SSL Part 2: Configure hMailServer
The sole purpose of running this mail server is to obtain a signed certificate from CAcert. All they expect is a mail server running under your domain hence there is nothing special in the configuration.
The configuration steps below show how to set up hMailServer. Topics covered, how to add a domain and user account, alias creation, how to set the server host name. The server is pre-configured to prevent SMTP open relay and has correct settings for RFC however it is still worth checking these.
Note: SMTP can be problematic not that its difficult to set-up, invariably problems are associated with your service provider hence be prepared for some experimentation.
1) Login to Administrator
Start > All programs > hMailServer > hMailServer Administrator
Click Connect a pop-up will display enter your admin password.
2) Add domain
For a new installation you are taken to the Welcome page.
Click Add domain
Note: If you need to add additional domains the first port of call is welcome.
3) Enter domain and catch all address
Enter your domain name and a catch all email address.
Any mail sent to your domain not having a matching POP account or alias are redirected to this catch all address.
“postmaster” is a standard hence I am using email@example.com
4) Adding email Accounts
Every user requires an account name (email address) and password. This includes the catchall email address. Set this account by entering name postmaster in the Account address field and provide a password.
Note: The above user name (full email address) and password are required when you set-up your email client (such as Outlook Express).
5) Adding additional Accounts
To add more accounts click on a domain name (only one shown however you can have as many domains as you like supporting your virtual hosts in Apache) in the left window.
This opens a page displaying the domain details, bottom of this page are three buttons allowing you to add accounts, aliases and distribution list.
In the next step we are going to add an alias hence:
Click the Add alias button
6) Adding an Alias
An alias is effectively a nonexistent account, any email sent to an alias is redirected to a real account.
I have set-up an alias for firstname.lastname@example.org and redirected it to email@example.com. Remember to click save.
Note: Postmaster@ is required by RFC 2821. An address is required for each domain's SMTP host accepting mail.
Abuse@ is "required" by RFC 2142 this is a de-facto standard.
(Add separate accounts or an alias for each of these addresses)
7) Select Protocols
There are three email services provided by hMail, you require SMPT and POP3 to send and receive emails. If you wish to support webmail make sure to enable IMAP.
By default all three services are enabled, check by expanding the settings menu tree on the left, click Protocols, all three protocols are displayed on the right.
I am not using IMAP hence it's not checked.
Display the SMTP settings page by clicking on SMPT under protocols.
A) Host name: Required always set a host name.
If you do not set a Host name some email servers will either not accept your email or mark it as spam.
The name you enter is the full host name you specified in your MX records for example mail.mpg123.no-ip.org
Note 1: Free accounts at DynDNS and No-ip do not allow you to set a specific MX record.
Email servers that cannot find an MX record default to using the domain name and attempt delivery to it (standard operation).
Hence if for any reason you cannot set an MX record for your domain make sure you set “Host name” to your domain name. I am using mpg123.no-ip.org for that very reason.
Testing: At the end of this configuration page you will find a test section that assumes you have set A) only.
Note 1: A large number of mail servers black list mail servers running from a dynamic IP addresses hence the reason I specified my ISP as an SMTP Relayer.
Note 2: If your mail server is connected to a static IP address and your domain has correct MX records there should be no reason for setting B) and C)!
9) SMPT RFC Check
It’s worth checking the default settings for RFC compliance.
While on the above SMTP page click the RFC Compliance tab. The two-default settings Allow empty sender address and Allow incorrectly formatted line endings should be adequate for most purposes.
10) Internet IP ranges
From the left menu expand the Advanced and IP Ranges tree.
Click on Internet
The default settings on this page are suitable for most applications.
At the bottom of this page make sure External to external accounts box is unchecked.
This prevents your mail server being an open relay (prevents spam and other undesirable material being relayed through your mail server).
11) Start and Stop
From the left menu window click on Status this displays the server status page.
Click the Server tab, from here you can start and stop the server.
Note: Certain settings require a server restart before they become effective.
That completes the hMailServer configuration, to test this configuration at least one account must be set in your mail client. The following are the settings for Outlook Express
12) Set-up Wizard
Using the set-up wizard:
13) General and Servers Tabs
If you are using Outlook Express view the Postmaster prosperities account. Click the general and servers tab corresponding properties are shown on the right.
All mail clients are slightly different to set-up however they all require basic information as shown above. In particular server POP and SMPT address is localhost user name is the full email address you set.
Note: In section 8) you may need to enter your service providers SMTP server details into the SMTP relayer address box (B).
To obtain this information view the properties of the account that you normally connect with. Click the Servers tab and copy details in Outgoing mail (SMTP) box.
Internal routing test:
In your email client send an email to admin, remember this is an alias and will be forward to the postmaster:
- From: firstname.lastname@example.org
- To: email@example.com
- Subject: Test 1
- Message: Test 1 Basic test server test
In Outlook express select Tools > Send and Receive > Receive all or use whatever method your client requires to retrieve email.
Your inbox will display a message from “Postmaster”; this confirms hMailServer is working (and you have an excellent test server). If for some reason it fails check the above configuration steps.
Running hMailServer on a local machine you should have no problem with this test; recheck settings and if the problem persists it may require a trip to hMailServer site and forum to resolve the issue.
14) External Access:
If you are working behind a router make sure to forward ports 25 and 110 (need help visit Port Forward)
Check your mail server is on-line by visiting mxtoolbox.
In the SMTP Diagnostics box enter your mail server's full host name for example mail.mpg123.no-ip.org alternatively if you are using free services such as DynDNS or No-IP enter your domain name (e.g. mpg123.no-ip.org).
Expected results, four green lights as shown on the right. Note the open relay test.
Outgoing Email test:
Using your email client send an email from postmaster to a friend or other address, make sure their email address is not hosted by your ISP.
- From: firstname.lastname@example.org
- To: freind@some_other_ip.com
- Subject: Test 2
- Message: Test 2 round trip test, please reply to this email
If you receive an error message similar to this:
- The following recipient(s) could not be reached:
- Error Type: SMTP
- Remote server (999.99.999.999) issued an error.
- hMailServer sent: RCPT TO:<friend@some_other_ip.com>
- Remote server replied: 554 EMail from mailserver at 188.8.131.529 is refused. See http://spamblock.something.com/88.888.88.888
The above error is because dynamic IP's are listed in spam databases and blocked accordingly. The solution is to reroute all outgoing mail through your ISP's mail server.
See note in section 13) pick-up your ISP's SMTP server details and insert it into the SMTP relayer address box (B) section 8).
Repeat the above test, your email will not be bounced expect a reply from your friend.
That completes testing, you now have a working email server. Add additional accounts as required and change settings to meet you own requirments.
You now have a fully operational e-mail server this will allow you to verify your domain at CAcert and obtain a signed certificate.
If you host several domains using Apache’s virtual host you can map these into hMailServer and provide mail facilities.