How to setup MS Outlook to use Richweb Mail Servers

How to setup MS Outlook to use Richweb Mail Servers

The attached documents at the bottom of this overview provides the step by step process with screenshots for configuring MS Outlook 2003 or 2007 to connect to Richweb's SmarterMail system. The overview information below will allow you to get up and running in less than 5 minutes with any standard PC based or smart phone based email client or email applet.

You will use your email address as your account/login/user id, and your password as your password. SmarterMail supports POP3 or IMAP for receiving email. If you use IMAP (also called IMAP4 in some mail clients) you will be storing mail on the server. IMAP4 provides support for additional folders that can be created on the server to organize your mail. This means that typically to use IMAP4 you will require a larger quota (amount of mail storage space) from Richweb. Keep this in mind when deciding whether to use POP3 or IMAP. POP3 will sometimes work better with older devices like previous generation (2008 and before) smart phones for example. When configuring POP3 support the most important aspect to understand is that you must instruct your POP3 client (Outlook, Thunderbird, or your phone) to leave messages on the server (usually a checkbox in the setup screens) if you check email from multiple places. Otherwise you will find that the mail is downloaded and removed by whatever device you are using at the time. If your cell phone is set to download and delete your email this means your INBOX will be EMPTY when you login via webmail to check your email messages!

Sending mail can involve problems because many ISPs, hotels, WIFI networks and corporate network block outgoing SMTP on port 25. Richweb supports the alternate SMTP port 587 for message submission AND we support port 2525 as well, which should almost always be allowed outbound. Try 587 or 2525 first, and assume port 25 will be blocked, or captured and thus unavailable for your use. You will also always use SMTP authentication for sending email - check this box; your user name and password are of course your email address and your email password.

Richweb is in the process of getting an SSL certificate in place for email communications. Use SSL to protect your email password. Otherwise you will find that your email login information will be stolen on WIFI connections. This can compromise your financial information and cause all sorts of problems, so try to enable SSLv3 or TLS (Transport Layer Security) for POP3,IMAP, and SMTP!

Attachment	Date	Size
Outlook_smartermail_2003.doc	27/10/09 9:15 am	625 KB
Outlook_smartermail_2007.doc	28/10/09 9:54 am	826.5 KB

How to setup a new email user in SmarterMail

1. Login to web mail
http://webmail.richweb.com

- click on "settings" icon
- Click on plus sign on "domain settings"
- Click on "users"
- then click "new" icon
- fill out the name and password. Then save.

2. If you want to have the new account on the alias such as everyone@ or staff@ for example, then you
can click on the "aliases" and click edit on the email aliases. A word of caution about group email lists: spammers can target those emails to flood email to your entire list with one message, so only create the group aliases that you really need.

3. Once you have created your new email accounts and or aliases you need to login to the MailFoundry and add these new addresses to the spam filter allow list.

https://vsmx3.richweb.com/

If you do not have an admin account to manage your domain please contact Richweb to have your account setup. You will NOT be able to accept external email until this step is completed. Internal email (email between members of your own domain) will work immediately.

Is a Richweb server or firewall blocking my emails? Why ?

In many cases our mail servers reject connections that don't follow the RFCs for mail delivery.

The most likely cause is that your smtp SENDING mail server or mail sending system is not correctly configured. In years past the general internet best practices where along the lines of the famous "be conservative in what you send" and "be liberal in what you accept" philosophy.

We (along with most other mail providers) longer think it's applicable to an inbound SMTP server however. The more your SMTP sender looks like a spam source the more likely other (not just Richweb's) servers will reject, defer or quarantine your traffic.

Missing rDNS (reverse dns or ptr records) for your mail server sending IP address, incorrect HELOing (i.e. your mail server saying HELO as something invalid like server1.local) or your system not sending valid SMTP commands
are all reasons that your traffic may be rejected.

It is in everyone's interest to make sure their outbound SMTP traffic is as compliant with de jure and de facto RFCs, and BCPs as they possibly can.

Sometimes we hear the "but this works with hotmail or provider X or ALL my other customers" response. Other providers have different rules for incoming mail; some are more lax than others.

Some things to look for on your system:

1. AOL is probably a better example to follow than some other providers in terms of increasing strictness. AOL will reject email that is not rfc compliant - for example missing brackets:

250 rly-dc04.mx.aol.com OK
mail from: test@test.net
501 SYNTAX ERROR IN PARAMETERS OR ARGUMENTS
mail from:
250 OK

2. Another common mistake is the HELO misconfiguration.

If your mail server dns name is mail.domain.com, but your mail server says HELO (greets) other mail servers as server1.local (which is fine as an Active Directory DNS name, but NOT usable on the global internet) your mail will have problems. Make sure your mail server has a HELO that matches its fully qualified (hostname + domainname) domain name.

Correct example:
telnet mail.richweb.com 25
Trying 63.90.9.3...
Connected to ford.
Escape character is '^]'.
220 mail.richweb.com ESMTP Postfix

3. When you check the reverse dns for Richweb's mail server you will see that the IP resolves to the hostname:

dig +short -x 63.90.9.3
mail.richweb.com.

This is a MUST for proper mail sending. If you do not have correct reverse dns in place many large providers will block or delay your email.

4. SPF records (if used) must be correct. All of the servers that can send mail on behalf of your domain must be listed.

Here is a correct example for Richweb's domain:

dig +short txt richweb.com.

"v=spf1 ip4:63.90.9.3 a:vsmx3.richweb.com a:mail.richweb.com mx:richweb.com ip4:63.90.9.6 -all"

That says these servers:
mail.richweb.com (main mailbox server)
63.90.9.3 (ip of main mailbox server)
63.90.9.6 (ip of customer relay server)
vsmx3.richweb.com (mail filter servers)

are the only servers on the internet that can send mail that claims to be from @richweb.com.

Summary:

If you need help with your HELO, ptr, or spf records contact Richweb for assistance.

All mail systems are increasingly restricting the flow of email from improperly configured systems. So while your mail flow may not break to other systems today; without change it will probably break tomorrow if you are not standards-compliant.

Richweb Mail Content Filter: MailScanner FAQ

MailScanner examines each incoming message and will prevent viruses and spam from making it into your Inbox. MailScanner has several more powerful content analysis features and dangerous content blocklists that make it more effective at catching both spam and dangerous phishing emails than any other mail filtering solution on the market. Phishing emails are very troublesome as they can trick even technically adept computer users into giving away financial, corporate, and personal information to attackers which will use and abuse this information.

MailFoundry excels at catching computer generated spam from templates, where the basic message is the same, with only a name or weblink within the email being different. Spammers and Phishers have caught up to this technique and are generating ever shorter messages, sometimes with just a single link. Its very hard for the MailFoundry to block these emails without also blocking legitimate email. MailScanner is smarter as it has blacklists/blocklists of Spam and Phishing domains in its databases that are updated regularly. If an email contains a link to a known phishing domain, it is blocked, regardless of whether the message or message template as been seen before. MailScanner can also disarm or make safe an email and send it along to your Inbox. See below for more details.

MailScanner disarms or cleans dangerous HTML tags and commands that can cause your computer to become infected with spyware or trojanware that can steal your personal information. MailScanner can find html that is unsafe (where the CLAIMED web link destination does not match the ACTUAL weblink destination). MailScanner removes the links, but if the rest of the message is deemed safe, and not spam, it will send it on to your Inbox with the {Cleaned} header in the subject to let you know that the message has been made much safer. This is a good thing. Disarming or Cleaning a message is important because every day new vulnerabilities and bugs are discovered in web browsers and email clients, typically Microsoft Outlook and IE. As attackers attempt to create more and more clever ways of tricking you AND your computer, MailScanner puts a stop to the basic tactic of bait and switch web links RIGHT AT THE SOURCE - the html. If you have an email that comes from a mailing list or company that is {Cleaned} you can forward the email back to the owner of the list or company that sent the email and ask that they fix the emails so that they are safer. In particular, email messages that have hidden IFRAMEs are not a good idea, as attackers use these techniques to trick you and your browser.

No, it does not. Since the MailFoundry needed time to detect spam signatures from new spams that are constantly generated, the MailFoundry box likes to hold all incoming email from a new source (sender) for up to 15 minutes while it waits to see if that sender or that message template appears is identified as spam by the MailFoundry team. This is of course irritating AND it does not always work! If you happen to have a directed attack of nasty spam messages at a certain user or few users, of if your domain happens to be at the TOP of a spammer list of thousands of domains that are about to get hit, then you may be out of luck with the MailFoundry! If the spammer is able to configure dns settings and buy IP transit from a legitimate host that is not currently blacklisted, then the spam will make it through to your Inbox. MailScanner is smarter about being able to actually look at the content of the message (words AND links, picture, etc) and not just the structure or template. Thus MailScanner is a stronger defense in some of these hard to handle situations like a targeted attack or a large domain that gets a lot of spam from many different sources.

Domains that get a lot more spam have usually been around longer, and in almost all cases one (or more) users on that domain has clicked one or more link(s) in spam mails, or bought stuff advertised in spam. Spammers track EVERY single message that they send, and they know who you are when you click a spam-vertised link. Your domain is then marked as having willing recipients that WANT spam, and spammers spend a lot more effort spamming your domain; they figure they have more to gain looking for repeat business than going after brand new domains!

MailScanner does not provide a report. MailScanner makes every attempt to disarm or fix messages and send them on to you in a safe state. If MailScanner blocks a message, it is very certain that the message is spam and it takes a system admin (at Richweb) to release the email. Most messages that are spam are detected as high scoring spam (what people tend to describe as "obvious" spam). These high scoring spams are discarded. What we discovered is that most users dont even look at the MailFoundry reports, and for busy mailboxes the reports are so long anyway that its a waste of time having to wade through the reports. MailScanner supports whitelisting of email senders and email domains. If you have a sender that you think is being rejected, send the email address to noc At richweb dot-com and we will take a look and whitelist the sender if it appears that the message is not making it through.

• The MailScanner system (like MailFoundry) rejects messages from sending computers that do not have a valid hostname, and working reverse DNS. So if you are getting complaints about a remote system that cannot send email to a domain that is on the MailScanner, then the first thing to check for is forward and reverse dns. A site like mxtoolbox.com can be used for this.
• MailScanner uses the exact same RBL checking system as MailFoundry. So if a sending computer is on the SpamHaus Zen blocklist (XBL) then smtp connections from that sending computer will be dropped.
• MailScanner can be setup to NOT Disarm html emails from senders on a domain by domain basis. Contact NOC at richweb dot-com if you need a domain exempted. Remember that this increases the chances that your computers AND data will be infected or compromised by attackers.
• Domains that get a lot of messages (10 or more users, or a lot of dictionary attack spam) should have each valid recipient configured in MailScanner. Domains that use Richweb as a backup MX, or have low mail volumes can simply have a domain record that handles all users @thedomain.com for example.
• If you are able to get the SENDING IP ADDRESS of the remote mail server in question for troubleshooting any outbound from remote (inbound to your domain) delivery problems this is very helpful. Remember, MX records are used for INBOUND email, and many times the MX of a given domain is NOT the machine that sends outbound email. You can get the ip address or hostname by looking at the headers of a message that did make it through (for example to your test gmail or yahoo account.

What is likely happening is that the person that is sending you the message is sending from a computer system or network or company that has gotten blacklisted. This happens when an internet address (IP address) is either not setup to be able to originate (send email properly), or an infected PC has sent so much spam from that internet network address that the system is considered to no longer be a legitimate source of valid business or personal email. What you need to do is get the email administrator of the sending email domain involved. Richweb can in some cases whitelist (permanently allow) the domain to send email. In other cases the administrator of the sending domain simply needs to correct the technical problems with their configuration and policy. In all cases to dig into the problem Richweb needs the exact information below: A. Sending email domain B. Sending IP address (if possible) of the mail server that transmits the emails (i..e. the mail server public IP or NAT - NOT the ip address of the laptop sending the email). If the ip address you are given starts with 192.168, 10.x, or 172.16 thru 172.31, then you have been given the internal ip address, which of course is NOT useful in researching the problem. We need the public (routable) IP address. You should also check the ip address yourself first in a DNS black or blocklist tool such as: http://www.dnsbl.info/ If your (or the organization of the person trying to send you email) mail server domain name OR ip address is on this list as blocked, then you can expect moderate to severe mail delivery problems with most if not all email domains. Step one in solving this problem is addressing the underlying cause of getting blocked - someone is stealing your network resources to send spam. Richweb is happy to assist; of course we have to charge a consultation fee with sending domains that are not properly setup. Typical problems we see are: missing reverse DNS, bad SMTP HELO name, using a dynamic ip, shared host on a site with a poor reputation (i.e. a hoster that hosts spammers). Refer to this page for additional Richweb helpful information about DNS and email troubleshooting: http://www.richweb.com/mail_blocked

Mail Delivery problem troubleshooting

Mail Delivery problem troubleshooting involves making sure that your mail can be sent to a third party and that the third party can send email to you. If Richweb hosts your internet domain name (DNS) and your email then Richweb is in charge of the policies that control how mail that is sent from third parties reaches your inbox (inbound email). Outbound email is more complicated as it may (often will) involve the service provider(s) that connect you to the internet.If you have your own mail server and dedicated internet connection then you must check that you have valid reverse dns (ip number to mail server domain name) in place. If you have a t1, dsl or cable connection through ACME ISP for example, then ACME ISP is the company you have to contact to establish this reverse mapping. Richweb can help you understand how to make the request and what to put in the request if you are unsure.

One you have reverse dns in place (give it several days to take effect) you can re-assess your mail delivery issues.

If you are still having problems sending mail to third parties this is often due to a policy error or configuration problem with the company that hosts the email for the third party in question. It is usually NOT an issue with Richweb or Richweb controlled systems at all, although if you operate your own Microsoft Exchange server for example, Richweb does need to ensure that your domain SPF records are setup correctly in our DNS. Contact noc@richweb.com or Jon Larsen jlarsen@richweb.com if you have SPF questions.

Many times a server (your mail server if you have one) or a third party mail server gets listed on a blacklist (i.e. a block mail from list) when problems occur.

A good web site to check for your server (or Richweb servers) presence on a blacklist:

http://www.mxtoolbox.com/blacklists.aspx

Put in 63.90.9.3 to check richweb's main mail server, and 63.90.9.6 to check richweb's smtp outbound relay for clients.

Put in vsmx3.richweb.com to check Richweb's MailFoundry spam filter appliance.

If you have found that your mail server IP address is on a blacklist contact Richweb for assistance in determining the problem. Getting off a blacklist can be difficult, and it is an administrative task not a technical task. Richweb can help you configure your systems so that the chances of a blacklisting are minimal using industry best practices for smtp and firewall configuration.

Options if your mail is still getting rejected:

A. Have Richweb suport stop by your office or remote into your computer and make sure you are sending thru our server and have not broken your mail config. Sometimes you will be advised by comcast or verizon tech support to change your mail settings so that they point to their mail servers. This is not an acceptable config if richweb hosts your domain. In fact it will break your email delivery entirely. Make sure you are using mail.richweb.com port 2525 with SMTP AUTH enabled on your mail client. Your SMTP AUTH login and password are the SAME as your webmail/pop3/imap login and password. Most email clients expect this, and you should never be prompted for an SMTP AUTH login and password if you check the box that says "same as my mail server" or similar setting.

B. Find someone on the other end of the email who wil complain to their
provider and ask them to dig into what is broken and why. We cannot usually complain about the (often broken) filters of other providers and mail servers. But customers of those providers can complain. Have the person that you are trying to send mail to complain and ask their IT support to resolve the problem and explain why the mail was blocked.

CC or BCC the request and a copy of the fix to noc@richweb.com so we can explain further or help the 3rd party IT support fix their problem(s).

Setting Up Outlook to Save Sent Items on your Sent Imap Folder

Create a Rule with the Rules Wizard on Microsoft Outlook XP

1. On the Tools menu, click Rules Wizard, and then click New. (If you have more than one mail box, you should choose the right one to apply for new rule)

2. Click to "Start from a blank form" and select "Check message after sending", and then click Next.

3. Scroll down the list and click to check the Uses The "Form Name".

4. Click on the underlined "form name" in the Rule Description box.

5. Click to select Application Forms, and scroll down to check "Message". Click Add, click Close, and then click Next.

6. Click the "Move a copy to the specified folder" check box.

7. Click to select the underlined "specified" folder in the Rule Description box

8. Click to select (such as sent-items folder) or create a folder on your IMAP server. Click OK, and then click Next.

9. Click Next again, and then specify a rule name (make sure the box "Turn on this rule" is checked) Click Finish, and then click OK.

Create a Rule with the Rules Wizard on Microsoft Outlook 2000

1. On the Tools menu, click Rules Wizard, and then click New.

2. Click to select Check Messages After Sending, and then click Next.

3. Click to check the Uses The "Form Name" Form check box.

4. Click on the underlined "form name" in the Rule Description box.

5. Click to select Application Forms, and then click to select Message. Click Add, click Close, and then click Next.

6. Click the "Move a copy to the specified folder" check box.

7. Click to select the "specified" folder in the Rule Description box

8. Click to select or create a folder on your IMAP server. Click OK, and then click Next.

9. Click Next again, and then specify a rule name. Click Finish, and then click OK.

Disable Save Sent Items in the Sent Items Folder
1. On the Tools menu, click Options.

2. On the Preferences Tab, click E-mail Options.

3. Click to clear the "Save copies of messages in Sent Items Folder" check box

4. To close the dialog boxes, click OK twice.

Postfix MTA Dovecot IMAP/POP3 Server with SSL for IMAP,POP3, and SMTP Auth

Goal: Have a working SMTP process that can accept mail from remote MTAs for locally hosted domains as well as relay mail for SMTP authenticated clients to the appropriate destinations. We want to be able to use the same username and password for SMTP auth clients (such as Outlook or Thunderbird or handhelds) as we use for incoming imap.

A. Install the needed packages:

apt-get install \ libsasl2-2 libsasl2-modules postfix dovecot-common dovecot-imapd dovecot-pop3d

B. Setup /etc/postfix/main.cf

B1. Basic postfix settings for users and maps:

# relayhost = 
mynetworks = 127.0.0.0/8
myhostname = esoomllub.com
alias_maps = hash:/etc/aliases
alias_database = hash:/etc/aliases
myorigin = /etc/mailname
mydestination = localhost, hash:/etc/postfix/mydestination
virtual_maps  = hash:/etc/postfix/virtual/addresses

The mydestination hash file: /etc/postfix/mydestination will contain a list of the domains that the system will accept mail locally for. Edit this file and put each domain or subdomain on a line by itself, followed by a tab and then the domain again. Run this command to refresh this database: cd /etc/postfix; postmap mydestination The virtual_maps database allows you to map an incoming email address to a local system account (an entry in /etc/passwd - i.e. a valid user). Format is email alias, tab, then the local user account. You can also use this file to redirect or forward emails. In this case the right hand side would be one or more accounts and/or fully qualified email addresses. example: dev@abc.com dbrooks,testman@example.com,kent This is how you would create a mailing list. Run this command to refresh this database: cd /etc/postfix/virtual/; postmap addresses B2. Tuning - these settings help keep system usage reasonable and make sure not to abuse remote MTAs. Note that the max number of recipients an email passing thru the system can deliver to is set to 100.

## tweaks to improve delivery to yahoo.com:
default_process_limit = 10
local_destination_concurrency_limit = 2
default_destination_concurrency_limit = 2
initial_destination_concurrency = 2
smtpd_client_connection_count_limit = 10

default_destination_recipient_limit = 100

smtp_pix_workaround_delay_time = 10s
smtp_pix_workaround_threshold_time = 225s

disable_vrfy_command = yes
smtpd_timeout = 180s

smtpd_error_sleep_time = 3s
smtpd_helo_required = yes

# The message_size_limit parameter limits the total size in bytes of
# a message, including envelope information.
message_size_limit = 45000000

C. sasl (smtp auth) configuration

SMTP AUTH allows mail clients that have user accounts to login and relay mail. C1. In the master dovecot (imap) server we configure a socket in the postfix chroot dir that the postfix process will be able to use to ask dovecot whether the SMTP Auth login and password should be accepted. /etc/dovecot/dovecot.conf The settings are in the auth default stanza:

auth default {
  # Space separated list of wanted authentication mechanisms:
  #   plain login digest-md5 cram-md5 ntlm rpa apop anonymous gssapi
  # NOTE: See also disable_plaintext_auth setting.
  mechanisms = plain login
        
  socket listen {
    
    client {
        path = /var/spool/postfix/private/auth
        mode = 0660
        user = postfix
        group = postfix      
    }
  }

C2. Restart dovecot: /etc/init.d/dovecot stop /etc/init.d/dovecot start tail -f /var/log/mail.log Ensure that there are no errors. C3. Configure postfix to talk to dovecot. Add these settings to /etc/postfix/main.cf: smtpd_sasl_type = dovecot smtpd_sasl_path = private/auth smtpd_sasl_auth_enable = yes broken_sasl_auth_clients = yes smtpd_recipient_restrictions = permit_sasl_authenticated, permit_mynetworks, reject_unauth_destination smtpd_client_restrictions = permit_mynetworks, permit_sasl_authenticated, reject_unauth_destination /etc/init.d/postfix stop /etc/init.d/postfix start tail -f /var/log/mail.log Ensure that there are no errors. C4. postfix master.cf process configuration: Ensure that the smtp and smtpd service lines are uncommented. They should look like this: smtp inet n - - - - smtpd submission inet n - - - - smtpd -o smtpd_tls_security_level=encrypt -o smtpd_sasl_auth_enable=yes -o smtpd_client_restrictions=permit_sasl_authenticated,reject -o milter_macro_daemon_name=ORIGINATING You will need to restart postfix again and check for errors after/if changing this config file. C5. At this point we can test the configuration using swaks: This test should fail - since we are NOT an open relay: swaks -f jlarsen@richweb.com -t jlarsen@richweb.com -s 208.73.137.146 AND we see: <** 554 5.7.1

: Relay access denied which is good. swaks -f jlarsen@richweb.com -t customseo@esoomllub.com -s 208.73.137.146 And that works since customseo@esoomllub.com is a valid recipient: <- 250 2.0.0 Ok: queued as F3632C38096 Now we test with smtp auth. jlarsen@richweb.com is NOT a local destination, so we are asking the server to relay for us, just liek a mail client would that is using this server for relay: swaks -f customseo@esoomllub.com -t jlarsen@richweb.com -s 208.73.137.146 \ -au jlarsen -ap 99test99 -apt jlarsen is a local valid user account 99test99 is the password, so this works as expected: <- 250 2.0.0 Ok: queued as F3632C38096 Now we break the password intentionally: swaks -f customseo@esoomllub.com -t jlarsen@richweb.com -s 208.73.137.146 -au jlarsen -ap 99test9XX -apt <** 535 5.7.8 Error: authentication failed: UGFzc3dvcmQ6 -> AUTH PLAIN \0jlarsen\099test9XX <** 535 5.7.8 Error: authentication failed: UGFzc3dvcmQ6 *** No authentication type succeeded And we see that it is blocked due to login failure (correct). C6. We use an open relay checker such as: http://www.dnsgoodies.com/ just to be sure our server is not open in any way. Good News! All tests for an open relay on your mail server failed. Your mail server does not allow open relay.

D. Using SSL to secure IMAP and SMTP Auth

D1. Generate a key: cd /etc/postfix; openssl rand -out rand_seed 131072 ps aux | md5sum >> rand_seed wait some time ... a few sec or a minute ps aux | md5sum >> rand_seed wait some time ... a few sec or a minute ps aux | md5sum >> rand_seed Generate the key: openssl genrsa -rand file:rand_seed2 -rand file:rand_seed -out esoomllub.key 2048 rm -f rand_seed* Generate and Self Sign the cert: openssl req -new -x509 -nodes -sha1 -days 1460 -key esoomllub.key -out esoomllub.com.crt Used these parameters in the dialogue: Country Name (2 letter code) [AU]:US State or Province Name (full name) [Some-State]:Virginia Locality Name (eg, city) []:Glen Allen Organization Name (eg, company) [Internet Widgits Pty Ltd]:Richweb, Inc Organizational Unit Name (eg, section) []:Richweb Hosting Common Name (eg, YOUR name) []:esoomllub.com Email Address []:kallen@richweb.com D2. Edit /etc/postfix/main.cf: # TLS parameters smtpd_tls_cert_file=/etc/postfix/esoomllub.com.crt smtpd_tls_key_file=/etc/postfix/esoomllub.key smtpd_use_tls=yes smtpd_tls_session_cache_database = btree:${data_directory}/smtpd_scache smtp_tls_session_cache_database = btree:${data_directory}/smtp_scache D3. Edit /etc/dovecot/dovecot.conf protocols = imaps pop3s disable_plaintext_auth = yes # Disable SSL/TLS support. ssl_disable = no # PEM encoded X.509 SSL/TLS certificate and private key. They're opened before # dropping root privileges, so keep the key file unreadable by anyone but # root. ssl_cert_file = /etc/postfix/esoomllub.com.crt ssl_key_file = /etc/postfix/esoomllub.key ssl_verify_client_cert = no # How often to regenerate the SSL parameters file. Generation is quite CPU # intensive operation. The value is in hours, 0 disables regeneration # entirely. #ssl_parameters_regenerate = 168 # SSL ciphers to use ssl_cipher_list = ALL:!LOW # Show protocol level SSL errors. #verbose_ssl = no D4. Restart dovecot and postfix

E. Mail Client Setup

I suggest testing with Mozilla Thunderbird. If jlarsen is the unix/user account, then the smtp auth and imap settings should use jlarsen as the username. E1. IMAP Settings: ServerName: esoomllub.com Port: 993 User Name: jlarsen Use Secure connection: SSL E2. Outgoing SMTP Server Settings: ServerName: esoomllub.com Port: 587 User Name: jlarsen Use Secure connection: TLS E3. Thunderbird quirks Dont select the TLS; if available, as you may end up using the connection unsecured, in which case your password could be stolen. You can setup pop3s instead of imaps if you prefer. In Thunderbird select pop3 instead of imap, and use port 995 (pop3s - pop3 over ssl). The only catch I found was that you need to check SSL, and not TSL for IMAP and POP3 in Thunderbird. The TSL negotiation was failing for some reason. But the logs on the server side showed successful SSL negotiation when SSL was checked so it should be very secure (no passwords in clear text) which is the goal.

AOL Mail Relay Tester

http://postmaster.aol.com/tools/telnet.html

There are a number of ways to manually perform a mail transaction through telnet. The following procedure should work under a variety of operating systems, including Windows, UNIX and Linux.

This section describes how to manually perform a mail transaction through telnet. If you do not receive the replies shown, copy the entire transaction and save it so that you can report the error you received.

Generally OK codes start with 2nn and Error codes start with 5nn. An example of an error code would be if you connect to us and receive 554 RTR:SC .... A 5nn error code could indicate a number of problems, for example a syntax error or AOL systems blocking your incoming connections due to lack of RDNS or excessive user complaints.

To manually perform a mail transaction through telnet, perform the following steps:

1. From a Command prompt, Type:

telnet mailin-01.mx.aol.com 25
This specifies to telnet to port 25 on an AOL mail host.

220
The mail host identifies itself. This should be accompanied by several lines of introductory text.

2. Type:

HELO yourdomainname.com
where yourdomainname.com
specifies your domain.

250 OK
followed by the server you are connecting to.

3. Type:

MAIL FROM: <you@hostname.com>
where you@hostname.com
indicates the address the mail should appear to be from.
Note: You must include the equality(< >) signs

250 OK

4. Type:

RCPT TO: <postmaster@aol.com>
Note: You must include the equality(< >) signs

250 OK

5. Type:

DATA

START MAIL INPUT, END WITH "." ON A LINE BY ITSELF

6. Type:

FROM:
where you@hostname.com
indicates the address the mail should appear to be from.

7. Type a brief message, followed by [Enter] . [Enter] (Type a period on a line by itself, then hit ENTER.)

250 OK