ToothyWikiInternals/MailServer

Accessible via IMAP? (over SSL only) and POP3? (secure or plaintext). Email can also be read over an SSH connection (no general-purpose shell, so no SCP; however, SFTP is now supported), and SMTP forwarding can be provided for small volumes / emergency use (although your ISP should really do that).

There is an experimental webmail interface at https://lucien.toothycat.net/ - no guarantees yet (you won't lose mail, but it might not pick up all your IMAP folders and/or might create spurious folders. Oh, and it'll be quite slow).

Have used this a few times over the past few days. Seems fine for inbox, and other folders once you "subscribe" to them. And it ignores HTML in emails, which is much more of a benefit than a loss :) Very very useful facility to have - thanks! --AlexChurchill, making this edit at least partly to put this page in RecentChanges for a few days to save me retyping it all the time *^^*

: Aah, that's how you get the folders - I couldn't figure it out... thanks! --M-A

If all else fails, you can use something like [mail2web.com], if you trust that sort of thing. Type in lucien.toothycat.net for the server name, then your username and password; select IMAP4 and make sure SSL is ticked; then click "check mail".

SecondaryMX handled by [Black Cat Networks].

Mail folders on the server are backed up weekly. Old backups are discarded on an ad hoc basis :) but the last one is always around. The incoming mail spool (your inbox) is not backed up - if you want something backed up, save it to your mail folders (in your home directory on the server). Or just pull it over to your home machine and burn it to a CD yourself :)

There is an experimental local chat facility (dancer-ircd and tinyirc) - sometimes it's quicker to sort things out through chat than email or wiki; I imagine people will contact people by email or wiki and ask them to come on the chat. This is not externally visible; it is available in the menu presented when connecting over SSH.

If you would like an email account, it is a requirement that we know you in RealLife.

Due to IESG security requirements, the IMAP server no longer supports plaintext logins. You must enable SSL in your email client if you are using IMAP, or you will not be able to log in.

You can do this in Microsoft/Outlook Express (spit) by doing the following:

Select the lucien.toothycat.net server
Click on "Properties"
Click on "Advanced"
Make sure "this server requires a secure connection" is ticked under "incoming mail"

(Next person to do this and provide screenshots - and check it works - gets kudos..)

: (PeterTaylor) Kudos, or flames for using Outlook? GDR.

Spam

The mailserver now does a bit of very rudimentary spam scoring. Messages are matched against rules, and a header (X-SpamScore) containing one or more x's may be added to messages depending on how many rules they match. The number of x's rises nonlinearly with the number of rules; currently,

1 x
2 xx
3 xxx
4 xxxx
5-6 xxxxx
7-8 xxxxxx
9-10 xxxxxxx
11+ xxxxxxxx

The idea is, you set up rules in your client for what to do with the message based on how many x's the X-SpamScore? header contains. You might not want to do much for just one rule, but delete or flag messages that match several. In fact, I'll emphasise that - have your filter rule test for at least two x's unless you really want to trigger on all email with HTML or attachments! lots of legit stuff is HTML. (Not in mail, it isn't --Vitenka) A copy of the current spamfilter script is located [here].

Suggestions for more rules welcome. Please tell me if I've broken anything.

I've set up a filter to reject anything over 3 'x's. However, merely having three consecutive vowels in the Subject lines adds 3 'x's, and I've been trying to have an email conversation about someone with an Irish name... --M-A

Ah - I'll tweak that down to two x's then. It does catch a lot of mail about Viiiaaagra.. ^^ - MoonShadow

: Thanks! --M-A

Oh, and geeky users may also create .forward files in their home directories using the [exim 3.3x syntax] (which supports regexps, but details of the regexp syntax aren't on that page - they're [here]). They inherit the rule score from the systemwide file in $sn0. They get processed just before delivery, so stuff in them will be independent of how you access your mail - you could use them to save spam to a file or drop it entirely, for instance, without setting up filters in all the mail clients you use. The file is executed under your user ID and piping stuff to arbitrary commands is forbidden ^^; If anyone actually wants to do this, tell me and I'll add an option to the user shell to let you run exim in test mode on filters you write before you actually use them. If anyone does this and comes up with effective rules, tell me and I'll stick them into the systemwide file :)

AlexChurchill may try this, as he's getting rather fed up of 200-400 spams per day. I could just modify my Pine filters to actually delete rather than quarantine some of the matchesvI'm most confident are spam. But exim rules could be useful if I switch to a client that can be driven from a GraphicsTablet without contorted macro systems!

: Admiral uses a very successful scheme at home using spamassassin and about 50 home-brew rules. It lets through about one spam per week, and hasn't given a false positive yet. Admittedly I only get 5 or so spams a day. --Admiral

Random thoughts:

(MoonShadow) lots of legit stuff is HTML. (Not in mail, it isn't --Vitenka)

Oh, how I wish it was true. Just one small example - a few minutes after I activated the systemwide filters, I knew they were working 'cos got two messages confirming my Wildercon payment and registration; both in HTML, both tagged with a single 'x' in the headers. Neither things I really wanted to miss. - MoonShadow

Yes. However much I'd like to agree with Vitenka on principle, I do have to live in the RealWorld (under duress! ;) ) and I kinda want to get my emails from eBay, PayPal, etc... --AlexChurchill

You know, arguing that PayPal eBay etc. are the RealWorld does mean that you could legitimately be put into a victims support group... ;) --Vitenka

Oh? Well, okay... can I participate online?

: The places are limited; you have to bid for them on eBay, and payment is through PayPal.. ;)

Out of interest, how are people doing in terms of viruses? MoonShadow currently gets 3-4 Netsky.p per day. The first few dozen bytes of that vary a little, but the end is always the same; MoonShadow suspects it should be possible to pull a string out of the middle of the lump of ascii armor and add it to the systemwide rules - thoughts?

In bizarre fashion (given I get every other kind of junk mail), I get pretty much no viruses at the moment, and haven't since Mydoom. So I don't mind either way --AlexChurchill

I get lots of viruses sent to me. But notably, I get massively more viruses sent just after I post a message to the bugtraq mailing list. Now what does this say about the security prowess of the members of this particular security mailing list? --Admiral

: (PeterTaylor) Maybe it says there are lots of ScriptKiddies? who read it.

My spam filter assigns quite a high score to any email that contains any form of windows executable program. Seems only sensible. --Admiral

Is it possible to read Usenet from the ToothyCat /MailServer? What is the news server that you're authorised to receive a feed from? --AR

: Yes. However, Easynet (our ISP) do not have a news server, and news.individual.net have started charging for accounts. You can get yourself a free account from http://news.sunsite.dk/ or from http://www.teranews.com/. If enough people are interested, MoonShadow can set up leafnode to cache newsgroups on the mailserver.

FYI, there is now a spelling checker (aspell) on the server. It may be activated by using ctrl+t within Pine.

6/10/05 16:30 - There's something up with the mail server. It's fine if I use PuTTY, but I can't view anything other than the INBOX over IMAP. --M-A

Hm. Working fine for me over here (am running Pine locally on my work machine). Will check over the logs and see if I can spot anything amiss.. - MoonShadow

Your client appears to be reauthenticating roughly once a second. inetd assumes something's horribly wrong and kills the imap service talking to you after about two minutes of this. Rinse, lather, repeat. No idea why yet. - MoonShadow

It's back! All fine now. I did actually get an error message when it first happened, but it was a whole page of help file, so I just clicked on "Continue" and didn't read it - sorry. How's it now from your end? --M-A

Seems sane ^^; - MoonShadow

Ooh, I bet I know what set it off - I was doing a whole load of saves from one mail folder to another when this happened. Maybe my copy of Pine re-authenticates for every transaction, for some reason. --M-A

: Plausible. Pine 3.x used to re-authenticate every transaction for the rest of the session after an authentication failed. I thought they'd fixed that, though.. - MoonShadow

22/04/08 - I have changed the MTA configuration to route all mail via Pipex's server, as they seem to have fixed whatever issue was causing 20+-minute delays on mail relaying. Let me know if there are any problems.

[SPF wizard]