http://www.stat.ufl.edu http://www.stat.ufl.edu

Configuring Mozilla or Thunderbird for email to server eelpout

Thunderbird users only: One of the early setup dialog boxes asks where to import settings from. Pick the last option to not import anything from anywhere.

Mozilla users only: You are going to edit your account settings to remove Mozilla's knowledge of your stat email account, and then recreate it. This will discard obsolete data pertaining to the old server, but may preserve your spam-filter training. Your account will be named "yourusername@stat.ufl.edu". To remove it, you select this account name in the "Account Settings" dialog box, and click on the "Remove Account" button. Continuing in the "Account Settings" dialog, click on "Add Account".

The next startup of email will bring up the 'setup an email account from scratch' wizard. After that completes, go through and repair the settings because not all the required settings are presented in the wizard.

Linux Mozilla users only: For bulk-converted Stats Linux desktop users, the .mozilla directory will be overwritten by a script that preserves only the bookmarks, address book, and mail messages on the old server.

Mozilla users only: You will find the series of dialog boxes described below under the menus Edit -> Mail and News Preferences in the Edit menu of the mail program only.

Thunderbird users only: You will find the series of dialog boxes described below under either the menus Tools -> Account Settings or Edit -> Account Settings.

All fields highlighted in yellow must be set as shown, with your name and account substituted. These settings should work without change no matter if the browser using them is on the departmental LAN, or on a machine at home or a laptop in an airport. With these settings, home users no longer have to use their ISP's outgoing mail server. These screen captures were made from mozilla 1.6 running on Linux; the 1.7.x version on Windows may be slightly different. Technical details for the curious and non-mozilla users are at the bottom of this page.

moz1617_account-settings.jpg

The "Port" number changes automatically when you select "Use secure connection (SSL)". When you click the Advanced button, the screen following this one appears. The complicated-looking "Local directory" field will have a default value that works unchanged, and will vary depending on your operating system.

moz1617_server-settings.jpg

This window appears due to the Advanced button clicked previously. The checkbox should be deselected, which is not the default.

Thunderbird users only: There is an additional checkbox about using the IDLE command if available, which should be left checked.

moz1617_account-settings_advanced.jpg

The "Port" number changes automatically when you select "Use secure connection: / SSL". Even desktop machines in departmental offices whose mail would be accepted anyway because they are on the building LAN should "Use name and password", because I expect it may soon have spam-filtering consequences.

moz1617_outgoing-server-settings.jpg

Now save the configuration and click Get Msgs from the main mail client window. When you are prompted what to do with encryption certificates from eelpout.stat.ufl.edu, pick the option to accept them permanently.

Forwarding, filtering, and mailing lists

Mailing lists for classes and so forth are more easily supported by the campus listserv, see http://www.lists.ufl.edu for further details. Forwarding is done with a .forward file, and vacation and filtering are done using the maildrop filtering language. Both require shell access to the mail server, which requires a certain familiarity with Linux shell programming and is not enabled by default. Email system for details. Simple forwarding and vacation is done by request, email system.

Spam scoring and filtering

All incoming mail is scanned and scored for "spam", previously known viruses, and file attachments whose filename extensions make them executable under Windows. "Incoming" mail is that which is entering the mail transport system, including messages originating from local users, but not messages generated internally by the mail system such as bounces. All incoming mail is accepted; no mail is rejected regardless of how spammy it is thought to be.

Messages which score as undesirable are not delivered into the Inbox, but are instead diverted into one of three folders, "Banned", "Virus", and "Spam". Banned holds messages which contain Windows programs, or will affect operation of Windows programs. Virus holds known viruses. Spam holds messages which score high enough on a set of hundreds of rules, some of them Bayesian, to likely be spam. Messages in these folders which are older than two weeks are automatically deleted. The idea is for users to be able to ignore the spam filtering until they suspect they have lost a message to a false positive, then have a queue back in time to look for it in. To date our recognized false positive rate is extremely low, totaling two copies of one message, a European car rental confirmation.

It is possible to make exceptions to the supplied spam filtering on a per-user basis. The program "maildrop" makes local delivery. If they exist on the machine eelpout, the file ".mailfilter-pre" is processed by maildrop before it does anything, and ".mailfilter-post" after it does everything. Typically, .mailfilter-pre is used to catch legitimate messages which would otherwise be filed as spam, such as the "Korean telephone bill", or do vacation processing, and .mailfilter-post is used to file mailing lists into folders. The ".forward" file is also given its usual interpretation.

Technical details

The machine eelpout is a 1U rack mount Intel box from Penguin Computing, running gentoo Linux set up as an email "appliance", and it is reasonably standalone. It has private "home directories" which hold your mail in the Maildir mail storage format, which has improvements in mail reading performance, backup performance, and reliability over the old mbox format. The mail "home directory" is unrelated to your normal home directory. It uses postfix mail transport, dovecot IMAP for client access, amavisd and spamassassin for spam scoring, clamav and freshclam for virus scoring, and maildrop for local delivery, mailing list filtering, and vacation. It uses apache and squirrelmail for webmail. Eelpout is backed up once a night.

IMAP is accepted on port 993, wrapped in SSL only. The unencrypted IMAP port of 143 is not accepted, to prevent configuration accidents where plaintext passwords are sent over an unencrypted channel. POP is not offered. Only plaintext password authentication is supported, not the public key ones. Don't check "Use secure authentication" in Mozilla, or it will try to use the public key ones.

Outgoing mail is accepted from any host on 128.227.141.0/24, and any host that logs in with SMTP AUTH. Outgoing mail listens on port 25 and port 465 with SSL. SMTP AUTH implements the PLAIN and LOGIN methods. These are both plaintext password methods, and they should not be used if your connection is not already encrypted. Outgoing mail also accepts STARTTLS, which is SSL started in the middle of the email transaction instead of before the beginning. Maximum message size is about 10 Megabytes, but instead of large attachments you should be sending URLs pointing to your personal web site.

The IMAP server software is named "dovecot", and it is using shadow password files for authentication. The SMTP server software is named "postfix", and it is using shadow password files for authentication.

Documentation on testing the servers by typing the protocols by hand is available here.


(C) University of Florida, Gainesville, FL 32611; (352) 392-1941.
This page was last updated Mon Sep 24 23:32:18 EDT 2012
http://www.ufl.edu