If you are running a large Atmail cluster with multiple machines, you can further optimize the performance of the application by tuning the systems sysctl values for networking.

One common issue is on a highly loaded system, the max number of TCP connections can exceed between hosts, or too many connections are in the idle state.

We recommend the following be applied to the /etc/sysctl.conf

Client machines:

net.ipv4.tcp_fin_timeout = 10

Close connections in the TCP FIN timeout state 10 seconds ( default 60 )

net.ipv4.ip_local_port_range = "15000 61000"

Increase the range of ports available for client connections ( default 32768 61000 )

Server machines (e.g mysql server or main machine)

net.ipv4.tcp_fin_timeout = 10

Same value as clients
net.core.somaxconn = 1024 ( default 128 )

The net.core.somaxconn value has an important role. It limits the maximum number of requests queued to a listen socket.

net.core.netdev_max_backlog = 2000 ( default 1000 )

-

After editing the /etc/sysctl.conf you can reboot the machine, otherwise set the paramater directly on the CLI using:

/sbin/sysctl net.core.netdev_max_backlog = 2000

This is just another tip for tuning the performance of an Atmail system, from the default stock Linux OS.

To make Atmail detect the hostname of your Atmail URL, and make it automatically detect the domain name for the login page, do the following:

- open up /usr/local/atmail/webmail/application/modules/mail/views/scripts/auth
index.phtml

- find this line block:

$("#loginPage").bind('submit', function() {
email = $("#email").val();
//alert(email);
emailArgs = email.split('@');
//alert(emailArgs[0] + ":" + emailArgs[1]);
$("input[name=emailName]").val(emailArgs[0]);
$("input[name=emailDomain]").val(emailArgs[1]);

Change this to:

$("#loginPage").bind('submit', function() {
email = $("#emailName").val() + "@" + $("#emailDomain").val();
emailArgs = email.split('@');
$("input[name=emailName]").val(emailArgs[0]);
$("input[name=emailDomain]").val(emailArgs[1]);

Then, find:

RememberMe();

Below this, add:
emailDom = window.location.host.substring(8);
$("#emailDomain").attr('value', emailDom);

Note the number "8". This assumes that you use webmail.domain.com for your Atmail vhost. If you are using another Alias like mail.domain.com, the number will change from the number of the letters in the Alias plus one - making it:

emailDom = window.location.host.substring(5);

Then, find:

<tr>
<td>
<label class="user"><?php print $this->translate('Email') ?>:</label> <input id="email" class="input-email" type="text" name="email" tabindex="1" />
</td>
</tr>

Change to:

<tr>
<td>
<label class="user"><?php print $this->translate('Email') ?>:</label> <input id="emailName" class="input-email" type="text" name="emailName" tabindex="1" />
</td>
</tr>
<tr>
<td>
<label class="user"><?php print $this->translate('Domain') ?>:</label> <input id="emailDomain" class="input-email" type="text" name="emailDomain" tabindex="1" />
</td>
</tr>

This will then auto-fill the login page with the domain part of the URL entered.

This is a document for users who want to create publicly accessible folders via Atmail. This applies for the Atmail Server version.

- first, open up /usr/local/atmail/mailserver/etc/dovecot.conf
- find this line:

info_log_path = /usr/local/atmail/mailserver/spool/log/dovecot_info_log

- below this, add:

namespace public {
  separator = .
  prefix = shared.
  location = maildir:/usr/local/atmail/users/shared/:INDEX=~/public
  subscriptions = no
}

- create the shared directory:

% mkdir /usr/local/atmail/users/shared

- apply the right permissions:

% chown atmail:atmail /usr/local/atmail/users/shared

- save changes. restart Dovecot afterwards:

% /etc/init.d/atmailserver restart

A "shared" container should then be created inside of the user's webmail interface. To create folders inside this container, create the directory manually:

% mkdir /usr/local/atmail/users/shared/.Foldername

Where ".Foldername" is the folder name prefixed by a full stop (".") . For example, a shared folder called "Gouda" would be created this way:

% mkdir /usr/local/atmail/users/shared/.Gouda

Set the permissions correctly afterwards:

% chown atmail:atmail /usr/local/atmail/users/shared/.Gouda

This will then have the folder publicly accessible by all users in your system.

Question:Our need is to block all email addresses/domain not configured in the @mail server.
So I want to avoid mail deliveries from addresses like bill.gates@microsoft.com or george.bush@whitehouse.org.

Answer:Yes this can be done. Follow the step detailed below.
Open and edit the Exim configuration file located at /usr/local/atmail/mailserver/configure, please remember to also back up this file before changes are made. Find and delete the following code.

# This router routes addresses that are not in local domains by doing a DNS
# lookup on the domain name.
dnslookup:
driver = dnslookup
domains = ! +local_domains
transport = remote_smtp
ignore_target_hosts = 0.0.0.0 : 127.0.0.0/8
no_more

Restart the @mail server and test.

mod_auth_mysql (http://modauthmysql.sourceforge.net/), is a module for apache which allows you to password protect a webserver directory with usernames and passwords from a MySQL table.

This is ideal if you would like to password protect the Webmail URL of @Mail, if your organization requires extra security, and you would like to prevent access to the Webmail system for authorized IP's only.

Read below on how to setup Mod-Auth Mysql with Apache

Things to note:

-It is assumed that you are running a linux system with apache web server.
-Detailed instructions regarding the installation and configuration of mod_auth_mysql can be found here: http://modauthmysql.sourceforge.net/

Installing mod_auth_mysql

After building the module, you need to install it to your modules directory.

Apache 1.x:

apxs -i mod_auth_mysql.so

Apache 2.x:

apxs -i mod_auth_mysql.la

Next, add the following directive to httpd.conf:

LoadModule mysql_auth_module modules/mod_auth_mysql.so

Restart the apache webserver.

Once the webserver has restarted, mod_auth_mysql will be started as a module with apache.

Creating the user table

Login to mysql:

mysql -u root -p

The command line will prompt you for a password, and when you hit enter you should be presented with something like this:

Welcome to the MySQL monitor. Commands end with ; or \g.
Your MySQL connection id is 2975 to server version: 5.0.22-log

Type 'help;' or '\h' for help. Type '\c' to clear the buffer.

mysql>

You are now in a mysql shell!

First you must create a mysql database called auth with the following query:

CREATE DATABASE auth;

You must now create a mysql table as below:

CREATE TABLE `users` (
`id` int(5) NOT NULL auto_increment,
`user_name` char(30) NOT NULL,
`user_passwd` char(20) NOT NULL,
`ip_address` varchar(15) default NULL,
`DateAdded` datetime default NULL,
`Expire` int(1) default NULL,
PRIMARY KEY  (`id`)
)

Adding users

Users can be added into the MySQL table with the following command from the mysql shell.

INSERT INTO users (user_name,user_passwd,ip_address,Expire) VALUES ('newuser','newpassword','computersip','1');

NOTE: If you did not include the IP ACL or Expire options, you should use something more like this:

INSERT INTO users (user_name,user_passwd) VALUES ('newuser','newpassword');

Setting up .htaccess

mod_auth_mysql uses the .htaccess file to know which directories need to be protected.

Your .htaccess file should be located in /usr/local/webmail/atmail/ and should contain the following:

AuthName "MySQL authenticated zone"
AuthType Basic
AuthMySQLEnable on
AuthMySQLUser username_for_mysql_database
AuthMySQLPassword password_for_mysql_database
AuthMySQLDB auth
AuthMySQLUserTable users
AuthMySQLNameField user_name
AuthMySQLPasswordField user_passwd
AuthMySQLUserCondition "ip_address = '%a'"
require valid-user

NOTE:

The AuthMySQLUserCondition "ip_address = '%a'" line should only be added if you have ip_address columns set up.

To test your new configuration navigate to www.yourdomain.com/mail/

If you get an error 500, then there is most likely something wrong with your .htaccess file, if you get a login box, then enter the username/password combination that you have stored in your mysql table, and it should take you straight to your mail.

Question: I am trying to set up some accounts such as billing and support that can be accessed by other people via IMAP foldersAnswer: On the server-mode of @Mail you can share a users maildir directory with other users on the system.

As an example, this will allow you to setup the support@domain.com to be viewed as a folder on other users accounts, e.g james@domain.com

To enable you need to create a symbolic link , e.g

root# cd /usr/local/atmail/users/j/a/james@domain.com

root# ln -s /usr/local/atmail/users/s/u/support@domain.com/ .Support

You can repeat the process for another number of user-accounts to share a folder.

This will create the Support mailbox as a folder under the james@domain.com email-account. Via WebMail or an IMAP client, the user can view all messages in the support@domain.com mailbox.
-

Alternatively you can mask a single account to point to another maildir directory. This is useful if you want the james@domain.com account, to be masked directly to the support@domain.com mailbox ( without a symbolic link or alias )

To enable use the SQL query:

mysql> update Users set MailDir='/usr/local/atmail/users/s/u/support@domain.com' where Account='james@domain.com';

If the james@domain.com user logs in via WebMail, POP3 or IMAP, they will have direct access to the mailbox of support@domain.com

The following article explains how to add IMAPs or POP3s support to the webmail client via a transparent proxy. This solution requires that the webmail client is hosted on Linux with iptables support or that you have a Linux/iptables gateway to intercept the outbound connections.
The proxying is done via Stunnel. Get and install stunnel on the server that is running @Mail from http://www.stunnel.org/. RedHat based distro's may be able to do a 'yum install stunnel'.

The proxy, although transparent is not dynamic i.e. each external mail server that needs to be contacted has to be added manually to the configuration.

Edit stunnel.conf (/etc/stunnel/stunnel.conf) and add the protocol (imaps or pop3s) and the external mail server as follows:

client = yes

[imaps]
accept = 127.0.0.1:6100
delay = yes
connect = mail.domain.com:993

[pops]
accept = 127.0.0.1:6101
connect = mail.domain.com:995

Start stunnel with the following command:

stunnel /etc/stunnel/stunnel.conf

In the example stunnel configuration above we are saying that stunnel is acting as a client, and that it will accept IMAP connections on the localhost port 6100 and proxy those connections to mail.domain.com via IMAPs (port 993) and is doing the same for POP3s.

Now we need to add the iptables rules to intercept any connections destined for mail.domain.com on either the IMAP port (143) or the POP3 port (110) and forward them to the appropriate stunnel port (6100 or 6101)

# IMAPs proxy for mail.domain.com

iptables -t nat -A OUTPUT -p tcp -d mail.domain.com --dport 143 -j DNAT --to 127.0.0.1:6100

# POP3s proxy for mail.domain.com

iptables -t nat -A OUTPUT -p tcp -d mail.domain.com --dport 110 -j DNAT --to 127.0.0.1:6101

I add these rules to rc.local so I can easily manage them. To add additional hosts add another entry in stunnel.conf using a unique port on the accept line. Starting at 6100 I keep incrementing from there.

Question:

I am migrating from a legacy mail-server where users login via POP3/IMAP as user%domain.comI need to support this authentication mode, so I can migrate to @Mail without having end users change their mail-client username to login. How do I support this?

Answer:

This is possible to achieve by altering the SQL query used to authenticate users in @Mail.To enable visit the Webadmin > Services > POP3/IMAP

Set a default domain for authentication, and select the SQL-query type = "Fast"

Next the /usr/local/atmail/mailserver/etc/authmysqlrc controls how the POP3/IMAP server handles authentication for end users.

Change the entry MYSQL_SELECT_CLAUSE to read:

MYSQL_SELECT_CLAUSE SELECT distinct UserSession.Account, '', UserSession.Password, '3000','3000',Users.MailDir, Users.MailDir, '', 'allowimap=1,allowpop3=1' FROM UserSession, Users WHERE (UserSession.Account = CONCAT('$(local_part)', '@', '$(domain)') OR UserSession.Account = REPLACE('$(local_part)', '%', '@') ) AND UserSession.Account = Users.Account and (Users.Account=CONCAT('$(local_part)', '@', '$(domain)') or Users.Account=REPLACE('$(local_part)', '%', '@') ) and (Users.UserStatus != '1' or Users.UserStatus is null)

This will supporting logging in as user@domain or user%domain

To test the changes restart services:

/etc/init.d/atmailserver restart

-

In order to support the Webadmin scripts updating the authmysqlrc you need to edit the source

/usr/local/atmail/webmail/libs/Atmail/Exim_Config.php

Locate the following code and replace the code in bold:

if($pref['pop3imap_querytype'] == "quick")      {

$courier_conf['MYSQLQUERY'] =
# The SQL query used by @Mail to authentication with the mySQL database
# Note the UID 3000 is used for the query, which is the atmail username that has permissions
# over the /usr/local/atmail/users directory

#Short query - No group support to toggle POP3/IMAP on/off on a group basis

MYSQL_SELECT_CLAUSE SELECT distinct UserSession.Account, $crypt, UserSession.Password, '3000','3000',Users.MailDir, Users.MailDir, '', 'allowimap=1,allowpop3=1' FROM UserSession, Users WHERE (UserSession.Account = CONCAT('$(local_part)', '@', '$(domain)') OR UserSession.Account = REPLACE('$(local_part)', '%', '@') ) AND UserSession.Account = Users.Account and (Users.Account=CONCAT('$(local_part)', '@', '$(domain)') or Users.Account=REPLACE('$(local_part)', '%', '@') ) and (Users.UserStatus != '1' or Users.UserStatus is null) 

-

Once modified you now have a system that can authenticate with user%domain.com or user@domain

Question: Where would I go about changing or removing the 8 digit password requirement from the @mail server?

Answer: @mail version 5.2 uses a password complexity requirement. Meaning that all passwords must meet a certain requirement. If you would like to remove this from your @mail installation please do the following.

Go to webmail/webadmin/js/newuser-validate.js in the @mail directory and remove the following

if (theForm.password.value.length < 5)
{
alert("Please enter at least 5 characters in the \"password\" field.");
theForm.password.focus();
return (false);
}

This is for when a new user is created in the @mail WebAdmin > new user.

Go to html/english/javascript/validate_password.js in the @mail directory and remove the following

if (theForm.newpass.value.length < 8 )
{
alert("Please enter at least 8 characters in the 'New Password' field.");
theForm.newpass.value = "";
theForm.newpass2.value = "";
theForm.newpass.focus();
return (false);
}

This is for when a user decides to change their password via the WebMail interface.

When using @Mail as the Email-server mode, the login page of @Mail displays a select-box of all the domains, allowing the user to select the default domain.If you have a large list of domains and want to specify a default domain to be selected edit:

(more...)