Services/Mail: Difference between revisions

From DcUsers
Line 28: Line 28:


A [https://webmail.duckcorp.org/ webmail interface] is available.
A [https://webmail.duckcorp.org/ webmail interface] is available.

We strongly suggest you enable [https://en.wikipedia.org/wiki/Multi-factor_authentication Two Factor Authentication (2FA)] to protect your account. With this system your login and password is not sufficient to log in, an external secret is needed.

Currently only one method is available:
* TOTP: using an application on your phone (FreeOTP available on [http://f-droid.org/ F-Droid] is working fine)

In the ''settings'' menu click on the ''2-Factor Authentication'' tab and follow these steps:
* click on the ''Setup all fields (needs Save)'' button
* on your phone, open the TOPT application and scan the QR code
* on your phone generate a code, put it in the ''Check code'' text field and click on the button to validate it works fine
* click on the ''show recovery codes'' button and store them is a safe place: print then (or store then on an encrypted disk)
* click the ''Save'' button, you will be logged out
* check you can login again


== Antivirus and Antispam ==
== Antivirus and Antispam ==

Revision as of 06:46, 3 May 2019

Service 'Mail'
Description Available services:
  • multiple email addresses (mailboxes+aliases or redirections) based on the milkypond.org (or maybe duckcorp.org) domain
  • roaming accounts to be able to send emails wherever you are

If you want email addresses using you own domain(s), see the mail hosting service.

Prerequisite None
Account Global (registration required) IPv6 Ready Yes
Security Notes Access to the mail services are fully secured, and to your data, nevertheless most mail exchange on the Internet are not. Complete security can be achieved using signed and encrypted mail (see OpenPGP and S/MIME)


Access

Using a Mail Reader

You can retrieve your mails, in case of a real mailbox, using either:

  • IMAP+TLS (TCP 143) / IMAPS (TCP 993) on imap.duckcorp.org
  • or POP3+TLS (TCP 110) / POP3S (TCP 995) on pop.duckcorp.org

The IMAP protocol is recommended over POP3, as it provides many interesting features. If you want to download all your mails absolutely at home, loosing the ability to read your mail from anywhere on the planet, you can do that with IMAP too (look at your mail client settings).

You can use our servers to send mails out too via smtp.duckcorp.org using:

  • SUBMISSION (TCP 587) which is the recommended way and has less chance to be filtered, or alternatively SMTP+TLS (TCP 25) / SMTPS (TCP 465)
  • and SASL authentication

Using a Web Interface

A webmail interface is available.

We strongly suggest you enable Two Factor Authentication (2FA) to protect your account. With this system your login and password is not sufficient to log in, an external secret is needed.

Currently only one method is available:

  • TOTP: using an application on your phone (FreeOTP available on F-Droid is working fine)

In the settings menu click on the 2-Factor Authentication tab and follow these steps:

  • click on the Setup all fields (needs Save) button
  • on your phone, open the TOPT application and scan the QR code
  • on your phone generate a code, put it in the Check code text field and click on the button to validate it works fine
  • click on the show recovery codes button and store them is a safe place: print then (or store then on an encrypted disk)
  • click the Save button, you will be logged out
  • check you can login again

Antivirus and Antispam

Mails stored on our server are checked upon arrival for viruses and SPAMs. Outgoing mails from our services are checked too.

Mails being viruses are suppressed automatically upon arrival. Mails with a huge probability of being SPAM are destroyed too. Good mails and possibly spammy mails are delivered to your mailbox.

SPAMs are more difficult to detect, and it is an error-prone process, so we chose to use a learning software instead of using a global database. After a few weeks of teaching it is able to recognize most of your habits and block a lot of annoying SPAM.

Probable SPAM Notification

Mails are delivered normally with a special field added (X-Spam-Status) to your mail headers (not always visible depending on your mail client and its configuration) indicating if the mail is a SPAM and its spamminess score.

This is quite handy if you prefer SPAMs arranged in a specific folder. You may use then the provided filtering system to sort them properly, or configure your eMail client.

Retraining

Teaching the system what is SPAM and HAM (non-SPAM) is called retraining.

If you have of create a folder named Junk, then it is automatically magic:

  • if you move mail into it, it is automatically retrained as SPAM
  • if you move mail out of it, it is automatically retrained as HAM
  • with time, certain old mails automatically expire, see below

If you are using an IMAP Sync client which does not support the MOVE operation (isync, offlineimap…) then you unfortunately cannot use this method, please look at the next chapter.

To use this folder properly, SPAMs must be delivered in the Junk folder automatically, so you can move them out in case of error. You just need to subscribe to this folder in your mail software (this folder is always auto-created). It is not recommended to use your mail software for this filtering, this is horribly inefficient and you would have to set things up on each device and manually synchronize your settings.

Automatic expiration logic, based on delivery time (and not the mail timestamp):

  • deleted mails are purged after 1 day
  • read mails without an important flag are purge after 7 days
  • unread mails without an important flag are purge after 30 days

If you use the incoming_spam global rule, then SPAMs newly discovered by the system are flagged as important, which means these mails will never by purged until you review it and decide to delete them or mark them as not important. Custom rules might play with this flag and achieve an automatic selection.

Retraining for feature-limited IMAP Sync clients

If your client does not support the MOVE operation (isync, offlineimap…) then you can only copy (APPEND) mail, which does not work with the magic Junk folder.

In this case, you can create special folders called SyncSPAM and SyncHAM and copy SPAM and HAM in them. Every two hours a script will pickup these mails, do the retraining, and remove them. Removing these mails from their original locations will be left to you though.

Mail Filtering

With your favourite mail client, you can probably filter your mails in proper folders already. Nevertheless, this can be an annoying operation:

  • blocking you mail client for a long time if you have to process plenty of mails
  • downloading each mail information, and sometimes content (depending on your filters), is lenghty too, and cost much bandwidth
  • syncing filters across your machines (home desktop, laptop, office machine…) is a pain in the ass
  • processing only when you're online prevents triggering actions in a timely manner (automatic redirect, vacation messages…), and running a machine 24/7 with a mail client polling new mails every 30s is not a solution

We provide a much better way to do this using the SIEVE filters. Shortly, SIEVE is a language dedicated to expressing mail filters (also called rules). Our server is able to process your mails according to these filters as soon as they arrive. You then don't have to care about them anymore, and may use light mail clients or webmails when you're not on your machine with your favourite software.

Rules Configuration

You can express sort/reject/vacation/… filters using these rules, as the capabilities are very rich. Several softwares support managing SIEVE rules:

  • Icedove/Thunderbird:
    using the SIEVE extension (in xul-ext-sieve Debian package), it provides a rules editor (for power-users)
  • Roundcube:
    coupled with the sieverules extension, provides an easy to use web interface
    this webmail has been made available here
  • sieve-connect:
    provides a CLI to upload/download/activate your rules files
    this tool is available on shell hosts

(tell us if you know more software supporting this feature)

To push your filters on the server, a dedicated protocol exists: MANAGESIEVE (TCP 4190) on sieve.duckcorp.org. Our webmails are already configured to use it, but it you use sieve-connect from our hosts or your own mail software, you'll need these parameters.

You can read more info about SIEVE here:

Global Rules

Global rules are provided to ease configuration on specific filters. They can easily be included in your own configuration.

Available rules:

  • incoming_spam:
    SPAMs will automatically be delivered in the Junk folder and marked as important

If you write your own custom rules, here is an example on how to use one of them:

require ["include"];

include :global "<rule-name>";

Default Rules

The default settings (since 2112-02-11) are to use the global incoming_spam rule (see below), in order to provide a simple default configuration for most users. All other mails will end-up in your Inbox folder and you may then sort them by yourself.

If you create your own rules, the default rules won't apply anymore, so power-users can replace the default behavior completely to achieve what they really need. If you want to use the default behavior you can use:

require ["include"];

include :global "incoming_spam";

You can also take advantage of the antispam spaminess score to use a different threshold like this:

require ["fileinto", "spamtestplus", "relational", "comparator-i;ascii-numeric"];

# if SPAM score is >37% then move into the junk box
if spamtest :percent :value "gt" :comparator "i;ascii-numeric" "37" {
  fileinto "Junk";
  stop;
}

Fetching eMails from an External Mailbox

Something to do... TODO:

Shared/Public Folders

You may need to share mails or messages with friends or people you do stuff with (in a project or association). Depending on your needs, two solutions are possible:

  • share some of your own private folders, thus called shared folders
  • manage a special folder hierarchy, called public folders (even if they may not be accessible to everyone)
    if you need one, ask an administrator; the namespace name can be freely chosen but must be unambiguous and is subject to approval

Namespaces

Through IMAP, or our webmails internally using IMAP, it is possible to partition the folder hierarchy into namespaces. Traditionally you are using the root namespace for your private folders. Additional namespaces can be created and will appear among your own folders or separate, depending on your mail client's choice of representation. To avoid name clashes, we decided to prefix all additional namespace names with a #.

Since 2011-05-14, the following extra namespaces are created and reserved:

  • #Shared, containing all folders other users decided to share with you
  • #MilkyPond, containing public MP/DC informational mailboxes you may subscribe at will

Folders Permissions

Using IMAP, it is possible to setup rights (read only, write allowed…) to your own folders in order to share them with other users, or group of users.

Public folders are owned by no-one, and must be created by the administrators. Once your request is accepted we will delegate its administration to your care. It can then can be managed like shared folders.

Software Support

Client mail softwares support:

  • RoundCube:
    support namespaces, shared and public folders configurable via Settings->Folders, selecting a folder then using the Sharing tab
  • Icedove/Thunderbird:
    support namespaces, shared and public folders configurable via folder selection and Tools->Imap-ACL menu action

Most other softwares have namespace support only, so you should be able to use shared/public folders you have rights on but not configure them yourself (tell us if you know more software supporting this feature).

Limitations

Maximum Mail Size

Mail you send or receive are limited to 20MB. If you need to transmit much bigger data, then a mail transport is not appropriate, you'd better use a file sharing method instead.

Quotas

Even if it would be nice to live without it, we had to establish quotas to force people sort their mails out once in a while and delete useless things instead of leaving an ever-growing mess behind.

The default quota is 512MB which is not that big but should match needs of most users. This said, you may ask us for more and there's no reason we would refuse a reasonable demand.

Technical Details

This service is made using: