability.

The directory services are required for routing and authentication purposes. Without it, the proxies cannot route traffic to the designated node that stores an account. There are two situations a cluster engineer can encounter while setting up a cluster:

• No LDAP / Active Directory service is available and needs to be set up. • A directory already exists and the cluster must be built around it.

NOTE: Although a directory service is highly recommended, a local file can be used to route traffic in the back-end. Using a local file can slow a cluster very much and the proxies will require updates each time the configuration changes. More details on this topic are available in the AXIGEN Mapping System chapter.

Setting up a new directory service for the cluster

This type of setup can be created quite fast. The directory service must be installed and configured according to the cluster requirements, using the recommended default values, to be integrated as smoothly as possible with AXIGEN. Once the service is running, the next phase of cluster deployment should start and the proxies set in place.

NOTE: Other fields can be added to the directory entries if the need arises. AXIGEN does not require exclusive access to any value or field, but merely relies on it to perform its tasks.

Integrating an existing directory service with the cluster

The toughest configuration scenario is the use of an already existing directory service within the cluster environment. There are special requirements that must be dealt with, such as directory and entry structure, as well as the information provided to the mail server during

74



http://www.axigen.com/usr/files/high_available_solution_mail_server.pdf

http://www.axigen.com/usr/files/high_available_solution_mail_server.pdf


normal operation. However, in most cases, to the existing entries some new fields need to be added and the already existing ones need to fit perfectly into the default entry model used by AXIGEN Mail Server. If AXIGEN and another application require the same field to have different types of values, then another, custom field, must be added to the entry structure to allow AXIGEN to behave as expected.

NOTE: AXIGEN Mail Server can integrate with almost any type of entry structure used by a directory service. The only drawback here is that fields must be added to every entry of the directory that AXIGEN will use and this can prove very difficult with some setups.

Starting with version 5.x recursive lookups in directories are available. Any user entries that require LDAP authentication should be inside the same group. The group itself can contain other user groups or the entries themselves.

3.4.1.1.1. Basic Directory Setup Entries in an LDAP Directory have a tree structure. These entries have their own attributes and unique identifiers. Attributes have names that are defined in the schemes used by the server. Unique identifiers are in fact the entry DN (distinguished name) containing an attribute (such as CN – common name) followed by the identifier of the parent entry.

If the cluster will use a new LDAP directory to perform the routing and authentication processes, a basic setup procedure is required to prepare the entries that are to be added. For the LDAP server to have a basic structural support for the entries it will hold, a basic configuration is required to be added, through an "ldapadd" command. This first entry will actually create an organization type of division in the directory and all other objects will be contained in this organization object. To create the object for the "example.tld" domain, use the following LDAP syntax:

dn: dc=example,dc=tld objectClass: dcObject objectClass: organization dc: example o: tld

Next, user objects that will be used by AXIGEN proxy services can be added in the newly created organization object. This is the entire initial setup the directory service requires, as a basic example. However, if more complex schemes need to be used, any number of branches can be defined.

NOTE: An LDIF file can be used to import this information into the directory. This helps prevent issues related to LDAP syntax and can save the cluster engineer a lot of time. NOTE: LDAP connectors defined in AXIGEN need to be configured accordingly so that looking information in the structure, that has just been created, is possible.

While adding the LDAP connector in the WebAdmin interface, certain settings need to be configured correctly, in such a manner, that the server can lookup information within the directory structure. The search base and search pattern are the most basic settings that control the way AXIGEN will perform the lookups. For the above example, using the same domain name, the values should be set as follows:

• Search Base: dc=example,dc=tld • Search Pattern: mail=%e

75




The search base actually represents the exact branch in the directory that AXIGEN will consider the parent containing all user entries. The search process will try to match the "mail" property content against the pattern being looked up. This search pattern should return only one entry for each user account looked up by the server. The default value should be more than sufficient for most setups and unless a very special setup is used, it should not be changed.

NOTE: For the search pattern to work with the above example, the "mail" property must exist for each user entry. No matches will be found in the directory if the property doesn’t exist.

3.4.1.1.2. LDAP Entry Structure AXIGEN will use the set search pattern to match an entry from the LDAP directory. If a match is found, the entry is analyzed and certain properties for the entry are used to perform the routing and authentication actions.

These properties need to be set in the LDAP connector options if they are required in the cluster setup. If they are missing the cluster will not function properly. In case the directory structure is already defined, the respective properties must be added to each user entry. If the directory is a fresh installation, each added user should have the properties defined beforehand. Below is an example of what a user LDIF file should contain for AXIGEN to use both routing and authentication for this user:

dn: cn=user1,dc=example,dc=tld objectClass: inetOrgPerson objectClass: inetLocalMailRecipient cn: user-account sn: user-account mail: [email protected]: user-account mailHost: 127.0.0.1

The first line specifies where the user entry will be added and where its actual location in the directory structure will be. The next two lines define what properties this entry will be allowed to use. The common name and the surname are next, followed by the three main properties used by AXIGEN proxy services:

• The "mail" property is defined in the LDAP connector settings that AXIGEN tries to match during the search process.

• The "userPassword" property will be used by AXIGEN in the authentication process.

• The "mailHost" property specifies the back-end server a user account is hosted on.

The properties are loaded from the schema files that LDAP uses through the "objectClass" definition lines. The fields can have different names, depending on the actual directory setup, but all of them can be set in the LDAP connector settings so that AXIGEN maintains its flexibility regarding already configured directory structures.

In the above example, the "mailHost" property is the one providing the routing information back to the AXIGEN proxy, thus it must exist for the cluster setup to work correctly. The "userPassword" property, however, is optional as the authentication process can be performed locally, on each back-end.

76





NOTE: All the properties for entries in the LDAP directory are case sensitive. Also, the values defined in AXIGEN LDAP connector settings should match the properties used for directory entries.

3.4.1.1.3. LDAP Authentication The authentication process in a clustering environment can be performed either on the front-end or back-end nodes. This is why, depending on the setup to be deployed, LDAP authentication may not be required. A good example of such setup is the one-tier cluster.

To delegate the authentication process to the proxy servers, a user password property must exist in all directory entries. Using the information stored in that field, the proxy service can compare the information provided by the client with what it found as a result of the lookup.

WARNING: If the authentication is set to be performed using LDAP and the property does not exist, or is not defined, the authentication process will always fail and the user will be locked out of his account permanently.

The password may contain information in one of the following formats:

• Clear text is a rather insecure method of storing passwords, but has very low processing power requirements. In addition, the speed at which the authentication process is performed is greater than for any of the other formats.

• Plain text will allow the password to be retrieved without binding to the LDAP server, but it will be encoded in base64 format. The password can easily be recovered if public access to the LDAP server is allowed.

• Encrypted hashes is the most secure method of storing passwords. However, they can be retrieved only by binding to the LDAP server using a privileged account. The connector should be set to bind and the account details should be filled in before attempting to use this format.

The authentication process takes place on the front-end systems only if LDAP authentication is enabled for the proxy services. The authentication itself is actually performed twice, once on the front-end and once on the back-end. This would appear useless, while in fact, with the help of the front-ends only valid authentication requests will reach the back-end systems. Another advantage for using front-end authentication is preventing third-parties from ever reaching the back-end systems directly. This is a very important security feature and should be enforced as often as possible.

NOTE: The authentication process depends on the success of the user entry lookup in the directory. If the account is not found, then the authentication process will fail. NOTE: LDAP Authentication can also be used for regular services on the back-end systems. This is actually recommended for speed increase and maintaining the overall cluster integrity and stability.

For more detailed information please see AXIGEN Authentication System and AXIGEN LDAP Authentication.

77




3.4.1.2. AXIGEN Mapping System Mapping information is required to establish the routing behavior in any AXIGEN cluster. The theory behind the mapping system is fairly simple: using the entry returned by the front-end query, the field referring to the mail host (back-end) is assigned as the destination system for that user’s session. The mapping data actually provides the information required by the front-end to decide what back-end holds the actual user account.

The mapping system performs this routing task in two basic ways:

• Using a local user database mapping information is retrieved by parsing a locally defined file, containing all mapping patterns.

• Using an LDAP directory mapping information is retrieved from the LDAP directory.

Both methods have the same result as long as they are configured properly. Mapping information is gathered using the AXIGEN User Map defined in the proxy configuration. The user map is used for routing and can also be used in the authentication process. The mapping system is one of the key elements in the front-end node configuration.

Local user maps are read from a file formatted in a specific way so that AXIGEN can interpret and retrieve information from it. Single entries can be provided for individual users as well as regular expressions to match and map multiple user accounts to the same back-end system. An LDAP directory is more recommended than the use of local files, because it is more productive while using a resource intensive setup such as a cluster.

An LDAP directory can be used to perform the authentication process too, so using it makes more sense in a complex setup because it helps keep track of front-end behavior from a central point. Most clusters will use LDAP or Active Directory to perform the mapping process and all that is required for this to work is setting up the routing property. It is a very straight forward method and is preferred because of the multiple advantages LDAP provides.

The mapping information is defined by selecting a user map in the proxy configuration. The selected user map will route connections to the back-end system using a local file or an LDAP directory.

While using an LDAP directory, the cluster engineer is presented with two possible connection options:

• Password (Simple) should be used whenever the information held in the LDAP directory can be retrieved using a plain LDAP search. This would also include password fields that should be available in plain text (un-hashed).

• Bind (Authenticated) is required only if the information stored in the directory tree has one or more fields that are hashed (such as DSA or RSA encrypted passwords). In this case only an authorized user can retrieve useful information.

Depending on the setup, both connections can be used in complete safety. However, some setups allow only bound connections. The most common example of such setup is Active Directory as it only allows authenticated users to search the directory tree and retrieve information.

While using a local file to define mapping information, in the user map configuration, the file path and name must be specified. In addition, AXIGEN must be able to access the file and read information from it. The local mapping file syntax is simple and flexible. The basic format of the local file used by the mapping system is:

<account-name-pattern> <back-end-system>

78




Example:

[email protected] 192.168.20.3

In the above example, the account “user1” in the domain “example.tld” will be assigned the back-end with the IP address 192.168.20.3. The back-end system can also be specified with its domain name and its fully qualified domain name:

[email protected] backend3.example.tld and [email protected] backend3

However, the above examples will also match the pattern “[email protected]” because the address contains the search pattern “[email protected]”. To prevent this behavior, regular expressions must be applied to the entry:

^[email protected] backend3

Using this format, the pattern will match only if the account name starts with the pattern entered. Using the above examples, any standard Perl regular expression can be designed to match the required accounts. This way, accounts can be mapped alphabetically, based on domain name and other types of criteria.

NOTE: While setting up a cluster the mapping system must be configured carefully. The cluster engineer should make sure that for any particular search the results returned will not confuse the proxy services. If multiple entries are matched at the same time, only the first one will be taken into consideration. This can generate unexpected results for the end-users and can also generate other issues if multiple services depend on the cluster operation. NOTE: Custom mapping configurations can be used while migrating from previous setups. If the destination host already exists in the LDAP directory, the entry field (property) can be specified in the AXIGEN configuration to match it. NOTE: While using Active Directory, the routing property must be added manually for each of the users already defined by the domain administrator. Any of the unused attributes can be used to hold this information. The only consideration with this approach would be to use the same attribute for all users.

For more detailed information please see Configuring Mapping Parameters.

3.4.1.3. AXIGEN Authentication System The authentication process is one of the most common safety measures used for any service. AXIGEN clusters also use authentication and support a wide variety of algorithms as well as password encryption.

Any AXIGEN cluster can make use of the two authentication methods available:

• Internal Authentication - the account information defined and stored on the back-end is used to process the authentication request.

• LDAP Authentication - the LDAP directory tree is used to search, retrieve and process the authentication request.

While using the internal AXIGEN authentication system, the password is retrieved by the server from its local user information data. The password is defined during the account creation process and can be changed at a later time, either by the administrator or by the

79




user from within the WebMail interface. This method does not require an LDAP server to be set up but is very slow by comparison.

LDAP authentication is very widely used in cluster setups because of the speed gain. Also, while using LDAP, the mapping system can be assigned to it and the resulting setup becomes a centralized configuration point for the proxy services. In addition, the LDAP server may already exist and contain the entries required, in which case the configuration overhead is reduced considerably.

The LDAP authentication isolates the process from the actual AXIGEN account defined. This can arise some unexpected results such as different passwords within the directory and the back-end server. While a user can still change its password from the WebMail interface, this password will not be updated in the LDAP tree structure and the user can become easily confused. To prevent such issues, a thorough synchronization process must be implemented within the cluster.

This type of authentication overrides the standard AXIGEN authentication method. As such, using LDAP to authenticate sessions for one service will also disable the internal authentication method for all services. LDAP authentication is performed using an LDAP connector that must be defined in advance. The directory tree must also be configured before the authentication process will succeed.

The authentication process consists of a three stage process:

• LDAP query - During this stage, AXIGEN performs a lookup in the directory tree and expects the account password information as the result.

• Credential information matching - Using the information gathered during the first stage, AXIGEN compares what the client provided against what LDAP returned.

• Session authentication - If the above process was successful the session becomes authenticated.

If any of the above stages fail for some reason, the session will not be authenticated. Thus, for the account that requests an authentication, the LDAP server must be able to return an entry and a valid password property.

WARNING: If LDAP authentication is enabled and an account exists on any back-end system but has not yet been defined in the LDAP directory tree, the user will not be able to authenticate, even though it will be able to receive messages. NOTE: To prevent any issues while using the LDAP authentication method, some type of consistency checks should be run against the user database available in the directory tree and the AXIGEN internal user list. If the results are not identical, some users will not be able to use the services. NOTE: Similarly, if more than one entry is returned during an LDAP search for any account, only the first result will be taken into consideration. This may result in abnormal cluster behavior and some service users might not be able to log in. NOTE: Authenticating users using an existing Active Directory service can be achieved by configuring the LDAP connector, used by AXIGEN, to use the directory service. This setup must be carefully tuned to match the current directory configuration.

For more details please visit AXIGEN LDAP Authentication.

80




3.4.1.4. AXIGEN Front-End Services Setup The services that run on the front-end nodes of the cluster are only the proxy services. All of these services can run on any number of systems without affecting the overall cluster availability. As long as one of the front-end nodes is still serving incoming requests, the cluster will be fully functional.

Because all front-end nodes are identical, you can add or remove nodes at will. The more front-end nodes your cluster has, the more requests will be processed at the same time. It is important to have sufficient front-ends to keep up with the number of the requests, especially during peak activity times.

The following services provide proxy abilities within AXIGEN:

• SMTP Proxy routes and authenticates incoming SMTP sessions. This service is vital for mail delivery within the cluster.

• IMAP Proxy routes and authenticates IMAP sessions. This service allows users to retrieve their messages from their back-end account through the proxy using the IMAP protocol.

• POP3 Proxy routes and authenticates POP3 sessions. This service allows users to retrieve their messages from their back-end account through the proxy using the POP3 protocol.

• WebMail Proxy routes and authenticates WebMail access requests. This service also renders the web pages requested by the web browser, using the information retrieved from the back-end server holding the user account.

3.4.1.4.1. The SMTP Proxy While configuring the AXIGEN cluster, the SMTP service can be set up using two methods. The default state of this protocol enables it to run as a “local” service, meaning it will try to deliver messages locally if the destination of an e-mail is a domain defined in the AXIGEN configuration. The second state, that can be enabled and disabled as required, is the “routing” state.

If the SMTP service is set up to route connections, it will use its assigned user map to decide where an incoming connection must be forwarded. This action will only be taken for entries found in the user map. If the destination is not present in the mapping system and no result is returned, then the service will relay the message and normal SMTP policy rules will apply.

NOTE: Because the SMTP service can only be reached from the outside while using the standard port 25, the proxy service should run on this port. Using another port for the proxy setup can render the cluster useless. NOTE: It is very important to consider the SMTP configuration for the cluster as any changes made for one front-end must be replicated on all of the other front-end nodes. This includes changes in the SMTP Policy script file and the main AXIGEN configuration file. WARNING: An open relay among the front-end nodes is very hard to spot and can cause many problems with spam and black lists. Special care is recommended while setting up SMTP proxies to prevent such issues.

The SMTP proxy uses the same authentication method as all of the other services that run on that particular node. This is why, in the event that LDAP authentication is used, the same connector will be used for all services.

81




3.4.1.4.2. The IMAP and POP3 Proxies Both of these services provide similar functions within the cluster and from a configuration standpoint, they are identical. They both use the same authentication method, internal or LDAP, and in the second situation, they use the same connector. In a similar way, the same user map is used for the routing section of these services.

The only notable difference between configurations of these services is the failover address and port used. The failover address is used in case a match is not found in the user map. As these services use different ports and different protocols, an IP-port pair can be specified as failover for each individual service.

NOTE: For the SMTP service the failover address is not required because the message will get relayed or discarded if no routing information can be found.

Both IMAP and POP3 proxy services can run on the same system as the IMAP and POP3 services, forwarding requests to the same system or another system when required. This helps with the design of single tier clusters that have neither stand-alone front-end nodes, nor load balancers.

For more details on this topic please see IMAP Proxy Service and POP3 Proxy Service.

3.4.1.4.3. The WebMail Proxy UPDATE: This proxy has not yet been implemented and configuration details have not yet been released. This section has been marked for future updates.

The WebMail proxy replaces the standard WebMail interface available on an individual AXIGEN server. The public area of the interface and the main login page are identical to the normal WebMail interface but the session information displayed after the login procedure has been completed and is preloaded from the back-end nodes.

3.4.1.4.4. Mapping Setup User maps are used to provide routing information to the proxy services running on a cluster node. More than one user map can be defined and each can be configured separately.

A user map can have one of the three following types:

• Local File - Uses a specified path to load a local file containing the routing information.

• LDAP Password - Connects to an LDAP server using one of the defined connectors. • LDAP Bind - Uses bound connections to an LDAP server requiring authentication

such as an Active Directory tree.

Once the type of the mapping is set, the configuration details must be solved. For the local file mapping to work, a local file with mapping information must exist. This file must have the correct permissions set for AXIGEN to access it and retrieve the information.

With the LDAP mapping type, an LDAP connector must be selected from the list of defined connectors. If no connector has been defined, a new one must be set up so AXIGEN can retrieve the mapping information from the LDAP server.

WARNING: Each user map can use one LDAP connector at a time. Therefore, only one base DN and only one search pattern can be set to retrieve the information from the directory. While defining the LDAP connector a search pattern, that can return all user

82




entries defined, should be used with caution so they can all access the system. If the pattern cannot match all entries, the ones excluded will never be matched by the mapping system even if they are defined in the LDAP directory.

For additional information on this topic read the User Maps chapter.

3.4.1.5. AXIGEN Back-End Services Setup The cluster back-end systems are the actual information center for the entire setup. The system or systems that make up the back-end area of any cluster require access to storage resources. Thus, the AXIGEN services that run on these systems are very similar in configuration to the services that run on any stand-alone AXIGEN server.

The back-end services used by the cluster nodes are:

• SMTP Services will provide functionality for the incoming and outgoing mail received by the accounts stored on the cluster node. The SMTP incoming service will accept connections from the SMTP proxies on the front-ends.

• IMAP and POP3 Services will accept routed connections from the respective proxy services. They will retrieve the information from the storage and pass it to the proxies to be displayed in the mail client.

• WebMail Service will provide the information required by the WebMail proxies to render the pages requested by the client. It will not be accessible directly, only through routed connections from the proxies.

• Other Services include other modules supported by the server that are independent on the cluster setup. These include the FTP Backup service, the CLI, the WebAdmin interface, RPOP etc.

These systems have domains and accounts set up locally and take care of the imposed restrictions regarding disk space usage and quota management. All details concerning the actual user account settings must be defined and configured on the back-end systems, through any of the administration interfaces.

All services that make use of an authentication mechanism in a cluster, using LDAP authentication, should also use this type of authentication in the back-end section. This is recommended because using the same resource to authenticate sessions provides increased integrity to the whole clustering system. Because LDAP authentication can be used by both routing and non-routing services, this approach should make sense in most cluster setups.

NOTE: In the back-end, no routing is performed and consequently, no proxy services should be running. As such, while an LDAP connector can be defined to enable directory authentication, this connector should not be used to map any connections. WARNING: Setting up a routing SMTP service in the back-end will cause looping messages that will be discarded.

Individual service configuration, except the authentication method, should be fairly straight-forward and easy to perform, as the services themselves are not different in any way from the services used by any other AXIGEN server.

83




3.4.2. LDAP Routing

The AXIGEN Mail Server provides routing options at SMTP In, POP3 Proxy and IMAP Proxy level through its integration with OpenLDAP. LDAP stands for Lightweight Directory Access Protocol. It is a model for Directory Services that provides a data/namespace model for both the directory and a specific protocol.

A directory is a specialized database with a hierarchical structure designed for frequent queries but infrequent updates. Unlike general databases they don't contain transaction support or roll-back functionality. Directories are easily replicated to increase availability and reliability.

In order to be configured for use within AXIGEN, OpenLDAP has to already be set up. OpenLDAP installations may very, depending on your preferred operating system. Integrating OpenLDAP with AXIGEN is a two-step process, as described below:

1. Configuring OpenLDAP for AXIGEN Note: In this document the localdomain.test address is used as an example. Please remember to edit it accordingly.

• please run the following command and then place the following text: # ldapadd -D "cn=admin,dc=localdomain,dc=test" –W dn: dc=localdomain,dc=test objectClass: dcObject objectClass: organization dc: localdomain o: test

• In order to add users to the LDAP directory, add the following into a file. You may add as many users as you want in this file:

dn: cn=user1,dc=localdomain,dc=test objectClass: inetOrgPerson objectClass: inetLocalMailRecipient cn: user1 sn: user1 mail: user1@localdomain userPassword: user1 mailHost: 127.0.0.1

• Then run the following command: # ldapadd -D "cn=admin,dc=localdomain,dc=test" -W -f file.txt

• You will be asked for the password you set up in the /etc/openldap/slapd.conf file (in our example, 'secret').

• You can test if the user was added using the following command (the second version of the command includes authentication:

# ldapsearch -b "dc=localdomain, dc=test" # ldapsearch -b "dc=localdomain, dc=test" -D "cn=admin,dc=localdomain,dc=test" -W

• In order to delete an entry, use the command: # ldapdelete -D "cn=admin,dc=localdomain,dc=test" –W # cn=user7,dc=localdomain,dc=test

• To edit an LDAP entry, just use: # ldapmodify -D "cn=admin,dc=localdomain,dc=test" –W # dn: cn=user5,dc=localdomain,dc=test

84




# changetype:modify # mailHost:10.10.247.5 #

Note that you must press another <Enter> after the modified field.

2. Configuring LDAP Connectors in AXIGEN Login to WebAdmin using your preferred browser, press the 'UserDb' tab and go to the 'LDAP Connectors' section. Press 'Add new ldapconn' and fill in the fields:

• name - the name of this connector • hosturl - the ldap host (e.g. 'ldap://localhost:389') • bindDN - the DN of the admin account (e.g. 'cn=admin,dc=localdomain,dc=test') • bindPass - the password set in your /etc/openldap/slapd.conf file (e.g. 'secret') • searchBase - the search base (e.g. 'dc=localdomain,dc=test', but using '%s' is

recommended, as it is the expanded domain name, • for use in the 'dc' style LDAP base.) • searchPattern - the search pattern (e.g. 'mail=%e') • passwordField - the name of the field containing the password, defined in your user

file created above (e.g. 'userPassword') • axigenHostField - the name of the field containing the mail host, defined in your user

file created above (e.g. 'mailHost') • useFirst - should the first returned field be used if more are found ('yes' or 'no')

For more details on setting the above parameters in WebAdmin, see LDAP Connectors.

3.4.2.1. Configuring Mapping ParametersIn order to successfully route connection on either of the supported protocols, SMTP, POP or IMAP, system administrators need to set mapping parameters. The easiest and most intuitive way of setting mapping parameters is through WebAdmin, AXIGEN's web-based administration interface.

In the User Maps page you can add and configure a list of User Maps at server level. In order to do so, system administrators should access Clustering > Clustering Setup > User Maps page and hit the "Add User Map" button.

85




For each new user map, the following parameters are available: name, type (Local file, LDAP Password, LDAP Bind) and, as the case may be, either file location or defined LDAP Connectors. For details on how to set these parameters, see User Maps.

3.4.2.2. POP3 Proxy Service AXIGEN POP3 Proxy module establishes connection, trough remote servers, with POP3 clients. The server accepts connections as specified by the POP3 Proxy listeners defined in the configuration file. By default the server accepts connections on 127.0.0.1:110 .






Encryption and Authentication The POP3 Proxy service only supports PLAIN authentication, which is why it is recommended that StartTLS or SSL are used for encrypting the connection. The authentication can be performed on the POP3 proxy or on the back end server.



Thread Management AXIGEN Mail Server is designed to run on different machine configurations and operating systems, on networks with various traffic loads, structures, domain configurations, user rights etc. That is why, depending on all these variables, you can adapt the workload to the

86




server’s processing power to improve its performance or avoid overload by setting the minimum and maximum number of threads that can be opened at a specific moment of time.

Back-end Server Connection Settings In this section, you can allow a connection timeout to be set, specify the maximum number of connections between POP3 Proxy and the back-end Server, another local network interface IP address to be used for connections with the back-end server and whether or not to use SSL to connect to the back-end server.

For more details on how to configure POP3 Proxy parameters using WebAdmin see POP3 Proxy Tab.

3.4.2.3. IMAP Proxy Service AXIGEN IMAP Proxy module establishes connection, trough remote servers, with IMAP clients. The server accepts connections as specified by the IMAP Proxy listeners defined in the configuration file. By default the server accepts connections on 127.0.0.1:110 .






Encryption and Authentication The IMAP Proxy service only supports PLAIN authentication, which is why it is recommended that StartTLS or SSL are used for encrypting the connection. The authentication can be performed on the IMAP proxy or on the back end server.


87






Back-end Server Connection Settings In this section, you can allow a connection timeout to be set, specify the maximum number of connections between IMAP Proxy and the back-end Server, another local network interface IP address to be used for connections with the back-end server and whether or not to use SSL to connect to the back-end server.

For more details on how to configure IMAP Proxy parameters using WebAdmin see IMAP Proxy Tab.

3.4.3. AXIGEN LDAP Authentication

Aiming to provide its users with a relatively simple way of adding new user database sources, starting with version 3.0, AXIGEN implements LDAP authentication methods. The new authentication engine adds two new authentication methods for both plain and secure connections, namely DIGEST-MD5 and GSSAPI. For more details on the new methods, see Authentication and Encryption.

In order to enable LDAP authentication, system administrators need to first add and define a list LDAP Connectors. The connectors can be managed and configured via WebAdmin, on the UserDb tab. For details on how to add new LDAP Connectors, please see the corresponding section. A new section of corresponding to the UserDb tab has been added to the configuration file. Below you will find an example of how this section should be configured: userDb = { logType = internal logLevel = 15 logHost = 127.0.0.1:2000 maxThreads = 5 ldapConnectors = ( { name = "ldap1" hosturl = "ldap://server1:389" bindDN = "CN=Martin Brown,OU=USERS,OU=CompanyName1, OU=Companies,OU=CompanyName2,DC=server,DC=local" bindPass = "qwe123" searchBase = "OU=USERS,OU=CompanyName1,OU=Companies,OU=CompanyName2, DC=server,DC=local" searchPattern = "(sAMAccountName=%u)" passwordField = "givenName" axigenHostField = "" useFirst = yes } ) }

88




Two new parameters are also added for all services needing authentication: userDbConnectorType ( with hree available values: ldap | ldapbind | local) and userDbConnectorName. The services requiring authentication are SMTP In, POP3, IMAP, WebMail, POP3 Proxy and IMAP Proxy. For each of these services, the user database parameters can easily be configured using WebAdmin. The above described parameters are available on the General page of the tab corresponding to each service.

For detailed instructions on configuring these parameters using WebAdmin, see the LDAP Connectors Page.

3.4.4. Integrating Active Directory into a cluster environment

Active Directory is treated by AXIGEN just like any other LDAP directory. However, this implies certain configuration changes from the standard LDAP connector settings used in a general directory setup. Active Directory has predefined property names and these have to be used for the authentication process to be successful.

The account name that needs to be matched against the AXIGEN internal user database is the "sAMAccountName" property. This property contains exactly the username required for the login procedure. Having this information will help us set up an LDAP search filter, later on, that will isolate a particular user in the Active Directory structure.

Active Directory doesn’t allow anonymous queries in its database. For this reason, any lookup should be performed by an already existing user in the AD. The returned information will then be forwarded to the proxy service and the authentication will be performed. This user may be a regular one (they have access to the database by default) or the domain administrator, as the one in the example below. In LDAP terms, the value of the Bind DN should reflect a user account that will have to be set up appropriately in the LDAP connector settings.

The search base, which is the top most organizational element, contains all entries we are querying and needs to be known beforehand. Common to all the users, we are trying to authenticate as, is the LDAP path. Since AXIGEN can perform recursive lookups in the directory structure, this top unit may contain any number of smaller organizational units that comprise the actual accounts.

The host name and port should be defined, in a similar manner, as for any other LDAP server. The default port on which the Active Directory can be contacted is the same, 389. The Bind DN field should contain a user account value similar to the one below:

CN=administrator,CN=Users,DC=example,DC=tld

The default location for the "administrator" account in the Active Directory is the "Users" container, right inside the root of the defined domain ("example.tld" in the above example). The password for the used account should be entered as the bind password.

NOTE: These settings are used only while performing the actual lookup in the directory. They do not refer to the authentication settings for this particular account.

To use a search base that will identify all accounts in the same container as the "administrator" account, the following type of string for its value should be set:

CN=Users,DC=example,DC=tld The used search pattern must identify particular user entries in the directory. For this reason, the above mentioned value will be used to isolate particular accounts:

89




(sAMAccountName=%u)

For each database entry we are searching for, this attribute should have exactly the same value as the user name (%u). The variable "%u" will expand as the username.

The server should be configured to use only the first value found in the lookup. This should prevent errors if more than one match is found in a lookup.

NOTE: This option can generate issues and may block users logging in. To prevent such problems, all users have to be unique. NOTE: The password field and the AXIGEN host (used in routing) should be left blank if only the Active Directory authentication is required.

Even if users are authenticated in Active Directory, they still need to exist on the back-end servers. If a user account does not exist, the authentication will be successful but the inbox will not be selected. The only use for an Active Directory account that has no mailbox is to send emails through the SMTP service using authenticated credentials.

WARNING: This will enable any user to send authenticated messages even if they do not have an email account created.

If routing is used within the cluster environment (more than one node is present in the background), then a certain property must be defined for all the user accounts in the Active Directory. Any inactive property can be used for this purpose, but it is recommended that one of the extra added properties is used.

NOTE: In the default Active Directory schema, there are over 10 properties unused by common services running on the network. These were left out exactly for the purpose of expanding the directory service and be used in conjunction with other applications.

The property values should contain the IP address of the back-end server holding the account and the property name has to be set up in the LDAP connector settings. It is very important for all accounts to use the same property as all will be looked-up in the directory by the same connector.

WARNING: The IP address of the back-end node should be set, for all users, in the same property or the cluster will become inaccessible to the ones that use a different property for the AXIGEN mail host. Even if the session is correctly authenticated, the inbox of some accounts will not be found because no destination back-end will be selected.

The routing process can be set up using a local file instead of the LDAP connector. This removes the need of manually editing the values in Active Directory and is relatively hassle-free. However, using local files to process the routing information can increase the proxy servers overhead. Moreover, if there is more than one proxy, the same file version must be used across all nodes to ensure the cluster integrity and stability. The synchronization process has to be performed manually after each change.

UPDATE: This may be subject to change in the future. The local files could be automatically redistributed.

90




3.4.5. Exotic Cluster Setups

This chapter deals with common setups that are beyond the standard deployment of a clustering environment. Most of the examples here provide some sort of advantage like lower costs in exchange for a drawback such as higher risks and creation of single points of failure.

UPDATE: This section should be updated if other cluster configuration environments are encountered.

3.5. Groupware and collaboration Starting with version 6.0 AXIGEN Mail Server introduces groupware services allowing network users to interact and work together by sharing folders, e-mails, calendars, tasks etc. Complex permission hierarchies can be created to meet the specific collaboration and sharing needs of any organization.

3.5.1. Personal Organizer & AXIGEN Outlook Connector

Having time management and mobility needs in mind a Personal Organizer module is available from both AXIGEN’s WebMail interface and the email client Outlook. The Personal Organizer comprises tools such as calendar, tasks, journal, notes and collaborative support.

Aiming to adapt to all requirements generated by a competitive business environment, the new version's permission granting structure enables users to delegate email sending tasks to their team members and view the free/busy status to avoid assigning events when a team member is already taking part in a different one.

The AXIGEN Outlook Connector enhances the communication of Microsoft's email client with the AXIGEN server, thus making the Personal Organizer available for Outlook users to take full advantage of all AXIGEN's features & capabilities.

AXIGEN Outlook Connector implements most Exchange-like features including server-side Search Folders (such as Unread messages or Large Messages) which enables users to easily locate messages based on various filters. The new application also allows new folders (including special folders) creation on the server directly from Outlook.

For a detailed usage description for the Personal Organizer in AXIGEN's WebMail Interface, please see the corresponding chapter of this Manual.

3.5.2. User folders and permissions

Starting with version 6.0 users are allowed to perform operations on folders (view its contents, add items, delete items etc.) if permissions on the respective folder were defined. By default all users have permissions on their own folders and can allow other users to access one or more of their personal folders with different permission levels (read only, read and write etc.). These permissions can be set either from WebMail or Outlook and can be granted to a user or a group of users (defined by the system administrator in WebAdmin).

Important! The system administrator has the right to set permissions on any user or public folder.

91




Computing permissions Each time the server needs to determine if a specific action on a specific resource is allowed or denied for a specific administrative user the following reasoning is used:

- if the permission is set to deny on at least one of the parent folders in the chain, for the user or a group that the user belongs to, the permission will be denied - if the permission is not denied on any of parent folders in the chain but allowed on at least one, for the user and/or a group that the user belongs to, the permission will be allowed

- if the permission is neutral (not set) on all parent folders in the chain, for the user and/or a group that the user belongs to, the permission will be denied

The Effective permissions tab will show the final result of this operation.

Permissions description Read items - Folder is visible and its contained items can be read.

View items - Folder appears in hierarchy ("lookup").

Read folder content - Items in this folder may be read.

Share the read / unread status - Changes to the read / unread flag are seen by other users does not apply for contacts, calendar, tasks, journal and notes folders).

Set / clear flags - Modify flags other than read / unread and deleted / not deleted (does not apply for contacts, calendar, tasks, journal and notes folders).

Add items - Add new items to folder (create new, move to, copy to). Both 'add items' and delete items' permissions are required for modifiying items.

Add subfolders - Add new subfolders below this folder (create new, move to, copy to).

Delete folder - Delete this folder, including all its contained items.

Delete items - Delete items in this folder. Both 'add items' and 'delete items' permissions are required for modifying items.

Mark items as deleted / not deleted - Modify the deleted / not deleted flag.

Expunge folder - Purge items marked with the deleted flag.

Manage permissions - Modify permissions on this folder.

Types of permissions When new entities are created they can have two types of permissions:

1. Implicit permissions do not appear in the permissions list for resources, cannot be modified (they are resolved directly by the MACL engine) and cannot be overridden with an explicit 'DENY' from any level (above or below). These are:

• the 'postmaster' user has 'all rights' on all public folders • the 'postmaster' user has 'Lookup' and 'Manage permissions' on all folders of all the

accounts in its domain • the 'postmaster' user has 'all rights' on his mailbox (and all subfolders) • each user has 'all rights' on his/her mailbox (and all subfolders)

92




2. Default permissions are explicit, modifiable and appear when specific entities are created. They are:

• newly created folder in the PF namespace or in a mailbox other than the creator's, the creator has 'all rights', with 'apply to subfolders'

• if the newly created public folder is created from the WebAdmin interface, no explicit permissions are set for it

• when a new domain is created, the PF root contains the permission: 'all users in domain, allow, Lookup, apply to subfolders'

Details on how to set folder permissions are available in the Setting Sharing Permissions chapter.

93




Chapter 4. Mail Server Security AXIGEN Mail Server comes with a full security feature set, guaranteeing secure reception, transit and delivery of email and protection for your confidential data.

Authentication AXIGEN server supports authentication, meaning it can be instructed to accept only connections/messages from authenticated entities. CRAM-MD5, LOGIN, PLAIN, DIGEST-MD5 and GSSAPI methods are available for client authentication, reducing the risk of unauthorized connections.

Encryption(SSL/TLS) All AXIGEN communication protocols can benefit from SSL/TLS technology which allows sending encrypted messages across networks and preventing plain text messages to be intercepted on the way from sender to recipient. This encryption method guarantees secure data transmission over networks.

Built In Firewall (application level) Stopping spammers and preventing DOS attacks is one of the most important tasks of a mail server and the sooner the problem is identified in the mail stream , the better. This is why AXIGEN has a built in Firewall at the application (TCP listener) level that allows Administrator to control connectivity parameters, like the following listener rules:

- maximum simultaneous connections; - maximum connections to be accepted during a time interval; - maximum simultaneous connections accepted from a single host (that may be an attacker);

Furthermore, Administrators may define IP sets that have specific sets of such rules, applied with different priorities or IP sets whose connections are denied. For more details see Listener Rules. Anti-spoofing (SPF and DomainKeys Compliant) SPF authentication is used by the SMTP Incoming module in AXIGEN to determine whether the mail message comes from an authorized source. DomainKeys is an e-mail authentication system designed to verify both the DNS domain of an email sender and the message integrity. This additional authentication method significantly reduces spoofing attempts, that is, unauthorized attempts to gain server access, or assuming a fake identity when sending an email.

Message Acceptance Rules The system administrator can configure and implement message acceptance policies and adjust them to best suit their security requirements. Incoming connections established via SMTP and the message flow can be easily managed using the established policies.

94




Antivirus / Antispam The AXIGEN Mail Server can easily integrate with a large number of antivirus/antispam applications, either commercial, or open source. Starting with version 5.0 SpamAssassin is integrated within the AXIGEN kit.

Available Antivirus applications: ClamAv, KAV(Kaspersky) for Mail Servers, BitDefender, Sophos, F-Prot, DrWeb, Symantec, F-Secure, Avast, eTrust, Norman, Panda, McAfee.

Available Antispam applications: SpamAssasin, AVG, Kaspersky Anti-Spam, Avira MailGate, BitDefender Mail Protection for Enterprises, Symantec Brightmail AntiSpam.

Routing Rules The Processing policies correspond to the SMTP Processing and SMTP Outgoing modules.

On one hand, they enable administrators to define the NDR (Non-Delivery Receipt) text and the conditions when such a message is returned.On the other hand, they allow system administrator to customize SMTP Outgoing actions for all or part of the relayed email communication.

Message Rules Message rules instruct the AXIGEN Mail Server to take certain actions on processed email messages based on pieces of information contained by the message headers.

4.1. Authentication and Encryption AXIGEN Mail Server provides a variety of security options related to authentication and encryption for all connections established by/with the mail server.

Secure/Plain Connections and Authentication Methods AXIGEN supports TLS enabled connections. TLS-enabled connections are connections that support the Transport Layer Security, a standard providing encryption and authentication service that can be negotiated during the startup phase of many Internet protocols, including SMTP, POP3 and IMAP, and used for general communication authentication and encryption over TCP/IP networks.

All AXIGEN mail services (SMTP, IMAP, POP3) provide an AllowStartTLS parameter that you can enable and have the server advertise TLS capability.

Authentication methods are available both for TLS-enabled connections and plain connections (non TLS-enabled).

The methods supported by AXIGEN are: PLAIN, LOGIN, CRAM-MD5, DIGEST-MD5 and GSSAPI.

The PLAIN mechanism consists of a single message from the client to the server, in which the client sends the authorization identity (identity to login as), the authentication identity (identity whose password will be used) and the clear-text password. If left empty, the authorization identity is the same as the authentication identity. The PLAIN authentication mechanism is not recommended for use over an unencrypted network connection.

The LOGIN mechanism is a non-standard mechanism, and is similar to the PLAIN mechanism except that this mechanism lacks the support for authorization identities.

95




The CRAM-MD5 is a challenge-response mechanism that transfers hashed passwords instead of clear text passwords. For insecure channels (e.g., when TLS is not used), it is safer than PLAIN.

The DIGEST-MD5 is the required authentication mechanism for LDAP v3 servers .

The Digest-MD5 is based on the HTTP Digest Authentication. In Digest-MD5, the LDAP server sends data that includes various authentication options that it is willing to support plus a special token to the LDAP client. The client responds by sending an encrypted response that indicates the authentication options that it has selected. The response is encrypted in such a way that proves that the client knows its password. The LDAP server then decrypts and verifies the client's response.

GSSAPI is the Generic Security Services Application Programming Interface. Its primary use today is with Kerberos authentication. Kerberos is the primary authentication mechanism in Windows Active Directory.

For information on configuring TLS and authentication methods related parameters, see: Configuring IMAP Authentication and Encryption Parameters Secure POP3 Connections

Also, for all AXIGEN services, authentication error control parameters are available. That is, if on attempting to connect, clients fail to authenticate correctly a number of times, the connection is dropped. For information on these parameters, see the Connection Error Control sections for each module in Configuring AXIGEN using WebAdmin.

SSL parameters AXIGEN supports SSL-enabled connections, providing advanced SSL parameters for TCP Listener configuration available for all its TCP Services (SMTP, IMAP, POP3, WebMail, CLI and WebAdmin). See SSL Parameters for Listeners for information on these parameters and how to configure them using WebAdmin.

For information on configuring TLS and authentication methods related parameters, see: Configuring IMAP Authentication and Encryption Parameters and Secure POP3 Connections.

Also, for all AXIGEN services, authentication error control parameters are available. That is, if on attempting to connect, clients fail to authenticate correctly a number of times, the connection is dropped. For information on these parameters, see the Connection Error Control sections for each module in Configuring AXIGEN using WebAdmin.

4.1.1. Kerberos Authentication within Active Directory

Kerberos is the primary authentication mechanism in Windows Active Directory. Within the AXIGEN Mail Server, it is used as an authentication method through GSSAPI (Generic Security Services Application Programing Interface). In order to enable Kerberos authentication for your installed AXIGEN Mail Server, please follow the steps described below. 1. Create an account named "axigen_SERVICE" in Active Directory corresponding to each service you want to authenticate on from AXIGEN. Three accounts will be used for all AXIGEN supported services: axigen_smtp, axigen_imap, and axigen_pop.

2. Export the keys using the KTPASS utility:

96




1. Generate a key for the SMTP service: ktpass -princ smtp/axigen.hostname@REALM -mapuser axigen_smtp -pass PASSWORD -out axigen-smtp.keytab

2. Generate a key for the IMAP service: ktpass -princ imap/axigen.hostname@REALM -mapuser axigen_imap -pass PASSWORD -out axigen-imap.keytab

3. Generate keys for the POP3 service: ktpass -princ pop/axigen.hostname@REALM -mapuser axigen_pop -pass PASSWORD -out axigen-pop.keytab

In all commands shown above you must replace: axigen.hostname - with the domain AXIGEN users should use to login to REALM - with the Kerberos realm, particularly for Active Directory, with the domain name for which you want to authenticate PASSWORD - with the password for the corresponding "axigen_SERVICE" account, which you have previously created. Please note that the AXIGEN Mail Server IP address must reverse point to the same hostname you have specified above as "axigen.hostname".

3. Copy the exported key files on the AXIGEN machine in the /etc directory and merge them using the 'ktutil' application. Simply type 'ktutil' and issue the following commands in the application's subshell:

• load the needed keytab files, according to the services you want to use GSSAPI authentication with: rkt /etc/axigen-smtp.keytab rkt /etc/axigen-imap.keytab rkt /etc/axigen-pop.keytab

• write the new /etc/krb5.keytab file: wkt /etc/krb5.keytab

• exit the ktutil shell: quit

At this moment, all necessary keys will be saved in the /etc/krb5.keytab file.

Prerequisites and Settings for Each Active Directory User Defined for AXIGEN The AXIGEN Mail Server domain name must be the same as the full Active Directory domain name. Also, the accounts for which you want to use Kerberos authentication must be created within the AXIGEN Mail Server.

Example

The example below shows how to set up the Windows version of the Mozilla Thunderbird email client to use Kerberos authentication with in an Active Directory environment:

1. Open the 'Account Settings' window from 'Tools' -> 'Account Settings...'. 2. Click 'Add Account'. This will open the 'Account Wizard'. 3. Select 'Email account' as the type of account to be created, then press 'Next'. 4. Fill in your name and e-mail address and press 'Next'. 5. In the next screen, select 'IMAP' or 'POP' incoming server types, according to your

network policy. Set the 'incoming server' box to AXIGEN's fully qualified host name or the AXIGEN machine IP address.

97




6. Press 'Next' and fill in the user account name as stored in AXIGEN. In the last screen, fill in the account name, then press 'Next', review the settings and press 'Finish'.

7. Go to the 'Server settings' section of the newly created account and check the 'Use secure authentication' option. Also, if AXIGEN is configured to relay emails from authenticated users only and if you have created a keytab corresponding to the 'smtp' service (as shown above), add the AXIGEN hostname in the 'Outgoing server (SMTP)' section, selecting the 'Username and password' checkbox from the 'Security and authentication' section.

8. Click the 'OK' button from the 'Account settings' window.

4.2. SPF and DomainKeys SPF (Sender Policy Framework) is a sender authentication method developed in order to ensure mail server's security by applying different anti-spoofing mechanisms. This mechanism consists in making a DNS request in order to determine whether the mail message comes from an authorized source, which is described in a SPF record, registered on the DNS. SPF records contain domain attributes that uniquely describe mail messages. The query may have one of the following seven possible results:

• pass: meaning the message meets the domain's definition for legitimate messages; • neutral • none • soft fail • fail: meaning the message does not meet the domain's definition for legitimate

messages; • temp error • permanent error

In case of permanent error, AXIGEN rejects the mail message generating the respective error. If a temporary error is generated, the AXIGEN returns an error message to the sending party. In all other cases the mail message is accepted.

To enable SPF in AXIGEN or to add a SPF header to emails, use the Message Acceptance Rules.

DomainKeys Compliance Starting with version 2.0, AXIGEN Mail Server is also DomainKeys compliant. DomainKeys is an e-mail authentication system designed to verify both the DNS domain of an email sender and the message integrity, ebedded in the AXIGEN Signing Module. The DomainKeys specification has adopted aspects of Identified Internet Mail to create an enhanced protocol called DomainKeys Identified Mail (DKIM).

The AXIGEN Signing Module is only available for the commercial versions of the AXIGEN Mail Server. It does not work within free of evaluation versions. To test this specific feature, please contact our sales department.

The AXIGEN Signing Module is only available for the commercial versions of the AXIGEN Mail Server. It does not work within free of evaluation versions. To test this specific feature, please contact our sales department.

98



http://www.axigen.com/about-us/contact/


4.2.1. AXIGEN Signing Module Usage and Configuration

AXIGEN Signing Module is a module that provides AXIGEN with a tool to prevent forgery and possible repudiation. It implements the Yahoo DomainKeys concept that basically works by signing the contents of an email and allows mail servers to verify that signature.

The DomainKeys module is composed of two daemons that run independently of AXIGEN and of each other: the DomainKeys Signer and the DomainKeys Verifier. Each of them has a configuration file and communicates with AXIGEN using an AFSL connector.

The signer's role is to sign emails that come from AXIGEN and the verifier’s role is to verify the mail which applies only if the mails were previously signed.

In order to activate the DomainKeys filters, first make sure that the AxigenFilters service is started. For more information on this see Starting/Stopping/Restarting the Server.

The DomainKeys Signing filter can be activated from WebAdmin in the 'Security & Filtering' menu, go to 'AntiVirus and AntiSpam' context, 'Supported Applications' tab, click the 'ENABLE' button for Application named 'DKSigner'.

The DomainKeys Verifier can be enabled from WebAdmin in the 'Security & Filtering' menu, go to 'Additional AntiSpam Methods' context and click the 'Enable Domain Keys' check-box under 'Domain Keys'. Also, under this check-box some configurable actions for DK Verifier can be found. We strongly recommend that the DomainKeys Verifier AV/AS configuration filter to be activated with the highest priority and the signer with the lowest.

Command line parameters The below listed command line parameters are to be used both for the signer and the verifier.

• -h displays this help message • -v displays the version • -f run in foreground • -u <user> run as user. DEFAULT: 'AXIGEN' • -g <group> run as group. DEFAULT: 'AXIGEN' • -c <path>: path to the configuration file; the default paths are as follows:

• /etc/opt/AXIGEN/axidkd.conf for DomainKeys Verifier • /etc/opt/AXIGEN/axidksd.conf for DomainKeys Signer

DomainKeys Verifier configuration • bindIp <ip> - The address used to listen for connections from AXIGEN. • bindPort <port> - The port used for connections from AXIGEN. - DEFAULT: 1982 • logType <type> - This parameter defines where to log messages. It can be

"system","file" or "stdout". The "system" value means that messages will be logged to the system log, "file" that they will be logged in a file and "stdout" that messages will be logged at standard output. WARNING: if "file" is selected for this property, the logFile must also be set. - DEFAULT "system"

• logFile <file> - In case that logType has the value "file", this defines the file where messages are logged. - DEFAULT: "none"

• logLevel <level> - The level at which messages will be logged. Possible values are: o 0 - only error messages will be logged

99




o 1 - error and warning message will be logged o 2 - all messages will be logged o DEFAULT: 2

• addAuthHeader - This options enables/disables adding the "Authentication-Results" header to the message after verification. It can take the values: yes or no. - DEFAULT: "yes"

• actionOnPass - This option specifies what action should be sent to AXIGEN when the domainkeys verification yields a pass action (details on the actions that can be sent to AXIGEN in the AFSL documentation). The possible values are pass|match|discard|error. - DEFAULT: "pass"

• actionOnFail - This option specifies what action should be sent to AXIGEN when the domainkeys verification yelds a fail action. Possible values are: pass|match|discard|error. - DEFAULT: "match"

• actionOnSoftFail - This option specifies what action should be sent to AXIGEN when the domainkeys verification yelds a softfail action. Possible values: pass|match|discard|error. - DEFAULT: "match"

• actionOnNeutral - This option specifies what action should be sent to AXIGEN when the domainkeys verification yelds a neutral action. Possible values: pass|match|discard|error. - DEFAULT: "pass"

• actionOnTempError - This option specifies what action should be sent to AXIGEN when the domainkeys verification yelds a temperror action. Possible values: pass|match|discard|error. - DEFAULT: "error"

• actionOnPermError - This option specifies what action should be sent to AXIGEN when the domainkeys verification yelds a permerror action. Possible values: pass|match|discard|error. - DEFAULT: "match"

• rwTimeout <value> - This option specifies the timeout used when communicating with AXIGEN and with the Milter Implementation (in milisecconds). The range for this value is 1 - 65535. - DEFAULT: 400

• processingThreads <threads> - The number of processing threads which also reflects the maximum number of connections made to the milter implementation. The range for this value is 1 - 128. - DEFAULT: 16

DomainKeys Signer configuration • bindIp <ip> - The address used to listen for connections from AXIGEN. • bindPort <port> - The port used for connections from AXIGEN. - DEFAULT: 1982 • logType <type> - This parameter defines where to log messages. It can be

"system","file" or "stdout". The "system" value means that messages will be logged to the system log, "file" that they will be logged in a file and "stdout" that messages will be logged at standard output. WARNING: if "file" is selected for this property, the logFile must also be set. - DEFAULT "system"

• logFile <file> - In case that logType has the value "file", this defines the file where messages are logged. - DEFAULT: "none"

• logLevel <level> - The level at which messages will be logged. Possible values are: o 0 - only error messages will be logged o 1 - error and warning message will be logged o 2 - all messages will be logged o DEFAULT: 2

• rwTimeout <value> - This option specifies the timeout used when communicating with AXIGEN and with the Milter Implementation (in milliseconds). The range for this value is 1 - 65535. - DEFAULT: 400

• privateKeyPath - This path to the private key used for signing. This parameter is required.

• selector - The selector used to form the query for the public-key. This parameter is required

100




• canonicalization - The canonicalization algorithm type. Possible values: simple|nofws. - DEFAULT: "nofws"

• removeHeaders - This option, if yes removes duplicate headers from the signature. Possible values: yes|no. - DEFAULT: "no"

• processingThreads <threads> - The number of processing threads which also reflects the maximum number of connections made to the milter implementation. The range for this value is 1 - 128. - DEFAULT: 16

Starting/Stopping/Restarting the Domain Keys Daemons Slackware:

• To start the deamons, issue the following command: /etc/rc.d/rc.axigendk start

• To stop the deamons, you can issue: /etc/rc.d/rc.axigendk stop

• In order to restart the deamons, issue the command: /etc/rc.d/rc.axigendk restart

Others (rmp-based, Ubuntu, Gentoo, Debian) • To start the deamons, issue the following command:

/etc/init.d/axigendk start • To stop the deamons, you can issue:

/etc/init.d/axigendk stop • In order to restart the deamons, issue the command:

/etc/init.d/axigendk restart

4.3. Mail Filtering AXIGEN provides various types of filters at each level of mail processing that allow you to increase mail traffic security and block any type of unwanted mail messages from reaching their intended recipient mailbox. The filtering system in AXIGEN is highly effective and allows maximum flexibility in defining what email messages should be scanned, what filters should be used, the order in which these filters are applied and the actions taken according to the results of the scanning process. The filters can be applied both for incoming and for outgoing email traffic.

Filter Types 1. Message Acceptance Rules

AXIGEN implements a set of message acceptance rules at SMTP-connection level. The system administrator can configure and implement message acceptance rules and adjust them to best suit their security requirements. Incoming connections established via SMTP and the message flow can be easily managed using the established rules. Moreover, they allow adding headers, changing addresses and other such actions. For more details, see the Message acceptance rules section.

2. Routing Rules

To further fin-tune email communication management at SMTP level, AXIGEN Mail Server implements Routing rules.

The Routing rules correspond to the Processing and SMTP Outgoing modules and enable administrators to define the NDR (Non-Delivery Receipt) text and the conditions when such a message is returned. The system administrator can also customize SMTP Outgoing actions for all or part of the relayed email communication. For further information, see the dedicated section in this chapter.

101




Important! The following filter types are defined in the WebAdmin interface and in the configuration file: type script - for Message rules type socket - for Antivirus/Antispam rules

3. Message rules Message rules instruct the AXIGEN Mail Server to take certain actions on processed email messages based on pieces of information contained by the message headers.

Using Message rules is safe since they do not operate on the mail content but only extract information from the mail header and take actions according to the pre-defined rules. See the Message rules section for further details.

4. Antivirus / Antispam Filters Antivirus / Antispam Filters can be easily used with the AXIGEN Mail Server to ensure a high security level for email communication. Commercial Antivirus applications can communicate with AXIGEN either directly (using the AXIMilter module) or through AMAVIS. For more details, see the corresponding section of the current chapter.

This type of filtering allows integration with virtually any third party applications, including Antivirus and Antispam applications. Currently, connectors for ClamAv Antivirus and SpamAssassin Anti-spam application (both open source) are implemented ensuring effective virus and spam protection for all mail traffic managed by AXIGEN Mail Server.

Moreover, AXIGEN supports integration with Amavis, a generic interface used to connect a mail server to twelve different Antivirus applications: KAV(Kaspersky) for Mail Servers, BitDefender, Sophos, F-Prot, DrWeb, Symantec, F-Secure, Avast, eTrust, Norman, Panda and McAfee.

To see instructiuns on how to make AXIGEN work with ClamAV, see the corresponding AXIGEN forum posting. For SpamAssassin, you simply need to install the application, no further configurations are necessary. A sample setup procedure for connecting these two applications to AXIGEN is also given in the AXIGEN Install and Configuration Guide.

For instructions on setting up the AXIGEN Mail Server integration with Amavis, see the dedicated article on the AXIGEN site. At this time the integration has been tested for Kaspersky and BitDefender but the procedure is similar for any of the products supported by Amavis.

Active Filters Filter configuration in AXIGEN, also involves the notion of Active Filters. Although not a distinct filter category, the Active Filters designation is used to refer to filters currently enabled in AXIGEN. This designation is particularly useful when enabling filters.

Filtering Levels In AXIGEN, you can apply filters at three levels:

• server level (these filters are applied to all emails directed to any account / mail list from the server)

• domain level (these filters are applied to all emails directed to the domain to which the account / mail list belongs)

• account / mail list level (these filters are applied only to the account / mail list for which the filters have been created)

102



http://www.axigen.com/forum/showthread.php?t=1


http://www.axigen.com/articles/integrating-the-axigen-messaging-solution-with-amavis_11.html


Thus, a typical filtering chain in AXIGEN will contain different types of filters, applied on different levels.

If one of the filters in the filtering chain yields an error (internal error, AFSL or any type of error), the email being processed is kept in the processing queue and it will go through the filtering chain all over again, at a later time until all the filters in the chain can be applied. If all the filters in the filtering chain yield a PASS action, and the last one yields REJECT, the email is rejected. In case one of the filters situated in the middle of the chain triggers a REJECT or DISCARD action, the email will go through the filtering chain again.

The order in which these filters will be applied, is based on their level and on their priority. See Activating Filters for details on activation inheritance and priority levels.

AXIGEN Mail Servers can easily integrate with other third party applications through a simple interface which is made available as part of SDK (Software Development Kit). For more details on SDK delivery, please contact the AXIGEN Sales Department.

4.3.1. Message Acceptance Rules

AXIGEN Mail Server implements a set of message acceptance rules at SMTP-connection level.

The system administrator can configure and implement message acceptance rules and adjust them to best suit their security requirements. Incoming connections established via SMTP and the message flow can be easily managed using the established rules. Moreover, they allow adding headers, changing addresses and other such actions.

Examples of message acceptance rules:

• allow incoming messages from a specific domain • deny incoming messages with attachments exceeding 3 MB • allow authenticated users only • accept secured connections only • deny looping emails (when the number of Received headers exceeds 20)

103





The message acceptance rules can consist in any number of such rules applied following a given priority.

These rules can be set at SMTP Incoming level and help save space and resources for email processing.

The rules are defined using an AXIGEN proprietary scripting language and are at this time contained, along with the Processing and Relay policy scripts in a single file per installed server. They can also be created automatically via the WebAdmin Wizard. More details no how to do this are available in the Message Acceptance Settings chapter.

Through the Message acceptance rules, a wide range of event handlers associated with the SMTP events are available, along with various methods, message headers, envelopes and peer information.

The events are predefined blocks within the script that will be executed at specific moments by the server. For each event, the server calls certain methods which can have a configurable or predefined behavior. The available events at SMTP Incoming level are:

• onConnect • onEhlo • onMailFrom • onRcptTo • onDataReceived

Message acceptance rules are based on a proprietary scripting language. For an overview of this language, please see the Language Specifications section.

4.3.2. Routing Rules

To further fin-tune email communication management at SMTP level, AXIGEN Mail Server implements Routing Rules.

The Routing Rules correspond to the Processing and SMTP Outgoing modules and enable administrators to define the NDR (Non-Delivery Receipt) text and the conditions when such a message is returned. As an example, NDR responses are sent when the specified recipient of an email message is invalid.

Routing Rules also allow system administrators to customize SMTP Outgoing actions for all or part of the relayed email communication. For example, they can

• establish a certain address where all emails from a certain domain are relayed, or • specify a username/password authentication before relaying emails to a certain

address.

Routing rules can contain any number of predefined options, thus being easily adapted to various security requirements.

The rules are defined using an AXIGEN proprietary scripting language and are at this time contained, along with the Message acceptance rules scripts in a single file per installed server. They can also be created automatically via the WebAdmin Wizard. For details on the options available in the WebAdmin Wizard, please see the corresponding section.

104




A wide range of event handlers associated with the SMTP events are available, along with various methods, message headers, envelopes and peer information are available when defining Routing rules.

The events defined for the Routing rules and their contexts are as follows:

Event Context

onRelay SMTP Sending

onDeliveryFailure Processing

onTemporaryDeliveryFailure Processing

For a detailed description of the scripting language the rules are based on, please see the Language Specifications section.

4.3.3. Antivirus / Antispam Filters

Antivirus / Antispam Filters can be easily used with the AXIGEN Mail Server to ensure a high security level for email communication.

IMPORTANT! The AXIGEN Mail Server can integrate with more than 14 antivirus applications - KAV(Kaspersky) for Mail Servers, BitDefender, Sophos, F-Prot, DrWeb, Symantec, F-Secure, Avast, eTrust, Norman, Panda, McAfee, ClamAV - and 6 antispam applications - SpamAssassin, AVG, Kaspersky Anti-Spam, Avira MailGate, BitDefender Mail Protection for Enterprises, Symantec Brightmail AntiSpam.

1. Simple Integration with ClamAV and SpamAssassin To see instructions on how to make AXIGEN work with ClamAV, see the corresponding AXIGEN forum posting. For SpamAssassin, you simply need to install the application, no further configurations are necessary. A sample setup procedure for connecting these two applications to AXIGEN is also given in the AXIGEN Install and Configuration Guide.

2. Integration with Commercial Antivirus Applications

Commercial Antivirus applications can communicate with AXIGEN either directly (using the AXIMilter module) or through AMAVIS.

The AXIMilter module can communicate with any Antivirus application that has milter support, while AMAVIS provides support for the following security solutions: KAV(Kaspersky) for Mail Servers, BitDefender, Sophos, F-Prot, DrWeb, Symantec, F-Secure, Avast, eTrust, Norman, Panda, McAfee.

For instructions on setting up AXIMilter, see the AXIMilter section.

More details on setting up the AXIGEN Mail Server integration with Amavis, are available on the AXIGEN site in this dedicated article.

3. Integration with commercial Antispam applications For instructions on how to integrate AXIGEN with AVG, Kaspersky Anti-Spam, Avira MailGate, BitDefender Mail Protection for Enterprises, Symantec Brightmail AntiSpam, please see the related Knowledgebase articles:

105



http://www.axigen.com/forum/showthread.php?t=1


http://www.axigen.com/articles/integrating-the-axigen-messaging-solution-with-amavis_11.html


How to enable spam protection in AXIGEN using AVGHow to enable anti-spam filtering in AXIGEN using the milter implementation of Kaspersky Anti-SpamHow to enable anti-spam filtering in AXIGEN using the milter implementation of Avira MailGateHow to enable anti-spam filtering in AXIGEN using the milter implementation of BitDefender Mail Protection for EnterprisesHow to enable anti-spam filtering in AXIGEN using the milter implementation of Symantec Brightmail AntiSpam

Antivirus / Antispam Filters are dynamic filters executed by external processes. These types of filters are based on a file defining the communication protocol between AXIGEN and the external process executing the filter.

Antivirus/Antispam Filters can also interact with Message rules, via two headers appended to email messages. These headers contain a spam or virus level value which actually indicates the likelihood of that particular email message being virus or spam. Based on these levels, actions imposed by the message rules can be taken, for instance moving email messages above a certain level to a specified Quarantine folder.

AXIGEN supports creating customized filter chain. This means system administrators can define and use as many Antivirus/Antispam Filters and Message rules as required by their security policies.

In AXIGEN, antispam/antivirus filters calls are multithreaded - this means that filters can be applied on several emails at the same time, improving thus service availability and processing speed.

If one of the filters in the filtering chain does not respond, AXIGEN provides a failsafe mode, which allows pinging the filter regularly until the connection is reestablished. At that moment, the email message filtering chain is resumed. This guarantees that every message goes through the entire filtering chain.

AXIGEN Mail Servers can easily integrate with other third party applications through a simple interface which is made available as part of SDK (Software Development Kit). For more details on SDK delivery, please contact the AXIGEN Sales Department.

For information on how to configure Antivirus/Antispam filters at different levels using WebAdmin, see:

Manage Antivirus/Antispam FiltersDomain Filter ConfigurationGroups Filter ConfigurationList Filter Configuration

Antivirus/Antispam filters can also be configured using the CLI Filters context. For information on how to use the Command Line Interface, see Configuring AXIGEN using CLI.

4.3.4. Message Rules

Message rules instruct the AXIGEN Mail Server to take certain actions on processed email messages based on pieces of information contained by the message headers.

Thus you can create rules like:

• messages from [email protected] copy to alex@localdomain;

106



http://www.axigen.com/knowledgebase/How-to-enable-virus-and-spam-protection-in-AXIGEN-using-AVG_59.html

http://www.axigen.com/knowledgebase/How-to-enable-anti-spam-filtering-in-AXIGEN-using-the-milter-implementation-of-Kaspersky-Anti-Spam_60.html

http://www.axigen.com/knowledgebase/How-to-enable-anti-spam-filtering-in-AXIGEN-using-the-milter-implementation-of-Kaspersky-Anti-Spam_60.html

http://www.axigen.com/knowledgebase/How-to-enable-anti-spam-filtering-in-AXIGEN-using-the-milter-implementation-of-Avira-MailGate_61.html

http://www.axigen.com/knowledgebase/How-to-enable-anti-spam-filtering-in-AXIGEN-using-the-milter-implementation-of-Avira-MailGate_61.html

http://www.axigen.com/knowledgebase/How-to-enable-anti-spam-filtering-in-AXIGEN-using-the-milter-implementation-of-BitDefender-Mail-Protection-for-Enterprises_62.html

http://www.axigen.com/knowledgebase/How-to-enable-anti-spam-filtering-in-AXIGEN-using-the-milter-implementation-of-BitDefender-Mail-Protection-for-Enterprises_62.html

http://www.axigen.com/knowledgebase/How-to-enable-anti-spam-filtering-in-AXIGEN-using-the-milter-implementation-of-Symantec-Brightmail-AntiSpam_63.html

http://www.axigen.com/knowledgebase/How-to-enable-anti-spam-filtering-in-AXIGEN-using-the-milter-implementation-of-Symantec-Brightmail-AntiSpam_63.html



• messages from [email protected] move to folder Jokes; • all messages reply with "Out-of-office" message;

Message rules are easily created using the provided Web Wizard by each individual user via the WebMail module of AXIGEN. For more details on Wizard usage, please see Mail Filtering in WebMail.

More complex message rules can be created by the system administrator using a simple scripting language called SIEVE. The same language is used by the WebMail Wizard when defining message rules automatically.

Using Message rules is safe since they do not operate on the mail content but only extract information from the mail header and take actions according to the pre-defined rules. They work basically by comparing different keys using different comparators and comparison methods, against headers of a mail message. Based on the result of the comparison, you can apply different actions to the corresponding mail message, i.e. reject, discard, redirect, etc.

Message rules are static filters, where the filter itself is contained in a separate file. Different user-defined scripts can be included in any AXIGEN Filtering System. The supported language provides an extremely flexible filtering methodology, as users can define any number of script filters according to their needs.

AXIGEN also implements the vacation extension. This means that message rules can be created and applied for generating out-of-office type automatic replies. Thus, auto-generated messages can be sent when the user of the account for which the vacation applies, is on vacation, out of office or in general away for an extended period of time. The vacation extension is an extra functionality also available via script files.

Antivirus/Antispam Filters can also interact with Message rules, via two headers appended to email messages. These headers contain a spam or virus level value which actually indicates the likelihood of that particular email message being virus or spam. Based on these levels, actions imposed by the message rules can be taken, for instance moving email messages above a certain level to a specified Quarantine folder.

AXIGEN supports creating customized filter chain. This means system administrators can define and use as many Antivirus/Antispam Filters and Message rules as required by their security policies.

For a complete description of message rules implementation in AXIGEN, see the SIEVE Language section. For a complete description of this language, see RFC 3028.

Message rules can also be created from WebAdmin at different server levels. For more details on adding new message rules from WebAdmin, see:

Configuring Message RulesDomain Filter ConfigurationAccount Filter Configuration

Filters can also be configured using the CLI Filters context (see Configuring AXIGEN using CLI) and by editing the configuration file (see Configuring AXIGEN using the Configuration File).

107



http://www.ietf.org/rfc/rfc3028.txt


4.3.4.1. SIEVE Overview and Implementation in AXIGEN

SIEVE Overview Sieve is a language created and used for mail filtering either on the server or on the client. The language is completely described in the RFC 3028. Sieve is an interpreted language that can be described as relatively simple. It has no loop structures, no variables (in the basic form) it has only an if control structure.

Sieve works basically by comparing different keys using different comparators and comparison methods, against headers of a mail message and based on the result applies actions to the message, like reject, discard, redirect.

The structure of Sieve as described in the RFC 3028 is: SIEVE defines 5 actions: keep, fileinto, reject, discard, redirect which are self-explanatory. It also defines 3 control commands:

• <stop> - which stops the processing to that point • <if elsif else> structure • require command - which defines an extension of the language. It tells the interpreter

that the respective extension will be used in the script

The if structure has the form: if <test> <block> elsif <test> <block> else <block>

A block is a block of commands (actions and control commands - including other ifs) and a test can be one of the following:

1. address - tests a set of the address headers against a set of keys using different comparison methods

2. envelope - optional test 3. header - tests a set of the headers against a set of keys using different comparison

methods:

• true, false - constants • allof <other tests> - logic and between several tests • anyof <other tests> - logic or between several tests • not <test> - negation of a test • exists - test if a set of headers exist • size - test against the size of a message

A test can take 2 values: true or false.

After parsing a script against a mail message, several actions can result which may interact. Several constrains are defined regarding action interaction which will be explained in the next paragraph.

If no action is to be taken after a complete parse of the script, or an error occurs, an implicit keep will ensure delivery of the message to the inbox.

The AXIGEN SIEVE interpreter The interpreter uses the following restrictions and constrains in implementing the RFC 3028:

• it implements the extensions described in the rfcs: fileinto, reject, envelope, copy, relational, spamtest, virustest, subaddress

108





• the relational test :count can only be used with the i;ascii-numeric comparator and when there are more then one strings in the second string list, only the first will be considered

• it implements the "i;octet", "i;ascii-ccasemap" and "i;ascii-numeric" comparators for the "i;ascii-numeric" comparator, the :matches and :contains tags, cannot be used. Error otherwise.

• it allows only require with (fileinto, reject, envelope, copy, vacation) arguments, gives an error message otherwise

• allows address and envelope test with the second string list (the values list) not tested for valid addresses (i.e. it allows part of addresses put in the values list)

• it allows only the: "From", "To", "CC", "Bcc", "Sender", "Resent-From", "Resent-To" headers to appear in the address test and only "To", "From" headers in the envelope test. Error otherwise.

• the require group of commands must appear first and must contain only required commands. Error otherwise.

• elsif and else must appear only after an if or an elsif. error otherwise • there is one type of warning and five types of error messages:

1. "[Syntax Error]: given if there is a syntax error in the script 2. "[Parse Error]: if a semantic error appears 3. "[Semantic Error]: similar to parse error 4. "[Validation Error]: if the script is not compliant to this document 5. "[Run-time Error]: if something is wrong during a message parse

• numbers in the size test cannot be negative and cannot exceed 2^32-1. error otherwise

• numbers when using the i;ascii-numeric comparator cannot exceed 2^32-1 and cannot be negative. If a string used with this comparator starts with something other than a digit, or is null, or is negative, or it exceeds 2^32-1, it gets the value 2^32. Leading whitespace (SP,HTAB,CRLF) is ignored

• it does not allow two or more comparator, address-part, match-type tags in the address, hearer and envelope tests. Error otherwise.

Action interaction General action interaction: the following constrains apply (error otherwise):

• reject can only be by itself and only once (eventually with stop) • keep can appear with any action (except reject) several times, and a move to Inbox

(or similar) will be executed once • discard can appear with any action (except reject) several times and the result will be

a discard only when solely discard actions are present or there is an implicit keep by using the :copy tag

• fileinto can appear several times with any action (except reject) and a move to the specified folder will be executed (if a move to the same folder is specified, it is treated as an error but a duplicate move will not be performed - a warning will be issued)

• redirect can appear several times and with any action (except reject), the result consisting in redirecting to the specified address only once (without giving an error if a duplicate reject with the same address appears) - a warning will be issued

• any action except stop, fileinto, vacation and redirect used with the :copy tag will cancel the implicit keep

Vacation interaction • vacation can appear once per script and all other appearances will be disregarded.

109




• vacation used with discard, redirect, fileinto or explicit keep will not be an error and will not be considered to break the respective actions interaction rules

Spamtest and Virustest Extension

This implementation supports the spamtest and virustest extensions as described in the RFC 3685, but in each case, the following constrains appear: Spamtest

• a separate tool will be implemented that will map vendor specific information from antispam tool and

• a new header named "X-AxigenSpam-Level" will be added which can have the following values:

1- message was tested and is clear of spam 2 -9- message was tested and has a varying likelihood of containing spam in increasing order 10- message was tested and definitely contains spam

Virustest

• a separate tool will be implemented that will map vendor specific information from antivirus tool and

• a new header named "X-AxigenVirus-Level" will be added which can have the following values:

1- message was tested and contains no known viruses

2 - message was tested and contained a known virus which was replaced with harmless content 3 - message was tested and contained a known virus which was "cured" such that it is now harmless 4 - message was tested and possibly contains a known virus

5 - message was tested and definitely contains a known virus

The possible values of the header SHOULD be only numbers and if so MUST be only the above numbers but may also have leading and trailing spaces and may contain alphanumeric characters after the numbers. There may be maximum one header of each type at a given moment, and when the tool has a value to assign to the header, it will assign it only if it is greater than the value already contained in the header.

Vacation Extension The vacation extension is implemented using the draft: draft-ietf-sieve-vacation-04. The vacation extension is used to send auto-generated messages when the user of the account for which the vacation applies, is in vacation, out of office, in general away for an extended period of time.

For a description of the syntax of this extension, please consult the SIEVE related documents and the draft this implementation is based of.

Implementation specific issues like restrictions and constrains, and in general issues that appear in the draft with SHOULD or MAY, are defined below.

110




The minimum value for the vacation: days argument is 1 and the maximum is 45. If the value given to the days argument is less that 1 it will be considered 1 and if greater that 45, it will be considered 45. The default value if the days parameter is omitted is 7.

The Previous Response Tracking feature (section 4.2 of the draft) is implemented using a CRC32 hash and the date when the response was sent. This means that there may be cases when a second response will be generated even though it was not supposed to, but the chances of that is negligible compared to the speed gain.

The Limiting Replies to Personal Messages feature (section 4.6 of the draft) was implemented considering the same cases as in the draft, but this will change in a way to allow the administrator to define custom rules for recognizing auto-generated mails.

The vacation response message is generated with all the features defined in the Section 5 of the draft except the References field that is not generated in this version of the implementation.

The interaction between vacation and other actions is described above, under Action Interaction.

4.3.5. The AXIGEN Filtering Module

Based on the Sendmail's Content Management Protocol (Milter), the AXIGEN Filtering Module (AXIMilter) provides an interface for third-party software (such as antivirus/antispam) to validate and modify messages as they pass through AXIGEN Mail Server.

Through AXIMilter, AXIGEN can be integrated with various Antivirus and Antispam applications. At this time, the AXIGEN Messaging Solution integration with AXIMilter has been sucessfully tested for Kaspersky (kavmilter), Symantec Brightmail, Avast and Avira.

4.3.5.1. Filtering Module Implementation in AXIGEN

A "milter" is a module used by a mail transfer agent (MTA) that allows the addition of very efficient Antivirus/Antispam filters in the mail processing chain. It makes decisions and takes actions during the SMTP sessions. The milter uses a communication protocol based on sockets. This protocol can be used to enable third party applications like anti-virus or anti-spam software to integrate with different MTAs supporting this milter module.

AXIMilter is a daemon that runs separately from AXIGEN. It can be configured through its configuration file, located by default in /etc/opt/axigen/aximilter.conf. The configuration file can be specified using the command line arguments, if one wants to use configuration located elsewhere.

The AXIGEN MTA communicates with the milter extension using the "aximilter.afsl" filter and the inet socket. The filter takes care of the communications and translations between the two parties. Any results passed on by the milter to the filter are interpreted and formatted by it and passed down the chain to AXIGEN.

When the filter is defined and activated in the AXIGEN configuration you have to set the socket used for communications between AXIGEN and the milter extension. This is an inet

111




(TCP) type of socket. Through this socket AXIGEN will connect to the milter interface and give instructions (formatted by the filter file) to the third party application at the other end. This connection is also used to receive any results from the milter back to AXIGEN.

Filter file purpose:

• Parse the information received • Interpret and check the information • Translate information • Pass information

Socket purpose:

• Establish a communications channel • Transfer information • Maintain the integrity of the information

The milter extension takes the requests received from AXIGEN and passes them to the milter counterpart of the third party application. This communication is negotiated using the standard milter protocol. When the third party milter responds, information is again passed through the TCP socket and interpreted by the filter. Only then, based on the information received, AXIGEN is able to determine what action to take.

The whole process chain can be described as follows. The AXIGEN MTA receives an email and the processing chain begins. When AXIGEN reaches the filter designated for the milter extension it passes the necessary information through the socket. All the information is translated by the filter file and fed to the AXIMilter (AXIGEN's milter extension). AXIMilter then connects through a socket to the third party milter implementation and sends the request to make a decision about the fate of the particular email.

After deciding the action to be taken on the respective email (to accept it or not and why) the information is again passed to AXIMilter through the socket between the two milter implementations. AXIMilter sends the results back to AXIGEN through the socket defined in the filter setup and it is again translated. When the AXIGEN MTA receives the information, it takes the necessary steps to deliver or discard the message.

4.3.5.2. Configuring the AXIGEN Filtering Module The AXIGEN Milter implementation filter can be enabled from WebAdmin in "AntiVirus and AntiSpam" context, enable the Application named 'aximilter'.

For more information on Antivirus/Antispam Filters in AXIGEN, see Antivirus/Antispam Filters.

AXIMilter configuration The milter configuration resides in the /etc/opt/axigen/aximilter.conf file. Depending on the setup you want to achieve there are multiple options to consider. Due to the TCP style of sockets used you can decide you want to use one machine as mail server and another one on the network as mail scanner. You can also use the same machine. There are some other options you should consider like the number of threads and/or connections you want to allow at any given time. This can have serious productivity and security implications.

Below you can find explanations for the available configuration options:

• bindIp <ip> is the variable that sets the interface AXIMilter will use to listen for connections from AXIGEN. If the machine running AXIMilter has more than one

112




interface you should change this variable to the IP of the interface available to the AXIGEN server. This should be set to a LAN IP address ensuring that the traffic between your MTA and AXIMilter is not visible to anyone else. If you run AXImilter and AXIGEN on the same machine you can leave this option unchanged.

• bindPort <port> is the port that AXIGEN connects to when establishing a connection to the AXImilter extension. You can set this port to whatever you like as long as the port is not already bind by another process. This port must be used when creating the filter in the AXIGEN configuration. When AXIGEN initiates the connection to the socket, AXIMilter has to be listening for connections. If the port is not used by another process you can leave this option unchanged. DEFAULT: 1981

• rwTimeout <value> is the maximum amount of time allocated to a connection session. It is expressed in milliseconds. Setting this value too high on a high traffic server might saturate all the available connections. Setting this too low on a slow machine might interfere with the communications transmitted. The range for this value is 1 - 65535. - DEFAULT: 400

• milterIp <ip> is the IP address of the machine running the third party milter implementation. As with the "bindIp" variable this should be set to the local IP address of that particular machine or left unchanged if the other milter runs locally. DEFAULT: "127.0.0.1"

• milterPort <port> is the port number AXIMilter connects to when establishing a connection with the third party milter implementation. This port has to be the same as the one specified in the configuration file of the third party software. This port is crucial in setting up a working milter implementation. If you change the port in the configuration of your software, you have to change it here too. Most anti-virus scanners use different ports so make sure to check which port you have to set here before testing your implementation. DEFAULT: 1990

• logType <type> - this parameter defines where to log messages. It can be "system","file" or "stdout". The "system" value means that messages will be logged to the system log, "file" that they will be logged in a file and "stdout" that messages will be logged at standard output. WARNING: if "file" is selected for this property, the logFile must also be set. - DEFAULT "system"

• logFile <file> - if logType has the value "file", this defines the file where messages are logged. - DEFAULT: "none"

• logLevel <level> - the level at which messages will be logged. Possible values are: o 0 - only error messages will be logged o 1 - error and warning message will be logged o 2 - all messages will be logged o DEFAULT: 2

• processingThreads <threads> is the number of threads ready to process requests. This number also limits the maximum connections that can be established to the AXIMilter extension. This means that if for example you set this value to 3, only a maximum 3 requests can be sent at any given time, thus only the fate of 3 emails can be decided. When one of these connections is closed a new one can be opened. Make sure you balance this value so that you don't overload the server and at the same time you don't keep too many emails waiting if you have a lot of traffic. The default value should be sufficient for most modern computers and at the same time should be reasonable enough on a medium-sized server. The range for this value is 1 - 128. - DEFAULT: 16

113




4.3.5.3. AXIGEN Filtering Module Commands

Command line parameters • -h displays this help message • -v displays the version • -f run in foreground • -u <user> run as user. DEFAULT: 'axigen' • -g <group> run as group. DEFAULT: 'axigen' • -c <path>: path to the configuration file DEFAULT: /etc/opt/axigen/aximilter.conf

Starting with version 5 the AXIMilter daemon is included in the AxigenFilters. A list of commands needed to start, stop, restart, or check the status is available in the Starting/Stopping/Restarting the Server section.

4.3.6. Activating and Prioritising Filters and Rules

In AXIGEN Mail Server, you can activate Antivirus / Antispam filters by enabling them from 'AntiVirus and AntiSpam' context, and Message rules by adding and enabling them in the 'Incoming Message Rules' list, available in the 'Security & Filtering' menu in WebAdmin.

Filter Priority Priorities between enabled Antivirus / Antispam filters or Message rules can be changed using the the up and down arrows under the Priority section from the same context that these can be Enabled/Disabled.

Activation Inheritance All filters activated at server level, will automatically be applied at all filtering levels, according to their respective priority levels.

The same is true for domain level filters, which can be activated at account / mail list level. Filters activated at domain level, are applied to all accounts belonging to the respective domain. Filters activated only at account level, will only be applied to that specific account.

For information on how to activate filters using WebAdmin see the following pages:

Managing Message Filters Domain Filter ConfigurationAccount Filter ConfigurationList Filter Configuration

4.3.7. Language Specifications for Policy Configuration

The AXIGEN SMTP Policy system is defined in a single file per installed AXIGEN Mail Server and has events for the SMTP Incoming, Outgoing and Processing stages of a mail life cycle. The Policy system contains Message Acceptance Policies and Processing and Relay Policies. The file is known by the server by the means of smtpFiltersFile parameter.

Important!

Starting with version 5, changing the existent rules/methods or adding new rule/methods by directly editing the smtpFilter file is NOT recommended for normal usage. This could render unavailable in the corresponding context of SMTP filter/rules in WebAdmin and it is not advisable unless you need heavy tweaking and know what you are doing.

114




Instead of directly editing smtpFilters, for normal usage, the administrator should use the following context from the WebAdmin module: 'Security & Filtering' -> 'Acceptance & Routing'.

If the specific WebAdmin context is invalidated by manual modifications of the smtpFilters file, then a warning will be displayed, and the user will be presented with the opportunity of overwriting the contents of the file.

Since manual modification of smtpFilters file is not recommended anymore, a wizard that will help you build your required rules is available in WebAdmin.

ATTENTION! If rules already exist in the smtpFilters file, using the wizard from WebAdmin will overwrite all of them, please first back-up your smtpFilters file.

Basic structure The language is structured in blocks of two types: events and methods. The events are predefined blocks that will be executed at specific moments by the server. The methods are custom defined blocks that will be called from the language. Thus the basic structure of a language file is: event event1 {

event event2 {

.

. }

Comments inside the script file are allowed using the syntax: #comment until the end of line.

SMTP Events The events defined for the SMTP filters and their contexts are as follows:

Event Context

onConnect SMTP Receiving

onEhlo SMTP Receiving

onMailFrom SMTP Receiving

onRcptTo SMTP Receiving

onHeadersReceived SMTP Receiving

onBodyChunk SMTP Receiving

onDataReceived SMTP Receiving

onRelay SMTP Sending

onDeliveryFailure Processing

onTemporaryDeliveryFailure Processing

115




Thus, the structure of the script file is: #Sample AXIGEN SMTP Filter #the event called when a connection is made to SMTP event onConnect { . code . } #the event called when smtp receives EHLO event onEhlo { . call(Ionel); . } method Ionel { . code }

Methods Beside the custom methods, a number of predefined methods are also available. They are called in the same way and have a predefined behavior. The currently available predefined methods are:

• checkSPF • checkReverseDNS • addHeader • addIfNotExistsHeader • removeFirstHeader • removeHeader • modifyHeader • modifyIfExistsHeader • addRcpt • discardRcpt

A more comprehensive example of a script defined until now, can be: event onHelo { call(heloEvent); } method heloEvent { . call(checkSpf); call(addHeader); }

Contexts This language defines a scripting language to be used especially for SMTP filtering. The SMPT process has three different contexts: Incoming, Outgoing and Processing. Thus the behavior of the same filter differs depending on the context to which it is applied. For example the SMTPIn events are triggered only within the SMTP Incoming context. The same applies to context dependent variables which will be detailed below.

Variables After methods and events, the next as level of importance are the variables. They act as input and output to functions and also act as actions to be taken by the SMTP engine. All

116




variables are considered to be string or numbers and can be of three types:

• read-only variables (input variables); • read-write variables (input/output variables); • action variables - these variables can be either read-only or read-write but they are in

this category because they can cause the SMTP engine to take an action or are involved in an action.

Variable behavior is context-dependent. If a variable is an input variable for the SMTP Incoming context it will be set only in that context and will be "" in the SMTP Outgoing context. Furthermore, a variable will be set only after that variable's value is known. For example, the MailFromDomain variable will be "" in the onConnect and onEhlo events and will be set only in onMailFrom event.

Some variables are set/read by the engine but there are methods for reading/writing them from the code. The reading of a variable implies the comparing of the variable's value with another value or variable. This is done using test functions that form the test block of a conditional block.

To set a variable, the function set is used: set(SPFResult, "some value");

When a predefined method is called, it usually sets one or more variables as its output and usually requires setting one or more variable as its input. Apart from the predefined variables, custom variables also exist and they can be used later in the code. To define a variable you just set its value: set(aVariable, "aValue").

The previous function defines a variable named aVariable and sets its value to "aValue".

A custom defined variable has lifetime that lasts until the end of a block. To preserve a variable across blocks and across contexts, the export function is used: export(aVariable)

The lifetime of a filter with its contexts is per email message so the export function can be used to preserve the value of a variable specific to one email message through different stages of SMTP. For example, at the SMTP Outgoing context, the value of MailFromDomain is not set but can be, if in one of the SMTP Incoming events, an export(MailFromDomain) was made.

Within the SMTP Filter Language, the concept of variable expanding means that, within a string, a variable name may appear and at runtime the name will be replaced by the variable's value. In order for a variable to be expanded, its name must appear between "%" characters. An example of variable expanding is: event onConnect { set(aVariable, "Hello.");set(SMTPGreeting, "%aVariable% This is my AXIGEN server");

}

When you connect on the SMTP port, the greeting will be: "Hello. This is my AXIGEN server"

This expanding mechanism also works for comparing two variables: event onConnect { set(aVariable, "value"); set(bVariable, "value"); if (is(aVariable,"%bVariable%) {

117




set(SMTPAction,"reject"); } }

Structures Condition blocks There are only block, sub-block, if and switch structures. The block structures were defined above. The ‘if’ structure has the following form: if (conditions) { } else { }

The sub-blocks mentioned above are part of the ‘if’ and ‘switch’ structure and as in the case of blocks, start with a "{" and end with a "}".

The switch structure has the following form: switch (variable) { case <value>: { } case <value>: { } default: { } }

Both the ‘if’ and the ‘switch’ structures can imbricate a maximum of 16 levels of imbrication. The case statements are exclusive, that means that if a case is matched, after the execution of the block, the switch structure is exited.

Conditions The conditions are Boolean functions that are used in the ‘if’ and ‘switch’ tests. They split into 2 types: single conditions and logical groups.

The single conditions are as follows:

• is(variable,value) - matches for equality; • isCase(variable,value) - matches for equality and if strings, the match is case

insensitive; • match(variable,regexp) - regular expression match • lessThen(variable,value) - number comparison • greaterThen(variable,value) - number comparison • greaterOrEqual(variable, value) - number comparison • lessOrEqual(variable, value) - number comparison • iprange(variable, range) - matches if the variable's value is in range. If the variable is

not an ipAddress, the function returns false. Emample of how to define IP ranges: o 192.168.1.1-192.168.1.10 (range) o 192.168.1.1/24 (cidr) o 192.168.1.1/255.255.255.0 (netmask)

The logical groups are:

• not(condition) - negation of a condition • allof(condition,condition,...) - similar to an AND between conditions • anyof(condition,condition,...) - similar to an OR between conditions

The logical groups allow a maximum of 16 levels of imbrication.

118




Functions The functions can be looked at as keywords from other languages. They are the building blocks of the language and their behavior is hard-coded. The functions available are:

• all the Boolean functions described above; • call (method) - this executes a predefined of custom defined method. If the method is

custom defined, it must be defined in the same script file as the call; • export (variable) - this function exports a variable name and value to be used in

another context. If the variable is custom defined it must be defined in the same script file;

• set (variable, value) - this sets the value of a RW variable; • return - this function ends the current event or method execution.

4.3.7.1. SMTP Functionalities (I) A list of all events and all variables and methods that can be used by each event is presented below. The type (IN or OUT) and the access method (RO - read only, RW - read write, WO - write only) will be specified for each variable.

Important! Certain variables are only interpreted within some events, while the remaining events ignore them. Therefore setting such a variable for an event that will ignore it will take no effect. This is also applicable to predefined methods. Not all variables marked as RO or not presented for a certain event will generate an error if set. The reason is they can be marked as RW for other events of the same context. However, setting them will have no effect.

onConnect Called when a new client is connected.

Variable Type Access Method Explanation Value set Default

smtpPort numeric IN,RO The local listener port the client used to connect

Range: 0 - 65535

Not Applicable

smtpIp ip IN,RO The local interface IP the client used to connect

IP Not Applicable

remoteSmtpPort numeric IN,RO The remote port the connection was established through

Range: 0 - 65535

Not Applicable

remoteSmtpIp ip IN,RO The remote IP the connection

IP Not Applicable

119





was established from.

isSSLConnection choice IN,RO 'yes' if the connection is encrypted (socket ssl), no if it is not.

Choice:

• yes - the connection is encrypted (socket ssl)

• no - the connection is not encrypted

Not Applicable

DNSBLServer text OUT,WO The DNSBL server name used by 'checkDNSBL' method.

Text string

DNSBLResult ip IN,RO The result of a 'checkDNSBL' call; if the client ip is not found using 'DNSBLServer' the result is an empty string

IP

DNSBLExplanation text IN,RO The explanation associated with the result returned by a 'checkDNSBL' call

Text string

smtpGreeting text OUT,WO The initial message sent to the client (for the moment, it can be a static string only).

Text string AXIGEN specific greeting text

smtpAction choice OUT,WO Determine what action the smtp engine shoud take for the current command.

Choice:

• accept - the server accepts the current command

• reject - the server rejects the

Takes an action conforming with the internal policies

120





current command and returns a permanent error

• tmpreject - the server rejects the current command and returns a temporary error

• abort - the server aborts the connection

smtpExplanation text OUT,WO The message sent to the client in case of a reject or tmpreject action.

Text string A default error message

RFCBreak multival OUT,WO List of RFC violation permitted or requested.

Values:

• nofolding - Header lines longer than 78 characters are permitted and no folding is perfomed on those lines

• bodycrlfcorrection - SMTP IN service is allowed to modify the body of 7Bit mime messages in order to fix invalid line terminator sequences (the single CR, LF or LFCR and CRCRLF sequences found in mail's body are replaced with CRLF)

filterName text OUT,WO The name of the extenral filter to be added

Text string Not Applicable

121





filterType choice OUT,WO The type of the external filter to be added

Choice:

• milter - The new external filter is of type MILTER

Not Applicable

filterAddress text OUT,WO The address of the new external filter


addFilterResult choice IN,RO Choice:

• ok - The addFilter call was successfull

• error - The addFilter call failed

Not Applicable

addFilterExplanation text IN,RO Text string Not Applicable

filterNamePattern text OUT,WO The pattern name of filters to be executed

Text string

'filterName'.result choice IN,RO The execution result of an external smtp filter

Choice:

• pass - The filter was executed and returned a positive result

• fail - The filter was executed and returned a rejection result

• neutral - The filter was not selected for execution by the lass executeFilters call

• error - The filter was not executed because of system errors

Not Applicable

'filterName'.action choice IN/OUT,RW The default action taken by the smtp engine as a result ofexecuting an external smtp

Choice:

• accept - The engine accepts the current and the following commands

• continue - The

Not Applicable

122





filter engine accepts the current command

• discard - The engine ignores the current command

• tmpreject - The engine temporary rejects the current command

• reject - The engine permanently rejects the current command

'filterName'.explanation text IN,RO The explanation associated with the execution of an external smtp filter


Methods

Name Explanation Input Parameters Output Parameters

addFilter Adds an external smtp filter

• filterName-Specifies the name of the filter to be added

• filterType-Specifies the type of the filter to be added

• filterAddress-Specifies the address of the filter to be added

• addFilterResult-Indicates if the add filter operation was successfull

• addFilterExplanation-Indicates the failure reason of the add filter operation

executeFilters Execute onConnect method for selected filters

• filterNamePattern-The selection name pattern of filters to be executed

• 'filterName'.result-The execution result of the filter named 'filterName'

• 'filterName'.action-The default smtp action taken as a result of executing the filter named 'filterName'

checkDNSBL Checks if the clinent ip is black-listed in

• DNSBLServer-The DNS Black List server used to check the client

• DNSBLResult-The ip associated with the client ip in server 'DNSBLServer'

123




Name Explanation Input Parameters Output Parameters server 'DNSBLServer'

ip • DNSBLExplanation-Explanation associated with the 'DNSBLResult'

onEhlo Called after receiving the EHLO message sent by the client.



Range: 0 - 65535

Not Applicable

smtpIp ip IN,RO The local interface IP the client used toconnect

IP Not Applicable


Range: 0 - 65535

Not Applicable

remoteSmtpIp ip IN,RO The remote IP the connection was established from

IP Not Applicable


Choice:



Not Applicable

ehloHost hostname IN,RO The hostname the client declares

Hostname Not Applicable

isESMTP choice IN,RO 'yes' if the client used EHLO, 'no' for HELO

Choice:

• yes - the client used EHLO

• no - the client used HELO

Not Applicable

authUser text IN,RO Name of sucessfully authenticated user ('' if the Auth command was incorrectly used)


authMatchFrom choice OUT,WO Verifies if the sender address corresponds to the

Choice:

• yes - the sender address corresponds

yes

124





one used to authenticate.

to the one used to authenticate

• no - the sender address does not correspond to the one used to authenticate

mailCount numeric IN,RO Number of succesfully sent mails during this session.

Range: Not Applicable

totalMailSize numeric IN,RO Total size of email messages sent in the respective session (in octets).


remoteDelivery choice IN/OUT,RW Specifies which clients can send remote messages.

Choice:

• all - all clients can send remote messages

• none - no clients can send remote messages

• auth - only authenticated clients can send remote messages

auth

localDelivery choice IN/OUT,RW Specifies which clients can send messages locally.

Choice:

• all - all clients can send messages locally

• none - no clients can send messages locally

• auth - only authenticated clients can send messages locally

all

maxRcptCount numeric IN/OUT,RW The maximum number of recipients for an email.

Range: 0 - 1000

1000

maxDataSize numeric IN/OUT,RW The maximum size of a mail message (KB).

Range: 0 - 4294967295

10240

125





maxReceivedHeaders numeric IN/OUT,RW The maximum size of 'Received' headers after which the email is considered to be looping.

Range: 0 - 4294967295

30

allowStartTLS choice IN/OUT,RW 'yes' if the STARTTLS extension is allowed, 'no' if otherwise.

Choice:

• yes - STARTTLS extension is allowed

• no - STARTTLS extension is not allowed

yes

allowPipelining choice IN/OUT,RW 'yes' if the PIPELINING extension is allowed, 'no' if otherwise.

Choice:

• yes - PIPELINING extension is allowed

• no - PIPELINING extension is not allowed

yes

allow8BitMime choice IN/OUT,RW 'yes' if the 8BIT extension is allowed, 'no' if otherwise.

Choice:

• yes - 8BIT extension is allowed

• no - 8BIT extension is not allowed

yes

allowBinaryData choice IN/OUT,RW 'yes' if the BINARY extension is allowed, 'no' if otherwise.

Choice:

• yes - BINARY extension is allowed

• no - BINARY extension is not allowed

yes

plainConnAuthTypes multival IN/OUT,RW Allowed authentication types for a plain connection (possible values: 'all', 'none' or a 'plain', 'login', 'cram-md5', 'digest-md5' and 'gssapi' combination).

Values:

• all - All authentication types are allowed for plain connections

• none - No authentication type is allowed for plain connections

• plain - PLAIN authentication is allowed for plain connections

• login - LOGIN authentication is allowed for plain

all

126





connections • cram-md5 - CRAM-

MD5 authentication is allowed for plain connections

• digest-md5 - DIGEST-MD5 authentication is allowed for plain connections

• gssapi - GSSAPI authentication is allowed for plain connections

secureConnAuthTypes multival IN/OUT,RW Allowed authentication types for a SSL connection (possible values: 'all', 'none' or a 'plain', 'login', 'cram-md5' and 'gssapi' combination).

Values:

• all - All authentication types are allowed for secure connections

• none - No authentication type is allowed for secure connections

• plain - PLAIN authentication is allowed for secure connections

• login - LOGIN authentication is allowed for secure connections

• cram-md5 - CRAM-MD5 authentication is allowed for secure connections

• digest-md5 - DIGEST-MD5 authentication is allowed for secure connections

• gssapi - GSSAPI authentication is allowed for secure connections

all

DNSBLServer text IN,RO The DNSBL server name used by 'checkDNSBL' method.

Text string

DNSBLResult ip OUT,WO The result of a IP

127





'checkDNSBL' call; if the client ip is not found using 'DNSBLServer' the result is an empty string

DNSBLExplanation text OUT,WO The explanation associated with the result returned by a 'checkDNSBL' call

Text string

SPFResult choice IN/OUT,RW Result of the SPF check (possible values: 'None', 'Neutral', 'Pass', 'Fail', 'SoftFail', 'TempError', 'PermError'; can be set manually or by calling the 'checkSPF' method; if the result is 'Fail', the subsequent 'MAIL FROM' commands will fail.

Choice:

• None - TBD • Neutral - TBD • Pass - The message

meets the domain's definition for legitimate messages

• Fail - The message does not meet the domain's definition for legitimate messages

• SoftFail - TBD • TemprError - TBD • PermError - TBD

None

SPFHeader text IN/OUT,RW The 'Received-SPF' header value; if it's set to '', the header will no longer be added.


SPFExplanation text IN/OUT,RW The explanation associated with the SPF response.



Choice:


• reject - the server rejects the current command and returns a permanent error

• tmpreject - the server rejects the current command and returns a temporary


128





error • abort - the server

aborts the connection



ReverseDNSResult choice OUT,WO The result of a 'checkReverseDNS' call.

Choice:

• Fail - the EHLO name was not found in the list of names associated with the client ip

• Pass - the EHLO name was found in the list of names associated with the client ip

• Neutral - no names was specified in the EHLO command

ReverseDNSName text OUT,WO The first name associated with the client ip obtained with a 'checkReverseDNS' call.

Text string

RFCBreak multival IN,RO List of RFC violation permitted or requested.

Values:


• bodycrlfcorrection - SMTP IN service is allowed to modify the body of 7Bit mime messages in order to fix invalid line terminator sequences (the single CR, LF or LFCR and CRCRLF sequences found in mail's body are

129





replaced with CRLF)




Choice:


Not Applicable






Not Applicable



Text string


Choice:





Not Applicable

'filterName'.action choice IN/OUT,RW The default action taken by the smtp engine as a result of executing an external smtp filter

Choice:


• continue - The

Not Applicable

130





engine accepts the current command






Methods








executeFilters Execute onEhlo method for selected filters




checkReverseDNS Search the EHLO name in the list of names associated with the client ip

• ReverseDNSResult-The result of the method call

• ReverseDNSName-The primary name associated with the client ip

checkDNSBL Checks if the clinent ip is black-listed in server

• DNSBLServer-The DNS Black List server used to check the client ip


131




Name Explanation Input Parameters Output Parameters 'DNSBLServer' • DNSBLExplanation-

Explanation associated with the 'DNSBLResult'

checkSPF Calls the SPF module and the results are stored in the 'SPFResult', 'SPFHeader' and 'SPFExplanation' variables

• SPFResult-Result of the SPF check

• SPFHeader-Value of the Received-SPF header value

• SPFExplanation-Explanation associated with the SPF response

onMailFrom Called as a result of the 'MAIL FROM' command issued by the client.


smtpPort numeric IN,RO the local listener port the client used to connect

Range: 0 - 65535

Not Applicable


IP Not Applicable


Range: 0 - 65535

Not Applicable


IP Not Applicable


Choice:



Not Applicable




Choice:


Not Applicable

132








authMatchFrom choice OUT,WO Verifies if the sender address corresponds to the one used to authenticate.

Choice:

• yes - The sender address corresponds to the one used to authenticate

• no - The sender address does not correspond to the one used to authenticate

yes

mailCount numeric IN,RO Verifies if the sender address corresponds to the one used to authenticate.





Choice:




auth


Choice:


• none - no clients can

all

133





send messages locally



Range: 0 - 1000

1000


Range: 0 - 4294967295

10240


Range: 0 - 4294967295

30


Text string

DNSBLResult ip OUT,WO The result of a 'checkDNSBL' call; if the client ip is not found using 'DNSBLServer' the result is an empty string

IP


Text string

SPFResult choice IN/OUT,RW Result of the SPF check (possible values: 'None', 'Neutral', 'Pass', 'Fail', 'SoftFail', 'TempError',

Choice:

• None - TBD • Neutral - TBD • Pass - the message


None

134





'PermError'; can be set manually or by calling the 'checkSPF' method; if the result is 'Fail', the subsequent 'MAIL FROM' commands will fail.

• Fail - the message does not meet the domain's definition for legitimate messages


SPFHeader text IN/OUT,RW The 'Received-SPF' header value; if it's set to '', the header will no longer be added.


SenderMXCheckResult choice IN,RO Result of the Sender MX verification (possible values: 'Pass', 'Fail', 'Neutral', 'Error'); see 'checkSenderMX' method.

Choice:

• Pass - The sender has a valid MX

• Fail - The sender does not have a valid MX

• Neutral - No sender specified, is a NDR message

• Error - There was an error determining sender MX

Not Applicable

mailFrom text IN/OUT,RW The address specified in mail from; if set manually, the new address will be used.


mailFromLocalPart text IN,RO The local part of the address specified in mail from; modified automatically along with the 'mailFrom' value.


mailFromDomain text IN,RO The domain of the mail from address; modified automatically along with the


135





'mailFrom' value.

mailFromAuthUser text IN,RO The authenticated user specified in the mail from command.


mailFromSize numeric IN,RO The email size specified in the mail from command.


HeaderName text OUT,WO See header usage methods.


HeaderValue text IN/OUT,RW See header usage methods.


delayDelivery text OUT,WO Enables and configures delay delivery feature. It may be set to an absolute date (format RFC 2822) or to a relative date exprimated as +[[nnh] nnm]nn[s]

Text string

overquotaAction choice OUT,WO Determine what action the smtp engine shoud take for a recipient that is overquota.

Choice:

• reject - the server rejects the overquota recipient with a permanent error message

• tmpreject - the server rejects the overquota recipient with a temporary error message

• discard - the server accepts the overquota recipient without adding it to recipient list

reject

smtpAction choice OUT,WO Determine what action the smtp engine shoud take for the

Choice:

• accept - the server accepts the current

Takes an action conforming with the

136





current command.

command • reject - the server

rejects the current command and returns a permanent error



internal policies




Values:






Choice:


Not Applicable

137










Not Applicable



Text string


Choice:





Not Applicable


Choice:


• continue - The engine accepts the current command



Not Applicable

138








Methods








executeFilters Execute onMailFrom method for selected filters




checkDNSBL Checks if the clinent ip is black-listed in server 'DNSBLServer'



• DNSBLExplanation-Explanation associated with the 'DNSBLResult'

checkSPF Calls the SPF module and the results are stored in the 'SPFResult', 'SPFHeader' and 'SPFExplanation' variables

• SPFResult-Result of the SPF check

• SPFHeader-Value of the Received-SPF header value

• SPFExplanation-Explanation associated with the SPF response

checkSenderMX • SenderMXCheckResult-Result of the Sender MX check

addHeader Adds the specified header

• HeaderName-Name of the header field to be

139




Name Explanation Input Parameters Output Parameters through the 'HeaderName' and 'HeaderValue' variables

added • HeaderValue-Value of

the added field

addIfNotExistsHeader Adds the heather only if no other field with the same name exists

• HeaderName-Name of the header field to be added

• HeaderValue-Value of the added field

removeFirstHeader Deletes the first instance of a field with the 'HeaderName' name from the header

• HeaderName-Name of the header field to be removed

removeHeader Deletes all instances of the field named 'HeaderName' from the header


removeHeaderValue Deletes a specific instance of the field named 'HeaderName' from the header


• HeaderValue-The value of the specific instance to be removed

modifyHeader Modifies or adds a header

• HeaderName-Name of the header field to be modified (or added if not exists)

• HeaderValue-The new field value

modifyIfExistsHeader Modifies a header

• HeaderName-Name of the header field to be modified


4.3.7.2. SMTP Functionalities (II)

onRcptTo Called as a result of the 'RCPT TO' command issued by the client


smtpPort numeric IN,RO The local listener Range: Not

140





port the client used to connect

0 - 65535 Applicable


IP Not Applicable

remoteSmtpPort choice IN,RO The remote port the connection was established through

Choice:

0 - 65535

Not Applicable


IP Not Applicable


Choice:



Not Applicable




Choice:



Not Applicable







141






Choice:




auth


Choice:




all


Range: 0 - 1000

1000


Range: 0 - 4294967295

10240


Range: 0 - 4294967295

30


Text string


IP

DNSBLExplanation text OUT,WO The explanation Text string

142





associated with the result returned by a 'checkDNSBL' call

SPFResult choice IN/OUT,RW Result of the SPF check (possible values: 'None', 'Neutral', 'Pass', 'Fail', 'SoftFail', 'TempError', 'PermError'; can be set manually or by calling the 'checkSPF' method; if the result is 'Fail', the subsequent 'MAIL FROM' commands will fail.

Choice:





None


Choice:





Not Applicable

mailFrom text IN,RO The address specified in mail from.


mailFromLocalPart text IN,RO The local part of the address specified in mail from; modified automatically along with the 'mailFrom' value.


mailFromDomain text IN,RO The domain of the mail from address; modified automatically along with the


143





'mailFrom' value.





rcptCount numeric IN,RO Number of recipients communicated by the client up to the given moment.


currentRcpt text IN/OUT,RW The current address communicated by the client as recipient; it can be set manually, causing the recipient address to change; if after setting it the 'addRcpt' method is called, the newly set address will be added to the one communicated by the client.


currentRcptFolder text IN/OUT,RW In case of deliveryto a local domain, it specifies the folder the email message will be delivered to.

Text string INBOX

currentRcptLocalPart text IN,RO Local part of the recipient address; modified automatically when setting 'currentRcpt'.


currentRcptRelayHost text IN/OUT,RW SMTP routing Text string

144





host used to deliver the mail for this recipient.

isRcptDomainLocal choice IN,RO States if the recipient domain specified by the client is a local one

Choice:

• yes - the recipient domain specified by the client is a local one

• no - the recipient domain specified by the client is not a local one

Not Applicable

isRcptLocal choice IN,RO States if the recipient specified by the client is a local one

Choice:

• yes - the recipient specified by the client is a local one

• no - the recipient specified by the client is not a local one

Not Applicable






Text string

overquotaAction chioce OUT,WO Determine what action the smtp engine shoud take for a recipient that is overquota.

N/A reject

isOverquota choice IN,RO Specifies if the current recipient is overquota.

Choice:

• yes - The current recipient will exceed its quota limit if the current mail will be delivered to it

Not Applicable

145





• no - The current recipient may receive the current mail without exceeding its quota limit


Choice:









Values:





146






Choice:


Not Applicable






Not Applicable



Text string


Choice:





Not Applicable


Choice:




• tmpreject - The engine temporary rejects the

Not Applicable

147





current command • reject - The engine

permanently rejects the current command



Methods








executeFilters Execute onRcptTo method for selected filters









addHeader Adds the specified header through the 'HeaderName' and 'HeaderValue' variables

• HeaderName-Name of the headerfield to be added


148


















modifyIfExistsHeader Modifies a header • HeaderName-Name of the header field to be modified


addRcpt Adds the rcpt specified in 'currentRcpt' and 'currentRcptFolder'.

• currentRcpt-Address to be added in recipient list

• currentRcptFolder-Delivery folder

discardRcpt Ignores a client's request of adding a RCPT, without responding with an error

149




onHeadersReceived Called after the message header is received.



Range: 0 - 65535

Not Applicable


IP Not Applicable

remoteSmtpPort number IN,RO The remote port the connection was established through

N/A Not Applicable


IP Not Applicable


Choice:



Not Applicable




Choice:



Not Applicable





totalMailSize numeric IN,RO Total size of email messages sent in the respective


150





session (in octets).

remoteDelivery choice IN,RO Specifies which clients can send remote messages.

Choice:




auth

localDelivery choice IN,RO Specifies which clients can send messages locally.

Choice:




all

maxRcptCount numeric IN,RO The maximum number of recipients for an email.

Range: 0 - 1000

1000


Range: 0 - 4294967295

10240


Range: 0 - 4294967295

30


Text string

DNSBLResult ip OUT,WO The result of a 'checkDNSBL' call; if the client ip is not found using

IP

151





'DNSBLServer' the result is an empty string


Text string

SPFResult choice IN,RO Result of the SPF check (possible values: 'None', 'Neutral', 'Pass', 'Fail', 'SoftFail', 'TempError', 'PermError'; can be set manually or by calling the 'checkSPF' method; if the result is 'Fail', the subsequent 'MAIL FROM' commands will fail.

Choice:





None


Choice:





Not Applicable



mailFromLocalPart text IN,RO The local part of the address specified in mail from.


mailFromDomain text IN,RO The domain of the mail from address; modified


152





automatically along with the 'mailFrom' value.











existsHeader choice IN,RO See 'checkExistsHeader' method.

Choice:

• yes - the header specified by 'HeaderName' was found

• no - the header specified by 'HeaderName' was not found

Not Applicable


Text string


Choice:


• reject - the server rejects the current command and


153





returns a permanent error






Values:






Choice:


Not Applicable



addFilterResult choice IN,RO Choice: Not

154







Applicable



Text string


Choice:





Not Applicable


Choice:






Not Applicable

155







Methods








executeFilters Execute onHeadersReceived method for selected filters









readHeader Read the value of a header specified by 'HeaderName'; the result is stored in 'HeaderValue' variable; if the header has more than one value, the values are separated by new line (CRLF)

• HeaderName-Name of the header field to be read

• HeaderValue-The value of the header; set to empty string if the header is not found

checkExistsHeader • HeaderName-Name of the header field to be searched

• existsHeader-Set to 'yes' if the header is found, 'no' otherwise

156





addHeader Adds the specified header through the 'HeaderName' and 'HeaderValue' variables
















modifyIfExistsHeader Modifies a header • HeaderName-Name of the header field to be modified


onBodyChunk Called every time a piece of the mail body is received.



Range: 0 - 65535

Not Applicable

157






IP Not Applicable


N/A Not Applicable


IP Not Applicable


Choice:



Not Applicable




Choice:



Not Applicable







158






Choice:




auth


Choice:




all


Range: 0 - 1000

1000


Text string


IP

DNSBLExplanation text OUT,WO The explanation associated with the result

Text string

159





returned by a 'checkDNSBL' call


Choice:

• None - TBD • Neutral - TBD • Pass - the

message meets the domain's definition for legitimate messages


• SoftFail - TBD • TemprError -

TBD • PermError -

TBD

None


Choice:





Not Applicable





160





mailFromDomain text IN,RO The domain of the mail from address; modified automatically along with the 'mailFrom' value.









Text string


Choice:



• tmpreject - the server rejects the current command and returns a


161





temporary error • abort - the

server aborts the connection





Not Applicable


Choice:




addFilterResult choice IN,RO

4.3.7.3. SMTP Functionalities (III)

onDataReceived Called after receiving the message successfully through the DATA or BDAT commands.



Range: 0 - 65535

Not Applicable


IP Not Applicable


N/A Not Applicable


IP Not Applicable

162





isSSLConnection choice IN,RO 'yes' if theconnection is encrypted (socket ssl), no if it is not.

Choice: Not Applicable • yes - the

connection is encrypted (socket ssl)




Not Applicable


Choice:










Choice:



• auth - only authenticated clients can send remote

auth

163





messages


Choice:




all


Range: 0 - 1000

1000


Range: 0 - 4294967295

10240


Range: 0 - 4294967295

30


Text string


IP


Text string

164






Choice:

• None - TBD • Neutral - TBD • Pass - the

message meets the domain's definition for legitimate messages


• SoftFail - TBD • TemprError -

TBD • PermError -

TBD

None


Choice:





Not Applicable





mailFromDomain text IN,RO The domain of the mail fromaddress; modified


165





automatically along with the 'mailFrom' value.








Text string


Choice:






166










Choice:


Not Applicable






Not Applicable



Text string


Choice:




Not Applicable

167







Choice:






Not Applicable



Methods





• filterAddress-Specifies the address



168




Name Explanation Input Parameters Output Parameters of the filter to be added

executeFilters Execute onDataReceived method for selected filters









onRelay Called before establishing a relay connection in order to determine the connection parameters.


localInterface ip IN/OUT,RW Local interface IP from which the connection will be attempted.

IP

remoteSmtpHost text IN/OUT,RW Hostname of the remote relay server.

Text string

remoteSmtpPort numeric OUT,WO The remote port the connection will be established to

Range: 0 - 65535

Not Applicable

remoteSmtpIp ip OUT,WO The remote port IP the connection will be established to

IP Not Applicable

authUser text OUT,WO User name used for authentication

Text string None

169





to the remote server

atuhPasswd text OUT,WO The user's password used to authenticate

Text string

mailFrom text IN,RO The addressspecified in mail from.




mailFromDomain text IN,RO The domain of the mail from address.




rcptCount numeric IN,RO Number of recipients communicated by the client.


isFromLocalDomain choice IN,RO 'yes' if the mail was created locally, 'no' if it was received through SMTPIn

Choice:

• yes - the mail was created locally

• no - the mail was received through SMTPIn

Not Applicable

mailSize numeric IN,RO Mail size in octets.

Range: Not applicable

maxConnections numeric OUT,WO Maximum number of allowed connections to the destination host

Range: 0 - 4294967295

5

maxRcptCount numeric OUT,WO Maxium Range: 0

170





number of recipients to deliver to in a single SMTP transaction (0 means unlimited)

0 - 1000

smtpConnectTimeout numeric OUT,WO TCP timeout for SMTP relay connection

Range: 300

chunkSize numeric OUT,WO The maximum size of a data block that can be sent through BDAT

Range: 0 - 4294967295

102400B(100KB)

allowStartTLS choice IN/OUT,RW 'yes' if the STARTTLS extension is allowed, 'no' if otherwise.

Choice:

• yes - STARTTLS extension is allowed

• no - STARTTLS extension is not allowed

yes

allowPipelining choice IN/OUT,RW 'yes' if the PIPELINING extension is allowed, 'no' if otherwise.

Choice:

• yes - PIPELINING extension is allowed

• no - PIPELINING extension is not allowed

yes

allow8BitMime choice IN/OUT,RW 'yes' if the 8BIT extension is allowed, 'no' if otherwise.

Choice:

• yes - 8BIT extension is allowed

• no - 8BIT extension is not allowed

yes

allowBinaryData choice IN/OUT,RW 'yes' if the BINARY extension is allowed, 'no' if otherwise.

Choice:

• yes - BINARY extension is

yes

171





allowed • no - BINARY

extension is not allowed

requestAuth choice OUT,WO 'yes' if authentication is mandatory, 'no' if otherwise

Choice:

• yes - authentication is mandatory

• no - authentication is not mandatory

no

strict7BitMime choice OUT,WO 'yes' if transmitting binary data to clients that do not advertise supporting such data is not allowed

Choice:

• yes - transmitting binary data to clients that do not advertise supporting such data is not allowed

• no - transmitting binary data to clients that do not advertise supporting such data is allowed

yes

sslEnabled choice OUT,WO 'yes' if the purpose is to establish a SSL connection

Choice:

• yes - The connection is established with SSL enabled

• no - The connectin is established with SSL disabled

no

plainConnAuthTypes multival IN/OUT,RW Allowed authentication types for a

Values:

• all - All authenticatio

crammd5

172





plain connection (possible values: 'all', 'none' or a 'plain', 'login' and 'cram-md5' combination).

n types are allowed for plain connections

• none - No authentication type is allowed for plain connections

• plain - PLAIN authentication is allowed for plain connections

• login - LOGIN authentication is allowed for plain connections

• cram-md5 - CRAM-MD5 authentication is allowed for plain connections

secureConnAuthTypes multival IN/OUT,RW Allowed authentication types for a SSL connection (possible values: 'all', 'none' or a 'plain', 'login' and 'crammd5' combination).

Values:

• all - All authentication types are allowed for secure connections

• none - No authentication type is allowed for secure connections

• plain - Plain authentication is allowed for secure connections

• login - Login authentication is allowed for secure connections

all

173





• crammd5 - Crammd5 authentication is allowed for secure connections

onDeliveryFailure Called when the mail delivery failed for a certain group of recipients.












sendNDR choice OUT,WO Specifies if the NDR will be sent or not

Choice:

• yes - The NDR will be sent

• no - The NDR will not be sent

yes

ndrAttachSource choice OUT,WO Specifies if the original email message will be attached to the NDR

Choice:

• no - original email is not attached to the NDR

yes

174





• yes - original mail is entirely attached to the NDR

• header - only the header of the original mail is attached to the NDR

ndrSubject text OUT,WO Email subject sent as NDR (by default it is a hard-coded message)

Text string TBD

ndrSender text OUT,WO The Mail From field of the NDR header

Text string mailer-daemon@'primaryDomain'

ndrMessage text OUT,WO Text of the NDR message

Text string TBD

ndrRcptMessage text OUT,WO Part of the message specified for each recipient individually; it can refer to the 'ndrRcptAddress' and 'ndrRcptFailInfo' fields

Text string TBD

ndrMessageFooter text OUT,WO Message ending of the NDR mail

Text string TBD

ndrRetryCount numeric IN,RO No. of delivery retries.


ndrRcptAddress text IN,RO Recipient address for which the delivery has failed. - can only be used when setting the 'ndrRctpMessage' variable

Text string

175





ndrRcptFailInfo text IN,RO Reason for which delivery has failed for a certain user - can only be used when setting the 'ndrRcptMessage' variable

Text string

onTemporaryDeliveryFailure Called when the mail delivery has temporarily failed for a certain group of recipients.


mailFrom text IN/OUT,RW

The address specified in mail from.








mailFromSize numeric

IN,RO The email size specified in the mail from command.


sendNDR choice OUT,WO Specifies if a temporary error NDR will be sent or not

Choice:

• yes - The temporary error NDR will be sent

• no - The temporary error NDR will not be sent

no

176





ndrAttachSource choice OUT,WO Specifies if the original email message will be attached to the NDR

Choice:

• no - original email is not attached to the NDR

• yes - original mail is entirely attached to the NDR

• header - only the header of the original mail is attached to the NDR

header

ndrSubject text OUT,WO Email subject sent as NDR (by default it is a hard-coded message)

Text string TBD

ndrSender text OUT,WO The Mail From field of the NDR header

Text string mailer-daemon@'primaryDomain'

ndrMessage text OUT,WO Text of the NDR message

Text string TBD

ndrRcptMessage text OUT,WO Part of the message specified for each recipient individually; it can refer to the 'ndrRcptAddress' and 'ndrRcptFailInfo' fields

Text string TBD

ndrMessageFooter text OUT,WO Message ending of the NDR mail

Text string TBD

ndrRescheduleDate numeric

IN,RO Date the email is scheduled to be delivered again

Range:

177





ndrRetryCount numeric

IN,RO No. of delivery retries.


ndrRemainingRetryCount

numeric

IN,RO No. of remaining delivery retries after which the mail delivery will be abandoned.


ndrRcptAddress text IN,RO Recipient address for which the delivery has failed. - can only be used when setting the 'ndrRctpMessage' variable

Text string

ndrRcptFailInfo text IN,RO Reason for which delivery has failed for a certain user -can only be used when setting the 'ndrRcptMessage' variable

Text string

178




Chapter 5. User and Domain Configuration AXIGEN provides you with unmatched configurability for domain, user, group and mailing list configuration. For each type of entity, AXIGEN allows you to configure anything from services to run to advanced parameters regarding mailbox characteristics and WebMail behavior.

5.1. Domains In AXIGEN, domain management has several features that give you full and easy control of administered domains while enabling you to fine tune resource allocation for each of these domains. Two administration tools allow you to create domains:

• WebAdmin - also gives you access to all advanced domain configuration parameters. • CLI - see Configuring AXIGEN using CLI for more details.

Important! When creating domains, one message storage location is recommended for each predicted 20GB of message occupied storage space. For larger spaces, additional message storage locations should be created to correspond to the number of 20GB storages you need. You can add multiple message storage locations using WebAdmin (when creating the domain) or CLI (within the domain creation context). After creating the domain, additional locations cannot be added. When using CLI, the command to create multiple message storage locations is as follows: ADD MessagesLocation <path> Domain settings in AXIGEN are available at the following levels:

• General You can use AXIGEN to create as many domains as allowed by your license type, and for each of these domains. You can also specify the services to run for this domain, assign an IP address to this domain or create a 'catch all' account for all emails sent to inexistent user accounts.

See Domains General Configuration for information on how to configure general domain parameters using WebAdmin.

• Domain Aliases For all domains administered with the AXIGEN Mail Server, you can add as many aliases as you need.

See Defining Domain Aliases to manage existing aliases and add new ones.

• Message Filters For each configured domain, you can manage the existing Antivirus /Antispam Filters and add as many Incoming Message Rules as you like. This way you can implement different security policies for different domains.

For general information on filter types available in AXIGEN, see Mail Filtering.

For detailed information on how to configure filters, see Domain Message Filters page.

179




• Message Appender AXIGEN allows system administrators to define a certain text which is to be appended to all email messages sent from a certain domain. See Message Appender page for details on editing appenders.

• Account Defaults Through Account Defaults, system administrators can set default values for certain parameters that will be automatically inherited by all new accounts and account classes, and can be explicitly set (overridden) in the advanced configuration of the respective account or account class. See Account Defaults for details on how to set their corresponding parameters.

Domains and accounts can also be added using the Command Line Interface, but the best option for domain configuration is WebAdmin, which gives you easy access to all the categories of parameters mentioned above.

5.2. User Accounts In AXIGEN, account and user management has several features that give you full and easy control of administered accounts while enabling you to fine tune resource allocation for each of these accounts.

Note that in order to create an account, you need to first create a domain. For details on how to create domains in AXIGEN, see the Creating a New Domain section.

Two administration tools allow you to create domains and accounts:

• WebAdmin - also gives you access to all advanced account configuration parameters, see Manage Accounts Tab

• CLI - see Configuring AXIGEN using CLI for more details

Account settings in AXIGEN are available at the following levels:

• General You can define as many accounts as allowed by your license type, and for each of these accounts, as many aliases as you need. At the account level, you can also specify the services to run. This is a distinctive feature of AXIGEN, as you can easily selectively restrict access to one or more services (i.e. WebMail) for certain users within one domain. You can also view the current mailbox size for an account, specify the mailbox quota for accounts and limit the number of messages sent per hour from that account. See Accounts General Page for information on how to configure general domain parameters using WebAdmin.

• WebMail For account behavior in WebMail, AXIGEN provides a variety of parameters allowing you to set attachment size and number limits, mail size limits, the maximum number of simultaneous sessions, and the HTML filtering level for email messages. You can make special settings for one account or use the one inherited from domain level.

See Account WebMail Options for information on how to configure WebMail parameters using WebAdmin.

180




• Filtering For each configured account, you can add and activate any number of filters. This way you can implement different security policies for different accounts For general information on filter types available in AXIGEN, see Mail Filtering. For detailed information on how to configure filters, see Managing Message Filters. Further advanced settings, defining Inbox folders, limits and quota for each user account are also available in the Manage Accounts Tab. Accounts can also be added using the Command Line Interface, but the best option for account configuration is WebAdmin, which gives you access to all the categories of parameters mentioned above.

5.3. Groups Groups are functional entities meant to have emails sent to specified email addresses.

Groups do not have an actual mailbox. They are defined with a generic name, such as 'Sales' or 'Team' or 'Office' and an email address is created following the groupname@domain pattern, and then group members are added. Thus you can make sure that several recipients get email from a published email address (i.e. [email protected]). Also, you can change the recipient email addresses without having to change the published email address.

For all managed groups, system administrators can add and remove members at any time. They can also add as many message rules as needed to ensure a proper security policy for any given group.

In AXIGEN, the maximum number of groups that can be defined for a server/domain cannot be greater than the number of licensed mailboxes.

These administration tools allow you to create and configure forwarders:

• WebAdmin - also gives you access to all advanced forwarder configuration parameters, see Groups tab

• CLI - see Configuring AXIGEN using CLI for more details

5.4. Mailing Lists

Mailing List Server Overview In AXIGEN, the integrated list server provides advanced mailing lists administration options. For each list, advanced parameters allow administrators to specify:

• AXIGEN services running, content type, what messages are moderated messages, what headers to remove etc.

• WebMail specific settings allow configuring the way mail lists are viewed and managed on the Web (see Mailing List WebMail Options).

The AXIGEN List Server also provides RFC compliant templates / macros for automated mailing list interaction which allow you to add header text and other types of text before and after the message body.

For each list, standard text messages can be specified to be returned in the following cases: invalid user name, unknown user, request needs confirmation, user already subscribed, rejected response, welcome text, goodbye text, subscribe denied, etc. All these advanced parameters guarantee easy list administration and easily definable

181




custom appearance and behavior for each list. For information how to configure list parameters, see the Mailing Lists Tab.

Administration of the Mail List The current version of AXIGEN Mail Server does not differentiate, from an operational point of view, a list administrator from a list moderator. This operational difference will be featured in a next version of AXIGEN Mail Server. Therefore, currently the person who creates the mail list will act as both administrator and moderator of the list created. Also, please note that, list users are distinct from user mailboxes, even if both entities are administered using AXIGEN Mail Server.

Message Flow for AXIGEN List Server From the moderator / administrator point of view, the folders below describe the flow for a message sent to a list managed with AXIGEN Mail Server:

• INBOX: stores all messages that have been already delivered are to be delivered. • PendingRequests: stores all the requests that have to be confirmed by the

administrator. The administrator can confirm a message in this folder by moving it to ConfirmedRequests.

• Requests: stores all requests that need to be confirmed by their senders (for instance subscription requests). When such a confirmation is received and verified, the request is moved to ConfirmedRequests.

• ConfirmedRequests: stores all requests confirmed by their senders. • Pending: stores all messages that need to be moderated. The moderation is

executed by moving the corresponding message to:

1. INBOX (the message will be published) 2. Reject (the message is automatically rejected), 3. ToBeRejected (the message is stored for a future manual reject)

• Reject: When a message arrives in this folder, the sender of the message receives a reject message and the original message is moved to Deleted.

• ToBeRejected: stores messages that need to be manually rejected by one of the list moderators.

• Deleted: Here are stored all messages that have been rejected by list moderators.

From the mail list user point of view: A mail list user would interact with the list in different stages: when subscribing to the mail list, when confirming his/her subscription, when making a request, when accessing the list WebMail page or root mailbox, etc. The answers received from the list server are generated automatically, depending on the initial configuration of the mail list (done by the administrator) and the administrator's corresponding actions.

Templates explained From a mail list administrator/moderator point of view, most of the messages send as answers on a mail list created and operated with AXIGEN Mail Server are in fact expanded macros or templates.

All macros have the following form: %[-][width][.precision]{macro letter}

Here is the algorithm used when expanding these macros: len = strlen(macro text); width default = 0; precision default = INT_MAX;

182




left pading default = false; if minus => left pading = true; precision = min (len, precision); pading = max (0, min(512, pading - precision)); if left pading => the trailing spaces are inserted before macro text ; if not => the trailing spaces are inserted after the macro text;

Here is the list of macro letters and their meanings:

• l - Name of the list • d - The domain name of the list. • r - A short description of the list. • o - Operation to be executed (this option is valid only for the answers sent to

requests). • e - Address of the original message sender. • i - Identity confirmation. This is a message in the following format: "confirm {ID

message} {random number}" Note that this option can also be used as a boundary when building multipart messages.

• x - Row • M - Original message (populated only for answers to automatically rejected

messages. • f - Sender of the message (can be either a name or an e-mail address). • w - Original message date. • s - Original message subject. • m - Original Message ID • n - The number of the digest message.

For detailed information on how to configure mail lists in WebAdmin, see Mailing Lists. Lists can also be configures using CLI - see Configuring AXIGEN using CLI.

5.5. Public Folders Starting with version 2.0, AXIGEN supports Public Folders for the WebMail and IMAP services. System administrator can also associate email addresses with a domain’s public folder. Thus, emails can be sent directly to the public folder, access being given instantly to all the account users within the respective domain.

Public folders are defined per each domain managed by AXIGEN. For all defined public folders, one or more email addresses can be defined. The Postmaster of each domain can create and/or delete folders and messages within the Public Folder, while the rest of the users have reading rights only on the existing folders and messages.

While they cannot permanently delete messages from the Public Folders, when using WebMail, users can mark the messages they choose as deleted and also hide the emails with such marks. Also, certain email clients (such as Outlook) allow a similar behavior: marking for deletion and hiding such messages. Thus, users are not compelled to view messages that do not interest them.

Users can set other types of flags for their Public Folders, such as Read/Unread or Flagged/Unflagged. These options are available both in WebMail and in email clients (depending on their features), and affect the email messages of the respective individual account, not the actual content of the Public Folders.

For more details on configuring public folders, see Configuring Public Folders.

183




Chapter 6. Working with the WebMail Module in AXIGEN This chapter presents the AXIGEN WebMail Service features and configuration from a user's point of view. The sub-pages of this section will present in detail how to connect to the WebMail interface, manage the respective user account, add contacts to the address book or create and manage email messages and WebMail folders.

When accessing the WebMail interface through a browser, the individual user can configure all parameters relative to their respective account, except for certain limitations imposed by the administrator (in terms of attachment size, mailbox quota, etc.).

For an overview of the WebMail service in AXIGEN, see the corresponding section in the Architecture Chapter.

For tips on how to configure WebMail parameters and behavior using WebAdmin, see the WebMail Tab in the corresponding chapter.

6.1. Accessing/Leaving the WebMail Interface

Connecting to AXIGEN WebMail To connect to AXIGEN WebMail, enter in your browser the IP:port combination where your AXIGEN WebMail service is running. If you are accessing WebMail from the machine on which AXIGEN is installed, this address is by default, http://127.0.0.1:8000.

Remote access If you are accessing the WebMail from a different machine, you need to set in the listener's address parameter the IP address of the machine on which AXIGEN is installed. Or, you can set this parameter to 0.0.0.0 (in this case, the listener will listen to all machine interfaces). When accessing the AXIGEN WebMail, you need to replace the 127.0.0.1 IP from the URL with the IP address of the machine on which the AXIGEN Mail Server is installed. For example, if the machine running AXIGEN has the 192.168.1.1 IP address, change the IP/port data under Server->Webmail->Listeners->Address to match your IP/port:server { ... web { ... listeners = ( { ... address = 192.168.1.1:9000 enable = yes

Remember to reload your AXIGEN Mail Server after each change in the configuration files.

In the window thus displayed, enter the WebMail username and password provided by the system administrator.

184




Note: To have the list of available domains displayed on the WebMail login page, make sure you have the following settings: - the Allow domain selection on login option from the Services > WebMail Tab is checked; - the Include this domain in WebMail's domain selection list option from the Domains >General page corresponding to your existing domains is checked.

Leaving AXIGEN WebMail To close the current WebMail session, click the Logout link (right upper corner, next to the username and the Settings link).

6.2. WebMail Features and Configuration

Navigating in Your WebMail Account The left panel of your WebMail account displays a tree structure containing the folders currently existing in your WebMail account. When first accessing your WebMail account, the structure looks like this:

The folder structure helps you browse and manage the messages in your WebMail account:

185




Browsing trough messages is possible also with the help of the Page navigation buttons (go to first, next, previous, last, or specific (by number) page) above the preview pane. If actions are performed on items in a page the interface will remember the page name so when the user returns to it will be the exact same page.

The headers of the messages from the folder selected in the left panel are displayed on the upper right panel.

When selecting an email from the upper right panel by clicking on it, the message body will be displayed in the lower right Preview Pane. The Preview Pane can also be moved to the right of the message list. By default, the Preview Pane displays the sender, recipient(s) and date details of the email horizontally. To have them displayed vertically, press the "+" icon in front of the Subject line, as shown in the below picture.

Searching within your email account You can search through the existing email messages stored in your account using the quick search option or the Advanced Search option.

For a quick search, go to the left corner of the WebMail page (above the folders tree structure), type your query in the search filed and press the Go button. The search results will be displayed in the same window and can be sorted by all fields displayed in the message list header (From, To, Subject, Date, Size).

For an advanced search, access the more actions menu (under the Settings and Logout links) and choose the Advanced Search option. In the new window choose whether the query should match all or just part of the specified search elements. Add as many search criteria as you need by clicking the add new element link or delete them by hitting their corresponding trash-bin shaped button

186




Use the drop-down menu to select the new search element type. Available options include setting search criteria relative to the subject, sender, body, date, send date, To, Cc, size of the email, flag, header or raw. To select the folders to search in click the Choose folders button and in the new window select them (public folders are not available), they will be displayed in the Selected folders section. Finally click the Search button to find the needed information.

NOTE: The Search function also supports internationalized searches. Having this feature, language-specific characters can now be used when running a search (i.e. using diacritics).

6.3. Working with Messages in WebMail

Main Button Bar

Use the New button to create a new email message. The Reply and Reply to All buttons allow you to reply to a particular email message or to all previously selected messages. Use the Forward button to redirect a received email to a different recipient and the Move button to move an email message to a different folder. The Delete button allows you to delete previously selected messages.

For further actions on email messages, use the More actions drop-down menu, which allows you to access the Advanced search, group email messages by conversation, subject, sender or not group them at all, select all messages, invert a previous selection, deselect all messages or forward an email as attachment.

If any of the 'Group by' views are selected the result list, in the message list window, will be split in pages containing a defined number of messages (set in the WebMail Data tab). Navigation among pages is possible (go to first, next, previous, last, or specific (by number) page) and if actions are performed on items in a page the interface will remember the page name so when the user returns it will be the exact same page.

Composing a new message To compose a new message, press on the New button. A pop-up window similar to the one below is displayed.

187




Steps for editing a new message in AXIGEN WebMail

To edit an email message you need to take the following steps:

1. Enter the email addresses of the recipients in the To: field of the message (separated by commas if multiple) or add them from your existing address book by pressing the Addressbook button. The Addressbook gives users access to contacts defined for their account and also to Public and Domain contacts. First select the needed contact list, then select a specific one. Email addresses can be added automatically to the 'To', 'Cc' or 'Bcc' fields. To do so, click on the address to select it, then click the To, Cc or Bcc buttons. Press the OK button when you are done adding recipients or the Cancel button to quit.

For any of these three address fields, when typing the recipient addresses, if the respective addresses are already in your address book, the autocomplete function will be enabled. Therefore, you can select the correct address and press Enter.

2. Use the Check addresses button to verify the validity of the email addresses you have inserted.

3. Specify the subject of your message in the Subject: field. 4. Use a different originating email address by clicking the Show From link (after the

formatting buttons) and typing the address in the From field.

188




WARNING! This option works only if the user has the 'Send Mail as' permission from the mailbox owner.

For information on how to define 'Send Mail as' permissions please see Sharing permissions.

5. Set the 'Reply-to' header for the email message. When clicking the 'Show Reply-To' link, a new field appears containing the email address defined in the settings window (which the user may override). If no value was defined in the Settings > Personal Data page the input field must be empty.

6. Edit your message in the message body. The user can now use rich text (Bold, Italic, Underline / Strike through, Different font face and size, Colors, Subscript, Superscript, Insert link, Bullets etc.).

7. Add attachments to your message by pressing the Attach button. To add an attachment, press on Browse, specify the path to the attachment and then press on the Upload link. To add multiple attachments, repeat these actions as many times as you need.

8. After adding one or more attachments to a WebMail message, the attachment list is displayed in the lower part of the screen. You can delete the attachments one by one, by clicking on the corresponding [delete] link.

9. You can save a draft of your current message at any time by pressing on the Save button and resume its editing at a later time.

Marking messages To mark a message, you must first select it in the upper panel by clicking on it. Then choose one of the options displayed in the Mark as drop-down box:

• Select Mark as read to set the status of the currently selected message(s) to Read. • Select Mark as not read to set the status of the currently selected message(s) to Not

read. • Select Flagged to add a flag to the currently selected message(s). • Select Not Flagged to delete the flag for the currently selected message(s). This

option is only available for previously flagged messages. • Select Deleted to mark a message as deleted (it will be displayed in strikethrough

style). When marking certain messages as deleted, you can also choose to hide them by pressing the Hide deleted button

• Select Not deleted to remove a deleted mark from a certain email message.

189




Deleting messages To delete one or more messages, select the message(s) and click on the Delete button in the Main button bar. If you do not wish to see the deleted messages click the Hide deleted button. Deleted messages will be permanently deleted or sent to the Trash folder depending on the user setting in WebMail Data or the Move deleted emails to Trash option set by the administrator in Account WebMail Options.

6.4. WebMail Folders

Public Folders Through the Public Folders, users may now share email messages, contacts, tasks etc. by simply copying and/or moving them to a public folder. System administrator can also associate a certain email address with a public folder. Thus, emails can be sent directly to the public folder, archiving options being also available.

While they cannot permanently delete messages from the Public Folders, when using WebMail, users can mark the messages they choose as deleted and also hide the emails with such marks. Thus, users are not compelled to view messages that do not interest them.

Users can set other types of flags for their Public Folders, such as Read/Unread or Flagged/Unflagged. These options affect the email messages of the respective individual account, not the actual content of the Public Folders.

Special Folders From both WebMail and Outlook, one can create a special type of folder: Mail, Calendar, Tasks, Journal, Contacts, Notes. Each special folder has type-specific view to display its contents (i.e. Calendar view(es) for calendar-type folders, Contacts view for contact-type folders and so on).

Aside from its specific view, each special folder type has a list view which consists of a list of objects in that folder. The list view has more pages so the user may view only a few items at a time. When editing an object in the list view, the user interface remembers the page so that after the object is updated the position in the list is not lost.

While in the list view special messages can be copied or moved from one special folder to another, if the folders have the same type. This action can also be performed in Outlook.

NOTE: After creation, the folder type cannot be modified.

For special public folders all action buttons are displayed, regardless of the permissions. When editing an item, the action buttons in the edit pop-up are displayed or not depending on the permissions. For example if the current user does not have 'Edit' (i.e. delete & create) permission, the 'Save' button does not exist; moreover, all input controls are disabled.

For information on how to set folder permissions please access the Sharing Permissions page.

Managing Folders in WebMail Right click on any folder in the folder tree (be it personal, public or shared, mail, calendar, task, journal or notes) brings-up a context menu with the following options: New folder, Rename folder, Move folder, Empty folder, Delete folder, Sharing, Open/Close other user's folder.

190




These options always appear in the context menu, if they work or not depends on the specific permissions set on the selected folders.

When clicking any of these options new pop-up window is displayed allowing you to make the desired changes.

For example when creating a new folder a new window is displayed allowing you to specify the name of the new folder in the Folder name text area, the Folder type (Email, Calendar, Tasks, Journal, Notes or Contacts) and select its location in the folder tree. To finish press the Create button or Cancel if you changed your mind.

All folder options: creating, moving, deleting etc. have explicit instructions in their respective pop-up windows.

Managing Contacts in WebMail To define your address book access the Contacts folder from the folder tree. You can either add them one by one or import an existing address book.

Click the New contact button to create a new contact and fill in the details.

191




General Details

Use the Email, First Name and Last name text fields to specify the name and email address of the new contact you want to add. To specify the contact's nickname, use the Nickname field.

Additional Info

You can specify a personal email, for non-professional purposes in the Personal email field, phone numbers in the Phone and Mobile Phone fields and the home phone and address data in the Home address and Home phone fields.

Using the Business email field you can specify the business email address for your new contact. Use the Business phone and Business address fields to specify the office contact details. Finally the Notes text field can be used to type any information regarding the currently edited contact.

Make sure to press the Save&Close button to save the contact you just added or the details you changed.

192




Edit the contact by double clicking on it. To delete an existing contact, use the Delete icon on the right of the contact you would like to remove. To send a new email to a contact in the list click the letter icon (next to the Delete icon). Click the Details link to see all the information regarding that contact.

Press the Import contacts button to import external address books that were saved locally.

Address book files must be in CSV(Comma Separated Value) format!

Click the Browse button to specify the path to the desired external address book, then click on the Import contacts button. Should you choose to abort, press the Cancel button.

Any new created mailbox has by default two public folders in the root of the public folder: Domain Contacts and Public Contacts.

The Domain Contacts folder is read-only: no items can be modified or created in it, it cannot be deleted or renamed, no folders can be added to it, no permissions may be changed on it.

NOTE: This applies for all users in the domain, including postmaster!

The content of this folder is automatically and dynamically updated by the server and contains all the email addresses for recipients in the domain.

Public contacts can be added only by the domain Postmaster in the same way explained above.

193




6.5. Working with the Personal Organizer in WebMail Having time management and mobility needs in mind, starting with version 4.0, the AXIGEN Mail Server comes with a Personal Organizer module available from both AXIGEN’s WebMail interface and Outlook email client. The Personal Organizer comprises tools such as calendar, tasks, journal, notes and collaborative support.

This section aims to explain how the new management tools can be used. Each of them - calendar, journal, notes, tasks - is described in a separate sub-section, with all its features and usage alternatives.

6.5.1. Working with your Calendar

The Calendar helps users plan and schedule their work-related or personal events and to have a clear and detailed view of their work, thus enabling an improved time management. To access your Calendar, you can either click the Calendar folder in the folder tree structure placed on the left hand side of your WebMail account or click on any day of the calendar displayed in the lower left corner of the interface.

The upper button bar displayed when the Calendar is accessed gives access to the following options:

• New event - creates a new event. To create an event in a certain day, either select it first using the calendar displayed in the lower left corner. Use the left and right arrows to change months of the current year and the double right and left arrows to change the year.

• Today - when hit, it marks the current day events • Day view - displays the events for one day at a time • Work-week view - displays work days, Monday to Friday

194




• Week view - displays the entire week • Month view - displays the events for the whole month • List view - displays the existing list of events.

Creating a New Event When creating a new event, you have to first type a Subject (required) and then a location, specifying where the event takes place. You can either create an event that lasts throughout the day by checking the All day event option, or you can specify limits for the new event. To do so, click the date and time selection boxes for both the Start and End date of your event.

Should you like to be prompted that a certain event is about to start, check the Reminder box and set your desired time interval. You can also use the available text field to type in any details or explanations regarding your current event. Set the events transparency to "Busy" or "Free" using the drop-down menu in the “Show time as” section. This option will affect the resource availability displayed in the Free/Busy tab. More information is available below on this page.

To save your event, press the Save & Close button. To abort configuring the event, hit Cancel. To define a repeating scenario, hit Recurrence and use the Invite button to invite others to attend the event you are creating.

195




Existing events can be edited at any given later date. To do so, select the desired entry by double-clicking it, regardless of the selected view type. After making the needed alterations, hit the Save & Close button. If the entry you want to edit is a recurring event, you will be asked whether you want to edit the entire series or only a single instance (occurrence) of the event:

NOTE: This option is not available while in the list view.

Should you like to delete the entry, press the Delete icon added to the editing window. Additionally, when using the List view, you can use the edit end delete icons appended to each event.

Setting the Recurrence When hitting the Recurrence button, a pop-up window displays the available options. You can set a start and end time for the event by clicking the respective selection boxes. Thus, the Duration of your event will be automatically set.

Click the Start selection box to select the starting date of the recurrence. You can choose to have the event repeated incessantly by checking the No end date option or the event can stop occurring after a number of occurrences (check the End after x occurrences option) or by a certain date (select the End by... option).

You can set the event to o be repeated on a daily, weekly, monthly or yearly bases, according to a defined Recurrence pattern. Depending on the Recurrence pattern you select, you can access more detailed options:

196




• Daily - you can have the event repeated every weekday by checking the corresponding option, Every weekday, or you can have it repeated every 2,3, x days by checking the corresponding option.

• Weekly - you can check a certain day(Monday to Sunday) of every 1/2/etc week(s) for the recurrence

• Monthly - You can specify a certain day of every month (e.g. 25th of every month or every 2 months), or select from the other available options: first/second/third/fourth/last - day/weekday/weekend day/Sunday/Monday etc. of every 1/2/etc months. For example, you can set an event that occurs on the first weekday of every other month.

Important! As the number of days differs depending on the month, if you set an event for the 31st, it will be scheduled in the last day of each month with 30 days.

• Yearly - You can set the event to occur on a certain date of a certain month (e.g. January 25th) or you can select from the other available options: first/second/third/fourth/last - day/weekday/weekend day/Sunday/Monday etc. of every January/February/etc months. For example, you can set a seminar attendance event for each first weekend day of every March.

Finally, set the Range of recurrence for your event. Click the Start selection box to select a date. The event can be repeated incessantly if you choose the No end date option. Alternately, you can have it ended after a number of instances, by checking the End after x occurrences option and setting the desired number of repeats, or set an End by date and selecting the desired end date by clicking the respective selection box.

197




When you are done setting the event recurrence, hit OK. To abort the recurrence, hit Cancel. For already defined recurrence details, hit Remove Recurrence to prevent the event from repeating.

Inviting Attendees When hitting the Invite Attendees button, a new text field and a To button are added in the upper side of the event editing window. If you want to abort inviting process, press the Cancel Invitation button that replaces the initial Invite Attendees option.

You can either type the email addresses of the persons you want to invite at the event, or you can access your existing contacts by hitting the To button. When accessing your contacts using the To button, a new pop-up window appears, allowing you to choose which contacts to display in the left hand pane, as shown below. Available options are 'All contacts', 'My contacts', 'Public contacts' and 'Domain contacts'.

Select the email address of the contact you want to invite with a mouse click, then press the To button. To select several contacts, press Ctrl on your keyboard. To delete a contact from the list of attendees to be invited, click their email address in the right hand pane and press Delete on your keyboard. When you are done selecting attendees, press OK to have the email invitations sent to them. To discard the inviting process, hit Cancel.

198




Attendees will then receive an invitation email in their Inboxes, prompting them to take action:

To view the details of the event they are invited to attend, users need to click on "open details". The available options are to Accept the meeting, to accept it without guaranteeing attendance - Tentative, Reject it, or Propose a change in the event details.

When an attendee takes a certain action, other than Propose, the organizer receives a notification email that requires no further action to be taken.

If, on the other hand, the invited attendees have proposed changes to the event, the organizer will receive an email prompting him/her to take action. The available options are Accept/Reject changes or Propose a new modification of the event specifics.

199




When dealing with proposed changes, attendees have one more option, Tentative, which gives them the possibility to accept the changes partially, without guaranteeing thy will actually take part in the event.

Important! If participants to a certain event take different actions when changes are proposed (i.e. some accept them, while others reject them), the organizer has the final say.

When inviting others to take part in a certain event, the event editing window will also be modified. A new tab called attendees will be added, showing the course of action taken by those invited. The available status options are 'Accepted', 'Declined', 'Tentative' and 'need action'.

In the Free/Busy tab the attendee availability is displayed IF the user editing the event has the 'Read Free/Busy status' permission on the attendee's mailbox. This feature is available only in the WebMail interface.

200




Reminder options If you have chosen to be reminded of a certain event, at the specified time, a pop-up will appear at the given time and date. If no action is taken, it will reappear each time the WebMail interface is automatically refreshed. Hence, it depends on the refresh settings configured in the WebMail Data page. Alternatively, you can have the reminder postponed using the available snooze options, by choosing a repeat interval in the corresponding drop-down menu and by hitting the Snooze button.

Important! If the auto-refresh option is disabled, reminders will not function.

If you want to see the details of an event you are reminded of, press the Open Item button. To dismiss a certain task, select it and press the Dismiss button. Use the Dismiss All button to discard all pending events.

Important! Further settings that determine Calendar behavior need to be set on the WebMail Data page. Each user needs to set the correct Time Zone and the Week start date in order to have deadlines and start times displayed correctly in their Calendar.

6.5.2. Working with your Journal

The Journal allows you to add entries that help you keep track of your day-to-day tasks and actions. To access your Journal, click the corresponding folder in the folder tree structure placed on the left hand side of your WebMail account.

201




The upper button bar displayed when the Journal is accessed gives access to the following options:

• New journal - creates a new journal entry. • Today - when hit, it marks the journal entries for the current day • Day view - displays journal entries for one day at a time • Month view - displays journal entries on a monthly basis • List view - displays the existing list of journal entries.

Creating a New Journal Entry When hitting the New journal button, the options relative to the new entry are displayed in a pop-up window.

To add a new entry, you have to fill in the two required fields: Subject, referring to the entry description, and the Type drop-down menu. There are several available types of entries, such as Phone call, E-mail Message, Task, Conversation, etc:

Click the Start time selection boxes to set a starting date and time for your journal entry. In the displayed calendar, use the left and right arrows to change months of the current year and the double right and left arrows to change the year.

202




Click the Duration selection box to specify a time frame for your journal entry. You can then edit the actual journal note in the available text field. When you are done editing the entry, hit the Save & Close button. If you want to discard the journal entry, press the Cancel button.

Existing Journal entries can be edited at any given later date. To do so, select the desired entry by double-clicking it. After making the needed alterations, hit the Save & Close button. Should you like to delete the entry, press the Delete icon added to the editing window.

When using the List view, journal entries can be edited by double clicking on them and deleted by clicking their corresponding delete icon.

Important! Further settings that determine Journal behavior need to be set on the WebMail Data page. Each user needs to set the correct Time Zone and the Week start date in order to have start and end times displayed correctly in their Journal.

6.5.3. Working with your Notes

The Note tool allows you to add quick notes while working. Notes are best suited when one needs to write down something very quickly and has little time to add more details. To access your Notes, click the corresponding folder in the folder tree structure placed on the left hand side of your WebMail account.

When hitting the New note button, a small pop-up window is displayed.

203




Type the note in the given field and either close the pop-up window using your browsers "x" button, or hit the Close window to save this note link in order to have your text saved.

Notes can be edited by double clicking on them and deleted by clicking their corresponding delete icon.

6.5.4. Working with your Tasks

Tasks helps users organize their work-related tasks and collaborate with others on ongoing projects. By enabling them to permanently check the level of completion, tasks offer a clear and detailed view of their workload. To access your Tasks, click the Tasks folder in the folder tree structure placed on the left hand side of your WebMail account.

The upper button bar displayed when the Tasks are accessed enables the following options:

• New taks - creates a new event. • All tasks - lists all your tasks

204




• Uncompleted tasks - displays the user's uncompleted tasks • Completed tasks - displays the user's completed tasks

Creating a New Task When creating a new task, first type a Subject in the corresponding text field, then set the tasks's completion deadline using the Due Date selection box. Use the left and right arrows of the selection calendar to switch between months of a certain year and the double left and right arrows to switch between different years.

To successfully define a time frame for the task, also configure its Start date, using the corresponding selection box. Furthermore, you can prioritize tasks using the Priority drop-down menu. Available options are: 'Low', 'Normal' and 'High'. To keep track of the completion process, type a percentage in the %Complete text field.

Should you like to be prompted that a certain event is about to start, check the Reminder box and set your desired time interval. You can also use the available text field to type in any details or explanations regarding your current task.

To save your task, press the Save & Close button. To abort configuring the task, hit Cancel. To define a repeating scenario, hit Recurrence and use the Assign task button to have the respective task assigned to different users.

205




Existing tasks can be edited at any given later date by double clicking it. After making the needed alterations, hit the Save & Close button. To mark a task as completed, use the corresponding icon placed next to the Assign task button. Should you like to delete the entry, press the Delete icon in the editing window. Additionally, you can use the delete icons appended to each task or check it as completed.

Setting the Recurrence When hitting the Recurrence button you can set the task to o be repeated on a daily, weekly, monthly, yearly basis or according to a defined Recurrence pattern. Depending on the Recurrence pattern you select you can access more detailed options:

• Daily - have the event repeated every weekday by checking the corresponding option, Every weekday, or you can have it repeated every 2,3, x days by checking the corresponding option.

• Weekly - check a certain day of the week for the recurrence • Monthly - specify a certain day of every month (e.g. 25th of every month or every 2

months), or select from the other available options: first/second/third/fourth/last - day/weekday/weekend day/Sunday/Monday etc. of every 1/2/etc months. For example, you can set an event that occurs on the first weekday of every other month.

Important! As the number of days differs depending on the month, if you set an event for the 31st, it will be scheduled in the last day of each month with 30 days.

• Yearly - set the event to occur on a certain date of a certain month (e.g. January

25th) or you can select from the other available options: first/second/third/fourth/last - day/weekday/weekend day/Sunday/Monday etc. of every January/February/etc months. For example, you can set a seminar attendance event for each first weekend day of every March.

206




Then set the Range of recurrence for your task. Click the Start selection box to select a date. The task can be repeated incessantly if you choose the No end date option. Alternately, you can have it ended after a number of instances, by checking the End after x occurrences option and setting the desired number of repeats, or set an End by date and selecting the desired end date by clicking the respective selection box.

When you are done setting the task recurrence hit OK. To abort the recurrence hit Cancel. For already defined recurrence details, hit Remove Recurrence to prevent the task from repeating.

Assigning tasks When hitting the Assign task button, a new text field and a To button are added in the upper side of the event editing window. If you want to abort inviting process, press the Cancel Assignment button that replaces the initial Assign task option.

You can either type the email addresses of the persons you want to assign the task to, or you can access your existing contacts by hitting the To button. When accessing your contacts using the To button, a new pop-up window appears, allowing you to choose which contacts to display in the left hand pane, as shown below. Available options are 'All contacts', 'My contacts', 'Public contacts' and 'Domain contacts'.

207




Select the email address of the contact you want to have the task assigned to with a mouse click, then press the To button. To select several contacts, press Ctrl on your keyboard. To delete a contact from the list of assignees, click their email address in the right hand pane and press Delete on your keyboard. When you are done selecting assignees, press OK to have the email assignments sent to them. To discard the assigning process, hit Cancel.

Assignees will then receive an assignment email in their Inboxes, prompting them to take action:

To view the details of the event they are invited to attend, users need to click on "open details". The available options are to Accept or Reject the task and the organizer receives a confirmation email.

When assigning tasks to others, the editing window will also be modified. A new tab called Attendees will be added, showing the course of action taken by those you have selected. The available status options are 'accepted', 'declined' and 'need action'.

208




Reminder options If you have chosen to be reminded of a certain task, at a specified time, a pop-up will appear at the given time and date. If no action is taken, it will reappear after the starting time each time the WebMail interface is automatically refreshed. Hence, it depends on the refresh settings configured in the WebMail Data page. Alternatively, you can have the reminder postponed using the available snooze options, by choosing a repeat interval in the corresponding drop-down menu and by hitting the Snooze button.

Important! If the auto-refresh option is disabled, reminders will not function.

If you want to see the details of an event you are reminded of, press the Open Item button. To dismiss a certain task, click to select it, then press the Dismiss button. When a task is dismissed, it is also removed from the Reminder window. Use the Dismiss All button to discard all pending tasks.

Important! Further settings that determine Tasks behavior need to be set on the WebMail Data page. Each user needs to set the correct Time Zone and the Week start date in order to have their Tasks deadlines and start times displayed correctly.

6.6. Configuring Account Settings in WebMail To access the WebMail account parameters, click Settings (right upper corner, WebMail upper right panel), next to the Logout link. In this section users are given access to eight configuration tabs:

• Personal Data - containing options relative to the user's personal details; • WebMail Data - gives access to settings managing the WebMail account behavior

(all these parameters can be configured via WebAdmin from the Account > WebMail Data page);

• Filters - gives access to filter configuration using the AXIGEN Rules Wizard; • Sharing permissions - gives share access to your folders (allow other users to see

your schedule or send emails in your name); • RPOP Connections - this feature allows you to organize user's communication by

retrieving email from other remote accounts; • Account Info - quota related parameters can be viewed in this page; • Blacklist - block email addresses you do not wish to receive messages from;

209




• Temporary email - request one or more temporary email addresses (or alias);

6.6.1. Configuring Personal Data

While on the Personal Data page, users can define personal details such as their first and last name, change the current password to their WebMail account or fill in Business Details.

General Information To set your first and last name, use the two corresponding text fields, First name and Last name. To choose a nickname, use the Nickname field.

210




Define a Reply-To header for all the messages you send (including replies and forwards) so when someone replies your email in the To field the email address set here appears instead of the one in the 'From' header. When composing an email it can be overridden or missing if it was not defined.

Personal Details You can specify a personal email, for non-professional purposes in the Personal email field.

Add your phone numbers in the Phone and Mobile Phone fields and home phone and address data in the Home address and Home phone fields.

Your Password The password previously defined by the administrator when creating the account can be changed from the Personal Data page. To do so, first type the current password in the Old password field, then type a new one using the Password field and finally confirm the new selected password in the Retype password field.

Business Details Use the Business phone, Business address and Business email fields to specify your office contact details.

After modifying any of these parameters, remember to press the Save changes button to save these changes. Use the Cancel button to undo the changes you have just made instead of saving them.

6.6.2. WebMail Data Settings

When accessing the WebMail Data page, users have access to settings used to configure the behavior of their WebMail account.

211




Appearance Use the Skin name drop-down box to select the skin of your WebMail account. At this time three options are available: Classic, Coolwater and Webreflection.

The Language drop-down menu allows you to select the language of the WebMail account. Available choices are English (en), Romanian (ro), German (de), Norwegian (no), Dutch (nl), Spanish (es), Portuguese (pt), Italian (it), Danish (dk), Swedish (se), Chinese (cn), Persian (fa), French (fr), Greek (gr), Hungarian (hu), Macedonian (mk), Polish (pl), Russian (ru), Turkish (tr) and Czech (cz).

The Page size text box allows the user to specify the number of messages displayed on one WebMail page.

The HTML Body Filtering level specifies which HTML filtering level will be used when displaying HTML format messages. The HTML filtering level stand for the following:

• No Filtering • Low level filtering - converts the message to standard XHTML • Medium level filtering - generates the email body based on a list of known/allowed

attributes and tags. Anything that is not on this 'allowed list' is removed. This level removes java script, styles, etc.

• High level filtering - generates the email body based only on text components. This means that only plain text components remain in the message. This forth level is the strictest and may actually damage some formatting, but it is also the safest.

Use the Week start date drop-down menu to select a day to be displayed first in the week for your calendar. To specify your Time Zone, use the corresponding drop-down menu.

The date field is automatically adjusted according to the defined local time zone when displaying a message (in both the message list window and the open message popup).

Preferences Choose to be asked for confirmation before emptying a folder using the Confirm empty folder drop-down box.

Choose to ask for a confirmation when an email message is deleted using the Confirm delete mail drop-down box.

Use the Delete to Trash drop-down box to specify if a message deleted from your WebMail account is saved to Trash folder ("yes") or permanently deleted.

To have a copy of sent messages saved in the Sent folder, choose the value "yes" for the Save to sent parameter.

Set the refresh interval for your WebMail interface by typing the desired value in the Auto-refresh interval text field. Please note that if you set this value to 0 it means that the option is disabled.

Use the Display new email notification drop-down box to choose if you wish to be notified when a new email arrives.

Configuring your signature To configure a signature that will be appended to all your outgoing emails, use the Signature text field.

212




After changing any of the settings above, remember to press the Save changes button to save the new values.

6.6.3. Mail Filtering in WebMail

The filter wizard accessible from the Filters page allows users to easily create a filtering system to manage their email flow. Moreover, auto replies can be set for all or certain received email messages.

When first accessing the Filters page, a list of the already defined filters is displayed. If no filter has been previously set, the list will be blank.

The Sender not in AB Actions allows you to apply certain actions to messages containing recipients that are not in the address book. To enable this option just check the box in front of it and choose either of the Send NDR, Move to Trash or Discard options from the drop-down list.

To delete a filter, use the Delete button on the right of the respective filter. To edit an existing filter, press its corresponding Edit button. Click the New filter button to create a new filter. To create an automatic reply for certain/all messages hit the New responder button.

Whether creating a new filter or editing an existing one the options displayed are the same.

213




Use the name text filed to specify a name for the currently defined filter. You can further select if the messages filtered should match all or any of the defined criteria using the corresponding check boxes.

Next use the drop-down menu to select what conditions should the messages meet for the filter to apply. Available options include setting conditions relative to the subject, sender, receiver, Cc, To or Cc, size of the email, as well as a customization option accessible by choosing Custom.

Finally use the Actions area to define the actions to be taken (i.e. moving, copying, deleting, or redirecting it to a certain email address etc.) if an email message matches the specified criteria.

- use this icon to add a new criterion and/or a new action; - use this icon to remove one of the previously created criteria and/or actions.

To set the order in which defined filters should apply use the up and down arrows in front of them.

When setting a Responder (automatic reply) to be sent to the email messages matching the defined filter, the following fields also need to be configured:

Use the Subject and the Message fields to define the subject and body of the email response to be sent. Set the Days between subsequent responses and Additional own email addresses (use the same responder for other email addresses) by editing their corresponding fields.

When you are done configuring the filter or responder press the Save changes button.

6.6.3.1. WebMail Filters Overview The mail filtering features allow users to create named filters and specify actions to be taken on the matching messages. A filter is composed of a set of 'filtering expressions' or "expressions" and a set of actions.

214




An expression (filtering expression) is composed of a header name, an operator and an optional value. The expression can be applied to a mail message and will give a matching/unmatching response.

A filter contains the following:

• Name • Priority • Enabled/Disabled state • ExpressionOperator: operator to compose multiple filtering expressions (And/Or) • Expressions • Actions

A (filtering) expression contains the following

• Header: the mail message header the expression to witch the matching criteria will be applied

• Operator: operator specific to the header type • Value(optional): a value that the operator may need (depends on the operator)

Supported Headers/Operators/Values

Header(s) Supported operators

(negated or not)

Supported values Comments

Subject To To or Cc Cc Custom

Contains Is Begins with Ends with

String When Custom is selected the name of the custom header must be specified.

From Contains Is Begins with Ends with

String

Size Is greater than Is lower than

String describing size, e.g.: 1024 (bytes) 1K (1 kilobyte = 2^10 bytes 1M (1 megabyte = 2^20 bytes)1.4G (1.4 gygabytes = 1.4 * 2^30 bytes)

Action Data

Action Data Type Description

Move to string The path to the location is given as UTF8

Copy to string The path to the location is given as UTF8

Delete (move to trash)

(none) (none) The message will be moved to trash.

215




Forward to email address The message will be forwarded to the given email address. No copy will be saved.

Vacation days number mininum > 0maximum > 7 (must)maximum > 30 (should)if omitted, days defaults to 7 or minimum (whichever is greater)if given value > maximum, days defaults to maximumif given value < minimum, days defaults to minimum

subject string (utf8) Alternate subject for response.If not given, the incoming mail's subject is used

text string (utf8) Body of the response message.

Filter Container The FilterContainer is responsible for serializing an ordered collection of filters into a file and for parsing a sieve script that contains one or more filters.

The parts of the scripts that are not recognized are stored as raw text in memory. When doing the serialization, the container will reorder the scripts. The ones that were edited by WebMail will be written at the beginning of the file while all 'raw' scripts will be written at the end.

A script is recognized as being a WebMail script if:

• contains only directives that have been implemented in WebMail filters • has a header with the following data:

o Name: user specified string o Id: internal integer to uniquely identify the script o Position: integer used for ordering the scripts o Enabled: boolean

If the script has a header but has been edited by hand to contain other directives it is rejected and put into the raw scripts collection.

If the script does not have a header but can be handled as a WebMail script it will be given an auto-generated id, a last position in the list and an auto-generated name.

216




6.6.4. Setting Sharing Permissions

In the Setting Sharing Permissions tab you can allow share access to your folders, access folders shared by other users, allow other users to see your schedule or send emails in your name.

Global Permissions

Read Free-Busy status If a user editing a calendar event has the 'Read Free-Busy' permission for the attendee's mailbox the availability is displayed. This option is available only for the WebMail interface.

Send Mail As When sending a new email message (from either SMTP, MAPI or WebMail) another 'From' address can be set if the user has the 'Send Mail As' permission for that mailbox.

Folder permissions These permissions can be defined on both folder level and on mailbox level (in this case, they act on all subfolders in the user's mailbox). To share a folder right click on it and choose share.

Share a folder To control a folder's sharing permissions, go to the tree folder on the left, right click on it and choose the Sharing option. When accessing Sharing options for a folder a list of the already defined permissions is displayed. If no permission has been previously set the list will be blank.

217




To edit an existing permission use its corresponding Edit button, to delete it hit the recycle bin shaped Delete button. Click the Add button to add a user or a group of users (only domain contacts are available) and set the permission level on the folder. There are 6 levels to choose from:

• No access (all permissions are denied) • Viewer (view and read folder is allowed) • Contributor (view, read folder and add items is allowed) • Editor (view, read folder, set/clear flags, add items, mark items as deleted/not deleted

and expunge is allowed) • Master (all permissions are allowed) • Custom (each permission is defined individually according to your needs)

Each permission may be allowed explicitly, denied explicitly or not specified. Permissions act hierarchically (are inherited on the group hierarchy). Additionally, resource hierarchies (a folder being parent to another folder) also benefit from the inheritance algorithm. In the Effective Permissions tab you will be able to see what permissions are specifically allowed or not.

218




IMPORTANT! In the same way domain Postmasters set permissions for Public Folders.

Subscribe to folders shared by other users Click the Subscribe button to have access to folders shared by other users. You can either type the email address in the Shared by field or click the Select button to choose it from the contacts list in your domain.

WARNING! This option works only for users in the same domain that have set one of the permissions level (except None) described above.

The folder will appear in the Shared Folders section of your folder tree:

If you do not wish to see the folders shared by a certain user anymore close them by right clicking on the folder displaying the user's name or one of its subfolders and choosing the Close user option.

6.6.5. Configuring WebMail RPOP Connections

When first accessing the RPOP Connections tab, a list of the already defined connections is displayed. If no connections have been previously set, the list will be blank.

219




To delete a RPOP connection, click the Delete icon corresponding to it. To edit a connection, click the Edit icon corresponding to its name. In order to add a new connection, press the Add connection link. Whether you are adding or editing a RPOP connections, the parameters you need to configure are the same.

Connection details Specify the name or IP address of the host from which the emails are retrieved using the Hostname field. To set the port on which the retrieval from the desired hostname is made, use the Port field.

Use the Username and Password fields to specify the authentication details needed to connect for email retrieval.

Retrieval settings Use the Retrieval interval field to specify the minimum interval in minutes between two email retrievals. Then specify a certain folder of your WebMail account where you want the emails stored using the Folder field. You can also select if email messages are deleted or not from the remote server after retrieval, using the Delete on retrieval drop-down box.

Security Select the desired type of encryption used on the RPOP connection you are configuring from the Encryption drop-down box. The available options are 'none', 'SSL' and "TLS'. Use the Enable APOP drop-down box to specify if you want to enable APOP authentication for the respective connection.

RPOP Templates Emails from Yahoo or Gmail accounts are now available in your WebMail account with the RPOP Templates. Click Add Yahoo! Mail/Gmail, fill in the account name, password, set the retrieval settings and click the Save connection button to create a new RPOP entry containing defaults for the selected email provider (Yahoo, Gmail).

220




By default, a new folder is created in Inbox named 'Gmail mail' or 'Yahoo mail' . The user can choose not to use the default but instead pick a folder from the list (in this case no new folder is created).

WARNING: POP3 access is only available for Yahoo! Mail Plus users.

When you are done configuring these parameters, remember to press the Save connection button.

6.6.6. WebMail Account Information

The Account Information page allows users to view data relative to their mailbox quota. They can verify at any time the total quota of their mailbox, their used and remaining quota.

The Total Quota value is set by the server administrator and cannot be modified by the user. For more details see the Account > Quota section. The used and remaining quota values change dynamically as the WebMail account total message size changes.

6.6.7. WebMail Blacklist

When accessing the Blacklist tab in WebMail Settings you can make a list of email addresses you do not wish to receive emails from. When first accessing this page there are no email addresses in the list.

221




To add an address to the Blacklist type it in the Email: text filed and click the Add button.

If you entered your list an email address by accident or you do not wish to block it anymore click its corresponding delete button.

6.6.8. Requesting Temporary Email Addresses

When accessing the Temporary Email tab you can request one or more temporary email addresses (or alias) that can be used for publishing on the web, subscribing to various sites etc.

When you click the Generate button the server automatically creates a random valid alias (out of letters and numbers, in the same domain as the user) and activates it. As long as the addresses exist they are treated as account aliases, meaning mail sent to those email addresses is received in the user's Inbox.

They can be manually deleted by clicking the Recycle Bin button next to it or automatically expire after a specified period. The expiry period as well as the number of temporary email addresses you can request are set by the server administrator at domain or account level and cannot be modified by the user.

For more details see the Configuring Account Quotas and Restrictions and Configuring Quotas and Restrictions sections.

222




Chapter 7. Using AXIGEN WebMail features in Outlook This section describes how you can take full advantage of all AXIGEN's features and capabilities when using Outlook as your email client. The AXIGEN Outlook Connector enhances the communication of Microsoft's email client with the AXIGEN server making available the Personal Organizer, email and contacts management etc.

7.1. Installing the AXIGEN Outlook Connector The AXIGEN Outlook Connector comes with an installation wizard and needs to be setup on each machine using Outlook as an email client and having messaging communications handled by the AXIGEN Mail Server. The installation process is an extremely easy three-step procedure, as shown below.

Important! The AXIGEN Outlook Connector can be installed on the following platforms: • • Windows XP Professional SP 2 with Outlook 2003/SP3 or 2007/SP1 • • Windows Vista Business with Outlook 2007/SP1

To run the wizard, double-click the executable file which will then prompt the wizard welcome window. Click Next to start installing.

The second step consists in reading and agreeing to the End-User License Agreement. Click I Agree to start the actual installation process or Cancel to quit installing the connector. Click Back to go back to the welcome window.

223




If you agree to the product EULA, the AXIGEN Outlook Connector will be installed. To exit the setup wizard, click Finish, as shown below.

After running the setup wizard, you will have to configure Outlook for use with the AXIGEN Outlook Connector. To do so, please follow the steps below:

1. Add a new Outlook profile, if you don't have one:

1.1. Go to Start-> Control Panel -> Mail applet.

1.2. Select 'Show Profiles...' -> 'Add...' , add a name for your new profile, select 'Ok'.

2. Add a new account to the profile you have just added:

2.1. From the 'E-mail' section, choose 'Add a new e-mail account'.

2.2. In the 'E-mail Accounts' dialog, 'Server Type' section choose 'Additional Server Types'.

2.3. In 'E-mail Accounts' dialog, 'Additional Server Types' section choose 'Axigen Mail Server'.

3. Fill all required settings for the 'Axigen Outlook Connector' service:

224




3.1. Fill in the 'Server Name' edit control with the IP or the server name of the AXIGEN Mail Server. If you do not have the required information, please contact your system administrator for more details.

3.2. Fill in the 'IMAP Port' and 'SMTP Port' fields, with the ports on which the IMAP and SMTP services are listening (Example: IMAP - 143 / SMTP - 25). If you do not have the required information, please contact your system administrator for more details.

3.3. Enable the 'Windows Native (kerberos)' option so the connector will use the credentials of the logged in user to authenticate to the AXIGEN account (if the server is configured to allow this type of authentication). Enabling this option disables the account name and password fields since the current user credentials from the kerberos ticket will be used.

3.4. Fill in the 'Account Name' and 'Password' fields with the account name and password provided by your mail server administrator.

3.5. Check the 'Use secure authentication' option to instruct the Connector to use secured authentication. If the server is not configured to allow this type of authentication enabling this option will yield login failure.

3.6. Use the 'Remember Password' option so you won't have to type it in each time you open Outlook.

3.7. Click the 'Test Connection...' button to verify that the details you entered are correct and complete and your account is working.

4. Start Outlook and select the profile name you have added at step 1 from the 'Choose Profile' dialog.

7.2. Server Side Rules Users can easily create a filtering system to manage their email flow with the Server Side Rules. When first accessing the Mail Processing Rules window a list of the already defined filters is displayed. If no filter has been previously set the list will be blank.

To edit or delete an existing filter select it and use the Edit or Delete buttons. Change priorities between filters by selecting them and using the Up and Down buttons.

Click the New button to create a new filter. Whether creating a new filter or editing an existing one the options displayed are the same.

225




- use this icon to add a new criterion and/or a new action;

- use this icon to remove one of the previously created criteria and/or actions.

Select what conditions should the messages meet for the filter to apply. Available options include setting conditions relative to the subject, sender, receiver, Cc, To or Cc, size of the email, as well as a customization option accessible by choosing Custom. Next select if the filtered messages should match all or any of the defined criteria. In the second window edit the conditions previously selected by clicking an underlined value.

Click the Cancel or Next button to quit/continue editing the filter.

Further define the actions to be taken (i.e. moving, copying, deleting, or redirecting it to a certain email address etc.) if an email message matches the previously specified criteria. In the second window edit the selected actions by clicking an underlined value.

Click the Cancel/Next button to quit/continue editing the filter or the Back button to go back to the conditions window.

226




Finally use the name text field to specify a name for the currently defined filter and enable it by checking the Turn on this rule option. Review the rule description to make sure it is defined correctly and click the Finish button.

You can quit editing the rule by clicking Cancel or go back to the Actions window by hitting the Back button.

7.3. Folder Sharing To control a folder's sharing permissions, go to the tree folder on the left, right click on the folder you wish to set permissions on, choose Sharing or Properties and in the new window select the Folder Permissions tab. When accessing this tab for a folder a list of the already defined permissions is displayed. If no permission has been previously set the list will be blank.

Check the Apply to subfolders option so the permissions set for the current folder will be automatically applied to its sub-folders. Click the Add button to add a user or a group of users and set the permission level on the folder. There are 6 levels to choose from:

• No access (all permissions are denied)

227




• Viewer (view and read folder is allowed) • Contributor (view, read folder and add items is allowed) • Editor (view, read folder, set/clear flags, add items, mark items as deleted/not deleted

and expunge is allowed) • Master (all permissions are allowed) • Custom (each permission is defined individually according to your needs)

Each permission may be allowed explicitly, denied explicitly or not specified. Permissions act hierarchically (are inherited on the group hierarchy). Additionally, resource hierarchies (a folder being parent to another folder) also benefit from the inheritance algorithm. In the Effective Permissions tab you will be able to see what permissions are specifically allowed or not.

IMPORTANT! In the same way domain Postmasters set permissions for Public Folders.

228




7.4. Open/Close other user's folders To have access to folders shared by other users go to the Tools menu > Axigen Mail Server > Open other user’s folder… or right click on a folder in the folder tree and choose Open other user's folders... from the contextual menu. A warning will pop-up asking you to allow access to the email addresses stored in Outlook, check the Allow access for option, choose the desired time interval from the drop-down menu and click Yes.

The address book will open and you will be able to select from the list or type the address of the user whose folder you wish to subscribe to.

WARNING! This option works only for users in the same domain that have set one of the permissions level (except No access).

The folder will appear in the Shared Folders section of your folder tree:

229




If you do not wish to see the folders shared by a certain user anymore close them by going to Tools > Axigen Mail Server > Close other user's folders or right click on a folder in the folder tree and choose Close other user's folders from the contextual menu. In the new window that will pop-up select the user and click Ok.

7.5. Manage Global Permissions To manage the Read free/busy status and Send Mail As permissions in Outlook go to Tools > Axigen Mail Server > Manage Global Permissions…. In the new window a list of users that have either of the two permissions defined is displayed. Each user in the list can be deleted or configured using the Delete and Edit buttons.

To add a user to the list click the Add button. In the new window click the Select user… button to open the address book and choose a contact, then check the Allow or Deny options for the two permissions.

When clicking the Select user button a warning will pop-up asking you to allow access to the email addresses stored in Outlook, check the Allow access for option, choose the desired time interval from the drop-down menu and click Yes.

230




In the Effective Permissions tab you will be able to see what permissions are specifically allowed or not.

231




Chapter 8. Administration Tools Overview AXIGEN Mail Server provides several alternatives for mail server administration.

• WebAdmin WebAdmin is a central administration Web interface that allows configuring the mail server using a tab-organized GUI. Allowing secure access (HTTPS protocol), WebAdmin provides fully described parameters (long description, default values, possible values, suggested values).

WebAdmin allows configuring the email server remotely, over the Internet and provides access to most parameters for every module. This configuration method is highly intuitive, has a fast learning curve and can be used by anyone with users-level skills.

For detailed information on how to use WebAdmin, see Configuring AXIGEN using WebAdmin.

• CLI - Command line configuration interface CLI is a TCP service with specified dedicated socket accessible using Telnet applications and Netcat. CLI provides added functionality as, apart from providing an alternate method of performing basic configuration tasks, it allows automating administration tasks using scripts (adding users, migration).

For detailed information on how to use CLI, see Configuring AXIGEN using CLI.

• Delegated Administration Delegated administration enables the easy creation of administrative groups, with predetermined membership hierarchies and permissions, assigned to specific domains. Administrative users can further be created within one or more of the available groups. An administrative user will then automatically inherit the parameters of the group it is being created in. Administrative users can be assigned to one or more groups with a few mouse clicks. Membership can be limited or expanded by the system administrator at any time.

Permissions are assigned to each user through a Quick Add button and allow in-depth configuration. Fine-tune user access by allowing or denying permissions at server and domain management level. For example, a certain user cannot create accounts or access the WebMail service, while being able to create public folders and configure CLI service parameters.

Delegated administration options are implemented by AXIGEN's AACL module, which comes with a distinct storage that handles permissions for all administrative users.

For detailed information on how to set Delegated Administration parameters, see the Administration Rights Section.

• Config file The configuration file allows you to perform extensive configuration by manually editing this text file - axigen.cfg. This administration method allows fine tuning the server functioning to existing hardware configuration and mailing requirements. Experienced System Administrators have a readily accessible method of setting both basic and very advanced parameters directly, without going through an administration interface.

For information on using the axigen.cfg file, see the subsequent page.

232




8.1. Working with axigen.cfg The general server configuration file currently used by AXIGEN Mail Server is located by default in /var/opt/axigen/run/axigen.cfg (Linux/Solaris) or /var/axigen/run/axigen.cfg (*BSD). A sample configuration file can also be found in the /opt/axigen/share/examples directory.

The axigen.cfg file includes the complete specifications for AXIGEN configuration. Besides containing configuration data specific for AXIGEN modules, axigen.cfg is also used for specifying the primary domain for AXIGEN server (primaryDomain).

Using axigen.cfg, you have access to all AXIGEN Mail Server configuration parameters. Using a text editor, you can manually edit the parameter values and modify the server configuration. The configuration file also contains information on default and possible values and a short explanation for each parameter:

The same options are available when using WebAdmin, except that changes to the configuration are made through the Web GUI. Detailed information on how to configure each parameter and information on its functions are given in the Configuring AXIGEN using WebAdmin sub-sections.

Restrictions When working with axigen.cfg file, you need to follow the restrictions listed below:

• maximum attribute name length: 64 • maximum attribute value length: 128 (expressed as string in configuration file). Each

STRING value is limited to this length, 255

Note: Each time you modify the main configuration file, a reload signal must be sent to AXIGEN, in order to load the new configuration settings.

Definitions Important! • All time attributes (timeouts and time intervals) are specified in seconds. • All data sizes are specified in KB.

When working with axigen.cfg file, the following terms should be used with the meanings specified below:

• UINT: an unsigned integer. • STRING: a case insensitive string, possibly quoted using double quotes. • CS_STRING: a case sensitive string, possibly quoted using double quotes. • IP: an IPv4 address in decimal numbers-and-dots format, i.e.: 127.0.0.1 • IP_SET: a set for IPv4 addresses specified in one of the following modes:

1. IP interval 10.0.0.1-10.0.0.20 2. IP address/IP mask 10.0.0.1/255.0.0.0 3. IP address/IP mask size 10.0.0.1/8

• IP_PORT: an IPv4 address in decimal numbers-and-dots format followed by a ":" char and a decimal port number, i.e.: 127.0.0.1:25

• CHOICE: a single STRING from a specified set of STRINGs, i.e.: "yes" from ("yes" "no") set

• CHOICE-SET: a subset of STRINGs from the specified set of STRINGs; the subset must be specified between round parentheses ()

233




Structure of the axigen.cfg file In axigen.cfg, all objects and attributes are commented using a hash character (#) Also, any block inside /* ... */ is treated as comment. Default values, restrictions and examples for each attribute as provided as comments.

The file is structured based on main configuration objects (server, main services). The attributes corresponding to one object are enclosed in curly brackets {}. The values of an attribute are enclosed in parentheses (). When several objects are grouped in a object set, they are also enclosed in parentheses (). Levels of subordination are indicated by indentation (upper levels will be left-aligned).

For instance, this is how the beginning of the section for the SMTP-In service looks in the text file. All you have to do is manually edit the values of the parameters, as instructed in the # lines. # SMTP service

# TYPE: SMTP-OUTGOING-SERVICE OBJECT

smtpOutgoing = {

# maximum number of threads handling remote SMTP delivery

# TYPE: UINT

# MIN-MAX: 1-128

# DEFAULT: 20

maxConnThreads = 20

# minimum number of threads handling remote SMTP delivery

# TYPE: UINT

# MIN-MAX: 1-128

# DEFAULT: 2

minConnThreads = 2

# service's logging level

# TYPE: UINT

# MIN-MAX: 0-31

# DEFAULT: 15

logLevel = 15

# service's logging type

# TYPE: CHOICE internal | system | remote

# DEFAULT: internal

logType = internal

# service's remote logging host (used only if logType=remote)

# TYPE: IP_PORT

# VALIDITY: only host IP addresses

# DEFAULT: 127.0.0.1:2000

logHost = 127.0.0.1:2000

# list of rules to be applied by the relay module when connecting to a relay server

# There is always defined a 'catch all' client rule with the following attributes:

# priority = 1001

234




# patternIn = "*"

# patternOut = "*"

# authUser = ""

# authPass = ""

# maxConnections = 5

# smtpPort = 25

# smtpIp = 0.0.0.0 (use client MX)

# requestAuth = no

# allowStartTLS = yes

# secureConnAuthTypes = ( all )

# plainConnAuthTypes = ( all )

clients = (

{ # priority for this rule, 1 is highest

# TYPE: REQUIRED UINT

# MIN-MAX: 1-1000 (1001 is reserved for catch all clients)

# DEFAULT: N/A

priority = 500

235




Chapter 9. Configuring AXIGEN using WebAdmin WebAdmin Overview AXIGEN WebAdmin is the recommended administration tool for AXIGEN. While alternative methods are provided (Command Line Interface, text-editable configuration file), WebAdmin is the most intuitive and user-friendly tool. WebAdmin is a web-based configuration interface, tested for Mozilla and Internet Explorer, which gives you access to all configuration parameters for all services in AXIGEN Mail Server. Functionally, it is considered an AXIGEN service, and it can be started and stopped at any time.

WebAdmin is enabled by default in the latest versions of AXIGEN Mail Server, and can be accessed by default on the 127.0.0.1:9000 address. For information on how to set the WebAdmin interface and set the WebAdmin admin password using the AXIGEN Configuration Wizard, see the corresponding section of the this manual.

The current chapter Configuring AXIGEN using WebAdmin is dedicated to configuration options provided in WebAdmin, acting as a complete Administration Guide for AXIGEN Mail Server. It provides information on the configuration of all parameters included in the respective tabs.

WebAdmin Features The WebAdmin service, offers a wide range of functionalities which make it extremely configurable and secure.

Thread Management AXIGEN can run on a large variety of systems and machines, in networks with very different traffic loads, structures, domain configurations, user rights, authorization procedures, etc. Depending on your specific network specifications and conditions, you can adapt the workload to the server's processing power, in order to prevent a system overload or to improve server performance by setting different numbers of processing threads for the WebAdmin service, depending on your traffic load. First, system administrators need to set a number of threads to be allotted when the WebAdmin service is started. To efficiently manage peak periods, a corresponding number of threads is allotted for overloads caused by high traffic.

For information on how to configure connection thread control parameters for WebAdmin, see WebAdmin Thread Management.

Log Control Just like all the other AXIGEN main services, the WebAdmin module can log different types of events. The system administrator can specify what events are logged, where and how they are logged.

See Logging service for more details on logging in AXIGEN. For information on how to configure log control parameters for WebAdmin, see WebAdmin Log Control.

WebAdmin Flow Control In WebAdmin, to efficiently manage the traffic flow, you can allow a maximum number of simultaneous connections, a maximum number of connections from a distinct remote IP, and

236




further fine tune your options by limiting the number of total connections or connection from a certain IP in a given time frame.

For information on how to configure flow control parameters for WebAdmin, see Access and Flow Control Rules.

HTTP Protocol Options for WebAdmin WebAdmin allows you to set HTTP limits for any request made to the WebAdmin service. This prevents you from automatically accepting excessive amounts of data (HTTP headers, HTTP body and upload data).

For information on how to configure HTTP limits for WebAdmin, see WebAdmin HTTP Protocol Options.

Session Options for WebAdmin In WebAdmin, you can impose time limits on sessions, either active or idle. By doing this, you can better manage security and resource related issues.

For information on how to configure connection and session control parameters for WebAdmin, see WebAdmin Session Options.

Working with WebAdmin WebAdmin has several tabs, listed on the left hand side, each of them corresponding either to a certain section (Global Settings, Domain &Accounts, Administrative Rights, etc). Sections can be expanded - to see the tabs they contain - and retracted by clicking the section name.

When first logged in, the Overview page displays a server summary (containing version, permission, running services and antivirus/antispam information). It also displays a list of Quick Links for some of the most commonly used configuration pages, grouped under three main sections: Domain & Accounts, Server Maintenance and Services & Security.

237




Below are described some basic principles you should keep in mind while working with AXIGEN WebAdmin.

Saving the Configuration in WebAdmin After changing any parameter value in WebAdmin, you need to save the new values in the configuration files. In order to do this, you need to press the Save Configuration button available on all tabs, pages and sub-pages where needed. In the example below, a random password set for a user account is being saved.

Confirmation / Error Messages After each command issued, you should check the confirmation message displayed in the upper section of the page. In the example below, parameters of an account have been changed successfully.

In the following example, an account creation operation has failed and you are informed on this status both in the upper section of the WebAdmin page:

238




Displaying/Hiding the Contextual Help Starting with version 5.0, the WebAdmin Interface implements a Contextual Help feature, which guides system administrators through their daily actions by explaining all the available options and parameters. Contextual Help is activated by default and displayed in the right hand side of each page.

To close the Contextual Help window, hit the question mark button as shown in the above screenshot. Once deactivated, you can open it again by hitting the same button, as shown below:

239




9.1. Configuring Global Settings

The Global Settings tab gives axed to a few general parameters and to registering the AXIGEN Mail Server with your license key. It also displays all the information concerning the uploaded license key.

In the Primary Domain text field, the domain currently set as primary is displayed. Use this field to change it to another existing domain.

The SSL Random File text field is used to specify the path to the file with random seed data, used first by the SSL library to seed the random number generator.

To have the disk input/output buffering activated, please check the Enable disk I/O buffering option.

To upload a license key file in the WebAdmin interface, hit the Upload new key button and browse to its current location on your computer. After successfully uploading it, all the details relative to the license type - including company, expiry date, version, included add-ons, and different counters for mailboxes, domains, etc - will be displayed.

When you are done configuring these parameters, remember to hit the Save Configuration button to preserve your changes.

240




9.2. Managing AXIGEN Services The “Services” section enables system administrators to manage and configure the SMTP Receiving, SMTP Sending, IMAP, POP3, WebMail, WebAdmin, DNR, Remote POP and CLI services of the AXIGEN Mail Server.

The subsequent configuration pages of this section contain information on logging, error control, thread management and other service-specific parameters.

9.2.1. Configure the Running Services

The Service Management tab allows you to monitor and configure the AXIGEN Mail Server's running services. By default, when installing AXIGEN Mail Server, the following services will be running: SMTP, IMAP, POP3, WebMail and WebAdmin.

Use the Start, Stop and Restart action buttons in the to specify what services should be run by AXIGEN Mail Server. AXIGEN can run with any number of these services inhibited.

9.2.2. SMTP Receiving Tab

The SMTP Receiving tab allows you to configure parameters relative to this specific service's configuration, to add listeners and manage access to the service by adding rules applicable to all existing listeners. For details on listener and rule configuration, see the Listeners chapter.

Through Service Configuration system administrators can manage logging, looping, error and thread control parameters.

241




Logging

You can select several types of messages to be logged for the SMTP Receiving service: critical messages, error messages, warning messages, informational messages and protocol communication. To select which of these are to be logged, click the Log Level slider and move it to the left or to the right. The selected types of messages will change color from whiter to gray.

Log files can be stored using your internal log files, your system's log files or within the log files located on a remote system. Use the Log drop-down menu to select where to have your log files saved.

Email Loop Protection

A looping message is an email sent from one mail server to another, without reaching its destination. Whenever it is received by a mail server, the email message will have a received header added. To prevent such email from increasing your mail server's traffic, check the Email Loop Protection option and set a number of maximum received headers for all received emails. Values range from 1 to 1000, however the default 30 value is recommended.

Error Control

To set a maximum number of errors caused by invalid commands received from clients or by failed authentication attempts, check the respective options in the Error Control area. Use the up and down arrows corresponding to each of these options to set a specific number of errors.

242




Thread Management

Thread management allows you to set different numbers of processing threads for the SMTP Receiving service, depending on your traffic load. First, using the up and down arrows, set a number of threads to be allotted when the SMTP Receiving service is started. To have a different number of threads for peak periods, check the overload option and use the up and down arrows to choose the thread number.


9.2.3. SMTP Sending Tab

The SMTP Sending tab allows you to configure parameters relative to the log service and thread control.

Logging

You can select several types of messages to be logged for the SMTP Sending service: critical messages, error messages, warning messages, informational messages and protocol communication. To select which of these are to be logged, click the Log Level slider and move it to the left or to the right. The selected types of messages will change color from whiter to gray.


Thread Management

243




Thread management allows you to set different numbers of processing threads for the SMTP Sending service, depending on your traffic load. First, using the up and down arrows, set a number of threads to be allotted when the SMTP Sending service is started. To have a different number of threads for peak periods, check the overload option and use the up and down arrows to choose the thread number.


9.2.4. IMAP Tab

The IMAP tab allows you to configure parameters relative to this specific service's configuration, to add listeners and manage access to the service by adding rules applicable to all existing listeners. For details on listener and rule configuration, see the Listeners chapter.

Through Service Configuration system administrators can manage logging, authentication and encryption, error and thread control parameters.

Logging

You can select several types of messages to be logged for the IMAP service: critical messages, error messages, warning messages, informational messages and protocol communication. To select which of these are to be logged, click the Log Level slider and move it to the left or to the right. The selected types of messages will change color from whiter to gray.


Encryption and Authentication

244




By checking the Allow StartTLS, you allow sending the STARTTLS command for encrypting the connection if the server supports this command.

Select the allowed authentication types the AXIGEN Mail Server should use for its IMAP secure connections (SSL/TSL) in the SECURE connections check list. Possible options are: normal login, plain, login, cram-md5, digest-md5 and gssapi. By default, all these methods are selected (all types of authentication are allowed on a secure connection). The methods are further divided into two categories: secure and unsecure.

Select the allowed authentication types the AXIGEN Mail Server should use for its IMAP unsecure connections in the UNSECURE connections check list. Possible options are: normal login, plain, login, cram-md5, digest-md5 and gssapi. By default, all these methods are selected (all types of authentication are allowed on an unsecure connection). The methods are further divided into two categories: secure and unsecure.

Error Control


Thread Management

Thread management allows you to set different numbers of processing threads for the IMAP service, depending on your traffic load. First, using the up and down arrows, set a number of threads to be allotted when the IMAP service is started. To have a different number of threads for peak periods, check the overload option and use the up and down arrows to choose the thread number.


9.2.5. POP3 Tab

The POP3 tab allows you to configure parameters relative to this specific service's configuration, to add listeners and manage access to the service by adding rules applicable to all existing listeners. For details on listener and rule configuration, see the Listeners chapter.

245





Logging

You can select several types of messages to be logged for the POP3 service: critical messages, error messages, warning messages, informational messages and protocol communication. To select which of these are to be logged, click the Log Level slider and move it to the left or to the right. The selected types of messages will change color from whiter to gray.



By checking the Allow StartTLS, you allow sending the STARTTLS command for encrypting the connection if the server supports this command.

Select the allowed authentication types the AXIGEN Mail Server should use for its POP3 secure connections (SSL/TSL) in the SECURE connections check list. Possible options are: normal login, plain, login, cram-md5, digest-md5 and gssapi. By default, all these methods are selected (all types of authentication are allowed on a secure connection). The methods are further divided into two categories: secure and unsecure.

246




Select the allowed authentication types the AXIGEN Mail Server should use for its POP3 unsecure connections in the UNSECURE connections check list. Possible options are: normal login, plain, login, cram-md5, digest-md5 and gssapi. By default, all these methods are selected (all types of authentication are allowed on an unsecure connection). The methods are further divided into two categories: secure and unsecure.

Error Control

To set a maximum number of errors caused by invalid commands received from clients or by failed authentication attempts, check the respective options in the Error Control area of the POP3 service. Use the up and down arrows corresponding to each of these options to set a specific number of errors.

Thread Management

Thread management allows you to set different numbers of processing threads for the POP3 service, depending on your traffic load. First, using the up and down arrows, set a number of threads to be allotted when the POP3 service is started. To have a different number of threads for peak periods, check the overload option and use the up and down arrows to choose the thread number.


9.2.6. WebMail Tab

The WebMail Tab allows you to configure parameters relative to this specific service's configuration, to add listeners and manage access to the service by adding rules applicable to all existing listeners. For details on listener and rule configuration, see the Listeners chapter.

Through Service Configuration system administrators can manage logging, HTTP protocol, WebMail session and thread management parameters.

247




Logging

You can select several types of messages to be logged for the WebMail service: critical messages, error messages, warning messages, informational messages and protocol communication. To select which of these are to be logged, click the Log Level slider and move it to the left or to the right. The selected types of messages will change color from whiter to gray.


HTTP Protocol Options

By checking the Allow HTTP Keep-Alive option, you allow permanent HTTP connections for the WebMail service.

Next, you can set the HTTP limits for WebMail requests. Use the Limit HTTP Request header to option in order to specify the maximum allowed size for incoming HTTP headers, and the Limit HTTP Request body to option in order to specify the maximum allowed size for incoming HTTP body. The third option, Limit file uploads, can be used to set the maximum allowed size for incoming upload data. It applies to attachments, mail body and contact import operations. All size values can be set by using the up and down arrows, in KB or MB.

248




Select the appropriate action to be taken when the incoming data is over the set limits by using the If any of the above limits is exceeded option. Use the drop-down menu in order to choose between closing the connection immediately or allowing all data to be sent.

Webmail Options

Use the Allow domain selection on login option in order to display or not the domain list when logging in to WebMail. Enable it by just checking the box in front of the option.

Set the parameters for WebMail sessions by using the two options under Session. You can specify after how many seconds an inactive (idle) WebMail session is closed, and specify after how many seconds a WebMail session is closed, even if activity exists. Values for these parameters can be entered only in seconds, by using the up and down arrows.

Thread Management



9.2.7. WebAdmin Tab

The WebAdmin Tab allows you to configure parameters relative to this specific service's configuration, to add listeners and manage access to the service by adding rules applicable to all existing listeners. For details on listener and rule configuration, see the Listeners chapter.

Through Service Configuration system administrators can manage logging, HTTP protocol, WebAdmin session and thread management parameters.

249




Logging

You can select several types of messages to be logged for the WebMail service: critical messages, error messages, warning messages, informational messages and protocol communication. To select which of these are to be logged, click the Log Level slider and move it to the left or to the right. The selected types of messages will change color from whiter to gray.


HTTP Protocol Options

By checking the Allow HTTP Keep-Alive option, you allow permanent HTTP connections for the WebAdmin service.

Next, you can set the HTTP limits for WebMail requests. Use the Limit HTTP Request header to option in order to specify the maximum allowed size for incoming HTTP headers, and the Limit HTTP Request body to option in order to specify the maximum allowed size for incoming HTTP body. The third option, Limit file uploads, can be used to set the maximum allowed size for incoming upload data. It applies to attachments, mail body and contact import operations. All size values can be set by using the up and down arrows, in KB or MB.

250




Select the appropriate action to be taken when the incoming data is over the set limits by using the If any of the above limits is exceeded option. Use the drop-down menu in order to choose between closing the connection immediately or allowing all data to be sent.

WebAdmin Options

Set the parameters for WebAdmin sessions by using the two options under Session. You can specify after how many seconds an inactive (idle) WebAdmin session is closed, and specify after how many seconds a WebAdmin session is closed, even if activity exists. Values for these parameters can be entered only in seconds, by using the up and down arrows.

Thread Management



9.2.8. DNR Tab

The DNR tab allows you to configure parameters relative to logging, DNR Options and Nameservers.

Logging

251




You can select several types of messages to be logged for the POP3 service: critical messages, error messages, warning messages, informational messages and protocol communication. To select which of these are to be logged, click the Log Level slider and move it to the left or to the right. The selected types of messages will change color from whiter to gray.


DNR Options

This section allows you to configure the general parameters relative to the DNR service.

Use the First Query Timeout option in order to specify after how many seconds the first DNR query is closed by AXIGEN Mail Server. The values for these parameters can be entered by using the up and down arrows, and are only expressed in seconds, ranging from 1 to 120 seconds.

NOTE: After each retry, the set timeout is doubled.

In the Max. number of retries field you can specify the maximum number of DNR queries retries to be executed by AXIGEN Mail Server. Use the up and down arrows to enter the values of the parameter.

The No. of cached results option enables you to specify the number of results (IP addresses) cached for each DNR query type to be executed by AXIGEN Mail Server. The default value is 1000 IPs.

Nameservers

You can edit the list of known name (DNS) servers (specified in the operating system configuration) used by AXIGEN Mail Server when performing DNR searches.

To edit one of the defined name servers, just change the values of the corresponding fields and then save the configuration. In the Address field, specify the IP address of the name

252




server. The parameters corresponding to the Query Timeout and Retries fields can be configured according using the guidelines in the DNR Options section, available above.

To add a new name server, hit the Add Nameserver button displayed in the upper right corner of the Nameservers section. Type the nameserver address in the text box then click on Quick Add. The Query Timeout and number of Retries can be set when adding the nameserver or later.

The Actions field allows you to specify the priority level for the defined name servers. Use the available up and down arrows in order to set the order in which name servers are searched (the ones with higher priority, to the top of the list, will be queried first).


9.2.9. Remote POP Tab

The Remote POP tab allows you to configure parameters relative to logging and thread management.

Logging

You can select several types of messages to be logged for the CLI service: critical messages, error messages, warning messages, informational messages and protocol communication. To select which of these are to be logged, click the Log Level slider and move it to the left or to the right. The selected types of messages will change color from whiter to gray.

253





Thread Management

Thread management allows you to set different numbers of processing threads for the RPOP service, depending on your traffic load. First, using the up and down arrows, set a number of threads to be allotted when the RPOP service is started. To have a different number of threads for peak periods, check the overload option and use the up and down arrows to choose the thread number.


9.2.10. CLI Tab

The CLI tab allows you to configure parameters relative to this specific service's configuration, to add listeners and manage access to the service by adding rules applicable to all existing listeners. For details on listener and rule configuration, see the Listeners chapter.


Logging

You can select several types of messages to be logged for the CLI service: critical messages, error messages, warning messages, informational messages and protocol communication. To select which of these are to be logged, click the Log Level slider and move it to the left or to the right. The selected types of messages will change color from whiter to gray.


254




CLI Options

To set a limit for the number of commands allowed to be issued before having authenticated on CLI, check the respective option under CLI Options and use the up and down arrows to choose the desired numbers. The default value is of 20 commands.

Error Control


Thread Management

Thread management allows you to set different numbers of processing threads for the CLI service, depending on your traffic load. First, using the up and down arrows, set a number of threads to be allotted when the CLI service is started. To have a different number of threads for peak periods, check the overload option and use the up and down arrows to choose the thread number.


255




9.3. Domains and Accounts

The Domains and Accounts section gives access to managing and configuring domains, accounts, mailing lists, groups, public folders and account classes.

9.3.1. The Manage Domains Tab

When first entering the Domains tab, a list of the previously defined domains is displayed.

If you have defined a large number of domains, you can quickly locate a certain one using the Domain Search option. The domain list is filtered as you type.

To edit an already defined domain, hit the Edit button on the right side of its name. To delete it, hit its respective Delete button. Should you like to add a new domain, hit the Add Domain button displayed in the upper right corner of the Domain list.

256




To add a new domain first type the name of your domain in the Domain Name text box and set the Postmaster Password in its respective text area or click the Set Random button to select a random password combination. When using this button the password randomly assigned is displayed under it.

Check the Enable MACL Support option so users belonging to this domain will be able to set different permission levels on their folders in order to share them. Only on domain creation you have the option to configure storage location details by clicking the Show button. Detailed information on storage is available in the corresponding Mail Server Architecture chapter.

Use the Quick Add button to create the domain using the default settings or hit the Advanced Config link to further fine tune it. When pressing the Edit button for an existing domain or the Advanced Config link, you access the five pages shown in the below screenshot. The name of the configured domain is listed in the upper section of the screen at all times.

9.3.1.1. Domains General Configuration The Manage Domains > General tab allows system administrators to set the running services for a specific domain and other domain related parameters.

Use the Domain name text field to edit the name of the domain you are currently modifying or creating. To edit the IP dedicated to a specific domain, use the Assigned IP text field.

257




Should you like to have the accounts created for a specific domain included in AXIGEN's public address book, make sure to have the corresponding option checked.

To have the domain included in the WebMail interface domain selection list, check the respective option. Check the Automatically create LDAP authenticated users option so the LDAP defined users are created when they login to a service that requests authentication.

To further have a specific login page displayed for certain requests, you will have to add a host header. To do so, type a name for your host header and hit the Add button. To delete one of the host header, use its assigned Delete button.

The services section displays the list of domain services and their current status. To enable or disable a service, use the respective buttons corresponding to that service's name. Please note that at domain level, only services affecting domain behavior are displayed - SMTP Receiving, SMTP Sending, POP3, IMAP, Remote POP and WebMail.

System administrators can further decide how to treat emails sent to users that do not exist in the edited domain within the Catch-all section. The available option in the selection box are to have them rejected, to redirect them to one of the existing public folders or to redirect them to a catch-all account. If the emails are redirected to an account, you can also specify a folder for the emails to be stored in, using the Change folder button.

258




The General page also displays specific details about the currently edited domain in the Info section. The information refers to the MACL Support status, domain creation date and date and time details for the last modification and login.


9.3.1.2. Defining Domain Aliases The Manage Domains > Domain Aliases page allows system administrators to create a list of aliases for a certain domain.

The page displays a list of previously defined aliases. Each can be edited using the text field listed under Address. To delete an alias, use its corresponding Delete button. To add a new alias, type its name in the upper right corner text field and hit the Add Alias button.


9.3.1.3. Domain Message Filters Page The Manage Domains > Message Filters page helps system administrators create and manage incoming message rules and AntiVirus / AntiSpam filters for a specific domain.

Important! • Domain level rules for this domain will run after any existing Server level rules (common actions will be overridden) • AntiVirus / AntiSpam filters enabled at domain level provide the accounts in this domain with an additional filtering layer.

When first accessing the page, a list with the already defined rules and filters is displayed. Both lists can be minimized or maximized by clicking the list name bar. Each message and filter has a Enabled/Disabled status displayed and next to it, the Enabled/Disabled button displays the opposite action of the status. Priorities between enabled Antivirus / Antispam filters or Message rules can be changed using the up and down arrows under the Priority section.

259




To add a new rule for the configured domain, click the Add Message Rule button. They can be deleted or further configured using the Delete and Edit buttons. Type a name for the incoming message rule in the Message rule name text filed and check the Enable this incoming rule option to activate it.

260




Further select if the messages filtered should match all or any of the defined criteria set below. You can add as many conditions as you wish by clicking the Add Condition button. Use the Add Action button to define the actions to be taken if an email message matches the specified criteria.


9.3.1.4. Configuring the Message Appender The Manage Domains > Message Appender page allows system administrators to create an appender that will be attached to all messages sent by the respective domains.

To have the text you want appended to all sent messages, check the Enable Message Appender for this domain option and edit the text in the available text box.


9.3.1.5. Managing Account Defaults The Manage Accounts > Account Defaults page defines default values for the parameters that will be automatically inherited by all new accounts and account classes, and can be explicitly set (overridden) in the advanced configuration of the respective account or account class.

The page gives access to three different sub-pages:

• General - allowing system administrators to set running services to be inherited • Quotas and Restrictions - enabling admins to set certain limits for mailbox level,

folder level, notification, password policy, etc. • Message Filters - allowing the creation of message rules

261




9.3.1.5.1. Account Defaults General Parameters The Account Defaults > General subpage lists the currently enabled or disabled services at domain level. When such a service is stopped or started at domain level, the accounts within the specific domain will inherit this configuration.

To enable or disable a service, use the respective buttons corresponding to that service's name. Please note that at domain level, only services affecting domain behavior are displayed - SMTP Receiving, SMTP Sending, POP3, IMAP, Remote POP and WebMail.


9.3.1.5.2. Configuring Account Quotas and Restrictions The Quotas and Restrictions subpage contains parameters relative to mailbox and folder level, notifications to be sent to account users and restrictions imposed at domain level for all created accounts.

Managing Account Quotas

At mailbox level, the total mailbox size, the total number of folders and the total number of messages can be limited by selecting the respective options in the Mailbox area and using the up and down arrows to adjust the limits to the desired value. For the total size limit, use the available drop-down menu to select if you want it calculated in KB, MB or GB.

262




At folder level, system administrators can set limits for the size of each folder and the total number of messages per each folder by checking the respective options in the Folders section and using the up and down arrows to adjust the limits to the desired value. For the folder size limit, use the available drop-down menu to select if you want it calculated in KB, MB or GB.

To have account users notified when they reach a certain level of their allowed quota through a pop-up displayed when accessing the WebMail interface, check the respective option in the Notifications section and use the up and down arrows to increase or decrease the default percentage of the quota. When this option is checked, the users are also notified at every login. You can set the frequency of these login notifications using the up and down arrows corresponding to this additional option. To select if the respective value is calculated in seconds, minutes, hours or days, check the respective drop-down menu.

System administrators can further edit the content of the notification in the Notification email content section. To edit the text displayed, use the Subject and Body text fields. To insert more values in the email body, use the available buttons - Domain, Account, Full name, Notification threshold percentage, Size quota, Size used, Size used (%), Count Quota, Count Used, Count Used (%).

Configuring Restrictions

263




Password Policy Enforcement System administrators can define a Password Policy to be enforced when an account is created for a respective domain. First of all, they can set a minimum and maximum number of characters for each password, using the up and down arrows or editing directly the text field of the Password length parameters. They can further select from the Password must include drop-down menu if passwords should include letters, letters and numbers or letters, numbers and special characters.

Session restrictions The number of POP3, IMAP and WebMail sessions can be limited for all accounts of a certain domain. To select the desired value, use the up and down arrows or directly edit the text fields pertaining to each type of session. POP3 and IMAP sessions take values from 1 to 16, while WebMail sessions take values from 1 to 2048.

WebMail Restrictions

To limit the size of email message attachments, check the respective option in the WebMail section and use the up and down arrows to select the desired size. To have the size measured in KB, MB or GB use the available drop-down menu.

Use the up and down arrows of the Limit number of attachments per message option or edit its corresponding text field to set a maximum number of attachments allowed to email messages sent or received from any account using the WebMail interface.

Check the Limit message size option to set a maximum size for sent and received messages through the WebMail interface. To do so, use the up and down arrows to select the desired size or edit the corresponding text field.

The Limit number of recipients option allows you to configure a maximum number of recipients for WebMail email messages using the up and down arrow to select the desired size or editing the corresponding text field.

To set the HTML Body Filtering Level for all domain accounts when connected via WebMail, use the available slider. The HTML filtering levels stand for the following:

• No Filtering

264




• Low level filtering - converts the message to standard XHTML • Medium level filtering - generates the email body based on a list of known/allowed



Message Sending Restrictions

Limits imposed to sent messages offer system administrators an easy possibility to prevent account users from generating spam. They can thus set a maximum number of messages, their total size and the period in which these are sent using the up and down arrows to select the desired size or editing the corresponding text field. To have message size calculated in KB, GB or MB, use the respective drop-down menu. The time frame for the maximum number of messages can be set to be calculated in seconds, minutes, and hours, using the corresponding drop-down menu.

Remote POP Restrictions

System administrators can limit the number of remote POP accounts defined by account users. To do so, use the up and down arrows to select the desired size or edit the corresponding text field. Additionally, you can specify a minimum interval between two email retrievals for each RPOP connection. Use the Minimum message retrieval interval drop-down menu to have it calculated in seconds, minutes or hours.

Temporary Email Addresses Restrictions

The administrator can set some limits on the usage of temporary email addresses. A user may request maximum 16 temporary email addresses (aliases). If the limit is set to '0' the 'Add' button in WebMail (in the 'Temporary Email Addresses' section) will be disabled but old temporary email address will still be available until they expire or are deleted. The time

265




period from the creation of a temporary email address to its automatic deletion can be set between 10 minutes and 1 year.


9.3.1.5.3. Managing Account Filters The Manage Account Defaults > Message Filters sub-page enables system administrators to create and manage incoming message rules at account level.

Important! Account level rules will run after any existing Domain level rules and Server level rules (common actions will be overridden).

When first accessing the sub-page, a list with the already defined rules is displayed. Each message rule can be deleted or further configured using the Delete and Edit buttons.

Each message rule has a Enabled/Disabled status displayed and next to it, the Enabled/Disabled button displays the opposite action of the status. Priorities between message rules can be changed using the up and down arrows under the Priority section.

To add a new rule for all domain accounts, click the Add Message Rule button. Type a name for the incoming message rule, use the Message rule name and check the Enable this incoming rule option to activate it.

266




Further select if the messages filtered should match all or any of the defined criteria set below. You can add as many conditions as you wish by clicking the Add Condition button. Use the Add Action button to define the actions to be taken if an email message matches the specified criteria.


9.3.2. Manage Accounts Tab

When first accessing the Manage Accounts tab a list of existing domains is displayed. To be able to manage the accounts first select one of the existing domains.

After selecting a certain domain, the list of previously created accounts is displayed. To run a search for a specific account use the Account Search field.

To edit an existing account use its corresponding Edit button, to delete it hit the Delete button. In order to create a new account, hit the Add Account button.

267




The domain you are creating the account in is displayed in the Domain name field if you have already selected a certain domain. If you press the Add Account button prior to the domain selection you will have to type the desired domain. Specify a name for the account you are creating in the Account Name text field. Type a password of choice in the Account password text field or click the Set Random button to select a random password combination. When using this button the randomly assigned password is displayed under it.

If you are done configuring the account hit the Quick Add button. Alternatively, should you prefer to further fine tune it click the Advanced Config link. This link and the Edit button of already configured link gives access to four configuration pages, General, Quotas and Restrictions, WebMail Options and Message Filters.

9.3.2.1. Accounts General Page

The Manage Accounts >General page allows system administrators to configure basic account settings such as the account name, password and also displays general information regarding the account in question.

Use the First name and Last name text fields to modify the name of the person the account is created for. The account name can also be edited in its respective text field.

To change an account's password, either type another one in the Account password text field or click the Set Random button to select a random password combination. When using this button the password randomly assigned is displayed under it.

To select whether the default settings established at domain level should be inherited by the account you are currently managing or if the account should be associated with an already defined account class use the Inherit configuration details drop-down menu.

268




The services section displays the list of account services and their current status. To enable or disable a service, use the respective buttons corresponding to that service's name. Please note that at account level only services affecting account behavior are displayed - SMTP Receiving, SMTP Sending, POP3, IMAP, Remote POP and WebMail.

The Info section of the account displays details referring to the creation date of the account, used quota and time, date and IP coordinates of the last logins to the respective accounts through IMAP, POP3 and WebMail.


269




9.3.2.2. Account Aliases

The Manage Accounts > Account Aliases page allows system administrators to create a list of aliases for a certain user account.

Account Aliases Management

An account alias is a secondary account pointing to the account you are editing. For example, if you are currently editing the account [email protected] previously created and you add [email protected] as an alias, all emails sent to [email protected] will be delivered to [email protected].

Each of the previously defined account aliases can be edited in the text filed or deleted using their corresponding Delete buttons. To add a new alias, type its name in the upper right corner text field and hit the Add Alias button.


9.3.2.3. Configuring Quotas and Restrictions

The Manage Accounts > Quotas and Restrictions page contains parameters relative to mailbox and folder level, notifications to be sent to account users and restrictions imposed to the account being edited.

Managing Account Quotas At mailbox level, the total mailbox size, the total number of folders and the total number of messages can be limited by selecting the respective options in the Mailbox area and using the up and down arrows to adjust the limits to the desired value. For the total size limit, use the available drop-down menu to select if you want it calculated in KB, MB or GB.

At folder level, system administrators can set limits for the size of each folder and the total number of messages per each folder by checking the respective options in the Folders section and using the up and down arrows to adjust the limits to the desired value. For the folder size limit, use the available drop-down menu to select if you want it calculated in KB, MB or GB.

270





To have account user notified when reaching a certain level of their allowed quota through a pop-up displayed when accessing the WebMail interface, check the respective option in the Notifications section and use the up and down arrows to increase or decrease the default percentage of the quota. When this option is checked, the users are also notified at every login. You can set the frequency of these login notifications using the up and down arrows corresponding to this additional option. To select if the respective value is calculated in seconds, minutes, hours or days use the respective drop-down menu.

System administrators can further edit the notification content in the Notification email content section. Edit the text displayed using the Subject and Body text fields. To insert more values in the email body, use the available buttons - Domain, Account, Full name, Notification threshold percentage, Size quota, Size used, Size used (%), Count Quota, Count Used, Count Used (%).


271




Password Policy Enforcement System administrators can define a Password Policy to be enforced for the currently created account. First of all, a minimum and maximum number of characters for each password can be set using the up and down arrows or directly editing the Password length parameters text field. Further select from the Password must include drop-down menu if passwords should include letters, letters and numbers or letters, numbers and special characters.

Session restrictions The number of POP3, IMAP and WebMail sessions can be limited for the respective account. To do so select the desired value, use the up and down arrows or directly edit the text fields pertaining to each type of session. POP3 and IMAP sessions take values from 1 to 16, while WebMail sessions take values from 1 to 2048.


To limit the size of email message attachments, check the respective option in the WebMail section and use the up and down arrow to select the desired size. To have the size measured in KB, MB or GB use the available drop-down menu.

Use the up and down arrows of the Limit number of attachments per message option or edit its corresponding text field to set a maximum number of attachments allowed to email messages sent or received using the WebMail interface

Check the Limit message size option to set a maximum size for sent and received messages through the WebMail interface. To do so either use the up and down arrows to select the desired size or edit the corresponding text field.

The Limit number of recipients option allows you to configure a maximum number of recipients for WebMail email messages using the up and down arrows to select the desired size or editing the corresponding text field.

To set the HTML Body Filtering Level for this specific account when connected via WebMail use the available slider. The HTML filtering levels stand for the following:



272






Limits imposed to sent messages offer system administrators an easy possibility to prevent account users from generating spam. They can thus set a maximum number of messages, their total size and the period in which these are sent using the up and down arrows to select the desired size or editing the corresponding text field. To have the message size calculated in KB, GB or MB use the respective drop-down menu. The time frame for the maximum number of messages can be set to be calculated in seconds, minutes, and hours using the corresponding drop-down menu.


System administrators can limit the number of remote POP accounts defined by a certain user. To do so, use the up and down arrows to select the desired size or edit the corresponding text field. Additionally, a minimum interval between two email retrievals for each RPOP connection can be specified. Use the Minimum message retrieval interval drop-down menu to have it calculated in seconds, minutes or hours.


The administrator can set some limits on the usage of temporary email addresses. A user may request maximum 16 temporary email addresses (aliases), if the limit is set to '0' the 'Add' button in WebMail (in the 'Temporary Email Addresses' section) will be disabled but old temporary email address will still be available until they expire or are deleted. The time period from the creation of a temporary email address to its automatic deletion can be set between 10 minutes and 1 year.

Parameter inheritance Parameters or parameter groups that are inherited from the domain's account defaults are automatically marked with the icon, while the ones inherited from an account class are

273




marked with the icon. When explicitly setting the value of an inherited parameter it will be marked with the icon. Moreover, any further changes at parent level (domain's account defaults or account class) will only affect inherited parameters, while explicitly set ones will keep their value. You can, at any time, revert the explicit parameters to their inherited value, by clicking the 'Inherit' link related to the explicitly set parameter (orange) icon.


9.3.2.4. Account WebMail Options

The Manage Accounts > WebMail Options page allows you to configure an account's appearance, preferences, contact details and signature. These options can also be set by each account user from the WebMail Interface.

Appearance Options

Use the WebMail Skin name drop-down menu to select the WebMail skin that should be used for this account. To configure the WebMail language settings for the respective account use the WebMail Language drop-down menu. The available options are English, German, Romanian, Spanish, Portuguese, Italian, Dutch, Swedish, Norwegian, Polish, Russian, Czech, Greek, Chinese and Persian. The default selected language is English.

You can specify the number of messages to be displayed on a WebMail page for the currently edited mailbox using the Display...messages per page drop-down menu.

Account Preferences

274




You can have a confirmation requested before deleting a message via WebMail from the currently edited account by checking the Ask for confirmation on email deletion option.

Check the Ask for confirmation on empty folder option to request a confirmation on emptying a folder in WebMail for the currently edited account.

To have messages deleted through the WebMail interface sent to Trash check the Move deleted emails to Trash option. If left unchecked messages will be permanently deleted.

Allow the WebMail interface to check for new emails automatically for the configured account by checking the Automatically check for new emails option. Use the available text field or its up and down arrows to define the time frame and the drop-down menu to have the period measured in minutes, hours or days. Check the Display notification when new email arrives option so the user receives a pop-up warning when a new email arrives.

To set the HTML Body Filtering Level for this specific account when connected via WebMail use the available slider. The HTML filtering levels stand for the following:




Contacts Settings

System administrators can select which contacts to be used for the account they are currently editing. They can either use contacts from the public address-book and/or employ domain contacts. To do so please choose from (or both) available options: Use contacts from public address-book and Use contacts from domain.

275




Defining a Signature

To have a signature defined for all messages sent from the configured account via WebMail type it in the Message Signature text field. The text you define will then be appended to all outgoing email sent from the WebMail interface.


9.3.2.5. Managing Message Filters

The Manage Domains > Message Filters page enables system administrators to configure a set of rules to be applied to messages received by specific accounts, as well as to view and change any of the similar rules created by the users themselves. The page gives access to other 2 sub-pages:

• Admin Filters - containing the parameters relative to incoming message rules and filters.

• User Filters - containing the parameters relative to incoming message rules and filters set by users in WebMail > Settings > Filters page.

276




9.3.2.5.1. Admin Filters The Message Filters > Admin Filters sub-page enables system administrators to configure incoming message rules and filters for specific user accounts.

Important: • The Rules and Filters configured in this page replace the ones inherited from account

defaults. • For a direct access to the account defaults parameters, click on the underlined account

defaults option available right under the Admin Filters sub-page name.

Incoming Message Rules Important! When first accessing this tab to be able to add filters for this account click the Define explicit link.

To configure a new message rule, hit the Add Message Rule button and then fill in the specific parameters in the new sub-page, New Message Rule. Each message rule has an Enabled/Disabled status displayed, the action displayed by the button next to it is the opposite of the status. Each rule can be deleted or further configured using the Delete and Edit buttons.

To set the order in which defined rules should apply, use their corresponding up and down arrows available under the Priority section.

Important: All message rules available in this section will run after any existing Server Level Rules and Domain Level Rules (common actions will be overridden)

277




General Settings for the New Message Rule

Use the text box under General Settings in order to specify the name of the new rule then enable the new rule by checking the box in front of the option called Enable this incoming rule.

New Message Rule Conditions In the Matches section, first decide the incoming messages for which you want the rule to apply. Next, choose the conditions you want to apply to those messages (e.g. for messages from '[email protected]').

Use the drop-down menu to select the type of the new condition. Available options include setting conditions relative to the subject, sender, receiver, Cc, To or Cc, size of the email, as well as a customization option, accessible by clicking on Custom. To delete one of the newly-added criteria hit its corresponding trash-bin shaped like button.

New Message Rule Actions

By editing the Actions section you can decide what you want to do with the messages that match the above conditions. Use the drop-down menu to specify the actions corresponding to the mail message i.e. moving, copying, deleting, or redirecting it to a certain email address etc.

To add a new action, click on the Add Action button and then fill in all the corresponding details in the newly-displayed menus. To delete an action hit the trash-bin shaped like button displayed on the right hand side of the action in question.

278





9.3.2.5.2. User Filters The Message Filters > User Filters sub-page enables system administrators to configure incoming message rules and filters for specific user accounts.

Important: • The User Filters subcategory, in particular, gives you access to the rules defined by the

user for this account using the WebMail interface. • Editing these rules will actually edit the user-defined filters, and the changes will be seen

by the user in the WebMail interface. Access to these rules has been introduced in order to allow the administrator to correct potential problems in user-generated rules through shared access.

Incoming Messages Rules

To configure a new message rule hit the Add Message Rule button and then fill in the specific parameters in the new sub-page, New Message Rule. Each message rule has an Enabled/Disabled status displayed, the action displayed by the button next to it is the opposite of the status. Each rule can be deleted or further configured using the Delete and Edit buttons.

To set the order in which defined rules should apply use their corresponding up and down arrows available under the Priority section.

Important: • The message rules below will run after any existing Server level rules and Domain level

rules (common actions will be overridden).

General Settings of the New Message Rule

279




Use the text box under General Settings in order to specify the name of the new rule, then enable the new rule by checking the box in front of the option called Enable this incoming rule.

New Message Rule Conditions In the Matches section first decide the incoming messages for which you want the rule to apply. Next, choose the conditions you want to apply to those messages.

Use the drop-down menu to select the type of the new condition. Available options include setting conditions relative to the subject, sender, receiver, Cc, To or Cc, size of the email, as well as a customization option accessible by clicking on Custom. To delete one of the newly-added criteria hit its corresponding trash-bin shaped button. New message rules can be set to match all or just part of the specified conditions according to your choice.

New Message Rule Actions


To add a new action click on the Add action button and then fill in all the corresponding details in the newly-displayed menus. To delete an action hit the trash-bin shaped like button displayed on the right hand of the action in question.


280




9.3.3. Groups Tab

When first accessing the Groups tab, a list of the existing domains is displayed. To be able to manage the groups you have to first select one of the existing domains.

After selecting a certain domain the list of previously created groups is displayed. To run a search for a specific group use the Group Search field. To edit an existing group use its corresponding Edit button, to delete it hit the Delete button. In order to create a new group press the Add Group button.

The domain you are creating the group in is displayed in the Domain name field if you have already selected a certain domain. If you press the Add Group button prior to the domain selection you will have to type the desired domain. Specify a name for the group you are creating in the Group Name text field. After specifying these two parameters the groups email address will be displayed (generic address is Groupname@Domainname).

Check the Enable this group option if you want to render the group active. If you are done configuring the group hit the Quick Add button. Alternatively, should you prefer to further fine tune it, click the Advanced Config link. This link and the Edit button of already configured link gives access to two configuration pages: General and Message Filters.

281




9.3.3.1. Group General Configuration

The Groups > General page allows you to add and delete group members and also provides information on the group currently edited.

Use the Group Name text field to edit the name you have previously assigned to your group.

To add a group member type his/her email address in the Group members text field. To add more than one member hit the Add member button which will generate additional text fields for email addresses. To delete an already added member use the Delete button. Check the Enable this group option if you want to render the group active.

The Info section displays details referring to the creation and last modification date and time of the group.


9.3.3.2. Groups Message Filters

The Groups > Message Filters page enables system administrators to create and manage incoming message rules for a specific group.

Important! • Group level rules will run after any existing Domain level rules and Server level rules

(common actions will be overridden).

When first accessing the page a list with the already defined rules and filters is displayed. Both lists can be minimized or maximized by clicking the list name bar.

282




Each message rule has an Enabled/Disabled status displayed, the action displayed by the button next to it is the opposite of the status. Each rule can be deleted or further configured using the Delete and Edit buttons.

To set the order in which defined rules should apply use their corresponding up and down arrows available under the Priority section. To configure a new message rule hit the Add Message Rule button and then fill in the specific parameters in the new sub-page, New Message Rule.

Use the text box under General Settings in order to specify the name of the new rule, then enable the new rule by checking the box in front of the option called Enable this incoming rule.

In the Matches section first decide the incoming messages for which you want the rule to apply. Next, choose the conditions you want to apply to those messages.

Use the drop-down menu to select the type of the new condition. Available options include setting conditions relative to the subject, sender, receiver, Cc, To or Cc, size of the email, as well as a customization option accessible by clicking on Custom. To delete one of the newly-added criteria hit its corresponding trash-bin shaped button. New message rules can be set to match all or just part of the specified conditions according to your choice.

283





To add a new action click on the Add action button and then fill in all the corresponding details in the newly-displayed menus. To delete an action hit the trash-bin shaped button displayed on the right hand side of the action in question.


9.3.4. Mailing Lists

Use the WebAdmin Mailing Lists tab to manage the mail lists in AXIGEN Mail Server. When selecting this tab the currently existing mailing lists are displayed.

If you have defined a large number of mailing lists you can quickly locate a certain one by using the Mailing list Search available in the upper right corner. This field enables you to search by the name of the mailing list, on a filter as you type basis.

You can also search for a mailing list by using the Domain search menu available on the left of the screen. Just fill in the domain name in order to see all the corresponding mailing lists and they will be filtered out as you type. Clicking directly on one of the listed domains will result again in displaying all the mailing lists defined for that specific domain.

To edit an already defined mailing list hit the Edit button on the right side of its name, to delete it hit its respective Delete button. Should you like to add a new mailing list click the Add mailing list button.

284




Fill in the requested details: domain name, list name, list full name, administrator email, then specify a password for the mailing list you wish to create. Hit the Quick Add button in order to create the list using the default settings or the Advanced Config link to further fine tune it.

When pressing the Edit button for an existing mailing list or the Advanced Config link you access the six pages shown in the screen-shot below. The name of the configured mailing list is displayed in the upper section of the screen at all times.

9.3.4.1. Mailing Lists General Configuration

The Manage Lists > General tab allows system administrators to set the running services for a specific domain and other domain related parameters.

Settings

285




Use the List name and List Full Name fields in order to edit the name of the mailing list. The complete name will appear as displayed under these fields. In this example, "Mailing List 1" <[email protected]>.

Use the Account Password text area to manually specify the password for accessing the mailbox of this list, or generate one randomly by hitting the Set Random button. The new randomly generated password will be displayed in the field below: 55Op3tqa, in this case.

Subscription and unsubscription confirmations are automatically accepted for the mailing list displayed under Account Password. Leave blank in the text box if you wish these requests to be confirmed by the administrator.

Services

Use the Services field to specify what services are enabled for this mailing list. To enable or disable a service use the respective buttons corresponding to that service's name. Greyed out options are the ones active.

Info

The General page also displays specific details about the currently edited mailing list in the Info section. The information refers to the account creation date, as well as time details for the last modification and login.


286




9.3.4.2. Members

The Mailing Lists > Members page allows system administrators to specify the parameters regarding the members of the mailing lists.

The members list is displayed alphabetically taking into account the first letters of the members' email address. You can also use the searching field in order to create a filter and thus be able to locate a certain account faster.

To edit the details of a member address click the Edit button on the right side of its name, to delete it hit its respective Delete button. Should you like to add a new mailing list member hit the Add Member button.

Adding and editing a member address is done by filling in the requested details: the members' email and full name, and then clicking on the Quick Add button.


9.3.4.3. Subscription and Posting

The Mailing Lists > Subscription and Posting page allows system administrators to set rules regarding subscriptions and unsubscriptions, posting rights, define message headers and templates for mailing lists.

Subscription/Unsubscription In this section, you can set the rules regarding subscriptions and unsubscriptions from a defined mailing list. When checking the Allow subscription/unsubscription via email option you can also decide whether the administrator needs to approve subscriptions and set special email addresses to be used especially for subscribing or unsubscribing.

287




Message posting

Use the drop-down menu from the Messages can be posted by field in order to select who has the right to post messages. Choose one from the three available options: Anyone, Subscribers and Moderator, Moderator Only. Check the Require moderation for option to choose what messages should be moderated: all or those from non subscribers.

Use the content slider available in this section in order to define the type of content a message can have. Move the slider to the left or to the right, in order to make the selection. Enabled types of messages will then change color from whiter to gray.

Message Headers

288




Here you can list or modify the headers you wish to remove from each message. To edit a header hit the Edit button on the right side of its name, to delete it click its respective Delete button. Should you like to add a new header to be removed hit the Define button.

Whether editing or adding a new header for removal you will need to fill in the name of the header, then hit the Quick Add button.

Message Templates

This section enables you to edit the message templates. You can edit headers, footers, error messages and confirmation requests, as well as any automatic messages. Click the button corresponding to the template you are interested in and make the change. Should you like to insert a text at the beginning of each message fill it in the text box available under template types.


289





The Mailing Lists > Quotas and Restrictions page contains parameters relative to parameters at mailbox and folder level, notifications to be sent to the list members and restrictions imposed to the mailing list being edited.

Managing Mailing List Quotas

At mailbox level, the total mailbox size, the total number of folders and the total number of messages can be limited by selecting the respective options in the Mailbox Level area and using the up and down arrows to adjust the limits to the desired value. For the total size limit use the available drop-down menu to select if you want it calculated in KB, MB or GB.

At folder level system administrators can set limits for the size of each folder and the total number of messages per each folder by checking the respective options in the Folder Level section and using the up and down arrows to adjust the limits to the desired value. For the folder size limit use the available drop-down menu to select if you want it calculated in KB, MB or GB.

To have the account user notified when reaching a certain level of their allowed quota, through a pop-up displayed when accessing the WebMail interface, check the respective option in the Notifications section and use the up and down arrows to increase or decrease the default percentage of the quota.

Session Restrictions

290




The number of POP3, IMAP and WebMail sessions can be limited using the up and down arrows or directly editing the text fields pertaining to each type of session. POP3 and IMAP sessions take values from 1 to 16, while WebMail sessions take values from 1 to 2048.


To limit the attachment and message size check the respective options in the WebMail section and use the up and down arrows to select the desired size. To have the size measured in KB, MB or GB use the available drop-down menu.

Use the up and down arrows of the Limit number of attachments per message and Limit number of recipients options or edit their corresponding text field to set the maximum number of attachments and recipients in an email message.


Limits imposed to sent messages offer system administrators an easy possibility to prevent account users from generating spam. They can thus limit the total number of messages to be sent and their size in a time interval. Use the up and down arrows to select the desired size or edit the corresponding text field. To have message size calculated in KB, GB or MB use the respective drop-down menu.


9.3.4.5. Mailing Lists WebMail Options

The Mailing Lists > WebMail Options page allows setting up of the mailing list's appearance, preferences, contact details and signature.

Appearance Options

291




Use the WebMail Skin name drop-down menu to select the WebMail skin to be used for this account. To configure the WebMail language settings for the respective account use the WebMail Language drop-down menu. The available options are English, German, Romanian, Spanish, Portuguese, Italian, Dutch, Swedish, Norwegian, Polish, Russian, Czech, Creek, Chinese and Persian. The default selected language is English.

You can specify the number of messages to be displayed on a WebMail page for the currently edited mailbox using the Display...messages per page drop-down menu.

Preferences

You can have a confirmation requested before deleting a message via WebMail from the currently edited mailing list by checking the Ask for confirmation on email deletion option.

Check the Ask for confirmation on empty folder option to request a confirmation on emptying a folder in WebMail.

To have messages deleted through the WebMail interface sent to Trash by check the Move deleted emails to Trash option. If left unchecked, messages will be permanently deleted.

Allow the WebMail interface to check for new emails automatically for the configured mailing list check the Automatically check for new emails option. Use the available text field or its up and down arrows to define the time frame and the drop-down menu to have the period measured in minutes, hours or days.

To set the HTML Body Filtering Level for this specific account when connected to via WebMail, use the available slider. The HTML filtering levels stand for the following:

• No Filtering • Low level filtering - converts the message to standard XHTML

292




• Medium level filtering - generates the email body based on a list of known/allowed attributes and tags.

• Thorough filtering - generates the email body

To have a signature defined for all messages sent from the configured mailing list via WebMail type it in the Message Signature text field. The text you define will then be appended to all outgoing email sent from the WebMail interface.


9.3.4.6. Mailing Lists Message Filters

The Mailing Lists > Message Filters page enables system administrators to create and manage incoming message rules for a mailing list.

Important! • Account level rules will run after any existing Domain level rules and Server level rules

(common actions will be overridden).

When first accessing the sub-page a list with the already defined rules is displayed. Each message rule can be deleted or further configured using the Delete and Edit buttons.

Each message rule has a Enabled/Disabled status displayed and next to it, the Enabled/Disabled button displays the opposite action of the status. To set the order in which defined rules should apply use their corresponding up and down arrows available under the Priority section.

293




To add a new rule for all domain accounts, click the Add Message Rule button. In the new window type a name for the incoming message rule in the Message rule name field and check the Enable this incoming rule option to activate it.

In the Matches section first decide the incoming messages for which you want the rule to apply. Next, choose the conditions you want to apply to those messages (e.g. for messages from '[email protected]').

Use the drop-down menu to select the type of the new condition. Available options include setting conditions relative to the subject, sender, receiver, Cc, To or Cc, size of the email, as well as a customization option accessible by clicking on Custom. To delete one of the newly-added criteria hit its corresponding trash-bin shaped button. New message rule can be set to match all or just part of the specified conditions according to your choice.


To add a new action click on the Add action button and then fill in all the corresponding details in the newly-displayed menus. To delete an action click the trash-bin shaped button displayed on the right hand side of the action in question.


294




9.3.5. Configuring Public Folders

Use the Public Folders tab to manage public folders in AXIGEN Mail Server. When selecting this tab the currently existing public folders and sub-folders are displayed.

If you have defined a large number of public folders, you can quickly locate a certain one by using the Domain search menu available on the left of the screen. Just fill in the domain name in order to see all the corresponding public folders and they will be filtered out as you type. Clicking directly on one of the listed domains will also result in displaying all the public folders defined for that specific domain.

To add a new public folder click on the desired parent in the list and hit the Add Public Folder button at the top. If you don't select a parent the new public folder will be added in the public folder root. To delete an already defined public folder click its respective Delete button.

Fill in the folder name, select the parent folder from the drop-down menu and specify the email address for this public folder. You can insert multiple email addresses: fill in the email address and then click on the Add Address button. Should you like to delete one of the listed email addresses, click on the trash bin icon available on the right of the email address. Hit the Quick Add button in order to complete the creation of the public folder with these settings or use the Advanced Config link to further fine tune it.

295




When pressing the Edit button for an existing public folder or the Advanced Config link when creating it, you will be able to make more settings in the General and Quotas configuration pages.

The name of the configured public folder will be displayed in the upper section of the screen at all times.

9.3.5.1. Public Folders General Configuration

The Public Folders > General page allows system administrators to begin the configuration of a public folder.

Settings

The system administrator can specify here the email address for this public folder. Multiple email addresses can be defined: fill in the email address and then click on the Add button. Should you like to delete one of the listed email addresses, click the Delete button available on the right of the email address.

9.3.5.2. Configuring Public Folders Quotas

The Public Folders > Quotas page contains parameters relative to the mailbox and folder levels of the public folder being edited.

296




System administrators can set limits for the size of each folder and the total number of messages per each folder by checking the respective options and using the up and down arrows to adjust the limits to the desired value. For the folder size limit, use the available drop-down menu to select if you want it calculated in KB, MB or GB.

Important! The values set will be used by any new public folder you create for this domain. You can override them by editing the Quotas section of any specific public folder.


9.3.6. Account Classes Tab

Use the Account Classes tab to manage the account classes in AXIGEN Mail Server. When selecting this tab the currently existing account classes are displayed.

If you have defined a large number of account classes you can quickly locate a certain one by using the Domain search menu available on the left of the screen. Just fill in the domain name in order to see all corresponding account classes, they will be filtered out as you type. Clicking directly on one of the listed domains will also result in displaying all the account classes defined for that specific domain. The above screen-shot displays all the account classes created for the mycompany.com domain: Marketing_Accounts, Management_Accounts and Sales_Accounts.

To edit an already defined account class hit the Edit button on the right side of its name, to delete an already defined account class click its corresponding Delete button. Should you like to add a new account class hit the Add Account Class button displayed in the upper right corner of the screen.

297




Add a new account class for the currently selected domain, in our case the mycompany.com domain, which is also automatically filled in the Domain Name field and can be edited.

For successfully creating a new account class fill in its name in the Account Class Name field, then hit the Quick Add button in order to create it using the default domain inherited parameters or the Advanced Config link to explicitly define account parameters. When pressing the Edit button for an existing account class or the Advanced Config link, you access the three pages shown in the below screenshot. The name of the configured account class is listed in the upper section of the screen at all times.

9.3.6.1. Account Classes General Parameters

The Account Class > General page displays the list of class services and their current status.

To enable or disable a service use the respective buttons corresponding to that service's name. Please note that at account class level only services affecting account class behavior are displayed - SMTP Receiving, SMTP Sending, POP3, IMAP, Remote POP and WebMail.


298





The Account Classes > Quotas and Restrictions page contains parameters relative to mailbox and folder level, notifications to be sent to users and restrictions imposed for all created account classes.

Important! Changing the parameters below will affect the account classes that have inherited parameters. Explicitly set parameters will not be affected.

Managing Account Quotas

The total mailbox size, the total number of folders and the total number of messages can be limited by selecting the respective options in the Mailbox level area and using the up and down arrows to adjust the limits to the desired value. For the total size limit use the available drop-down menu to select if you want it calculated in KB, MB or GB.

System administrators can set limits for the size of each folder and the total number of messages per each folder by checking the respective options in the Folder level section and using the up and down arrows to adjust the limits to the desired value. For the folder size limit use the available drop-down menu to select if you want it calculated in KB, MB or GB.

To have account users notified when they reach a certain level of their allowed quota, through a pop-up displayed when accessing the WebMail interface, check the respective option in the Notifications section and use the up and down arrows to increase or decrease the default percentage of the quota. When this option is checked the users are also notified at every login. You can set the frequency of these login notifications using the up and down arrows corresponding to this additional option. To select if the respective value is calculated in seconds, minutes, hours or days check the respective drop-down menu.

299




System administrators can further edit the content of the notification in the Notification email content section. To edit the text displayed use the Subject and Body text fields. To insert more values in the email body use the available buttons - Domain, Account, Full name, Notification threshold percentage, Size quota, Size used, Size used (%), Count Quota, Count Used, Count Used (%).


Password Policy Enforcement System administrators can define a Password Policy to be enforced when an account is created for a respective account class. First of all, a minimum and maximum number of characters for each password can be set using the up and down arrows or directly editing the Password length parameters. Further select from the Password must include drop-down menu if passwords should include letters, letters and numbers or letters, numbers and special characters.

Session restrictions The number of POP3, IMAP and WebMail sessions can be limited for all accounts in a certain account class. To do so select the desired value, use the up and down arrows or directly edit the text fields pertaining to each type of session. POP3 and IMAP sessions take values from 1 to 16, while WebMail sessions take values from 1 to 2048.

300





To limit the size of email message attachments check the respective option in the WebMail section and use the up and down arrows to select the desired size. To have the size measured in KB, MB or GB use the available drop-down menu.

Use the up and down arrows of the Limit number of attachments per message option or edit its corresponding text field to set a maximum number of attachments allowed to email messages sent or received from any account using the WebMail interface.

Check the Limit message size option to set a maximum size for sent and received messages through the WebMail interface. To do so, use the up and down arrow to select the desired size or edit the corresponding text field.

The Limit number of recipients option allows you to configure a maximum number of recipients for WebMail email messages using the up and down arrow to select the desired size or editing the corresponding text field.

To set the HTML Body Filtering Level for this specific account when connected to via WebMail, use the available slider. he HTML filtering level stand for the following:





301




Limits imposed to sent messages offer system administrators an easy possibility to prevent account users from generating spam. They can thus set a maximum number of messages, their total size and the period in which these are sent using the up and down arrows to select the desired size or editing the corresponding text field. To have the message size calculated in KB, GB or MB use the respective drop-down menu. The time frame for the maximum number of messages can be set to be calculated in seconds, minutes, and hours using the corresponding drop-down menu.


System administrators can limit the number of remote POP accounts for account classes. To do so use the up and down arrows to select the desired size or edit the corresponding text field. Additionally you can specify a minimum interval between two email retrievals for each RPOP connection. Use the Minimum message retrieval interval drop-down menu to have it calculated in seconds, minutes or hours.


The administrator can set some limits on the usage of temporary email addresses. A user may request maximum 16 temporary email addresses (aliases), if the limit is set to '0' the 'Add' button in WebMail (in the 'Temporary Email Addresses' section) will be disabled but old temporary email address will still be available until they expire or are deleted. The time period from the creation of a temporary email address to its automatic deletion can be set between 10 minutes and 1 year.

Parameter inheritance Parameters or parameter groups that are inherited from the domain's account defaults are automatically marked with the icon. When explicitly setting the value of an inherited parameter it will be marked with the icon. Moreover, any further changes at parent level (domain's account defaults) will only affect inherited parameters, while explicitly set ones will keep their value. You can, at any time, revert the explicit parameters to their inherited value, by clicking the 'Inherit' link related to the explicitly set parameter (orange) icon.

Any parameter change in this account class will propagate on all the accounts that are set to inherit this class. The inherited values can be overridden (set explicitly) at account level, thus allowing you to create exceptions from the account class. Please note that if you explicitly

302




set a parameter at account level, further changes of that parameter (in the parent account class) will not affect the respective account.


9.3.6.3. Managing Message Filters

The Account Classes > Message Filters page enables system administrators to create and manage incoming message rules for an account class.

Important! Changing the parameters below will affect the account classes that have inherited parameters. Explicitly set parameters will not be affected. • Account level rules will run after any existing Domain level rules and Server level rules

(common actions will be overridden). Important! When first accessing this tab to be able to add filters for this account class click the Define explicit link.

Each message rule has a Enabled/Disabled status displayed and next to it, the Enabled/Disabled button displays the opposite action of the status. To set the order in which defined rules should apply use their corresponding up and down arrows available under the Priority section.

Message rules can be deleted or further configured using the Delete and Edit buttons. To add a new message rule click the Add Message Rule button. In the new window type a name for the incoming message rule in the Message rule name field and check the Enable this incoming rule option to activate it.

In the Matches section first decide the incoming messages for which you want the rule to apply. Next, choose the conditions you want to apply to those messages (e.g. for messages greater than 5000kb).

303




By editing the Actions section, you can decide what you want to do with the messages that match the above conditions. Use the drop-down menu to specify the actions corresponding to the mail message, i.e. moving, copying, deleting, or redirecting it to a certain email address etc.

Several actions to be performed can be added, click on the Add action button and fill in all the corresponding details in the newly-displayed menus. To delete an action click the trash-bin shaped button displayed on the right hand side of the action in question.


304




9.4. Security & Filtering The "Security & Filtering" section comprises tabs relative to AXIGEN Mail Server's integration with antivirus/antispam applications, as well as the management of its global access control, acceptance and routing policies, Sieve filtering and message rules. The comprised configuration options allow you to define and maintain a comprehensive security policy by employing Antivirus and AntiSpam applications, the incoming message rules wizard, custom blacklists and other filtering tools.

9.4.1. AntiVirus and AntiSpam Tab

The Security & Filtering >AntiVirus and AntiSpam tab allows system administrators to view and configure the AntiVirus and AntiSpam applications supported by AXIGEN Mail Server.

Accessing this tab leads to the following 3 sub-pages:

• Supported Applications • AntiVirus Actions • AntiSpam Configuration

305




9.4.1.1. Supported AV/AS Applications

The AntiVirus and AntiSpam > Supported Applications page allows you to view and enable the AntiVirus and AntiSpam applications that you wish to run with AXIGEN Mail Server.

Under Supported Applications choose which of the available AntiVirus and AntiSpam applications should run by simply clicking on their corresponding Enable or Disable buttons.

Consider the following: SpamAssassin does not modify headers, no matter how SpamAssassin is configured; AXIGEN integrates X-AXIGEN-SpamLevel depending on the SpamAssassin score and can be used within spamtest and virustest SIEVE filters. Also, Bundled SpamAssassin is the same with the SpamAssassin option, just that it is integrated (bundled) within the AXIGEN kit.

To set the order in which enabled Antivirus and AntiSpam filters should apply, use the up and down arrows available under Actions. To update the AntiVirus and AntiSpam detection status refresh the current page by hitting the click here option.

Enabled applications will run simultaneously and act according to the general settings made in the next pages: AntiVirus Actions and AntiSpam Configuration. Additional antivirus/antispam protection can be granted for specific resources such as a domain or account, by enabling one or more extra applications only for that resource in its Message Filters section.

9.4.1.2. Setting the AntiVirus Actions

The AntiVirus and AntiSpam > AntiVirus Actions page enables system administrators to set the actions to be taken by enabled AntiVirus applications in AXIGEN Mail Server.

306




Use the drop-down menus in this section to set the specific actions that enabled antivirus applications should take when detecting a suspicious e-mail or one that cannot be cleaned. Choose between allowing the e-mail to be delivered, discarding it or moving it to the Trash folder.


9.4.1.3. AntiSpam Configuration

The AntiVirus and AntiSpam > AntiSpam Configuration page allows system administrators to configure lists of safe email addresses (whitelists) and spam threshholds.

Setting a WhiteList

Use this section in order to configure the WhiteList, the list of e-mail addresses from which e-mails should always be accepted. To edit the details of an already set email address, hit the Edit button on the right side of its name, to delete it hit its respective Delete button. Should you like to add a new e-mail address hit the Add Email button, type it and then click Quick Add.

The asterisk symbol ( * ) can be used as a substitution of any characters in an email address (e.g.: *sale*@mycompany.com, *@mycompany.com, etc.). For example setting *@mycompany.com, will result in delivering all emails received from any email address in mycompany.com domain.

Spam Thresholds Use the sliders or the up and down arrows to set the maximum value for the Spam Thresholds. Available values range between 1 to 10, according to the SpamAssasin score, where 1 is associated to legitimate emails (Not Spam) and 10 to clearly spam e-mails (Spam). Exceeding the set values will result in moving the respective email to the Spam folder, respectively in deleting the email.

307





9.4.2. Additional AntiSpam Methods

The Additional AntiSpam Methods tab gives access to system administrators to additional antispam filters such as email and DNS blacklists, Sender Policy Filters and Domain Keys filters, lists of safe IPs and DNS checks.

BlackList

Use this section in order to configure the BlackList, the list of e-mail addresses from which e-mails should always be rejected. To edit the details of an already set email address hit the Edit button on the right side of its name, to delete it click its respective Delete button. Should you like to add a new e-mail address, hit the Add Email button and then Quick Add.

The asterisk symbol ( * ) can be used as a substitution of any characters in an email address (e.g.: *sale*@example.com, *@example.com, etc.). For example setting *@example.com, will result in rejecting all emails received from any email address in example.com domain.

308




Sender Policy Framework

Enable the SPF (Sender Policy Framework) authentication method by checking the box in front of it, then use the drop-down menus in order to select the actions to be taken if no SPF records are published and if SPF records cannot be checked. Choose between allowing to deliver the message or deleting the message.

Domain Keys authentication

Enable the DK (Domain Keys) e-mail authentication by checking the box in front of it, then use the drop-down menus in order to select the actions to be taken when no DK records are published and if DK records cannot be checked. Choose between allowing to deliver the message, deleting the message or moving the message to the SPAM folder.

DNSBL (DNS BlackList)

Use the options in this section in order to configure the DNS blacklist. To edit the details of an already added DNS Blacklist, hit its corresponding Edit button, to delete it click its respective Delete button. Available DNS BlackLists can be enabled or disabled by simply clicking on their corresponding Enable or Disable buttons.

Should you like to add a new DNS Blacklist press the Add DNS BlackList button, fill in the Operator Name and DNS BlackList text boxes, then check the Enable this Blacklist option and hit the Quick Add button.

309




Safe IPs/IP Ranges Configure the list of IPs or IP ranges to be skipped by the DNS BlackList lookup by adding the respective IPs in this section. To edit the details of an already added IP or IP range hit its corresponding Edit button, to delete it click its respective Delete button.

Should you like to add a new safe IP or IP range, hit the Add IP/Range button, select one of the available options: Network/Mask, IP Range or Single IP and fill in its corresponding details in the displayed text box.

DNS Check

Available actions for this section include rejecting emails received from domains with no MX entry or emails from originating IP with no reverse DNS entry. Just check the box in front of the option that you want to enable in order to activate it.


310




9.4.3. Global Access Control

The Security & Filtering > Global Access Control tab allows system administrators to configure the parameters relative to the global access control such as access restrictions and others.

Access Restriction

Use the options in this section to configure the IP/IP Ranges for which all services are to be denied access. To edit the details of an already set IP/IP Range hit its corresponding Edit button, to delete it click its respective Delete button.

Should you like to add a IP/IP Range hit the Add IP/Range button, select one of the available options: Network/Mask, IP Range or Single IP and fill in its corresponding details in the displayed text box, then hit the Quick Add button.

Important! Global Access Restrictions will be automatically applied to all the services and their respective listeners. You can also set individual permissions for each service and each existing listener from the specific service configuration sections found under the Services tab.


9.4.4. Acceptance & Routing Tab

The Security & Filtering > Acceptance & Routing tab allows system administrators to configure the message acceptance settings and routing rules. This tab gives access to three pages:

• Acceptance Basic Settings - containing the basic policies for emails acceptance. • Routing Basic Settings - containing the basic policies for emails routing. • Advanced Settings - containing the advanced policies for emails acceptance and

routing.

311




9.4.4.1. Acceptance Basic Settings

The Acceptance & Routing > Acceptance Basic Settings page allows system administrator to configure a set of basic acceptance policies at SMTP-connection level such as the maximum size for received emails, the allowed ESMTP commands, rules for local delivery and settings relative to the default SMTP banner.

Incoming connections established via SMTP and the message flow can be easily managed using the established policies. Moreover, they allow adding headers, changing addresses and other such actions.

Received messages

Check the Limit message size option and then use the up and down arrows in order to specify the maximum size for received messages. Then use the drop-down menu to select one of the available options: bytes, KB, MB or GB as necessary. Maximum value: 4096 MB.

Use the up and down arrows or fill in the text box in order to specify the maximum number of received headers. This will result in denying looping emails when the number of received headers exceeds the specified value (30 in this example). Available values range from 1 to 999.

Check the Limit no. of recipients per message option in order to specify the maximum number of recipients for received emails. Fill in the text box or use the corresponding up and down arrows in order to set the specific value, between 1 and 1000.

Allowed ESMTP Commands

Specify the allowed ESMTP Commands using the options in this section. Enable the StartTLS, 8-bit MIME, binary or pipelining extensions by simply checking their corresponding boxes.

312




Allow/Disallow local delivery

Set the parameters for local delivery using the options under Allow/Disallow local delivery. Here you can choose to enable/disable the local delivery and mandatory authentication. Check the box for the option that you want to activate.

Override default SMTP banner

Should you like to set a new SMTP banner check the box in front of the Override default SMTP banner option and then fill in the details of the new SMTP banner in the corresponding text box. The newly-added SMTP banner will automatically override the parameters of the default one.


9.4.4.2. Routing Basic Settings

The Acceptance & Routing > Routing Basic Settings page allows system administrators to configure a set of basic policies for message routing and thus customize SMTP Outgoing actions for all or part of the relayed email communication: specifying a smart host, outgoing connections settings, enabling remote delivery or setting a new SMTP connection timeout.

Setting a Smart Host

Check the box in front of the Enable smart host delivery option and fill in the requested details in the Host and Port text-boxes. As a result the smart host delivery will be enabled and all outgoing messages will be sent to the specified host.

Should you like to enable username/password authentication before relaying emails to a certain address check the box in front of the option called Authenticate using and then fill in the username and password details in the available text boxes. You can also use a SSL connection by checking the box in front of the corresponding option, Use SSL connection.

313




Remote delivery

Enable remote delivery and mandatory authentication using the options under the Allow/Disallow remote delivery section. Just check the box in front of the option that you want to activate.

Outgoing connection settings

To allow the use of the StartTLS extension check the Use StartTLS if available option. Should you like to have messages sent through a specific network interface check the box in front of the option called Send messages through network interface, then use the drop-down menu to select between using the system default network interface or using a custom one. In the latter case also specify the corresponding IP in the available text box.

Should you like to set a new SMTP connection timeout for outgoing messages check the box in front of the option called Override default outgoing SMTP connection timeout, then use the up and down arrows to specify the parameter of the new timeout. Use the drop-down menu to select the value of the timeout (seconds, minutes or hours).


9.4.4.3. Advanced Settings

The Acceptance & Routing > Advanced Settings page allows system administrators to configure a set of advanced message acceptance and routing policies for incoming and outgoing SMTP modules.

Advanced Settings

314




Use the options under Advanced Settings to further tune any of the already set SMFL filters. Advanced acceptance rules will override the basic acceptance policy settings for the specified conditions.

To edit or delete a specific acceptance/routing rule, just use the Edit or the Delete buttons available on the right side of the filter in question. To set the order in which available rules will be applied use the up and down arrows under Priority.

Adding a new acceptance or routing rule

Hitting the Add Acceptance/Routing Rule button will lead you to another page called New Acceptance/Routing rule. Use the text box under General in order to specify the name of the new rule, then enable the new rule by checking the box in front of the Enabled option.

New rule conditions

Use the options under Conditions in order to specify the type of the new condition you wish to create, then hit the Add condition button and use the available text boxes and menus to configure the parameters of the newly-added condition. To delete one of the newly-added conditions click the recycle bin shaped icon on its right. Created conditions can match all or just part of the specified criteria according to your choice.

315




Use the options under Conditions in order to specify the type of the new action that you wish to add, then hit the Add action button and use the available text boxes and menus to configure the parameters of the newly-added condition. To delete one of the newly-added conditions, hit the x button.


9.4.5. Incoming Message Rules Tab

The Security & Filtering > Incoming Message Rules tab allows system administrators to configure a set of message rules instructing the AXIGEN Mail Server to take certain actions on processed email messages based on pieces of information contained by the message headers.

Important! Server level message rules can be overridden by specific domain/account/mail list/group level rules.

To edit or delete any of the available rules just use the Edit or the Delete buttons, available on the right side of the rules in question. To add a new message rule click the Add Message Rule button and fill in the requested details. To set the order in which available rules will be applied use the up and down arrows under the Priority section.

316





9.4.5.1. New Message Rule Page

The Incoming Message Rules > New Message Rules tab allows system administrators to specify a new rule for incoming messages.

Use the text box under General in order to specify the name of the new rule, then enable the new rule by checking the box in front of the Enabled option.

New rule conditions

Use the drop-down menu to select the type of new condition. Available options include setting criteria relative to the connection, local address, remote address, recipient, sender, DNS checks, session, extensions and delivery . To delete one of the newly-added conditions hit its corresponding recycle bin shaped icon on its right. New message rule can be set to match all or just part of the specified criteria according to your choice.

Further configure the rule by using one of the options displayed by the drop-down menu and then fill in the text box with the corresponding details.

317




Actions

Message rules extract information from the mail header and take actions according to the pre-defined rules. Use the drop-down menu available under Actions to set the actions corresponding to the conditions set above.

To add a new action click on the Add action option and then fill in all the corresponding details in the newly-displayed menus.

When you are done configuring these parameters remember to hit the Save Configuration button to preserve your changes.

9.5. Queue The Queue section gives access to settings, defining, processing and viewing options for messages within the queue and also allows system administrators to take specific actions on certain emails.

318




9.5.1. Processing Tab

The Processing tab allows you to adjust mail scheduling parameters according to your needs.

Logging

You can select several types of messages to be logged: critical messages, error messages, warning messages, informational messages and protocol communication. To select which of these are to be logged click the Log Level slider and move it to the left or to the right. The selected types of messages will change color from whiter to gray.


Email Delivery

Use the options in the Email Delivery area in order to set the parameters for rescheduling emails in case of a non-critical delivery error in AXIGEN Mail Server.

The First delivery retry timeout for an email field allows you to specify the time interval for rescheduling a message in case of a non-critical delivery error in AXIGEN Mail Server. The default value corresponds to 5 minutes, this means that the queue is rechecked after 5 minutes in order to attempt sending the message. The value for this parameter can be entered in seconds, minutes or hours. For each subsequent retry this timeout is doubled.

You can also specify the maximum time interval when the retry timeout is no longer doubled. This option is available in the Stop doubling retry timeout when it reaches field. The

319




default value corresponds to 8 hours, meaning that once the retry timeout reaches 8 hours all subsequent retries will still be made after 8 hours and not after 16. The value for this parameter can be entered in seconds, minutes or hours.

Use the Max. number of retries field to specify the number of times AXIGEN server should try to deliver a mail message in case of a non-critical delivery error in AXIGEN Mail Server.

The Temporary delivery error reports area enables you to specify when you should first be notified about the failed attempts to deliver a message. The default value is 4. Change this value by using the up and down arrows or by simply entering the new parameter in the text box available after the Send notification after field.

The notification format can also be defined by filling in the Notification Sender, Notification Subject, Notification Body begins with, Append this text for each failed recipient and Notification body ends with text fields.

Check the Also attach to notification option so the notification email will include either entire original message or just its header.

In the Permanent delivery error reports area, you can also define the the NDR (Non-Delivery Receipt) text and the conditions when such a message is returned. As an example, NDR responses are sent when the specified recipient of an email message is invalid.

320




You can further define the content of the error notification by inserting a number of variables covering the recipient address, failure reason, sender address, email size, as well as the text to be added to the end of the notification body. Use the drop-down menu to also select whether to include the header of the original message or the entire original message.

Queue Parameters

The Queue path field allows you to specify the path to the internal server queue. If the string does not represent a valid path the queue will not be stored. By default the AXIGEN server queue is stored in /var/opt/axigen/queue. Changing the already set path will take effect only after restarting the server.

Use the Max. number of queue subdirectories field in order to specify the upper limit for the number of subdirectories in the internal queue. The default value is 64, the maximum is 256.

In the Processing queue size field specify the size of the internal processing queue. When too many messages have to be processed and this queue is full the next messages will be rescheduled.

321




Use the Local delivery threads field to specify the number of threads handling the local SMTP delivery. Thus you can fine tune the server behavior to your usage scenario. If you want to use your server mainly for local delivery you can set a higher number of delivery threads, top limit is 128.


9.5.2. View Queue

The Queue > View Queue tab allows you to view the email processing queue with extensive information relative to the emails in the queue.

Viewing the Queue When first accessing this tab a list of emails in the queue is displayed. Email filtering options include searching the queued emails depending on their sender, receiver, email size, sending date, retry data, status. Next Retry field has the following format: dd mmm yyyy (ie. 1 Jan 1970).

Use the drop-down menus and text boxes to specify the filtering parameters, then hit the Go button to activate them. As a result all emails meeting the specified criteria will be displayed.

To view all emails in the queue again or set different filters click the Reset Filter button and then fill in your new searching criteria.

Detailed message information For details related to a specific email in the queue hit the Info button on the right hand of the email in question and check the fields of the displayed text box.

322




Actions to be taken for selected items Several actions can be applied to a specific email or number of emails. These include retrying their delivery on the spot, deleting them or sending NDRs (non-delivery receipts) for the selected items.

Hitting the Force Queue button will result in forcing the delivery of all emails in the queue no matter their retry schedules.


9.6. Status & Monitoring The Status & Monitoring section gives access to configuring the reporting service, viewing charts reflecting different server parameters and extensive details on overall and domain-specific storage.

• Reporting Service - for configuring the AXIGEN Mail Server logging service, including the logging levels and logging types.

• Charts - containing the basic policies for emails routing. • Storage Charts - containing the advanced policies for emails acceptance and

routing.

9.6.1. Reporting Service Tab

The Status & Monitoring > Reporting Service tab allows system administrators to configure the AXIGEN Mail Server logging service including the logging levels and logging types.

323




SNMP is a networking management protocol used to monitor network-attached devices. SNMP allows messages (called protocol data units) to be sent to various parts of a network. Upon receiving these messages SNMP-compatible devices (called agents) return data specific to certain parameters that are monitored to the SNMP manager.

To access SNMP listener configuration in WebAdmin, go to the Status&Monitoring module >Reporting Service tab. A list of the already configured listeners (if any) will be displayed, sorted by their IP addresses (lowest first). To enable/disable any of the existing listeners just click on the corresponding button under Status. To edit/delete any of them click on the corresponding Edit or Delete buttons under Actions.

To add a new listener hit the Add Listener button and then fill in the text boxes with the IP address and port details. Should you like the new listener to have the Enabled status check the box in front of the Enable this listener option. To finalize the adding of the new listener click on Quick Add.

For a detailed view of listeners usage in AXIGEN see the Listeners section.

Logging

The log level can be set in the Logging section with the use of the slider, by moving it to the left or to the right, depending on how much detailed the logging information should be. The selected types of messages will change color from transparent to gray. Please note that the log level values are cumulative (i.e. setting the log level to Warning messages will also log Critical messages and Error messages).

324




Log types Use the drop-down menu under Log to select one of the available logging types. You can log (internally, remotely or using the system log) the activity of all services available in AXIGEN.

Use remote log option: AXIGEN Log Service can log internal data coming from other AXIGEN modules/services or data coming from the UDP port 2000 (default option). Use the drop-down menu to select the custom option if you wish to specify another port.

Data Collection

The Reporting Service is responsible with collecting events relevant for the System Administrator. Use the up and down arrows in order to specify the time interval when the logging information should be collected. The collected samples will be aggregated and stored according to each chart's configuration.

SNMP Parameters

In this section SNMP can be enabled by checking the box in front of it. Version 6.0 of AXIGEN now supports SNMP Traps that can be set either for connected managers or specific IPs by checking the SNMP Send Traps To All Managers option or defining a SNMP Community and adding IP:Port combinations to it. To add a new trap destination fill the details in the corresponding text field and click the Add button. Trap Destinations can be edited directly in the field they are displayed in or deleted by clicking their corresponding Delete button.

Download AXIGEN MIB File to see all parameters monitored by the reporting service, their description and other relevant details.

325





9.6.2. Charts Tab

The Status & Monitoring > Charts tab allows system administrators to configure sets of parameters to be monitored and view their corresponding graphical activity charts.

Defined charts When accessing the Charts tab a list of the already configured graphics is displayed, if none has been previously created the list will be empty.

To edit or delete any of the already defined charts use the options under the Actions section: to edit the details of an already defined chart hit the Edit hit its button on the right side of its name, to delete it click the corresponding Delete button. Should you like to add a chart hit the Add Chart button and fill in the requested details.

326




Use the drop-down menu to select one of the available chart groups or create a new one by filling in its name in the corresponding text box. Then specify the desired name for your chart and hit the Next step button. This will result in displaying two new pages: Chart Parameters and Display Settings. The same pages will also appear when wishing to edit the parameters of an already defined chart.

Available Chart Groups

The defined Chart Groups allow quick and comprehensive browsing through all the displayed graphs: clicking on one of the available groups will result in displaying all the charts defined for that specific group to ease the search and configuration.

Refresh options

For an accurate representation an automatic refresh option is available alongside a manual refresh button.

9.6.2.1. Chart Parameters Configuration

The Charts > Chart Parameters page allows system administrators to specify the parameters relative to a new or an already defined chart.

General settings Use the options under the General Settings section in order to configure the parameters relative to the Chart Group and Chart Name.

Use the drop-down menu on the right side of the Chart Group option in order to specify the name of the group within which the new chart will be created. Choose one of the already defined charts or use the Custom group option. The latter option will allow you to create a new chart group and fill in its name in the accompanying text-box on the right.

327




Data Aggregation Use the options under the Data Aggregation section in order to specify the parameters to be collected, the aggregation function and interval, as well as the database storage details.

Use the drop-down menu available on the right hand side of the Parameter to collect option in order to select the new parameter to be monitored.

Use the drop-down menu to select one of the available Aggregation Functions: average, maximum, minimum or total.

Use the drop-down menu to specify the Aggregation Interval. You can set the aggregation to be made every minute, hour or day, or choose the custom option in order to specify another interval ranging from 60 seconds to 60 days.

A rotation criterion can be enforced on the database by using the up and down arrows on the right side of the option called Rotate database after storing.


328




9.6.2.2. Display Settings

The Charts > Display Settings page allows system administrators to specify the parameters relative to a new or an already defined chart.

Predefined styles

To choose one of the predefined graphic types use the Chart Type drop-down box. Available options are bars, discrete dots, discrete lines, fill, fill with outline, and outline types.

You can further customize the colors of your defined graphic using the Fill color and Outline color drop-down menus. Available options include black and white, gray, as well as red, orange, blue, magenta and green and their darker and lighter nuances.

Live Preview

Preview the display of the selected chart type by checking the Live Preview section. In this case, for example, you can view the Discrete lines chart type.


329




9.6.3. Storage Charts

The Status & Monitoring > Storing Charts tab allows system administrators to view graphical charts of the AXIGEN Mail Server space usage for both overall storage and per domain storage.

Overall Storage Check this chart to view the aggregated disk storage and space usage information. Storage values will be displayed in KB and percentages.

Per Domain Storage This section displays the space usage information for each of the domains hosted by AXIGEN. To ease the search use the Domain Search option and fill in the name of the domain that you want to check. The information available for that specific domain will be displayed on a filter as you type basis.

Check the graphical bars to view the total storage information and space usage percentage for the selected domain. Should you like to view additional storage information click the Detailed Info button on the right side of the domain in question, in the Actions section.

This will result in accessing another page with Detailed Storage Info, meaning the storage charts for the selected domain (such as localdomain.com in this example).

Important! The storage size on disk will automatically grow to its maximum configured expandable size, provided the disk has enough free space.

9.6.3.1. Detailed Storage Info

The Storage Charts > Detailed Storage Info page allows system administrators to view the storage information for the selected domain: the total storage files as well as details relative to the domain, object and message storages.

330




All Storage Files & Domain Storage

To view the information related to all the storage files for the selected domain check the details under the All Storage Files section. Should you like some detailed information about the domain storage only look in the Domain Storage section. You will thus be able to see the location of the domain storage files as well as the maximum number and size of domain storage files. The Domain Storage and Overall Usage Information are also available as a graphical bar with the corresponding values in KB and percentages.

For additional information about the location and name of the domain storage files hit the Show domain storage files button. To hide this option click the Hide domain storage files button.

Object Storage & Message Storage

331




For detailed information about the object and message storage check the details available under the corresponding sections: Object Storage and Message Storage. Again you will be able to see the location of the corresponding storage files as well as the maximum number and size allowed for such files.

The Domain Storage and Overall Usage Information are also available as a graphical bar with the corresponding values in KB and percentages. For more information about the location and name of the corresponding storage files with the use of the Show button.

To get back to the previous page, Storage Charts, use the Back to: Storage Charts button available at the top of the current page.

9.7. Logging The Logging section gives access to viewing, deleting, downloading log information for each AXIGEN Mail Server module and adding or configuring log collection rules.

332




9.7.1. Local Services Log

The Logging > Local Services Log tab allows systems administrators to view the log information for each of the AXIGEN Mail Server modules.

Local Services Log Overview

Check the options under the Local Services Log Overview section to view the AXIGEN modules and their logging levels and files. Displayed Log Levels are the ones configured into the Reporting Service tab from the Status & Monitoring section.

For each AXIGEN module information messages related to the processed data and connections are stored by default under the 'default.txt' file. To change the implicit location of the file click the Change button, then fill in the new file name and click on Save.

9.7.2. Log Collection Rules

The Logging > Log Collection Rules tab allows system administrators to view or add log collection rules.

Log Collection Rules When accessing this page, a list of the already defined log collection rules will be displayed. To edit one of the rules use the Edit button available on the right side of the rule in question, to delete it use its corresponding Delete button.

333




To set the order in which the defined log collection rules will be applied use the up and down arrows displayed on the right hand of the Delete option.

The default rule found in this context will store the data logged from all the AXIGEN modules into the default.txt file. For specific logging needs additional collection rules can added by clicking on the Add Rule option. Adding or editing a log collection rule implies configuring the same set of parameters available in a new page that will be displayed: Configure Log Collection Rule.

9.7.2.1. Log Collection Rule Configuration

The Log Collection Rules > Configure Log Collection Rule page contains the parameters relative to the configuration of new log collection rules including the services for which logs are to be created, log levels and rotation criteria.

Settings section

Use the drop-down menu under the Collect messages from option in order to select the general type of services for which logs are to be kept. Available options include local services and remote host. When choosing the latter option you will also have to specify the remote host details in an additional text box.

334




The Collect logs from service option enables you to select the specific service for which logs are to be created. Use the drop-down menu to make your choice.

Use the in file option to view or change the file that will store all the information messages related to the processed data and connections. To change it just fill in the new details in available the text box.

Logging

The log level can be set in the Logging section with the use of the slider, by moving it to the left or to the right, based on how detailed the logged information should be. The selected types of messages will change color from transparent to gray.

Rotation Parameters

In the Rotation parameters section options such as destination file size, maximum lifetime for the destination file and also the limit number of old log files kept can be defined. To enable any of these options check the boxes in front of them, then use the up and down arrows to set their specific values. Note that that the default setting for the Limit no. of old log files kept to option indicates that all old rotated log files will be kept.

Important: When selecting a predefined rotation interval (Daily/ Weekly /Monthly) the rotation will be performed at midnight, when the rotation interval ends.


To go back to the Log Collection Rules tab hit the Back to: Log Collection Rules option available in the top left corner of this page.

335




9.7.3. View Log Files

The Logging > View Log Files tab enables system administrators to view, delete or download all the log files storing the information for defined log collection rules.

Log files When accessing this tab a list of all the available log files will be displayed. To change the number of displayed logs use the drop-down menu available for the Show...files per page option. To view another page of logs click on its corresponding number or on the Next option.

Viewing, deleting or downloading a log file To see the contents of a log file click the View option available on its left side. A new section with the logged information will appear and useful scrolling options to be used for viewing the entire content of the log file.

To delete a specific log file click on its corresponding Delete button. To download a certain log file hit the button available on the right side of its Delete option. A helpful note will also appear to announce you that you can use this button with the purpose to Download the log file in question.

336




9.7.4. Log Server Settings

The Logging > Log Server Settings page allows you to configure parameters relative to this specific service's configuration, to add listeners and further manage and define logging parameters.

Listeners Currently, UDP listeners are only available for the Logging service, the only AXIGEN UDP Service. A list of the already configured listeners (if any) will be displayed, sorted by their IP addresses (lowest first). They are used to specify the socket to listen to for connecting to the Log service. To enable/disable any of the existing listeners just click on the corresponding button under Status. To edit/delete any of them hit the corresponding Edit or Delete buttons under Actions.

To define a new listener, use the Add Listener button and fill in the text boxes with the IP address and port details.. The default value for this parameter is 127.0.0.1:2000.

Should you like the new listener to have the Enabled status check the box in front of the Enable this listener option. To finalize the adding of the new listener click on Quick Add.

For a more detailed view see the Listeners section.

Logging Settings

To set the Log Level click the slider and move it to the left or to the right. The selected types of messages will change color from transparent to gray. Please note that the log level values

337




are cumulative (i.e. setting the log level to Informational Messages will also log Critical messages, Error messages and Warning Messages.)



9.8. Backup and Restore Tab The FTP Backup & Restore tab allows you to configure parameters relative to this specific service's configuration, add listeners and manage access to the service by adding rules applicable to all existing listeners. For details on listeners and rule configuration, see TCP Listeners and Control Rules chapter.

Through Service Configuration system administrators can manage logging, error and thread control parameters.

Logging

You can select several types of messages to be logged for the Backup & Restore service: critical messages, error messages, warning messages, informational messages and protocol communication. To select which of these are to be logged click the Log Level slider and move it to the left or to the right, the selected types of messages will change color from whiter to gray.


Error Control

338




To set a maximum number of errors caused by invalid commands received from clients or by failed authentication attempts check the respective options in the Error Control area of the Backup & Restore service. Use the up and down arrows corresponding to each of these options to set a specific number of errors.

Thread Management

Thread management allows you to set different numbers of processing threads for the Backup & Restore service depending on your traffic load. First, using the up and down arrows, set a number of threads to be allotted when the Backup & Restore service is started. To have a different number of threads for peak periods check the overload option and use the up and down arrows to choose the thread number.


9.9. Automatic Migration Tab The Automatic Migration tab allows system administrators to enable and configure the automatic migration of domains previously managed with a different mail server to the AXIGEN Mail Server. When first accessing the tab an alphabetical list of existing domains is displayed. The current status of the migration is displayed - Migration Enabled/Disabled - and the opposite action button - Disable/Enable - is available for each domain.

If the domain list is quite large and you need to locate a certain domain type its name in the Domain Search text field and hit Enter on your keyboard. Should you like to return to the prior alphabetical list click the Reset Filter button displayed after the search filter has been successfully applied.

In order to enable the migration process for a certain domain you have to first configure its parameters. To do so, first hit the Configure button corresponding to each domain name. The options in the below screen capture will appear:

339




To turn on the migration process please check the Enable automatic migration for this domain option. For the migration process to work you should also configure the connection to the old mail server. Therefore please specify the IP/Hostname of the priorly used server and its SMTP and IMAP Ports in the corresponding text fields. To preserve these connection details please hit the Quick Save button.

Important! Some mail servers allow you to create folder names containing the "/" character. AXIGEN cannot migrate folders whose names contain this specific character, therefore you need to rename them before migrating so that the process is completed successfully.

9.10. Clustering Section The Clustering section allows system administrators to setup the AXIGEN Mail Server clustering support. Clustering support is based on OpenLDAP integration with AXIGEN and allows routing for the POP3 Proxy and IMAP proxy services. This new feature enables system administrators to spread mailboxes on several AXIGEN servers and have a separate machine that routes POP3/IMAP connections to the appropriate mailbox server. It also supports the LDAP Authentication mechanism for the AXIGEN Mail Server. For further details on the Clustering Support features and functionalities, please see the corresponding section in the Architecture chapter.

9.10.1. Clustering Setup

The Clustering Setup tab gives access to three different pages:

• LDAP Connectors - allows system administrator to create and manage LDAP Connectors and to also set some general parameters relative to logging and connection threads.

• User Maps - the page gives access to creating, editing and deleting user maps. • Routing and Authentication - containing parameters relative to routing possibilities

through POP3 Proxy, IMAP Proxy and SMTP.

340




9.10.1.1. LDAP Connectors Page

The LDAP Connectors Page allows system administrators to manage existing LDAP connectors and to create new ones as well as to configure some general parameters that direct logging and threading behavior for the connectors.

When first accessing the LDAP Connectors Page a list of already defined connectors is displayed. To change the settings for an already defined LDAP connector hit its corresponding Edit button, to delete it use the Delete button.

To create a new LDAP connector click the Add Connector button. Whether adding or editing a connector the same configuration window pops up.

341




To specify a name for you newly defined connector use the LDAP Connector name text field. Proceed with specifying a combination of IP/Hostname and port for your connector using the dedicated fields in the LDAP Server Parameters section. Under these fields the generated LDAP host URL will be displayed. This URL follows the ldap://IP/Hostname:Port pattern.

The next step in configuring the LDAP connector is to select if an anonymous bind or an administrative DN is to be used. Should you check the Use administrative DN option you will also have to specify in the same LDAP Search Parameters section your selected values for four other fields: Admin DN, Admin DN Password, Search Base and Search Filter.

Should you like an error to be returned when more entries match a search filter check the respective option in the LDAP Search Parameters section. If this option is left unchecked the first entry matching the search filter will be used.

The final step is to specify a Password Attribute and a Hostname attribute for the currently configured connector in the LDAP Attributes Mapping section. After completing this step press the Quick Add button to save your settings.

Logging Parameters

You can select several types of messages to be logged for the LDAP Connectors: critical messages, error messages, warning messages, informational messages and protocol communication. To select which of these are to be logged click the Log Level slider and move it to the left or to the right. The selected types of messages will change color from transparent to gray.


Thread Management

Thread management allows you to set different numbers of processing threads for the LDAP Connectors depending on your traffic load. Set a number of threads to be allotted when the LDAP Connectors are started using the up and down arrows.


342




9.10.1.2. User Maps Page

Through the User Maps page system administrators can manage existing user maps and also add new ones. When first accessing this page a list of already defined user maps is displayed.

To modify an existing user map use the corresponding Edit button, to delete it click the Delete button. To add a new one simply hit the Add User Map button. Whether adding a new map or editing and existing one the same configuration window pops up.

Specify a name for the map you are currently configuring in the User Map name text field. Then select a type for your user map using the User Map type drop-down menu. Available options are local file, LDAP Password and LDAP Bind. Should you choose local file you have to specify the path to the respective file's location in the second text field of this parameter. For LDAP Password and LDAP Bind the text field turns into a second drop-down menu used to select one of the LDAP connectors defined on the LDAP Connectors page.

After configuring these parameters, hit the Quick Add button (if adding a new user map) or the Update button (if editing an existing one) to save your settings.

9.10.1.3. Routing and Authentication Page

The Routing and Authentication page allows system administrators to select the authentication type performed for all services of the AXIGEN Mail Server and to also set parameters managing routing behavior at POP3 Proxy, IMAP Proxy and SMTP level.

The authentication can be of three types (available in a drop-down menu) - internal, LDAP Password and LDAP Bind. When selecting internal the authentication will be performed

343




through the internal user database. If LDAP Password or LDAP Bind is selected one of the LDAP connectors defined on the LDAP Connectors page must be selected.

Routing and proxy redirect requests are performed through one of the user maps previously defined. Therefore, please select one of the existing user maps using the corresponding drop-down menu from the Routing configuration section.

In some cases no match will be found for a certain request within the selected user maps. For these particular cases please specify an IP/port combination to redirect POP3 requests to and one for IMAP requests to be redirected to.

To have routing at SMTP level enabled check the respective option in the Routing configuration section and select an existing user map in the dedicated drop-down menu. In some cases no match will be found for a certain request within the selected user maps. For these particular cases please specify an IP/port combination to redirect SMTP requests to.


9.10.2. POP3 Proxy Tab

The POP3 Proxy tab allows you to configure parameters relative to this specific service's configuration, add listeners and manage access to the service by adding rules applicable to all existing listeners. For details on listener and rule configuration see the TCP Listeners and Control Rules chapter.

Through Service Configuration system administrators can manage logging, authentication and encryption, error and thread control parameters and backend server connection settings.

Logging

344




You can select several types of messages to be logged for the POP3 Proxy service: critical messages, error messages, warning messages, informational messages and protocol communication. To select which of these are to be logged click the Log Level slider and move it to the left or to the right. The selected types of messages will change color from transparent to gray.



The POP3 Proxy service allows only one authentication method which is PLAIN. Therefore as it is recommended to use StartTLS or SSL to enhance connection security, please check the Allow StartTLS option in the Encryption and Authentication section. Should you like your proxy to handle the authentication, check the Perform authentication on proxy option. Alternatively, the authentication will be performed on the back-end server.

Error Control

To set a maximum number of errors caused by invalid commands received from clients or by failed authentication attempts check the respective options in the Error Control area of the POP3 Proxy service. Use the up and down arrows corresponding to each of these options to set a specific number of errors.

Thread Management

345




Thread management allows you to set different numbers of processing threads for the POP3 Proxy service depending on your traffic load. First, using the up and down arrows, set a number of threads to be allotted when the POP3 Proxy service is started. To have a different number of threads for peak periods check the overload option and use the up and down arrows to choose the thread number.

Back-end Server Connection Settings

To set a specific sending and receiving timeout first check the respective option in the Back-end Server Connection Settings section. The timeout is computed in miliseconds (use the up and down arrows or edit the respective text field to increase or decrease the default value) and ranges between 10 and 65535.

The total number of connections established on the back-end server can be limited by checking the corresponding option. Use the up and down arrows or edit the respective text field to increase or decrease the default value - possible values range between 1 and 65535 connections.

In order to overwrite the default local network interface used for back-end server connections check the corresponding option and type the respective interface in the Local network interface IP address field.

Use a secure (SSL enabled) connection when accessing the back-end server by checking the corresponding option in the Back-end Server Connection Settings section.


9.10.3. IMAP Proxy Tab

The IMAP Proxy tab allows you to configure parameters relative to this specific service's configuration, add listeners and manage access to the service by adding rules applicable to all existing listeners. For details on listener and rule configuration, see TCP Listeners and Control Rules chapter.

Through Service Configuration system administrators can manage logging, authentication and encryption, error and thread control parameters and backend server connection settings.

346




Logging

You can select several types of messages to be logged for the IMAP Proxy service: critical messages, error messages, warning messages, informational messages and protocol communication. To select which of these are to be logged, click the Log Level slider and move it to the left or to the right. The selected types of messages will change color from transparent to gray.



The IMAP Proxy service allows only one authentication method which is PLAIN. Therefore, as it is recommended to use StartTLS or SSL to enhance connection security check the Allow StartTLS option in the Encryption and Authentication section. Should you like your proxy to handle the authentication check the Perform authentication on proxy option, alternatively the authentication will be performed on the back-end server.

Error Control

To set a maximum number of errors caused by invalid commands received from clients or by failed authentication attempts check the respective options in the Error Control area of the

347




IMAP Proxy service. Use the up and down arrows corresponding to each of these options to set a specific number of errors.

Thread Management

Thread management allows you to set different numbers of processing threads for the IMAP Proxy service depending on your traffic load. First, using the up and down arrows, set a number of threads to be allotted when the IMAP Proxy service is started. To have a different number of threads for peak periods check the overload option and use the up and down arrows to choose the thread number.

Back-end Server Connection Settings

To set a specific sending and receiving timeout first check the respective option in the Back-end Server Connection Settings section. The timeout is computed in milliseconds (use the up and down arrows or edit the respective text field to increase or decrease the default value) and ranges between 10 and 65535.

You can limit the total number of connections established on the back-end server by checking the corresponding option. Use the up and down arrows or edit the respective text field to increase or decrease the default value - possible values range between 1 and 65535 connections. In order to overwrite the default local network interface used for back-end server connections check the corresponding option and type the respective interface in the Local network interface IP address field.

To use a secure (SSL enabled) connection when accessing the back-end server, please check the corresponding option in the Back-end Server Connection Settings section.


348




9.11. Administration Rights Section Starting with version 5.0, the AXIGEN Mail Server features Delegated Administration options which enable the easy creation of administrative groups, with predetermined membership hierarchies and permissions, assigned to specific domains. The Administration Rights section gives access to parameters configuring the behavior of such administrative users or imposing the limitations for each type of administrative user created.

9.11.1. Administrative Groups Tab

The Administration Rights > Administrative Groups tab allows system administrators to create administrative groups and further define their attributes and specific permissions.

Administrative Groups When first accessing this tab a list of the already defined administrative groups is displayed.

Groups are listed in alphabetical order to ease the search and editing of a specific group. To edit/delete an existing administrative group use the Edit and Delete options available under Actions, on the right hand side of the group in question.

To define a new administrative group hit the Add administrative group button, then fill in the group name and display name in the corresponding text boxes. Use the Quick Add option to save the details directly or click on Advanced config to further tune it: choose its membership hierarchy and assign the permissions you want the group to have.

Whether editing an already defined administrative group or trying to create a new one you will make use of the same options available in three sub-pages called General, Membership, respectively Permissions.

9.11.1.1. General

The Administrative Groups > General sub-page allows system administrators to specify the name and display name of the configured administrative group.

349




General parameters

Whether creating a new administrative group or editing an already created one use the available text boxes under the Settings section to specify the Administrative groupname and Display name.


9.11.1.2. Membership

The Administrative Groups > Membership sub-page allows system administrators to further configure administrative groups by specifying their hierarchy among the other existing groups.

Membership hierarchy

Use the options under Membership hierarchy to set the hierarchy of the configured administrative group (AccountAdministrators in this example). Thus, the configured group can an be assigned as a member of the existing available groups or removed from an already existing group member list by using the two arrows. Example: check the box in front of the CustomPermissions group and then click on the green arrow; as a result, the AccountAdministrators group will be moved to the list of administrative groups to which this group belongs to, as a member.

Members of the configured group

350




The Members of this group section gives you an overview of this childs (both administrative groups and users which inherit permissions from the current group).

Parents of the configured group

Check the Parents of this group section in order to view the groups from which the currently configured group, AccountAdministrators, inherits permissions. Click the '+' sign corresponding to the group that interests you in order see further details relative to its child groups and their hierarchy.

Important! • Please note that cyclic inclusion is not permitted (i.e. if group A is a member of group B and group B is a member of group C, then group C will not be allowed as a member of group A).


9.11.1.3. Permissions

The Administrative Groups>Permissions sub-page allows system administrators to specify the parameters relative to server and domain permissions for the configured administrative group.

Explicit Permissions Two classes of permissions can be delegated to an administrative group: server permissions allow administrative users based on this group to modify certain server modules; domain management permissions include management rights on all domains or on any specific domain (previously created).

Setting explicit permissions at server level

Check the Explicit server permissions section for a list of the already defined server permissions for the configured administrative group. Should you like to edit or delete any of the existing permissions use the corresponding Change and Remove options.

351




Should you like to delete all permissions relative to a certain service just hit the Remove all button. To add new server permissions for the configured administrative group, click on the Add server permission button and fill in the requested details.

Adding server permissions

Click on the Add server permission button, then use the available drop-down menus to configure the new permission by choosing the service and action to be taken relative to the selected module. Available actions are: Allow and Deny. Hit the Quick Add button to finalize the adding of the new configuration.

Setting explicit permissions at domain level

Check the Explicit domain permissions section for a list of the already defined server domain permissions for the configured administrative group. Should you like to edit or delete any of the existing permissions use the corresponding Change and Remove options. To delete all permissions relative to a certain service just hit the Remove all button. To add new server permissions for the configured administrative group click the Add domain permission button and fill in the requested details.

352




Adding domain permissions

Click on the Add domain permission button and use the available drop-down menus to configure the new permission by choosing the service and action relative to the selected module. Available actions are: Allow and Deny. Hit the Quick Add button to finalize the adding of the new configuration.

Effective permissions

Check the Effective Permissions section for complete information about the permissions available for the configured administrative group at different levels (resources): server, any domain, a specific domain. Displayed information will include all information for a certain resource as they result from the inheritance of its parents' permissions combined with the permissions assigned directly to this group.

353




9.11.2. Administrative Users Tab

The Administration Rights > Administrative Users tab enables system administrators to configure the parameters relative to administrative users.

Administrative users' list When first accessing the Administrative Users tab a list of the already defined administrative users is displayed, in alphabetical order to ease the search of a specific user. Should you like to edit or delete any of the existing administrative users hit the Edit and/or Delete buttons corresponding to the users in question.

Adding a new administrative user Should you like to add a new user click the Add administrative user option and fill in the available text-boxes with the requested information: Administrative username, Password and Display name.

Set a password manually by simply entering the desired password combination in the Password text box or hit the Set Random button in order for AXIGEN to automatically assign a password to the configured administrative user. The automatically generated password will also be displayed for informative purposes.

Should you like to add the new administrative user with the newly-configured details click on the Quick Add button, to further fine tune its parameters hit the Advanced Config option.

354




You will then be able to access three new pages: General, Membership and Permissions. The same three pages will also appear when editing an already existing administrative user by hitting the above-mentioned Edit button.

9.11.2.1. General

The Administrative Users > General sub-page allows system administrators to configure general data regarding administrative users such as username, password and display name details.

General settings

Whether creating a new administrative user or editing an already created one use the text boxes in the Settings section to specify the Administrative username and Display name. The password can be either typed in the corresponding field or automatically assigned by AXIGEN when hitting the Set Random button.


9.11.2.2. Membership

The Administrative Users >Membership page allows system administrators to set the membership hierarchy of the configured administrative users.

Membership hierarchy

355




Use the options under Membership hierarchy to set the hierarchy of the configured administrative user (DomainAdministrator1 in this example). Thus, the configured user can an be assigned as a member of the existing available administrative groups or removed from an already existing group list, by using the two arrows.

Example: check the box in front of the Server Administrators and then click on the green arrow; as a result the Server Administrators group will be moved to the list of administrative groups to which the DomainAdministrator1 user will belong to, as a member.


9.11.2.3. Permissions

The Administrative Users>Permissions page allows system administrators to specify the parameters relative to the server and domain permissions for the configured administrative user.

Explicit Permissions Two classes of permissions can be delegated to an administrative user: server permissions allow administrative users to modify certain server modules; domain management permissions can include management rights on all domains or a specific domain.

Setting explicit permissions at server level Check the Explicit server permissions section for a list of the already defined server permissions for the configured administrative group user. Should you like to edit or delete any of the existing permissions, use the corresponding Change and Remove options. Clicking on the Change button will result in changing the permission from Allow to Deny or back, as the case may be.

Should you like to delete all permissions relative to a certain service just hit the Remove all button. To add new server permissions for the configured administrative user click on the Add server permission button and fill in the requested details.

Adding server permissions Click on the Add server permission button, then use the available drop-down menus to configure the new permission by choosing the service and action to be taken relative to the selected module. Available actions are: Allow and Deny. Hit the Quick Add button to finalize the adding of the new configuration.

356




Setting explicit permissions at domain level Check the Explicit domain permissions section for a list of the already defined domain permissions for the configured administrative user. Should you like to edit or delete any of the existing permissions, use the corresponding Change and Remove options. Clicking on the Change button will result in changing the permission from Allow to Deny or back, as the case may be.

Should you like to delete all permissions relative to a certain service just hit the Remove all button. To add new server permissions for the configured administrative user click on the Add server permission button and fill in the requested details.

357




Adding domain permissions

Click on the Add domain permission button, then use the available drop-down menus to configure the new permission by choosing the service and action relative to the selected module. Available actions are: Allow and Deny. Hit the Quick Add button to finalize the adding of the new configuration.

Effective permissions

Check the Effective Permissions section for complete information about the permissions available for the configured administrative user at different levels (resources): server, any domain, a specific domain.

358




9.11.3. Domain Admin Limits Configuration

The Administration Rights > Domain Admin Limits tab allows you to set the domain level limits or restrictions to be applied to the administrative users with permissions on the respective domain.

Domain Admin Limits When first accessing this tab a list of the available domains is displayed, in alphabetical order. To quickly locate a certain domain use the Domain Search option available in the upper right corner. This field enables you to search by the name of the domain, on a filter as you type basis.

To configure the parameters relative to the limits and restrictions set at domain level for specific administrative users hit the Configure button. This will lead you to a new page, Configure Admin Limits, with several fields to be filled in with the corresponding parameters.

The Configure Domain Admin Limits sub-page

Services In the Services section you can limit the list of services that can be allowed by delegated administrators for this domain. To allow or deny any of the listed services hit the corresponding options available on the right hand of the screen: Allowed, respectively Denied. In the displayed example delegated admins for the configured domain have administration rights for all corresponding services except IMAP.

359




Accounts and Account Classes

Use the options under the Accounts/Account Classes section to restrict the value ranges within which the delegated administrators of this domain can operate at account/account class level. You can set limits for the following: total number of accounts and account classes, total number of folders, total number of messages in all folders, total mailbox size limitation, total number of messages per folder, as well as a maximum ranges for each folder size.

Use the up and down arrows to configure the necessary values and, where needed, the drop-down menu to select the corresponding measurements, KB, MB or GB, for the specified limitations.

Groups

To restrict the number of groups an admin of this domain can create check the box in front of the option under Groups, then use the up and down arrows to specify the desired values.

360




Mailing Lists

Use the options under the Mailing Lists section to restrict the value ranges in which the delegated administrators of this domain can operate at mailing list level. Check the boxes in front of the displayed options and then use the up and down arrows to specify the parameters relative to the number of mailing lists, total number of folders, total number of messages in all folders, total mailbox size, total number of messages per folder, as well as the maximum size for each folder.

Public Folders

361




Use the options under Public Folders section to restrict the value ranges in which the delegated administrators of this domain can operate at public folder level. Check the boxes in front of the displayed options and then use the up and down arrows to specify the parameters relative to the maximum number of email addresses per public folder, total number of folders, total number of messages in all folders, the total mailbox size and total number of messages per folder, as well as the maximum size for each public folder.

When you are done configuring these parameters hit the Save Configuration button to preserve the newly-specified values.

9.12. TCP Listeners and Control Rules AXIGEN Mail Server can use different Listeners for its TCP services (SMTP Receiving, POP3, IMAP, WebMail, WebAdmin, CLI and FTP Backup& Restore) and UDP services (Log and Reporting).

Listeners are network points of entry associated with an interface address and port number that grant access to a specific TCP or UDP service.

Listeners add extra flexibility and configurability to each AXIGEN service as they can be used to grant differentiated access to the same services for different categories of users (e.g users within a specific domain). Moreover, listeners can be associated with a variety of rules that allow defining specific limitations for connections coming from IPs within specified IP sets.

Listeners can be defined, using various parameters corresponding to that TCP service, from the configuration file (as of type "TcpListener" OBJECT-SET) or through WebAdmin (the web configuration interface). UDP service listeners have fewer parameters associated as connection related parameters do not apply to them.

For more information, please check the following pages:

• Listeners • Access and Flow Control Rules

362




9.12.1. Listeners

In AXIGEN, it is possible to configure TCP listeners for all TCP services: SMTP Receiving, POP3, IMAP, WebMail, WebAdmin, FTP Back-up&Restore, and CLI.

To access listener configuration in WebAdmin, first click on the service tab (SMTP Receiving, POP3, IMAP, WebMail, WebAdmin, FTP Back-up&Restore or CLI). A list of the already defined listeners (if any) will be displayed under the dedicated section Listeners, sorted by their IP addresses.

Editing one of the existing listeners will result in accessing two configuration pages: General and SSL Settings. The same pages will also be displayed when hitting the Add Listener button and choosing the Advanced Config option.

Example: SMTP Receiving listeners

No matter if you are adding or editing a listener, no matter on what service tab you are on, the same parameters are available in two dedicated pages: General and SSL Settings.

9.12.1.1. Configuring General Parameters

The General page enables system administrators to set a list of general parameters relative to the listener being configured such as the listener bind address, connection parameters, access control rules.

General settings

363




To enable the currently configured listener check the box in front of the Enable this listener option. To edit or specify the listener address use the IP related text boxes. Listeners are uniquely identified by their address attribute. Two or more listeners cannot have the same address value - only the first object correctly defined is considered. This will be the IP address followed by a colon and the port number.

Flow control

Within the Flow Control section you can enforce global access limitations to this listener by setting the maximum number of: simultaneous connections, concurrent connections from each remote IP address, new connections made in a defined time interval and connections from each remote IP address in a defined time interval. The default time interval is set to 1 minute. Use the up and down arrows and drop-drown menus to specify the necessary parameters and time values.

Note: • You can also set up Flow Control for specific IP sets by creating Access Rules for this listener.

Access Control

Under Access Control you can define simple access lists to restrict the access to this service trough the defined listener. By clicking the Add Rule button addresses can be entered in a Network/Mask, Single IP address or IP Range format and the actions that can be taken are Allow and Deny.

Further use the up and down arrows (next to the Delete button) to set priorities between the rules and click the Flow Control button in order to enforce global access limitations to the rule, using the same options as the ones described in the above section. All defined listeners

364




have created by default a rule allowing any IP address if no other rules match Service Rules.

Note: • Listener level access rules will override for this listener any existing global access rules and service access rules.

Other settings

An inactivity period threshold can be defined for connections made to this listener to ensure that unused resources will be free and used to provide access for other clients. Check the box in front of the option under Other and then use the up and down arrows and drop-down menu to specify the time limit.

For a general description of listeners and their usage in AXIGEN see the Listeners sub-section in the Architecture chapter.

9.12.1.2. SSL Parameters for Listeners

For each TCP listener created you can enable SSL support and further configure SSL settings using the SSL Settings page. AXIGEN implements OpenSSL compliant SSL settings for all TCP listeners.

SSL configuration

This context allows you to configure the SSL settings for this listener. To enable the SSL on the configured listener check the box in front of the Enable SSL for this listener option.

Use the checkboxes available under the Allow the following SSL versions section to specify the SSL versions to be used by AXIGEN Mail Server. Possible values are: SSL2, SSL3 and TLS1. While SSL 3 and TLS1 are the most recent versions you can use any combination of these you may find useful. All three versions are enabled by default.

Path to certificate file/authorities For all SSL / TLS connections a certificate file (containing the certificate chain used for the current listener) is a mandatory field that must be addressed with the use of the Path to certificate file attribute. The certificate chain refers to a chain of intermediate certificate issuers, that is, Certificate Authority certificates that are followed while verifying the remote server certificate.

365




By default, on all supported operating systems and platforms AXIGEN's initscript will create, at first run, a self-signed certificate automatically saved in the data directory with the axigen_cert.pem name.

If you have another certificate file, provided by an authority, you can enter the path to this certificate and also provide the Path to certificate authorities. AXIGEN must be able to access these locations.

Additional attributes such as the Path to DH (Diffie-Hellman) parameter, Max chain verification depth, Cipher suite, Ephemeral Key and certificate-based authentication requests can be used for more specific implementations.

Use the Path to DH (Diffie-Hellman) parameter file to specify the path in local file system to the file containing the (OpenSSL) Diffie-Hellman parameter used by this listener. If keyword value "none" is used no file will be used. The Diffie-Hellman key agreement protocol (also called exponential key agreement) allows two users to exchange a secret key over an insecure medium without any prior secrets. Find more information about this protocol and how to configure this protocol, on the RSA Laboratories website.

Use the Max. chain verification depth field to specify the depth of verification for the certificate chain. The depth refers the maximum number of intermediate certificate issuers i.e. the maximum number of CA certificates which are allowed to be followed when verifying the remote server certificate. For instance, a depth of 1 means the remote server certificate can be self-signed or has to be signed by a CA which is directly known to the server. The default value of 4 means that 4 intermediate certificate issuers are accepted.

AXIGEN implements cipher suites active in OpenSSL, except for idea, rc5 and mdc2. Click here to see the corresponding OpenSSL documentation file listing ciphers and their OpenSSL equivalents.

Tick the Use ephemeral key check-box to specify whether ephemeral keys should be used or not. This option allows generating ephemeral keys which actually transform all keys exchanged during one connection session into ephemeral keys (valid only for the current connection).

Use the Request certificate-based authentication from client option to specify if client certificate-based authentication should be requested or not.


366



http://www.rsa.com/rsalabs/node.asp?id=2248

http://www.axigen.com/usr/images/new/ciphers.txt


9.12.2. Access and Flow Control Rules

For each TCP service you can define Access and Flow Control rules to impose limitations on accepted connections. Configuration parameters are identical for all TCP services.

Example: Access Control rules for the SMTP Receiving module

Service Level Use the options under Service Level to specify a set of rules for allowing specific IP addresses on the currently configured service. To edit/delete any of the already defined rules hit their corresponding Edit or Delete buttons, on the right hand side of the listener. To add a new rule use the Add Rule button.

Editing or adding a new rule will result in displaying the same configuration fields: the action to be taken for connections made through the configured parameter (choose between allowing or denying them the access) and the type of the connections the specified action will apply to (connections from single IP, an entire IP range, or Network/Mask).

Use the drop-down menus to select the allowed/denied connections and fill in the corresponding IP values. To enable the newly-configured rule check the box in front of the Enable this rule option, then hit the Save rule button.

Further use the up and down arrows (next to the Delete button) to set priorities between the rules and click the Flow Control button in order to enforce global access limitations to the rule, using the same options as the ones described in the section below. All TCP services have created by default a rule allowing any IP address.

367




Flow Control

Within the Flow Control section you can enforce global access limitations to this listener by setting the maximum number of: simultaneous connections, concurrent connections from each remote IP address, new connections to the listener made in a defined time period and maximum connections from each remote IP address in a defined time interval. The default time interval is set to 1 minute.

Use the up and down arrows and drop-down menus to specify the desired parameters and values.

Note: You can also find the same configuration options in the Access Control section of the Configuring General Parameters page; the first out of the two pages available when wishing to make the editing or the advanced configuration of a listener.

After making the configurations hit the Save Configuration button to preserve your changes.

368




Chapter 10. Configuring AXIGEN using CLI The Command Line Interface (in short CLI) is an interface for configuring AXIGEN remotely. In order to do that, a socket will listen on a specified address for connections, thus the commands can be issued using common tools such as Telnet, Netcat, etc.

Service Description CLI is for AXIGEN another service, more precisely a TCP service, just like SMTP, IMAP, POP3, etc. The CLI service can be configured in its turn similarly to the other services, either by editing the configuration files or by using the remote configuration tools like CLI and WebAdmin. It has common parameters such as maxErrors, logLevel, etc. and also a list of listeners for configuring incoming connections.

The connection to the service must be authenticated using the default ‘admin’ username and the password previously set for it. For more details on how to set the admin password using the AXIGEN Configuration Wizard see this section. For details on how to set the admin password manually, please read this section. See Connecting to CLI for a detailed login procedure.

CLI is structured in contexts, each of them including a specific set of commands. CLI also uses a common set of commands. Each context provides commands allowing switching to the previous and next context and a HELP command to view the available commands at that specific location. When connected, the login context is activated and an username and password must be provided; after activation, the initial context becomes active. The initial context is the only one not having a name in the command prompt.

Commands are not case sensitive, meaning that you can enter HELP, help, Help, HeLP, it will still mean HELP. Also, when you need to assign values to parameters of certain commands, these values can be entered in 3 ways:

1. escaped 2. quoted 3. double quoted.

This is useful when entering regular expressions and spaces and is very similar to the way the strings are entered in unix bash.

1. escaped string: in this form, the string cannot contain not printable characters, and the characters that must be escaped with a backslash are: spaces, quotes and double-quotes.

2. quoted string: (e.g.: 'something') in this form, the string will preserve the literal value of each character within the quotes. A single quote may not occur between single quotes, even when preceded by a backslash

3. double quoted string: (e.g. "something"): in this form, the string will behave just like in the escaped form, ignoring the backslash before any character. The difference is that all the characters, including non-printables, are accepted and that the spaces and single quotes need not be escaped.

In the escaped and double-quoted form, the backslash character must be escaped in order to have a backslash as a result. The CLI parent / child contexts follow the structure of the configuration file where some objects are children of other parent objects. In general, a context that uses COMMIT for saving changes is considered a parent and a context that uses DONE for saving changes is considered a child.

369




Contexts are, with a few exceptions, associated with configuration objects that appear in the config file.

The notion of key parameter-value pair is related to the primary key concept. It uniquely identifies an object in a list of objects. The key value cannot be changed if the context was created using an ADD command.

The configuration contexts corresponding config objects (like server, all services, etc.) update only when entering and leaving the respective context and when one of the reset commands is issued. Thus, if anything is changed using another version of CLI or WEBADMIN, the change will be present only when leaving and entering the context again or after a reset command is issued.

When leaving the context using COMMIT and the commit fails, update of the context is NOT performed. This happens because any modifications made before commit would be lost. As a result, invalid settings may appear to exist in config. If you want to reset the configuration for that context, issue a CANCEL or a RESET command.

Any changes made to a TCP service like: CLI, WEBMAIL, WEBADMIN, etc. affect only new connections to that service and not the active ones.

The sub-sections of this chapter contain the following:

• Special Contexts - the most important contexts in CLI are explained • Common commands - commands used in all AXIGEN contexts • Context Specific Commands - a list of all contexts and commands available in CLI

you can use for reference to see all the different operations you can perform using CLI

Important! Within all CLI contexts and commands, the term "Script Filters" refers to Message rules, "Socket Filters" refers to Antivirus/Antispam Filters, while "SMTP Filters" generically defines Message Acceptance, Processing and Relay Policies.

10.1. Special Contexts

The action of each command may differ in specific contexts that represent exceptions to the general behavior. As said before, some contexts have additional commands that have an exceptional character. Thus a detailed overview of each context is presented below.

Login Context prompt: <login> parent: none

The login context is used only for authentication and has the following commands: HELP, USER, EXIT/QUIT, SET. The USER command usage is USER <username>.

This context is associated with the maxAuthErrors config parameter: when this parameter is exceeded, the connection is closed; the maxAuthCommands parameter also applies to this context: if the number of commands issued is greater (with or without error), the connection is closed.

In this context, global options can be set. The CONSOLE-CODES option allows console codes used for colors to be turned on/off. The QUIET option, if set to on, will display in all contexts and with all commands only the minimum amount of text needed to present the information, thus making the output script friendly.

370




WARNING: If the CONSOLE_CODES option is set to off, the password will also be visible in the command line (not applicable if connecting through a script).

Initial Context prompt: <#> parent: none

The initial context is the starting point of configuring the server. Here, several actions can be started: domain configuration (including accounts and lists), server configuration and also reports can be viewed. Also, the Commands context is accessible from here where some commands can be issued to the server.

This context does not have COMMIT/DONE or CANCEL commands because it is the first context. It neither has SHOW without parameters because it is not related to any config object.

From the Initial context, we can access the REPORTING, MIGRATION and COMMANDS contexts which are detailed below. The LIST DOMAINDATA command is here because a domain database location must be provided when adding a domain.

The ADD DOMAIN command, takes 2 parameter-value pairs, one for setting the domain name and one for specifying in which domain database location the domain should be created.

Reporting Context prompt: <reporting#> parent: Initial

This context is for viewing various reports for the server. It has the BACK command for switching back to the Initial context but does not have COMMIT/DONE because it is a read-only context.

The commands available are: VIEW CONTORS with a parameter of all, others and domain. If domain is the parameter, a value must be specified, that is, a list of domains separated by '+'. The list must be in double quoted format. Another command is VIEW QUEUE which displays a snapshot of the mail queue and information on the emails in processing stage.

The VIEW CONTORS domain command, makes a sum of all counter of the domains given as parameters. If a domain does not exist, it will not be counted in the sum. This means, to an extent, that if the list is made of one or more domains that do not exist, the list will show for all counters, a value of 0.

Server Context prompt: <server#> parent: Initial

The server context is where the server configuration is started. It has commands for entering the configuration context of every service for configuring filters and domain database locations, etc.

It has the common commands CANCEL, COMMIT, HELP, QUIT/EXIT, and SHOW. The SHOW command will show the value parameters of the server like services, primaryDomain, etc. In the case of the services parameter, it will show the services started but it is updated only when the server context is entered or left with commit or cancel. So if a service was stopped while in the server context, it will not show up stopped.

371




The SET command, will set the one or more param-value pairs that are given as parameters. In the case of the services value parameter, it will stop or start the services only when COMMIT is issued. If CLI is removed from the list of services, it will be stopped at COMMIT but it will show up as started when SHOW is issued.

The ADD FILTER command, takes 3 parameter-value pairs because the respective values are required.

The commands for configuring the services are CONFIG <SERVICE_NAME> and the context will switch to the one corresponding to that specific service.

From this context domains database locations can be managed. Thus there are functions to LIST, ADD, REMOVE, CREATE and DESTROY a domain database location. Before a location can be added, it must be created, otherwise the commit command will fail and no location will be added. The CREATE command, aside from the path, takes an additional parameter: an unique id that has to be from 0 to 255. It is impossible to add two locations with the same id on the server's list.

Commands Context prompt: <commands#> parent: Initial

The Commands context is a special context that allows the remote administrator to issue commands to the server. It has two sub-contexts, the Server and Storage contexts that will be described below.

Directly from the Commands context, the password for the CLI and WebAdmin sessions can be changed and the two sub-contexts can be entered.

As in the case of MIGRATION and REPORTING contexts, the COMMANDS context has the BACK command for switching back to the Initial context and does not have COMMIT/DONE commands.

Commands-Server Context prompt: <commands-server#> parent: Commands

The Server sub-context is used to issue server-related commands to AXIGEN. There is a command for trying to force all mail in the queue to be processed and/or sent, regardless of their rescheduled time. This command is FORCE QUEUE.

The command SAVE CONFIG, saves the configuration. If no parameter is given, it will be saved in the default location. If a path parameter is given, it will be saved in that location but for security reasons, a suffix will be added to the file. The SHOW CONFIG command will dump the configuration as it is written in the config file. This command is also available from the Initial and Initial-Server contexts.

The START/STOP service command will start/stop a service immediately without the need for COMMIT command as in the case where services are modified from the Initial-Server context.

Commands-Storage Context prompt: <commands-storage#> parent: Commands

This context allows several operations with the AXIGEN Storage System. The storage system is composed of Message Containers, where messages for a certain domain are kept.

372




The operations available are LIST containers, CHECK container, COMPACT container, LOCK container and UNLOCK container.

The LIST container command takes as parameter the domain name and lists all message containers available for that domain.

The LOCK and UNLOCK container commands, as their names suggest, lock and unlock the container given as parameter, meaning respectively that messages can or cannot be stored. These commands are useful when a snapshot of the container needs to be saved.

The CHECK container command, starts a check on the structure of a certain container. After a check is started, the status can be seen by issuing the LIST containers command.

The COMPACT container command, will start a defragmentation of the specified container and, similarly to CHECK, issuing the LIST command will show the status of the container.

The optional parameter priority, if set to high, will increase the speed of that operation but the container will be unavailable to any service, even for reading. The default value is low.

Migration Context prompt: <migration#> parent: Initial

The Migration context, allows messages to be migrated from other servers to AXIGEN. The common commands are the same as in the case of REPORTING and COMMANDS and it has one command with many parameters for migration.

The MIGRATE command will migrate all emails from an account on a remote server using the IMAP protocol. The migration is completed when the entire directory structure is migrated.

The mandatory domain and account parameters, will identify an account into which the messages will be migrated. The remoteHost, remotePort, remoteUser and remotePass parameters are self explanatory.

All the optional parameters have the default value of no. A complete list of commands available in each AXIGEN context is available in the CLI Context Specific Commands page.

10.2. Common commands The following commands are common to a subset of contexts: HELP, QUIT, EXIT, CANCEL, BACK, COMMIT|DONE, SHOW, LIST, SET, ADD, REMOVE, UPDATE, CONFIG, RESET.

Some of the commands described below apply only to a set of contexts, others apply to all contexts, and others have different flavors according to certain contexts. Below are listed only the common and most important commands used in CLI, but other commands are also available.

• HELP - the help command is present in all contexts, including Login and is used for displaying a list of available commands in that context

• QUIT - this command exits CLI. It is available from all contexts • EXIT - the same as QUIT • BACK - this command, cancels any changes (where it applies) and switches back to

the previous context. This is available from every context except Login and Initial. • COMMIT - this command saves the changes and also writes these changes to the

server configuration. This also includes the changes done in child contexts and saved with DONE. A switch back to the previous context is also done.

373




• DONE - this command saves the changes for a child context and switches back to the previous context but does not write anything to the server's configuration.

• SHOW - the SHOW command has two flavors, one without parameters, and in this case, the value parameters (that means not the children or child lists) are shown, and one with parameters, in this case, the value parameters of a child from a child list are shown. In both cases, there is an optional ATTR parameter which, if present, will only show the specified attribute.

• LIST - this command lists the members of a given child list in the form of a table. If the list has a separate context, some parameters are put in the table, otherwise all value parameters are present.

• SET - the SET command sets a value for a specified value parameter of the given object associated with the context (if there is one). To the SET command, one or several parameter-value pair can be given.

• ESET - the ESET command (SET Extended) enters a new context in which large amounts of data can be entered. The context can be left with <empty line> <.> <empty line>, the same as in the case of the SMTP protocol. This command is useful for parameters that require large amounts of text.

• ADD - This command has several flavors. The simplest one is for adding values to a value list. In this case, the parameter is the name of the value list and a value (for instance ADD nameserver ip). Another form is used to add objects to list of objects. This form has three versions: one that takes the list and the key parameter-value pair of the object and changes the context; another that is the same except it takes additional required parameter-value pairs; and one that takes the key param-value pair and other optional pairs and doesn't change context but directly adds the object to the list.

• UPDATE - This command changes an object from a list of objects. It is similar to add, except it does not apply to value lists.

• REMOVE - This usually takes as parameters the list name, and key param-value pair for object lists, and list name and value for value lists and as the name suggests, removes an object from a list. It does not change the context.

• CONFIG - The config command changes the context for configuring a child object. A child object is different form a list by the fact that it is a single object and it exists permanently. A list may have one, none or several objects.

• RESET - The RESET command will update the context to the active one on the server. This also means that any changes made to that part of the context will be lost. The reset command, depending on the parameter, will reset the value attributes, or a list of objects or values.

• ENTER - This command, changes a context, entering a sub-context. This usually applies to contexts unrelated to the object-child object configuration hierarchy.

The action of each command may differ in specific contexts that represent exceptions to the general behavior. As said before, some contexts have additional commands that have an exceptional character. Thus a detailed overview of each context is presented in the Special Contexts section.

10.3. Connecting to CLI To connect to AXIGEN command line interface (CLI), after installing AXIGEN with its default settings, please enter in your terminal, while logged as root: [root@example ~]# telnet 127.0.0.1 7000

In order to be able to connect to AXIGEN CLI, you should enable the CLI listener and connect to the correct IP:port address. You can verify the CLI listeners using the CLI > Listeners page in WebAdmin.

374




You should see a welcome message similar to the one below: Connected to <hostname> (127.0.0.1).

Escape character is '^]'.

Welcome to AXIGEN's Command Line Interface

You must login first. For a list of available commands, type HELP

<login>

Enter the username (admin) and password set in WebAdmin, for instance. A list of commands available in different contexts and sub-contexts of AXIGEN command-line interface is included in CLI Commands section.

10.4. Troubleshoot the CLI Connection If you cannot connect to CLI, please check if:

• You have enabled the CLI service (open the Server>Global Settings page in WebAdmin, for instance, CLI is enabled in the Running Services area)

• You have correctly configured the CLI listener (the list with the listeners currently defined in AXIGEN can be found in the CLI > Listeners page in WebAdmin; check if your listener is enabled);

• You’re connecting using the correct username: for the current version, please use the “admin” username and the password you have previously configured using WebAdmin and CLI.

10.5. Context Specific Commands This section lists all CLI contexts and their specific commands, as displayed in the Command Line Interface. You may use this list as reference to find out what operations you can perform using CLI.

Important! • All time attributes (timeouts and time intervals) are specified in seconds. • All data sizes are specified in KB.

Login Context <login> The commands available for the Login context are:

HELP - prints this help message EXIT/QUIT - exits CLI and closes connection to AXIGEN USER <user> - CLI username, (in this version only "admin" username is implemented) GET VERSION - gets the AXIGEN version SET CONSOLE-CODES on|off - sets the color and other console codes on/off SET QUIET off|on - enables/disables detailed information SHOW - shows the options for this context

Initial Context <#> The commands available for the Initial context are:

EXIT/QUIT - exits CLI and closes connection to AXIGEN HELP - prints this help message LIST Domains [wildcard (ex: domain*)] - lists the domains of this server

375




LIST Requests - lists the requests made for domain reqistration CLEAR Requests - clear the list of requests not pending SAVE CONFIG [<path>] - saves the server's running configuration (a suffix will be added) CONFIG SERVER - enters the Server context ENTER REPORTING - enters the Reporting context ENTER MIGRATION - enters the Migration context ENTER COMMANDS - enters the Commands context ENTER DEBUG - enters the Debug context CREATE Domain name <name> domainLocation <path> postmasterPasswd <pass> - creates a domain (changes context) REGISTER Domain domainLocation <path> - registers a domain to the server (changes context) UNREGISTER Domain name <domainName> - unregisters a domain from the server UPDATE Domain name <domainName> - updates a domain from the server (changes context) SHOW Domain name <domainName> [ATTR <param>] - shows the given domain

Server Context <server#>

The commands available for the Server context are:

EXIT/QUIT - exits CLI and closes connection to AXIGEN HELP - prints this help message BACK - cancels any changes made and switches back to the previous context COMMIT - commits the changes made in this context SHOW [ATTR <param>] - shows information about this context SAVE CONFIG [<path>] - saves the server's running configuration (a suffix will be added) SET [services (list of services)] - sets the services for the server SET [primaryDomain <name>] - sets the server's primary domain SET [sslRandomFile <file>] - sets file for entropy data used when generating random RESET - resets the service to the currently active configuration CONFIG LOG - enters the Log context CONFIG CLI - enters the CLI context CONFIG SMTP-INCOMING - enters the SMTP-Incoming context CONFIG SMTP-OUTGOING - enters the SMTP-Outgoing context CONFIG PROCESSING - enters the Processing context CONFIG POP3 - enters the POP3 context CONFIG IMAP - enters the IMAP context CONFIG WEBMAIL - enters the Webmail context CONFIG WEBADMIN - enters the Webadmin context CONFIG FTP-BACKUP - enters the FTP-Backup context CONFIG DNR - enters the DNR context CONFIG REPORT - enters the Report context

CONFIG FILTERS - enters the Filters context

376




CLI Context <server-cli#>

The commands available for the CLI context are:

EXIT/QUIT - exits CLI and closes connection to AXIGEN HELP - prints this help message BACK - cancels any changes made and switches back to the previous context COMMIT - commits the changes made in this context SHOW [ATTR <param>] - shows information about this context LIST Listeners - lists available listeners SET [maxErrors <maxErrors>] - sets max no. of wrong commands SET [maxAuthErrors <maxErrors>] - sets max no. of failed authentications SET [maxAuthCommands <maxCmds>] - sets max no. of commands that can be issued before authentication SET [maxConnThreads <maxThreads>] - sets max no. of threads handling the conn. SET [minConnThreads <minThreads>] - sets min no. of threads handling the conn. SET [logLevel <level>] - sets the service's logging level SET [logType <type>] - sets the service's logging type SET [logHost <host>] - sets the service's remote logging host RESET - resets the service to the currently active configuration ADD Listener address <address> - adds a listener to the service (changes context) UPDATE Listener address <address> - updates a listener from the service (changes context) REMOVE Listener address <address> - removes a listener from the service SHOW Listener address <address> [ATTR <param>] - shows the given listener

Listener context <server-(service_name)-listener#>

The commands available for the Listener context are:

EXIT/QUIT - exits CLI and closes connection to AXIGEN HELP - prints this help message BACK - cancels any changes made and switches back to the previous context COMMIT - commits the changes made in this context SHOW [ATTR <param>] - shows information about this context LIST AllowRules - lists the allow rules for this listener LIST DenyRules - lists the deny rules for this listener SET [address <address>] - sets the listener's address - only usable in an UPDATE operation SET [enable <yes|no>] - enable/disable the listener SET [maxConnections <maxConn>] - sets max number of connections SET [timeInterval <interval>] - sets the time interval SET [maxIntervalConnections <interval>] - sets max connections in time interval SET [peerMaxConnections <maxConnr>] - sets sets max connections no. from a single host SET [peerTimeInterval <interval>] - sets the time interval - single host SET [peerMaxIntervalConnections <interval>] - sets max connections in time interval - single host

377




SET [idleTimeout <timeout>] - sets the inactivity timeout SET [sslEnable <yes|no>] - enable/disable SSL on the listener CONFIG SSLCONTROL - enters the SslControl context ADD DenyRule ipSet <ipRange> [enable <yes|no>] [priority <priority>] - adds a deny rule to the listener(changes context) UPDATE DenyRule ipSet <ipRange> [enable <yes|no>] [priority <priority>] - updates a deny rule from the listener(changes context) REMOVE DenyRule ipSet <ipRange> - removes a deny rule from the listener SHOW DenyRule ipSet <ipRange> - shows the given rule ADD AllowRule ipSet <ipRange> - adds an allow rule to the listener(changes context) UPDATE AllowRule ipSet <ipRange> - updates an allow rule from the listener(changes context) REMOVE AllowRule ipSet <ipRange> - removes an allow rule from the listener SHOW AllowRule ipSet <ipRange> - shows the given rule

Allow Rule Context <server-(service_name)-listener-allowrule#>

The commands available for the AllowRule context are:

EXIT/QUIT - exits CLI and closes connection to AXIGEN HELP - prints this help message BACK - cancels any changes made and switches back to the previous context DONE - saves the changes and switches back to previous context SHOW [ATTR <param>] - shows information about this context SET [ipSet <ipSet>] - sets the ipSet parameter - only usable in an UPDATE operation SET [enable <yes|no>] - enable/disable the rule SET [priority <priority>] - sets the rule's priority SET [maxConnections <maxConn>] - sets max number of connections SET [timeInterval <interval>] - sets the time interval SET [maxIntervalConnections <interval>] - sets max connections in time interval SET [peerMaxConnections <maxConnr>] - sets sets max connections no. from a single host SET [peerTimeInterval <interval>] - sets the time interval - single host SET [peerMaxIntervalConnections <interval>] - sets max connections in time interval - single host

SSL Control Context <server-(service_name)-listener-sslcontrol#> The commands available for the SSLControl context are:

EXIT/QUIT - exits CLI and closes connection to AXIGEN HELP - prints this help message BACK - cancels any changes made and switches back to the previous context DONE - saves the changes and switches back to previous context SHOW [ATTR <param>] - shows information about this context SET [allowedVersions (version list)] - sets SSL versions allowed SET [maxChainDepth <maxDepth>] - sets max depth of verification SET [chipherSuite <chipher>] - sets the chipher suite to be used

378




SET [useEphemeralKey <yes|no>] - use/not use ephemeral keys SET [certFile <file>] - sets path for certification chain file SET [caFile <file>] - sets path for certificate authorities file SET [dhParamFile <file>] - sets path to Diffie-Hellman param file SET [requestClientAuth <yes|no>] - request/not request client authentication

Log Context <server-log#>

The commands available for the Log context are:

EXIT/QUIT - exits CLI and closes connection to AXIGEN HELP - prints this help message BACK - cancels any changes made and switches back to the previous context COMMIT - commits the changes made in this context SHOW [ATTR <param>] - shows information about this context LIST Listeners - lists available listeners LIST Rules - lists rules SET [logLevel <level>] - sets the service's logging level SET [logType <type>] - sets the service's logging type SET [logHost <host>] - sets the service's remote logging host RESET - resets the service to the currently active configuration ADD Listener address <address> - adds a listener to the service (changes context) UPDATE Listener address <address> - updates a listener from the service (changes context) REMOVE Listener address <address> - removes a listener from the service SHOW Listener address <address> [ATTR <param>] - shows the given listener ADD Rule priority <priority> - adds a rule (changes context) UPDATE Rule priority <priority> - updates a rule (changes context) REMOVE Rule priority <priority> - removes a rule SHOW Rule priority <priority> [ATTR <param>] - shows the given rule

Rule Context <server-log-rule#> The commands available for the Rule context are:

EXIT/QUIT - exits CLI and closes connection to AXIGEN HELP - prints this help message BACK - cancels any changes made and switches back to the previous context DONE - saves the changes and switches back to previous context SHOW [ATTR <param>] - shows information about this context SET [priority <priority>] - sets the rule's priority - only usable in an UPDATE operation SET [hostname <hostname>] - sets hostname of the user of this rule SET [module <module>] - sets module of the user of this rule SET [logLevel <level>] - sets the log level SET [fileName <name>] - sets the name of the destination file SET [fileSize <size>] - sets the maximum duration the destination file is used in seconds

379




SET [fileTime <time>] - sets the maximum duration the destination file is used in seconds SET [fileCount <count>] - sets the maximum number of old (saved) files kept SET [rotatePeriod <period>] - sets the period after which a file change is forced (choice:day|week|month)

SMTP-Incoming Contxt <server-smtpIncoming#>

The commands available for the SMTP-Incoming context are:

EXIT/QUIT - exits CLI and closes connection to AXIGEN HELP - prints this help message BACK - cancels any changes made and switches back to the previous context COMMIT - commits the changes made in this context SHOW [ATTR <param>] - shows information about this context LIST Listeners - lists available listeners SET [maxErrors <maxErrors>] - sets max no. of wrong commands SET [maxAuthErrors <maxErrors>] - sets max no. of failed authentications SET [maxConnThreads <maxThreads>] - sets max no. of threads handling the conn. SET [minConnThreads <minThreads>] - sets min no. of threads handling the conn. SET [logLevel <level>] - sets the service's logging level SET [logType <type>] - sets the service's logging type SET [logHost <host>] - sets the service's remote logging host SET [maxReceivedHeaders <maxHeaders>] - sets max no. of received headers for a mail RESET - resets the service to the currently active configuration ADD Listener address <address> - adds a listener to the service (changes context) UPDATE Listener address <address> - updates a listener from the service (changes context) REMOVE Listener address <address> - removes a listener from the service SHOW Listener address <address> [ATTR <param>] - shows the given listener

SMTP-Outgoing Context <server-smtpOutgoing#>

The commands available for the SMTP-Outgoing context are:

EXIT/QUIT - exits CLI and closes connection to AXIGEN HELP - prints this help message BACK - cancels any changes made and switches back to the previous context COMMIT - commits the changes made in this context SHOW [ATTR <param>] - shows information about this context SET [maxConnThreads <maxThreads>] - sets max no. of threads handling the conn. SET [minConnThreads <minThreads>] - sets min no. of threads handling the conn. SET [logLevel <level>] - sets the service's logging level SET [logType <type>] - sets the service's logging type SET [logHost <host>] - sets the service's remote logging host RESET - resets the service to the currently active configuration

380




Processing Context <server-processing#>

The commands available for the Processing context are:

EXIT/QUIT - exits CLI and closes connection to AXIGEN HELP - prints this help message BACK - cancels any changes made and switches back to the previous context COMMIT - commits the changes made in this context SHOW [ATTR <param>] - shows information about this context SET [maxSchedInterval <maxInterval>] - sets max interval for rescheduling a mail SET [schedInterval <interval>] - sets interval for rescheduling queue checking SET [maxRetryCount <count>] - sets max no. of times for trying to deliver SET [queuePath <path>] - sets path to internal server queue SET [queueEntryCount <count>] - sets upper limit for no. of subdirectories in queue SET [deliveryThreads <threads>] - sets no. of threads handling SMTP delivery SET [logLevel <level>] - sets the service's logging level SET [logType <type>] - sets the service's logging type SET [logHost <host>] - sets the service's remote logging host SET [procQueueSize <size>] - sets the size of internal processing queue SET [messagesPerSecond <no>] - sets the maximum number of messages a mail box can receive in one second SET [disableInterval <no>] - sets the time interval a mail box will be disabled if messagesPerSecond limit is exceded RESET - resets the service to the currently active configuration

POP3 Context <server-pop3#> The commands available for the POP3 context are:

EXIT/QUIT - exits CLI and closes connection to AXIGEN HELP - prints this help message BACK - cancels any changes made and switches back to the previous context COMMIT - commits the changes made in this context SHOW [ATTR <param>] - shows information about this context LIST Listeners - lists available listeners SET [maxErrors <maxErrors>] - sets max no. of wrong commands SET [maxAuthErrors <maxErrors>] - sets max no. of failed authentications SET [maxConnThreads <maxThreads>] - sets max no. of threads handling the conn. SET [minConnThreads <minThreads>] - sets min no. of threads handling the conn. SET [logLevel <level>] - sets the service's logging level SET [logType <type>] - sets the service's logging type SET [logHost <host>] - sets the service's remote logging host SET [allowStartTLS <yes|no>] - allow|not allow secure connections (STLS command) RESET - resets the service to the currently active configuration ADD Listener address <address> - adds a listener to the service (changes context)

381




UPDATE Listener address <address> - updates a listener from the service (changes context) REMOVE Listener address <address> - removes a listener from the service SHOW Listener address <address> [ATTR <name>] - shows the given listener

IMAP Context <server-imap#> The commands available for the IMAP context are:

EXIT/QUIT - exits CLI and closes connection to AXIGEN HELP - prints this help message BACK - cancels any changes made and switches back to the previous context COMMIT - commits the changes made in this context SHOW [ATTR <param>] - shows information about this context LIST Listeners - lists available listeners SET [maxErrors <maxErrors>] - sets max no. of wrong commands SET [maxAuthErrors <maxErrors>] - sets max no. of failed authentications SET [maxConnThreads <maxThreads>] - sets max no. of threads handling the conn. SET [minConnThreads <minThreads>] - sets min no. of threads handling the conn. SET [logLevel <level>] - sets the service's logging level SET [logType <type>] - sets the service's logging type SET [logHost <host>] - sets the service's remote logging host SET [allowStartTLS <yes|no>] - allow/not allow secure connections SET [secureConnAuthTypes <types>] - sets types of authentication on secure conn. SET [plainConnAuthTypes <types>] - sets types of authentication on plain conn. SET [secureConnAllowLogin <yes|no>] - allow/not allow plain text login on secure conn. SET [plainConnAllowLogin <yes|no>] - allow/not allow plain text login on plain conn. RESET - resets the service to the currently active configuration ADD Listener address <address> - adds a listener to the service (changes context) UPDATE Listener address <address> - updates a listener from the service (changes context) REMOVE Listener address <address> - removes a listener from the service SHOW Listener address <address> [ATTR <param>] - shows the given listener

Webmail Context <server-webmail#>

The commands available for the Webmail context are:

EXIT/QUIT - exits CLI and closes connection to AXIGEN HELP - prints this help message BACK - cancels any changes made and switches back to the previous context COMMIT - commits the changes made in this context SHOW [ATTR <param>] - shows information about this context LIST Listeners - lists available listeners LIST UrlRedirects - lists the rules used for secure login LIST HostNameResolvers - lists the hostname resolvers

382




SET [maxErrors <maxErrors>] - sets max no. of wrong commands SET [maxAuthErrors <maxErrors>] - sets max no. of failed authentications SET [maxConnThreads <maxThreads>] - sets max no. of threads handling the conn. SET [minConnThreads <minThreads>] - sets min no. of threads handling the conn. SET [logLevel <level>] - sets the service's logging level SET [logType <type>] - sets the service's logging type SET [logHost <host>] - sets the service's remote logging host SET [path <path>] - sets the location of HSP files SET [sessionIdleTimeout <timeout>] - sets the inactivity timeout SET [sessionActivityTimeout <timeout>] - sets maximum living time for a session SET [allowKeepAlive <yes|no>] - enables/disables persistent connection SET [allowLargeIncomingData <yes|no>] - enables/disables receiving incoming data after the limit is exceeded SET [httpHeadersMaxSize <size>] - sets the maximum allowed size for received HTTP headers SET [httpBodyMaxSize <size>] - sets the maximum allowed size for incoming HTTP body SET [uploadMaxSize <size>] - sets the maximum allowed size for incoming upload data SET [showDomainList <yes|no>] - enables/disables displaying domains list at user login RESET - resets the service to the currently active configuration ADD Listener address <address> - adds a listener to the service (changes context) UPDATE Listener address <address> - updates a listener from the service (changes context) REMOVE Listener address <address> - removes a listener from the service SHOW Listener address <address> [ATTR <param>] - shows the given listener ADD HostNameResolver host <host> domain <domain> UPDATE HostNameResolver host <host> domain <domain> REMOVE HostNameResolver host <host> ADD UrlRedirect address <address> port <port> host <host> UPDATE UrlRedirect address <address> [port <port>] [host <host>] REMOVE UrlRedirect address <address>

Webadmin Context <server-webadmin#> The commands available for the Webadmin context are:

EXIT/QUIT - exits CLI and closes connection to AXIGEN HELP - prints this help message BACK - cancels any changes made and switches back to the previous context COMMIT - commits the changes made in this context SHOW [ATTR <param>] - shows information about this context LIST Listeners - lists available listeners LIST UrlRedirects - lists the rules used for secure login SET [maxErrors <maxErrors>] - sets max no. of wrong commands SET [maxAuthErrors <maxErrors>] - sets max no. of failed authentications

383




SET [maxConnThreads <maxThreads>] - sets max no. of threads handling the conn. SET [minConnThreads <minThreads>] - sets min no. of threads handling the conn. SET [logLevel <level>] - sets the service's logging level SET [logType <type>] - sets the service's logging type SET [logHost <host>] - sets the service's remote logging host SET [path <path>] - sets the location of HSP files SET [sessionIdleTimeout <timeout>] - sets the inactivity timeout SET [sessionActivityTimeout <timeout>] - sets maximum living time for a session SET [allowKeepAlive <yes|no>] - enables/disables persistent connection SET [allowLargeIncomingData <yes|no>] - enables/disables receiving incoming data after the limit is exceeded SET [httpHeadersMaxSize <size>] - sets the maximum allowed size for received HTTP headers SET [httpBodyMaxSize <size>] - sets the maximum allowed size for incoming HTTP body SET [uploadMaxSize <size>] - sets the maximum allowed size for incoming upload data RESET - resets the service to the currently active configuration ADD Listener address <address> - adds a listener to the service (changes context) UPDATE Listener address <address> - updates a listener from the service (changes context) REMOVE Listener address <address> - removes a listener from the service SHOW Listener address <address> [ATTR <param>] - shows the given listener ADD UrlRedirect address <address> port <port> host <host> UPDATE UrlRedirect address <address> [port <port>] [host <host>] REMOVE UrlRedirect address <address>

FTP Backup Context <server-ftpBackup#>

The commands available for the FTP-Backup context are:

EXIT/QUIT - exits CLI and closes connection to AXIGEN HELP - prints this help message BACK - cancels any changes made and switches back to the previous context COMMIT - commits the changes made in this context SHOW [ATTR <param>] - shows information about this context LIST Listeners - lists available listeners SET [maxErrors <maxErrors>] - sets max no. of wrong commands SET [maxAuthErrors <maxErrors>] - sets max no. of failed authentications SET [maxConnThreads <maxThreads>] - sets max no. of threads handling the conn. SET [minConnThreads <minThreads>] - sets min no. of threads handling the conn. SET [logLevel <level>] - sets the service's logging level SET [logType <type>] - sets the service's logging type SET [logHost <host>] - sets the service's remote logging host RESET - resets the service to the currently active configuration ADD Listener address <address> - adds a listener to the service (changes context)

384




UPDATE Listener address <address> - updates a listener from the service (changes context) REMOVE Listener address <address> - removes a listener from the service SHOW Listener address <address> [ATTR <param>] - shows the given listener

DNR Context <server-dnr#>

The commands available for the DNR context are:

EXIT/QUIT - exits CLI and closes connection to AXIGEN HELP - prints this help message BACK - cancels any changes made and switches back to the previous context COMMIT - commits the changes made in this context SHOW [ATTR <param>] - shows information about this context LIST Nameservers - lists the nameservers SET [timeout <timeout>] - sets the timeout SET [retries <retries>] - sets the number of retries SET [cacheSize <cacheSize>] - sets the cache size SET [logLevel <level>] - sets the service's logging level SET [logType <type>] - sets the service's logging type SET [logHost <host>] - sets the service's remote logging host RESET - resets the service to the currently active configuration ADD Nameserver priority <priority> - adds a nameserver to the service (changes context) UPDATE Nameserver priority <priority> - updates a nameserver from the service (changes context) REMOVE Nameserver priority <priority> - removes a nameserver from the service SHOW Nameserver priority <priority> [ATTR <param>] - shows the given nameserver

Name Server Context <server-dnr-nameserver#>

The commands available for the NameServer context are: EXIT/QUIT - exits CLI and closes connection to AXIGEN HELP - prints this help message BACK - cancels any changes made and switches back to the previous context DONE - saves the changes and switches back to previous context SHOW [ATTR <param>] - shows information about this context SET [priority <priority>] - sets the priority of the nameserver SET [address <address>] - sets the IP of the nameserver SET [timeout <timeout>] - sets the timeout for first DNS query SET [retries <retries>] - sets the maximum number of DNS queries retries

Report Context <server-report#>

The commands available for the Report context are:

EXIT/QUIT - exits CLI and closes connection to AXIGEN HELP - prints this help message BACK - cancels any changes made and switches back to the previous context

385




COMMIT - commits the changes made in this context SHOW [ATTR <param>] - shows information about this context SET [logLevel <level>] - sets the service's logging level SET [logType <type>] - sets the service's logging type SET [logHost <host>] - sets the service's remote logging host RESET - resets the service to the currently active configuration

Filters Context <server-filters#>

The commands available for the Filters context are:

EXIT/QUIT - exits CLI and closes connection to AXIGEN HELP - prints this help message BACK - switches back to the previous context LIST ScriptFilters - lists the script filters defined LIST SocketFilters - lists the socket filters defined LIST ActiveFilters - lists the active filters LIST Filters - lists all three categories of filters ADD ScriptFilter name <name> file <file> - adds a script filter (changes context) UPDATE ScriptFilter name <name> - updates a script filter (changes context) REMOVE ScriptFilter name <name> - removes a script filter from the listener SHOW ScriptFilter name <name> [ATTR <param>] - shows the given script filter ADD SocketFilter name <name> address <addr> protocolFile <file> - adds a socket filter (changes context) UPDATE SocketFilter name <name> - updates a socket filter (changes context) REMOVE SocketFilter name <name> - removes a socket filter from the listener SHOW SocketFilter name <name> [ATTR <param>] - shows the given socket filter ADD ActiveFilter priority <no.> filterName <name> filterType <type> - adds an active filter to the active filter list (changes context) UPDATE ActiveFilter priority <no.> - updates a filter (changes context) REMOVE ActiveFilter priority <no.> - removes a filter from the active filter list SHOW ActiveFilter priority <no.> [ATTR <param>] - shows the given filter

Script Filters Context <server-filters-script#>

The commands available for the ScriptFilter context are:

EXIT/QUIT - exits CLI and closes connection to AXIGEN HELP - prints this help message BACK - cancels any changes made and switches back to the previous context DONE - saves the changes and switches back to previous context SHOW [ATTR <param>] - shows information about this context SET [name <name>] - sets the name of the filter - only usable in an UPDATE operation SET [type <type>] - sets the type of the script filter SET [file <path>] - sets the path to the file where the script is located

386




Socket Filter Context<server-filters-socket#>

The commands available for the SocketFilter context are:

EXIT/QUIT - exits CLI and closes connection to AXIGEN HELP - prints this help message BACK - cancels any changes made and switches back to the previous context DONE - saves the changes and switches back to previous context SHOW [ATTR <param>] - shows information about this context SET [name <name>] - sets the name of the filter - only usable in an UPDATE operation SET [address <addr>] - sets the address of the filter, used to communicate with the filter SET [protocolFile <path>] - sets the path to the ASFL file that describes the communication protocol SET [idleTimeout <timeout>] - sets the inactivity timeout of the connection (in seconds) SET [actionOnMatch <action>] - sets the action to be taken in case the filter matches an email SET [maxConnections <no.>] - sets the maximum numnber of connections that will be made to the filter

Active Filter Context <server-filters-active#>

The commands available for the ActiveFilter context are:

EXIT/QUIT - exits CLI and closes connection to AXIGEN HELP - prints this help message BACK - cancels any changes made and switches back to the previous context DONE - saves the changes and switches back to previous context SHOW [ATTR <param>] - shows information about this context SET [priority <priority>] - sets the priority of the filter - only usable in an UPDATE operation SET [filterName <name>] - sets the name of the filter as defined in the socket/script object sets SET [filterType <type>] - sets type of the filter (to which object set belongs) SET [applyOnRelay <yes|no>] - specifies if a relay message will be filterd with this filter

Domain Context <domain#>

Important! When creating domains, one message storage location is recommended for each predicted 20GB of message occupied storage space. For larger spaces, additional message storage locations should be created to correspond to the number of 20GB storages you need. You can add multiple message storage locations using CLI only within the domain creation context. After creating the domain, additional locations cannot be added. The command to create multiple message storage locations is as follows: ADD MessagesLocation <path>

The commands available for the Domain context are:


387




COMMIT - commits the changes made in this context SHOW [ATTR <param>] - shows information about this context LIST Aliases - lists aliases for current domain LIST Accounts [wildcard (ex: user*)] - lists accounts for current domain LIST Forwarders [wildcard (ex: user*)] - lists forwarders for current domain LIST FolderRcpts [wildcard (ex: user*)] - lists folder recipients for current domain LIST Lists [wildcard (ex: user*)] - lists mail lists for current domain SHOW RegistryInformation - shows registry information SET [name <name>] - sets the domain's name - only usable in an UPDATE operation SET [assignedIp <ip>] - sets the assigned ip SET [services (list of services)] - sets the services for this domain SET [showWebmailLogin <yes|no>] - enables/disables displaying this domain at Webmail login CONFIG MIGRATIONDATA - enters the migrationdata context CONFIG FILTERS - enters the filters context CONFIG PUBLIC-FOLDER - enters the Public Folder context CONFIG QUOTAS - enters the quotas context ADD Account name <name> passwd <passwd> - adds an account to the domain (changes context) UPDATE Account name <name> - updates an account from the domain (changes context) REMOVE Account name <name> - removes an account from the domain SHOW Account name <name> [ATTR <param>] - shows the given account ADD Forwarder name <name> - adds a forwarder to the domain (changes context) UPDATE Forwarder name <name> - updates a forwarder from the domain (changes context) REMOVE Forwarder name <name> - removes a forwarder from the domain SHOW Forwarder name <name> [ATTR <param>] - shows the given forwarder ADD FolderRcpt name <name> - adds a folder recipient to the domain (changes context) UPDATE FolderRcpt name <name> - updates a folder recipient from the domain (changes context) REMOVE FolderRcpt name <name> - removes a folder recipient from the domain SHOW FolderRcpt name <name> [ATTR <param>] - shows the given folder recipient ADD List name <listName> passwd <passwd> adminEmail <email> - adds a list to this domain changes context) UPDATE List name <listName> - updates a list from this domain (changes context) REMOVE List name <listName> - removes a list from this domain SHOW List name <listName> [ATTR <param>] - shows the given list ADD Alias <aliasName> - adds an alias for the domain REMOVE Alias <aliasName> - removes an alias from the domain

388




Fillters Context <parent_context-filters#>

The commands available for the Filters context are:

EXIT/QUIT - exits CLI and closes connection to AXIGEN HELP - prints this help message BACK - switches back to the previous context LIST ScriptFilters - lists the script filters defined LIST SocketFilters - lists the socket filters defined LIST ActiveFilters - lists the active filters LIST Filters - lists all three categories of filters ADD ScriptFilter name <name> file <file> - adds a script filter (changes context) UPDATE ScriptFilter name <name> - updates a script filter (changes context) REMOVE ScriptFilter name <name> - removes a script filter from the listener SHOW ScriptFilter name <name> [ATTR <param>] - shows the given script filter ADD SocketFilter name <name> address <addr> protocolFile <file> - adds a socket filter (changes context) UPDATE SocketFilter name <name> - updates a socket filter (changes context) REMOVE SocketFilter name <name> - removes a socket filter from the listener SHOW SocketFilter name <name> [ATTR <param>] - shows the given socket filter ADD ActiveFilter priority <no.> filterName <name> filterType <type> - adds an active filter to the active filter list (changes conte UPDATE ActiveFilter priority <no.> - updates a filter (changes context) REMOVE ActiveFilter priority <no.> - removes a filter from the active filter list SHOW ActiveFilter priority <no.> [ATTR <param>] - shows the given filter

Script Filter Context <parent_context-filters-script#>

The commands available for the ScriptFilter context are:

EXIT/QUIT - exits CLI and closes connection to AXIGEN HELP - prints this help message BACK - cancels any changes made and switches back to the previous context DONE - saves the changes and switches back to previous context SHOW [ATTR <param>] - shows information about this context SET [name <name>] - sets the name of the filter - only usable in an UPDATE operation SET [type <type>] - sets the type of the script filter SET [file <path>] - sets the path to the file where the script is located

SocketFilter Context /<parent_context-filters-socket#>

The commands available for the SocketFilter context are:

EXIT/QUIT - exits CLI and closes connection to AXIGEN HELP - prints this help message BACK - cancels any changes made and switches back to the previous context DONE - saves the changes and switches back to previous context SHOW [ATTR <param>] - shows information about this context

389




SET [name <name>] - sets the name of the filter - only usable in an UPDATE operation SET [address <addr>] - sets the address of the filter, used to communicate with the filter SET [protocolFile <path>] - sets the path to the ASFL file that describes the communication protocol SET [idleTimeout <timeout>] - sets the inactivity timeout of the connection (in seconds) SET [actionOnMatch <action>] - sets the action to be taken in case the filter matches an email SET [maxConnections <no.>] - sets the maximum numnber of connections that will be made to the filter

ActiveFilter Context <parent_context-filters-active#> The commands available for the ActiveFilter context are:

EXIT/QUIT - exits CLI and closes connection to AXIGEN HELP - prints this help message BACK - cancels any changes made and switches back to the previous context DONE - saves the changes and switches back to previous context SHOW [ATTR <param>] - shows information about this context SET [priority <priority>] - sets the priority of the filter - only usable in an UPDATE operation SET [filterName <name>] - sets the name of the filter as defined in the socket/script object sets SET [filterType <type>] - sets type of the filter (to which object set belongs)

Note: “parent_context” refers to any of the domain or account contexts.

Accounts Context <domain-account#>

The commands available for the Account context are:

EXIT/QUIT - exits CLI and closes connection to AXIGEN HELP - prints this help message BACK - cancels any changes made and switches back to the previous context COMMIT - commits the changes made in this context SHOW [ATTR <param>] - shows information about this context LIST Aliases - lists aliases for current account SHOW RegistryInformation - shows registry information SET [name <name>] - sets the account's name - only usable in an UPDATE operation SET [services (list of services)] - sets the services for this account SET [passwd <passwd>] - sets password for the account SET [firstName <firstName>] - sets the first name of the user SET [lastName <lastName>] - sets the last name of the user CONFIG WEBMAILDATA - enters the webmaildata context CONFIG FILTERS - enters the filters context CONFIG QUOTAS - enters the quotas context CONFIG LIMITS - enters the limits context SHOW ContactInfo [ATTR <param>] - shows the firstName and lastName parameters

390




ADD Alias <aliasName> - adds an alias for the account REMOVE Alias <aliasName> - removes an alias from the account

WebmailData Context <domain-account-webmaildata#> The commands available for the WebmailData context are:

EXIT/QUIT - exits CLI and closes connection to AXIGEN HELP - prints this help message BACK - cancels any changes made and switches back to the previous context DONE - saves the changes and switches back to previous context SHOW [ATTR <param>] - shows information about this context SET [skin <skin>] - sets the skin for webmail SET [pageSize <pageSize>] - sets page size SET [saveToSent <yes|no>] - sets keep a mail copy in "Sent" folder SET [deleteToTrash <yes|no>] - sets delete mail to trash SET [confirmMailDelete <yes|no>] - sets confirmation of mail delete SET [confirmFolderEmpty <yes|no>] - sets confirmation of empty folder SET [htmlFilterLevel <no.>] - sets the security level for a html mail body SET [signature <signature>] - sets the account's signature SET [language <language>] - sets the webmail's language

Quotas Context<domain-account-quotas#> The commands available for the Quotas context are:

EXIT/QUIT - exits CLI and closes connection to AXIGEN HELP - prints this help message BACK - cancels any changes made and switches back to the previous context DONE - saves the changes and switches back to previous context SHOW [ATTR <param>] - shows information about this context SET [mboxCount <count>] - sets the maximum number of folders SET [totalMessageCount <count>] - sets maximum number of messages in all folders SET [totalMessageSize <size>] - sets maximum size in KB of all messages in all folders SET [messageCount <count>] - sets default maximum number of messages in a folder SET [messageSize <size>] - sets default maximum size in KB of messages in a folder LIST Mboxes - list the available mboxes for this account SET MboxQuota mboxName <name> messageCount <count> messageSize <size> - sets quotas for a given mbox SHOW MboxQuota mboxName <name> - shows quotas for a given mbox

Limits Context<domain-account-limits#> help

The commands available for the Limits context are:


391




DONE - saves the changes and switches back to previous context SHOW [ATTR <param>] - shows information about this context SET [sentMessagesCount <count>] - max. no. of mails a user can send in a specified interval SET [sentMessagesSize <size>] - max. size of mails a user can send in a specified interval SET [sentMessagesInterval <interval>] - specified interval in seconds SET [pop3ConnectionCount <count>] – SET [imapConnectionCount <count>] – SET [webmailRCPTCount <count>] - max. no. of recipients for an email conposed using Webmail SET [webmailSessionCount <count>] - webmail sessions number limit for an account SET [webmailAttSize <size>] - sets the attachments number limit for a composed mail SET [webmailAttCount <count>] - sets the size limit for a mail (body + attachments) SET [webmailMessageSize <size>] - sets the Webmail sessions number limit

Forwarder Context <domain-forwarder#>

The commands available for the Forwarder context are:

EXIT/QUIT - exits CLI and closes connection to AXIGEN HELP - prints this help message BACK - cancels any changes made and switches back to the previous context COMMIT - commits the changes made in this context SHOW [ATTR <param>] - shows information about this context LIST Addresses - lists addresses for current forwarder SHOW RegistryInformation - shows registry information SET [name <name>] - sets the forwarder's name - only usable in an UPDATE operation SET [enabled <yes|no>] - enables/disables the forwarder CONFIG FILTERS - enters the filters context ADD Address <address> - adds an address for the forwarder REMOVE Address <address> - removes an address from the forwarder

Folder Recipient Context <domain-folderRcpt#> The commands available for the Folder Recipient context are:

EXIT/QUIT - exits CLI and closes connection to AXIGEN HELP - prints this help message BACK - cancels any changes made and switches back to the previous context COMMIT - commits the changes made in this context SHOW [ATTR <param>] - shows information about this context SHOW RegistryInformation - shows registry information SET [name <name>] - sets the folder recipient's name - only usable in an UPDATE operation SET [enabled <yes|no>] - enables/disables the folder recipient SET [mboxName <name>] - sets the mbox name of this folder recipient) CONFIG FILTERS - enters the filters context

392




Lists Context<domain-list#>

The commands available for the List context are:

EXIT/QUIT - exits CLI and closes connection to AXIGEN HELP - prints this help message BACK - cancels any changes made and switches back to the previous context COMMIT - commits the changes made in this context SHOW [ATTR <param>] - shows information about this context LIST Users - lists available users for this list LIST RemoveHeaders - shows the list of headers that will be removed from a mail SHOW RegistryInformation - shows registry information SET [name <name>] - sets the list's name - only usable in an UPDATE operation SET [services (list of services)] - sets the services enabled for this list SET [passwd <string>] - sets the list's mailbox access password SET [subscribeRcpt <rcpt>] - sets the RCPT used for subscription SET [unsubscribeRcpt <rcpt>] - sets the RCPT used for unsubscription SET [requestRcpt <rcpt>] - sets the RCPT used for making a request SET [enabledRcpts (choice set)] - sets the RCPTs enabled for this list SET [description <description>] - sets the description of the list SET [adminConfirm <yes|no>] - sets the adminConfirm parameter SET [senderAllow <choice>] - sets the senderAllow parameter SET [moderate <choice>] - sets the moderate parameter SET [ctypeAllow <choice>] - sets the ctypeAllow parameter SET [adminEmail <email>] - sets the email for the admin

The following parameters' value describe text that will be inserted in the mail:

ESET addHeader - sets the the headers that will be added to the mail - enters text context ESET bodyBegin - sets the text that will be inserted before the body - enters text context ESET bodyEnd - sets the text that will be added to the body to the mail - enters text context

The following parameters' value describe text that will be included in the NDR:

ESET unknownCommand - sets the descrition of the error in case of a unknown command - enters text context ESET invalidUserName - sets the descrition of the error in case of an invalid user name - enters text context ESET notAUser - sets the descrition of the error in case the user does not belong to the list - enters text context ESET badConfirmation - sets the descrition of the error in case of a bad confirmation - enters text context ESET userAlreadySubscribed - sets the descrition of the error in case the user already exists - enters text context ESET invalidFormat - sets the descrition of the error in case of an invalid format - enters text context

393




The following parameters' value should be a RFC2822 compliant mail ESET requestNeedsConfirmation - sets the template that will ask the user for a confirmation - enters text context ESET requestNeedsAdminConfirmation - sets the template that will tell the user to wait for admin's confirmation - enters text context ESET autoRejectResponse - sets the template that will tell the user that his mail is rejected ESET welcome - sets the template that will tell the user that he has been created - enters text context ESET goodbye - sets the template that will tell the user that he has been deleted - enters text context ESET subscribeDenied - sets the template that will tell the user that he has not been created - enters text context CONFIG WEBMAILDATA - enters the webmaildata context CONFIG FILTERS - enters the filters context ADD User email <email> name <name> - adds an user to the list (changes context) UPDATE User email <email> - updates an user from the list (changes context) REMOVE User email <email> - removes an user from the list SHOW User email <email> [ATTR <param>] - shows an user from the list ADD RemoveHeader <name> - adds a header to the list of headers to be removed

REMOVE RemoveHeader <name> - removes a header from the list of headers to be removed

WebmailData Context <domain-list-webmaildata#>

The commands available for the WebmailData context are:

EXIT/QUIT - exits CLI and closes connection to AXIGEN HELP - prints this help message BACK - cancels any changes made and switches back to the previous context DONE - saves the changes and switches back to previous context SHOW [ATTR <param>] - shows information about this context SET [skin <skin>] - sets the skin for webmail SET [pageSize <pageSize>] - sets page size SET [saveToSent <yes|no>] - sets keep a mail copy in "Sent" folder SET [deleteToTrash <yes|no>] - sets delete mail to trash SET [confirmMailDelete <yes|no>] - sets confirmation of mail delete SET [confirmFolderEmpty <yes|no>] - sets confirmation of empty folder SET [htmlFilterLevel <no.>] - sets the security level for a html mail body SET [signature <signature>] - sets the account's signature

User Context<domain-list-user#>

The commands available for the User context are:

EXIT/QUIT - exits CLI and closes connection to AXIGEN HELP - prints this help message BACK - cancels any changes made and switches back to the previous context DONE - saves the changes and switches back to previous context

394




SHOW [ATTR <param>] - shows information about this context SET [email <email>] - sets the user's email - only usable in an UPDATE operation SET [name <name>] - sets the user's name

WebmailData Context <domain-webmaildata#>

The commands available for the WebmailData context are:

EXIT/QUIT - exits CLI and closes connection to AXIGEN HELP - prints this help message BACK - cancels any changes made and switches back to the previous context DONE - saves the changes and switches back to previous context SHOW [ATTR <param>] - shows information about this context SET [skin <skin>] - sets the skin for webmail SET [pageSize <pageSize>] - sets page size SET [saveToSent <yes|no>] - sets keep a mail copy in "Sent" folder SET [deleteToTrash <yes|no>] - sets delete mail to trash SET [confirmMailDelete <yes|no>] - sets confirmation of mail delete SET [confirmFolderEmpty <yes|no>] - sets confirmation of empty folder SET [htmlFilterLevel <no.>] - sets the security level for a html mail body

MigrationData Context <domain-migrationdata#>

The commands available for the MigrationData context are:

EXIT/QUIT - exits CLI and closes connection to AXIGEN HELP - prints this help message BACK - cancels any changes made and switches back to the previous context DONE - saves the changes and switches back to previous context SHOW [ATTR <param>] - shows information about this context SET [enable <yes|no>] - enables migration of accounts from this domain SET [remoteImapHost <host>] - sets the name of remote IMAP machine from which the domain's accounts are migrated SET [remoteImapPort <port>] - sets the IMAP server's port on the remote machine SET [remoteSmtpHost <host>] - sets the name of remote SMTP machine from which the domain's accounts are migrated SET [remoteSmtpPort <port>] - sets the SMTP server's port on the remote machine

PublicFolder Context <domain-publicFolder#>

The commands available for the Public Folder context are:

EXIT/QUIT - exits CLI and closes connection to AXIGEN HELP - prints this help message BACK - cancels any changes made and switches back to the previous context COMMIT - commits the changes made in this context SHOW [ATTR <param>] - shows information about this context LIST MBoxes - list the available mboxes SET [name <name>] - sets the name of the public folder

395




CONFIG QUOTAS - enters the quotas context ADD Mbox <name> - adds a mbox the Public Folder REMOVE Mbox <name> - removes a mbox from the Public Folder

Quotas Context <domain-publicFolder-quotas#>

The commands available for the Quotas context are:


Quotas Context<domain-quotas#> The commands available for the Quotas context are:


Reporting Context <reporting#> The commands available for the Reporting context are:

EXIT/QUIT - exits CLI and closes connection to AXIGEN HELP - prints this help message BACK - switches back to the previous context

396




VIEW QUEUE - displays queue information

Migration Context <migration#>

The commands available for the Migration context are:

EXIT/QUIT - exits CLI and closes connection to AXIGEN HELP - prints this help message BACK - switches back to the previous context MIGRATE - migrate command which has the following parameters: domain <domainName> - the domain name for migration account <accountName> - the account name for migration remoteHost <host> - the host of the migration server remotePort <port> - the port of the migration server remoteUser <imap-user> - the imap username of the migration server remotePass <imap-pass> - the imap password of the migration server [overrideQuota <yes|no>] - specifies if the mailbox quota should be overriden (default: no) [deleteOriginal <yes|no>] - enables/desables deletion of all migrated messages on the remote server [structureOnly <yes|no>] - enables migration of only the directory structure [verbose <yes|no>] - specifies if the command should be verbose (default: no)

WARNING! The migrate command, when the parameter overrideQuota is set to its "no" default, will migrate mails until the mailbox Quota is reached. If overrideQuota is set to yes, all the mails will be migrated but the mailbox Quota could be exceeded, in which case, the user will no longer receive any more mails.

Commands Context <commands#>

The commands available for the Commands context are: EXIT/QUIT - exits CLI and closes connection to AXIGEN HELP - prints this help message BACK - switches back to the previous context ENTER SERVER - enters the Server context SET passwd <password> - sets the admin password for CLI/Webadmin (max. 32 chars)

Server context <commands-server#>

The commands available for the Server context are:

EXIT/QUIT - exits CLI and closes connection to AXIGEN HELP - prints this help message BACK - switches back to the previous context SHOW Config - shows the entire server's running configuration SAVE CONFIG [<path>] - saves the server's running configuration (a suffix will be added) STOP service <name> - stops a certain service START service <name> - starts a certain service FORCE QUEUE - tries to force all mails in queue to be processed/sent

397




Chapter 11. Command Line Parameters for AXIGEN The following command line parameters are available in the current version of AXIGEN. These parameters are common to all platforms.

Display version Use the -v, --version command to print the version currently installed and exit.

Run in foreground Use the --foreground command to run the program in foreground.

Crash control Use the --drop-core command to specify the full path (maximum length is 256 characters) to an existing directory where to drop the core (section in memory containing relevant information about resident processes).

This is useful in case of errors causing the program to exit. No default value is set, meaning the core is not saved by default.

Process ID Use the -P, --pidfile command to specify the full path to pid file. The default value is /var/opt/axigen/run/axigen.pid (Linux/Solaris) or /var/axigen/run/axigen.pid (*BSD)

Path to configuration file Use the -C, --configfile command to specify the path where the server configuration file resides. Default value is:

• Linux/Solaris: /var/opt/axigen/run/axigen.cfg • *BSD: /var/axigen/run/axigen.cfg

Using mqview tool to view status for messages in the queue The AXIGEN queue contains for each message stored in the queue, besides the message itself, a file with a status report for the message. You can view the status report for the files currently in the AXIGEN queue using the mqview tool: /var/opt/axigen/queue/0F/S12BE (Linux/Solaris) /var/axigen/queue/0F/S12BE (*BSD)

Solution 1: cd /var/opt/axigen/queue/0F /opt/axigen/bin/mqview @ S12BE

Solution 2: /opt/axigen/bin/mqview /var/opt/axigen/queue 0F12BE

Each of these commands displays an output similar to the one below: johnd /var/opt/axigen/queue/00 # mqview @ S5F4E Mail Queue view of file : ../00/S5F4E ID : 005F4E State : RECEIVED Flags : 00 Last Data Version : 00 Number of RCPTs : 1 Next Send Schedule : As Soon As Possible

398




Retry Count : 0 Reverse Path : root@localdomain Authenticated Path: root@localdomain RCPT information for: johnd@localdomain State: RECEIVED Data Version: 00 Filter Info : Destination mbox: INBOX Failure Info : Local Delivery :

POP3 Authentication The next examples illustrate the usage of POP3 authentication system.

Example 1: The primary domain is 'primary.com', user 'john' has the mail address '[email protected]'. In order to authenticate itself, the POP3 client may use the following commands: USER john USER [email protected] [email protected] john md5digest APOP <john> md5digest APOP [email protected] md5digest

For secondary domains and their aliases, the POP3 clients must use the entire mail address.

Example 2: One of the secondary domains is 'secondary.com', user 'john1' has the mail address ’[email protected]’. In this case the authentication commands can be: USER [email protected] APOP [email protected] md5digest

399






Chapter 12. RFCs Currently Implemented by AXIGEN POP3 RFC 1939 - Post Office Protocol (version 3) RFC 2449 - POP3 Extension Mechanism RFC 1734 - POP3 AUTHentication command

POP3 and IMAP Specifications RFC 2195 - IMAP/POP AUTHorize Extension for Simple Challenge/Response RFC 2595 - Using TLS with IMAP, POP3 and ACAP

SMTP specifications RFC 2821 - Simple Mail Transfer Protocol RFC 821 - Simple Mail Transfer Protocol (obsolete) RFC 822 - Format of ARPA Internet text messages RFC 974 - Mail routing and the domain system RFC 3501 - Internet message access protocol (version 4rev1) RFC 3848 - ESMTP and LMTP Transmission Types Registration

SMTP service extensions RFC 2821 - Simple Mail Transfer Protocol RFC 1869 - SMTP Service Extensions RFC 2554 - SMTP Service Extension for Authentication RFC 1830 - SMTP Service Extensions for Transmission of Large and Binary MIME Messages RFC 2920 - SMTP Service Extension for Command Pipelining RFC 1652 - SMTP Service Extension for 8bit-MIME transport RFC 1870 - SMTP Service Extension for Message Size Declaration

IMAP specifications RFC 3501 - INTERNET MESSAGE ACCESS PROTOCOL - VERSION 4rev1 RFC 2342 - IMAP4 Namespace RFC 2180 - IMAP4 Multi-Accessed Mailbox Practice RFC 2683 - IMAP4 Implementation Recommendations RFC 2087 - IMAP4 QUOTA extension RFC 2359 - IMAP4 UIDPLUS extension RFC 2088 - IMAP4 non-synchronizing literals RFC 2177 - IMAP4 IDLE command RFC 3502 - Internet Message Access Protocol (IMAP) - MULTIAPPEND Extension RFC 3348 - The Internet Message Action Protocol (IMAP4) Child Mailbox Extension RFC 4314 - IMAP4 Access Control List (ACL) Extension

HTTP specifications: RFC 2616 - Hypertext Transfer Protocol -- HTTP/1.1 RFC 2965 - HTTP State Management Mechanism RFC 2396 - Uniform Resource Identifiers (URI): Generic Syntax

400







http://www.ietf.org/rfc/rfc2595.txt?number=2595





























DNS specifications RFC 1034 - Domain names, Concepts and Facilities RFC 1035 - Domain names, Implementation and Specification

Sieve extensions implemented in AXIGEN RFC 3028 - Sieve: A Mail Filtering Language (Extensions defined in the base RFC: fileinto, eject, envelope) RFC 3894 - Sieve Extension: Copying without Side Effects RFC 3431 - Sieve Extension: Relational Tests; Comparator extension: i;numeric-comparator RFC 3598 - Sieve Email Filtering -- Subaddress Extension

Generic RFCs RFC 2822 - Internet message format RFC 2045 - MIME Part One: Format of Internet Message Bodies RFC 2046 - MIME Part Two: Media Types RFC 2047 - MIME Part Three: Message Header Extensions for Non-ASCII Text

Mailing Lists RFC 2919 - List-Id: A Structured Field and Namespace for the Identification of Mailing Lists RFC 2369 - The Use of URLs as Meta-Syntax for Core Mail List Commands and their Transport through Message Header Fields

FTP RFC 959 - FILE TRANSFER PROTOCOL (FTP)

Groupware RFC 2445 - Internet Calendaring and Scheduling Core Object Specification (iCalendar) RFC 2446 - iCalendar Transport-Independent Interoperability Protocol (iTIP) Scheduling events, BusyTime, To-dos and Journal Entries RFC 2447 - iCalendar Message-Based Interoperability Protocol (iMIP) RFC 3283 - Guide to Internet Calendaring RFC 2426 - vCard MIME Directory Profile

SNMP RFC 1157 - A Simple Network Management Protocol (SNMP) RFC 3416 - Version 2 of the Protocol Operations for the Simple Network Management protocol (SNMP) RFC 1213 - Management Information Base for Network Management of TCP/IP-based internets: MIB-II RFC 3418 - Management Information Base (MIB) for the Simple Network Management Protocol (SNMP)

401

























axigen mail server system administrator's manual€¦ · files provided for...

Documents