Topic: External and internal email config query

[wbs316]

I have a client where one of the staff access their email externally using an Internet connection via their mobile phone.  The email profile is using an IMAP configuration with the outgoing mail server set to "mail.optusnet.com.au" and the incoming mail server set to "mail.domain.com.au".

The staff member often comes into the office and connects to the local network but he is unable to access his email easily as the office PCs on the LAN side of the server are configured with the incoming and outgoing mail server set to "servername.domain.com.au".

Can I make some adjustment on the server to allow for the email to be accessed as though they were outside of the office i.e. without adjusting the email configuration.

[guest22]

Yes, ask the IT staff to always use and configure FQDN's.

[wbs316]

I'm not sure that I understand your reply.  Should my post have read as below:

I have a client where one of the staff access their email externally using an Internet connection via their mobile phone.  The email profile is using an IMAP configuration with the outgoing mail server set to "mail.optusnet.com.au" and the incoming mail server set to "mail.theirdomainname.com.au".

The staff member often comes into the office and connects to the local network but he is unable to access his email easily as the office PCs on the LAN side of the server are configured with the incoming and outgoing mail server set to "theirservername.theirdomainname.com.au".

Can I make some adjustment on the server to allow for the email to be accessed as though they were outside of the office i.e. without adjusting the email configuration.

[janet]

wbs316

As advised use the sme server domain name ie
www.theirdomainname.com.au in both the mobile client & the local PC clients.

You may need to set the certificate CommonName to  www.theirdomainname.com.au with a db setting, search here, &/or ask again.

I understand you are asking for a solution where you do not need to change the email client setup, but I do not think that is possible or easily done.

The issue here is that the clients have been set up wrongly or inappropriately, so this is your chance to fix that.

[wbs316]

Your comment of "not being possible or easily done" may be the correct answer but I must be missing something with the replies so far.  The PC's in the office are setup as per the documentation at the link below including the certificate importation.

http://wiki.contribs.org/Email_-_Setting_up_E-mail_clients_for_SME_8.0

I'm not sure where you're suggesting that I use the sme server domain name  www.theirdomainname.com.au in both the mobile client and local PC clients.  The mobile uses the mail server entry of "mail.theirdomainname.com.au" (theirdomainname is obviously not what is really entered but that is how I am presenting it here) and the PC's in the office use the mail server entry of "theirservername.theirdomainname.com.au" being the fully qualified name of their server as per the documentation.

[janet]

wbs316

The PC's in the office are setup as per the documentation at the link below including the certificate importation.
http://wiki.contribs.org/Email_-_Setting_up_E-mail_clients_for_SME_8.0

Well that is not incorrect, but the fully qualified name referred to in the article typically only works for LAN clients (including VPN connected clients).

As RequestedDeletion has suggested "ask the IT staff to always use and configure FQDN's."
FQDN - fully qualified domain name (which is not usually servername.domain.com.au)

Perhaps the documentation you refer to should be improved.

I'm not sure where you're suggesting that I use the sme server domain name  www.theirdomainname.com.au in both the mobile client and local PC clients.  The mobile uses the mail server entry of "mail.theirdomainname.com.au" (theirdomainname is obviously not what is really entered but that is how I am presenting it here) and the PC's in the office use the mail server entry of "theirservername.theirdomainname.com.au" being the fully qualified name of their server as per the documentation.

When you specifiy the IMAP & SMTP server names in either the mobile phone email client or the PC email client, use www.theirdomainname.com.au instead of mail.theirdomainname.com.au

It is not strictly necessary to use mail.theirdomainname.com.au or servername.domain.com.au.
That is probably in documentation somewhere, or if not, then it has certainly been said many many times in these forums over the years.

I know it works as I have many different email clients configured on mobiles, tablets & PCs, some PCs are in the LAN, some at remote locations connecting via ADSL & some connect via VPN to the LAN, & they all use www.mydomain.com.au for incoming & outgoing mail server hostname.
You must use secure connections & ports 465 & 993 (for iMAP) as sme server requires that.

Yes I understand that we are obfuscating the real domain name here.

Also see this for changing the certificate CommonName to be www.yourdomain.com.au (or whatever you want)
http://wiki.contribs.org/Certificate#Custom_Certificate_for_SME_7.1.3_and_above

[wbs316]

I'm sorry to have taken an age to respond as the staff member I have been endeavouring to help out has been on some extended leave.  Thank you all for your input.  As a result of various comments that have been made I experimented with configurations and if it is of help for anyone else who is trying to achieve the same result these are the options that I have used in the Outlook configuration.

The profile is configured as an IMAP account type

Incoming mail server: mail.theirdomainname.com.au
Outgoing mail server: mail.theirdomainname.com.au

After clicking "More Settings" on the "Outgoing Server" tab tick the box "My outgoing server (SMTP) requires authentication" and check the radio button "Use same settings as my incoming mail server".

On the "Advanced" tab enter the port number of 993 for the incoming IMAP server and select SSL encryption.  Enter the port number of 465 for the outgoing server with SSL encryption.

As mentioned the connection is being used externally via an Optus mobile phone and the only shortcoming which is a very minor one is that the user needs to respond each time Outlook is opened to the security certificate window.

This has allowed him to seamlessly use his laptop both in the office and while externally connected using his mobile phone.

[p-jones]

wbs316,
You should be able to eliminate that certificate issue each time outlook opens by viewing the certificate and saving it in the trusted root certificates folder. If you cannot do that from outlook, you can do that from SME by opening the server-manager with IE and saving the certificate. I did find that saving the certificate to the default location did not always work. It had to go into the trusted root certificates folder.

When I say eliminate, I mean for as long as the certificate is current. SME will regenerate a new ceritficate every 12 months and I have known it to regenerate a new certificate after certain updates. In these events, you will need to re-save the certificate as a once only step.

This is covered in the email client setup notes relating to outlook.

[janet]

wbs316

Incoming mail server: mail.theirdomainname.com.au
Outgoing mail server: mail.theirdomainname.com.au
..........the only shortcoming which is a very minor one is that the user needs to respond each time Outlook is opened to the security certificate window.

If you had followed my earlier advice you will not even get certificate errors
ie
config setprop modSSL CommonName www.theirdomainname.com.au
expand-template /home/e-smith/ssl.key/key
expand-template /home/e-smith/ssl.crt/crt
signal-event post-upgrade
signal-event reboot

This changes the certificate on your server so that it will then match settings in your mail clients
so now you would use
Incoming mail server: www.theirdomainname.com.au
Outgoing mail server: www.theirdomainname.com.au

(Note that SME mail server will respond correctly)

You only need to open a browser to
https://www.theirdomainname.com.au
or save the certificate (depending on your device) the very first time, after that the certificate is indentified correctly/automatically.

[wbs316]

Hi p-jones,

thank you for your input.  I am aware of saving the certificate to the trusted root location as that is how all of the office PC's are configured.  I would have sworn that the certificate is saved to the trusted root location on this particular laptop but I will check it.

I only support one installation of SME and I am not strong at the linux command line level so for the sake of one laptop I am not about to make changes to the server at that level as Janet suggests in case it goes pear shaped and then I guess make changes to all of the office PC's with regard to their email profiles which are working fine!

[janet]

wbs316

The certificate by default is for servername.theirmaindomain.com.au whereas your mail client is referring to mail.theirmaindomain.com.au.
It works better if both match, & the way to fix that is to change both ends ie server & clients.
The wiki documentation needs correcting really.

[raem]

To all

I agree with Janet that the advice should be more consistent & should be improved/corrected

I have created this bug
http://bugs.contribs.org/show_bug.cgi?id=9106

[raem]

To all

I have updated the text of the wiki article (but some new screen images still needed)

http://wiki.contribs.org/Email_-_Setting_up_E-mail_clients_for_SME_8.0