Topic: setting up a public pop server

[edform]

Has anyone written a Howto for the setup of an SME pop server to make it visible on the net? I've run my system with an ISP as the mail server for several years now but only recently decided to give mail serving a try. I bought a domain, signed it up on Zone Edit, bought their backup mail server facility, and even received a few mails, then it stopped and I just can't see what's wrong.

I've got ports 80 and 110 open through my DSL router and my website is visible. My mail server even responds on mail2web and I see the DSL router moving data, but no mail sent to me ever arrives.

A step-by-step setup would be real useful at this stage; infact, I could even live with: "You daft clown; you've forgottent to do X or Y."

Ed Form

[grand-pa]

Has anyone written a Howto for the setup of an SME pop server to make it visible on the net?

In the server-manager you can define if your POP/IMAP server can be accessed from Internet.
On v6.0, it is in the e-mail settings panel (here with the french manager). On previous versions of SME, it was in the Other E-Mail Settings panel.

Warning : you should never access your POP/IMAP server with root or admin loggins from Internet : the names, passwords and mail contents are not encrypted with these protocols !

[edform]

Has anyone written a Howto for the setup of an SME pop server to make it visible on the net?

In the server-manager you can define if your POP/IMAP server can be accessed from Internet.
On v6.0, it is in the e-mail settings panel (here with the french manager). On previous versions of SME, it was in the Other E-Mail Settings panel.

Warning : you should never access your POP/IMAP server with root or admin loggins from Internet : the names, passwords and mail contents are not encrypted with these protocols !

Thanks for that. I've been going through the history of my attempts and realised that the few mails that got through did so when I also had port 25 open. So I checked this again tonight and immediately got a stream of mails in from my backup server. Conclusion - You have to open port 25 through the router to let the mail server work.

Question! Doesn't this make my server into an opne relay? Or is the SME software proof against that. if it isn't I'll have to work out how to run pop before smpt.

Ed Form

[grand-pa]

Question! Doesn't this make my server into an opne relay? Or is the SME software proof against that.

I'm not sure to understand what you want to do.

If you want to access your POP/IMAP server from Internet, you just have follow what i've explained and forward port 110 (POP) or 143 (IMAP) on your front router to your SME server.

If you want to receive mails sent to your server, you have to forward port 25 (SMTP) on your front router to your SME server. SME SMTP server is, of course, protected against relaying, so you can't use it from Internet.

[edform]

Question! Doesn't this make my server into an opne relay? Or is the SME software proof against that.

I'm not sure to understand what you want to do.

If you want to access your POP/IMAP server from Internet, you just have follow what i've explained and forward port 110 (POP) or 143 (IMAP) on your front router to your SME server.

If you want to receive mails sent to your server, you have to forward port 25 (SMTP) on your front router to your SME server. SME SMTP server is, of course, protected against relaying, so you can't use it from Internet.

I want to receive mail from the internet and allow registered users only to read the mail that is addressed to them. When I first set my server up I opened ports 25, 80, 110, and 143 and, after a couple of confusing days while my DNS info propagated round the net, everything worked fine. The I contacted a colleague and had him set up an email account on my server on his PC using my pop *and* smtp servers for the connection. He was able to send mail which scared me since it looked like I was acting as an open relay. I've just realised, however, that he was logged on with a valid user account on my server, so he didn't actually relay. I'll do more tests tomorrow.

Ed Form

[Jon Blakely]

Ed,

Unless you have installed Damien Curtains Secure Email contribs and have set it up for SMTP AUTH there is no way that your colleague should be able to send mail via your server even he is registered on your server.

Jon Blakely

[Juve]

Ed,

Unless you have installed Damien Curtains Secure Email contribs and have set it up for SMTP AUTH there is no way that your colleague should be able to send mail via your server even he is registered on your server.

Jon Blakely

Unless of course he was sending the email to someone on the localdomain.  Eg if he was sending it to Edform.  If he was sending it to someone else eg a hotmail email address, through your e-smith then it'd be a worry.

[Jon Blakely]

No, not even then. In it's default state SME will not allow any relaying even to local addresses.

Jon

[Jon Blakely]

Oops, my apologies Juve. I should have tested before posting. You can post to accounts on the localdomain.

Jon

[edform]

Oops, my apologies Juve. I should have tested before posting. You can post to accounts on the localdomain.

My colleague and I have sorted out the problem now. When he enters my smtp server as his outgoing mail server his messages all get thrugh, but its a red herrring - there is somekind of fallback situation going on on his machines. When he enters a valid smtp server which won't permit him to relay, the mail is sent by another server known to his system. Curiously, if he entered as invalid smtp server, his system says it is unable to send the mails.

I registered with abuse.net, and used their open-relay test page to check my own server out. All the results came back negative, so I'm happy now to leave port 25 open through the router and my email server works very well.

One final question: Charlie Brady mentioned in the bugs forum that opening port 110 was unecessary and dangerous. Anyone know why? How else can I allow users to pop for their mail?

Ed Form

[grand-pa]

One final question: Charlie Brady mentioned in the bugs forum that opening port 110 was unecessary and dangerous. Anyone know why? How else can I allow users to pop for their mail?

The POP protocol is not securised : when a user authenticates hisself on the server, his name and password are sent without any encrytion.

You can allow access to the webmail via HTTPS to let your users access their mails securely from outside.

[edform]

The POP protocol is not securised : when a user authenticates hisself on the server, his name and password are sent without any encrytion.

You can allow access to the webmail via HTTPS to let your users access their mails securely from outside.

Thanks. Now I undertand. So what do typical public ISPs do who allow POP3 use?

Ed Form

[batosai]

Maybe because they don't care if your password is stolen : simple-user accounts have no access to their servers except for mail...

[tymiles]

You can use the secure contrib from Damien Curtains to secure your pop connections. I have an e-smith server and I own the domain linuxosuser.com and I gave away 150 e-mail accounts on my server to users and they all connect by webmail or by using outlook and using the secure contib which works great and keeps things secure. (I also use that for my SMTP)

[esmith]

You can use the secure contrib from Damien Curtains to secure your pop connections. I have an e-smith server and I own the domain linuxosuser.com and I gave away 150 e-mail accounts on my server to users and they all connect by webmail or by using outlook and using the secure contib which works great and keeps things secure. (I also use that for my SMTP)

Sounds like its working for you.  I hope I have explained my question below for you correctly
I have setup the secure contrib main on my sever.  It basically is working however I'm try to setup secure connection for the SMTP server.  This requires a certificate to allow the connection.  I was able to create a key for our virtual domain for remote httpd webmail access but I can't get a client program (like Outlook/Mozzila to login with the server.  It keeps using the default key which is for the local domain.  Basically I want to have SMTP access remotely but with SSL login.  The remote works ok as long as I stick with port 25.  But when I try to use the secure connection on port 465 it gets rejected.  Any suggestions?  I'm thinking I have to tell the IMAP server about the security keys some how but I don't know how.  From my understanding the way it works when you login with IMAP this enables you to use the SMTP server since SMTP does really have a secure way of loging in.

Thanks Ed