VisNetic MailServer Administrator’s Guide
Version 6
Additional VisNetic MailServer Documentation is available at:
http://deerfield.com/support/visnetic_mailserver/support
VisNetic MailServer is published by
Deerfield.com
4241 Old U.S. 27 South
P.O. Box 851
Gaylord, MI 49735
989.732.8856
989.731.2642 fax
http://www.deerfield.com
Version 6.0.8
VisNetic MailServer Administrator Guide 1
Chapter 1 ............................................................................................................................. 7
Introduction ..................................................................................................................... 7
1.1 VisNetic MailServer Evaluation ........................................................................... 7
1.2 How to Purchase VisNetic MailServer ................................................................. 7
1.3 Expired Trial Mode Limitations ........................................................................... 8
1.4 Version 5 to Version 6 Upgrades .......................................................................... 8
Chapter 2 ............................................................................................................................. 9
Getting Started ................................................................................................................ 9
2.1 System Requirements............................................................................................ 9
2.2 Installation............................................................................................................. 9
2.3 Update Installation .............................................................................................. 17
2.4 Moving from the Test Installation to a Production Server ................................. 17
2.5 Configuration and License Backup ..................................................................... 18
2.6 Installation Checking .......................................................................................... 18
2.7 Check Mail Server Services ................................................................................ 19
2.8 Check DNS Server .............................................................................................. 19
2.9 Check Relaying ................................................................................................... 19
2.10 VisNetic WebMail Access ................................................................................ 20
Chapter 3 ........................................................................................................................... 23
Server Administration Methods .................................................................................... 23
3.1 Server Administration Methods .......................................................................... 23
3.2 Local Windows GUI Administration .................................................................. 24
3.3 Remote Windows Administration....................................................................... 24
3.4 Web Based Administration ................................................................................. 25
Chapter 4 ........................................................................................................................... 28
Server Windows Administration................................................................................... 28
4.1 Main Window ............................................................................................... 28
4.2 How to Create your own Digital Certificates ..................................................... 31
4.3 Configuration Backup and Restore ..................................................................... 32
4.4 Find Dialog ......................................................................................................... 34
Chapter 5 ........................................................................................................................... 36
Server Windows Administration................................................................................... 36
5.1 Accounts ....................................................................................................... 36
5.2 Domain .......................................................................................................... 37
5.2.1 Domain Administrator .............................................................................. 38
5.2.2 Domain Unknown Users ........................................................................... 38
5.2.3 Domain Options ........................................................................................ 39
5.2.4 Domain Miscellaneous.............................................................................. 42
5.2.5 Domain Info .............................................................................................. 42
5.3 User Basic Setup ........................................................................................... 43
5.3.1 User – Import Windows NT Users ........................................................... 47
5.3.2 User – Shared IMAP Folders .................................................................... 47
5.3.3 User – Options .......................................................................................... 49
5.3.4 User – Responder ...................................................................................... 50
5.3.5 User – Special ........................................................................................... 52
VisNetic MailServer Administrator Guide 2
5.4 Mailing List ................................................................................................... 53
5.4.1 Mailing List – General .............................................................................. 53
5.4.2 Mailing List – Message ............................................................................. 56
5.4.3 Mailing List – Security ............................................................................. 57
5.4.4 Mailing List – Other.................................................................................. 58
5.5 List Server ..................................................................................................... 60
5.5.1 List Server – Creating a List Server .......................................................... 61
5.5.2 List Server – Commands ........................................................................... 62
5.5.3 List Server – Options ................................................................................ 63
5.6 Executables ................................................................................................... 63
5.7 Remote Accounts .......................................................................................... 65
5.7.1 Remote Accounts – Domain POP ............................................................. 66
5.7.2 Remote Accounts – Special ...................................................................... 67
5.8 Static Routes ................................................................................................. 68
5.9 Notification ................................................................................................... 70
5.9.1 Notification - Other ................................................................................... 71
5.10 Catalog .............................................................................................................. 72
5.10.1 Catalog – Retrieve File Example .................................................................. 76
5.10.2 Catalog – Retrieve File from Folder Example .............................................. 77
5.10.3 Catalog – Retrieve all Files from Folder Example ....................................... 78
5.10.4 Catalog – Send File from Server to the Any Recipient Example ................. 79
Chapter 6 ........................................................................................................................... 80
Server Windows Administration................................................................................... 80
6.1 Server Monitor .................................................................................................... 80
Chapter 7 ........................................................................................................................... 83
Server System Tab ........................................................................................................ 83
7.1 System Tab.................................................................................................... 83
7.2 Remote Server Control ................................................................................. 84
7.3 Remote Server Control ................................................................................. 84
7.4 Service State.................................................................................................. 86
7.5 Service Settings ............................................................................................. 87
7.5.1 Service Settings – Performance Settings .................................................. 88
7.5.2 Service Settings – Service IP Binding ...................................................... 89
7.5.3 Service Settings – Max Parameter Settings .............................................. 89
7.5.4 Service Settings – Undeliverable Messages ............................................. 90
7.5.5 Service Settings – Other............................................................................ 90
7.5.6 Service Settings – Misc Outlook 2002/XP Bug Work Around ................ 91
Chapter 8 ........................................................................................................................... 92
Server Professional Tab ................................................................................................ 92
8.0 Server Professional Tab ...................................................................................... 92
8.1 Professional Tab – Data Base Settings ............................................................... 92
8.2 Professional Tab – ODBC Logging .................................................................... 94
8.3 Professional Tab – LDAP ................................................................................... 95
8.3.1 Professional Tab – LDAP Architecture ........................................................... 95
8.3.2 Professional Tab – LDAP Server ..................................................................... 95
8.3.3 Professional Tab – LDAP Configuration ......................................................... 96
VisNetic MailServer Administrator Guide 3
8.3.4 Professional Tab – LDAP Shared Address Book ............................................ 99
8.3.5 Professional Tab – Using LDAP.................................................................... 100
8.3.6 Professional Tab – LDAP Tools .................................................................... 102
8.4 Professional Tab – Remote Server Watchdog .................................................. 103
8.5 Professional Tab – Multiple CPU Support ....................................................... 104
8.6 Professional Tab – Task Schedule .................................................................... 105
8.7 Professional Tab – TCP/IP Tunnel ................................................................... 105
Chapter 9 ......................................................................................................................... 107
Server Options Tab ..................................................................................................... 107
9.1 Options .............................................................................................................. 107
9.2 Options - Logging ............................................................................................ 107
9.3 Options – Other Options ................................................................................... 109
9.3 Options – User Statistics ................................................................................... 111
9.4 Options – Data Storage Directories .................................................................. 112
9.5 Options – Proxy Server ..................................................................................... 113
9.5.1 Options – Proxy Server / General Settings .................................................... 114
9.5.2 Options – Proxy Server / AntiVirus Settings ................................................. 115
9.6 Options – Header / Footer ................................................................................. 115
9.7 Options – Disk Space Monitor.......................................................................... 116
9.8 Options – Auto Archive .................................................................................... 117
9.9 Options – Auto Backup ..................................................................................... 118
Chapter 10 ....................................................................................................................... 120
Server Security Tab..................................................................................................... 120
10.1 Security – Content Filter ................................................................................. 120
10.1.1 Security – Content Filter / Editing .............................................................. 122
10.1.2 Security – Content Filter / String Condition ............................................... 126
10.1.3 Security – Content Filter / Basic RegEx Tutorial ....................................... 128
10.2 Security – Instant Anti Spam .......................................................................... 130
10.3 Security – Anti Spam Filter ............................................................................ 138
10.3.1 Security – Anti Spam Filter / Bypass File .................................................. 141
10.4 Security - AntiVirus ........................................................................................ 141
10.4.1 Security – AntiVirus / Settings ................................................................... 142
10.4.2 Security – AntiVirus / Integrated AV Mode ............................................... 143
10.4.3 Security – AntiVirus / Plug-in Settings ...................................................... 144
10.4.3 Security – AntiVirus / Miscellaneous ......................................................... 145
10.4.4 Security – AntiVirus / External AV Filters................................................. 146
10.5 Security – Security .......................................................................................... 147
10.6 Security – Service Watchdog .......................................................................... 148
10.7 Security – Tarpitting ....................................................................................... 148
10.8 Security – Static Filters ................................................................................... 149
10.9 Security – Firewall .......................................................................................... 150
Chapter 11 ....................................................................................................................... 151
Server Delivery Tab .................................................................................................... 151
11.1 Delivery – Anti Relaying & Anti Spam .......................................................... 151
11.2 Delivery – Delivery......................................................................................... 154
11.3 Delivery – ETRN and ATRN Settings............................................................ 156
VisNetic MailServer Administrator Guide 4
11.4 Delivery – Connection .................................................................................... 157
Chapter 12 ....................................................................................................................... 159
Server Instant Messaging Tab ..................................................................................... 159
12.1 Instant Messaging ........................................................................................... 159
12.2 Instant Messenger Gateways........................................................................... 163
Server License Information Tab ................................................................................. 165
Chapter 13 ....................................................................................................................... 167
Instant Messenger ....................................................................................................... 167
13.1 Instant Messenger ........................................................................................... 167
13.2 Basic IM Setup ................................................................................................ 168
13.3 Single Domain IM Communication ................................................................ 169
13.4 Multiple Domain IM Communication ............................................................ 173
13.5 Multi Server IM Communications .................................................................. 173
13.6 Anonymous Group Chat ................................................................................. 175
Chapter 14 ....................................................................................................................... 178
Web Access ................................................................................................................. 178
14.1 Web Access ..................................................................................................... 178
14.2 Administrator Settings .................................................................................... 179
14.3 Administrator Global Address Book .............................................................. 183
14.4 WebMail access without port 32000 in the URL............................................ 184
14.5 WebMail access without \mail in the URL ..................................................... 185
14.6 WebMail Multi-Domain Configuration (Virtual Hosts) ................................ 186
14.6.1 Virtual Host Redirection .............................................................................. 187
14.6.2 Multi-domain Virtual Hosts Configuration ................................................. 187
14.7 Secure WebMail Access ................................................................................. 189
14.8 Advanced WebMail Settings .......................................................................... 191
Chapter 15 ....................................................................................................................... 196
WAP Access ............................................................................................................... 196
15.1 WAP Access ................................................................................................... 196
15.2 Connecting to the Service ............................................................................... 196
Chapter 16 ....................................................................................................................... 197
Advanced Server Protection ....................................................................................... 197
16.1 Relaying and the “we do not relay” message.................................................. 197
16.2 Relaying and Spam ......................................................................................... 198
16.2 Spammers and Tarpitting ................................................................................ 201
16.3 Disable Receipt of Improperly Formatted Emails .......................................... 202
Chapter 17 ....................................................................................................................... 204
Developer and System Integrators .............................................................................. 204
17.1 API .................................................................................................................. 204
17.2 API Variables and Values ............................................................................... 204
17.3 Users and Domains Command Line Tools ..................................................... 204
Chapter 18 ....................................................................................................................... 211
How VisNetic MailServer Works ............................................................................... 211
18.1 How VisNetic MailServer Works ................................................................... 211
18.2 SSL Certificate Conversions ........................................................................... 212
18.2.1 Certificate Conversion from IIS 4.0............................................................. 215
VisNetic MailServer Administrator Guide 5
18.2.2 Certificate Conversion from IIS 5.0............................................................. 218
18.2.3 Creating your own Certificate Conversion for IIS 5.0 ................................. 221
18.3 If you cannot Send or Receive Email ............................................................. 221
18.4 Variables ......................................................................................................... 227
Appendix A ..................................................................................................................... 229
Technical Support ....................................................................................................... 229
VisNetic MailServer Administrator Guide 6
Chapter 1
Introduction
1.1 VisNetic MailServer Evaluation
To download a free fully functional trial version of VisNetic MailServer, open your web
browser and go to: http://www.deerfield.com/download/visnetic_mailserver
The Evaluation period is 30 days from the installation date.
1.2 How to Purchase VisNetic MailServer
The Server Reference Key is required for purchasing VisNetic MailServer. The Server
Reference Key is available by selecting the License Information icon:
The License Keys window is displayed, providing the Server Reference Key.
l
To purchase VisNetic MailServer please visit:
https://shop.deerfield.com/cart
Or contact our sales department at:
Sales – sales@deerfield.com
Support – http://www.deerfield.com/support/visnetic_mailserver
Purchase – https://shop.deerfield.com/cart
Website – http://www.deerfield.com/products/visnetic_mailserver
Deerfield.com – http://www.deerfield.com
VisNetic MailServer Administrator Guide 7
1.3 Expired Trial Mode Limitations
The limitations of the expired 30-day TRIAL mode are:
You cannot change any mail server settings
VisNetic WebMail Client will not allow users to log-in
Instant Messenger will not allow users to log-in
After 60 days the Mail Services will shut-down
VisNetic MailServer services will continue to function, providing the ability to send and
receive email.
1.4 Version 5 to Version 6 Upgrades
VisNetic MailServer version 6 introduces a new licensing system, which requires a
version 6 style license key. Version 5 license keys cannot be entered in Version 6. The
version 6 license key is dependent on a unique server reference key that is generated by
the MailServer and displayed on the License Information tab of the Version 6
configuration utility.
The server reference key must be presented along with your Version 5 registration code
in order to generate a version 6 registration key.
A simple online registration wizard will step you through the process. Upon completion
of the wizard, your version 6 license key will be displayed in the browser window and
will also be sent to you via email. Upon receipt, it can be installed on the "License
Information" tab of the configuration utility.
You can access the Online Registration Wizard by clicking the Help, Secure
Registration link in the configuration utility or by accessing
https://shop.deerfield.com/vms6/index.aspx with your Internet browser.
If you are upgrading and within your upgrade protection window, you will be prompted
by the installer to access the online registration wizard, just answer Yes, when prompted,
and follow the links.
For additional information, check out the VisNetic MailServer Website:
http://www.deerfield.com/products/visnetic_mailserver/
VisNetic MailServer Administrator Guide 8
Chapter 2
Getting Started
2.1 System Requirements
Minimum Requirements; 1-50 users (a larger user base will require more system
resources)
CPU 233Mhz
Win 95/98, Win ME, Win NT4 Server and Workstation, Win XP, Win2000,
Windows 2003
64 MB RAM
More RAM is required when there are more users. Over 50 users, 128 MB. Over
2000 users, 256 MB. Over 5000 users, 512 MB.
Typical hard-disk space required: 30 MB, additional space for any mail to be
stored
Only TCP/IP is required to use VisNetic MailServer on a LAN for local email
solution. To use VisNetic MailServer on a LAN and the Internet, access to the
Internet and a properly configured MX record for the domain at the DNS server
are required.
2.2 Installation
The first time you install VisNetic MailServer on any PC it is always in TRIAL mode.
To start the installation, double click on the downloaded vmssetup_en.exe file.
1. When you execute the VisNetic MailServer setup file, you will be presented with a
Welcome Screen. It is recommended that you exit all other Windows programs
before continuing with the installation. If you have other programs running, click the
Cancel button to exit the installation, exit all other programs, and then restart the
VisNetic MailServer setup file. If you have no other Windows programs running,
click the Next button to continue the installation.
VisNetic MailServer Administrator Guide 9
2. Next is a Readme for VisNetic MailServer v5 to v6 Upgraders which provides
information on the v6 Licensing System. Please review this screen before proceeding.
3. You will then be presented with the Software License Agreement. Please read the
entire License Agreement. If you agree to the terms, select Yes to continue. If you do
not agree with the terms select No, and the installation will be cancelled.
VisNetic MailServer Administrator Guide 10
4. Enter the Name and Company of the VisNetic MailServer user and click Next to
continue.
5. Select Components to Install. A combination of components may be installed to best
suit your requirements.
MailServer – Installs Remote Administration Utility, SMTP, POP3, IMAP and
LDAP Service components.
WebMail – Installs Web-based email client component.
Web Administration Server - Remotely administer VisNetic MailServer via the
Web.
VisNetic MailServer Administrator Guide 11
Remote Administration Utility – Remotely administer VisNetic MailServer without
the requirement of installing the complete MailServer component.
6. The default installation folder for VisNetic MailServer is
C:\Program Files\Deerfield.com\VisNetic MailServer.
To install VisNetic MailServer in a different folder, click the Browse button
and select an alternative installation folder.
VisNetic MailServer Administrator Guide 12
7. Enter your registration key or select the Enable 30 Day Evaluation button. Click
Enter. Click Next to continue.
8. Enter the MailServer Hostname. For example: mail.domain.com.
Then, click Next.
9. Enter the DNS Server(s) that you wish to use. Use the default DNS Servers if you do
not have the name or IP address of your DNS Servers.
Click Next to continue with the configuration.
VisNetic MailServer Administrator Guide 13
10. Enter the Primary Domain and Domain Description for this MailServer.
Click Next to continue.
11. Enter a Real Name and User Name to set up the Administrative / Postmaster
Account for this domain. Click Next.
VisNetic MailServer Administrator Guide 14
12. Enter a Password and Verify your Password for the account you have just created.
Click Next.
13. The installation will detect if VisNetic AntiVirus Plug-in is installed. It is highly
recommended that you use the VisNetic AntiVirus Plug-in to protect your mail from
viruses. To learn more about the VisNetic AntiVirus Plug-In place a check mark in the
box, and click Next.
VisNetic MailServer Administrator Guide 15
14. You have now completed the Installation. To configure your VisNetic MailServer
immediately, put a check mark in the appropriate box and click Finish.
If you are running the IIS SMTP Service, it will be stopped during the VisNetic
MailServer Installation. If you need to use IIS SMTP Service and VisNetic MailServer on
the same computer, you have to:
Disable SMTP Pooling (W2K, WXP) - for more details search the Microsoft Web
Site
Bind VMS and the IIS SMTP Service to two separate IP address
VisNetic MailServer Administrator Guide 16
OR
Use for the IIS SMTP Service on a port other than the port that is being used by
VMS
2.3 Update Installation
A fully licensed VisNetic MailServer includes 365 days of FREE UPDATES from the
date that you entered the purchased License.
Within this period you can download the latest version of VisNetic MailServer and
seamlessly install it OVER your existing version.
All configuration settings, domains, users and all other data will be preserved and your
mail server operation will be uninterrupted in the most cases.
If the VisNetic MailServer installation has already exceeded the 365 day free update
period, you will be prompted to upgrade your license during the installation process.
To verify the number of days remaining for free updates, select the License Information
icon. Number of days for Free Upgrade and Expiration are displayed.
2.4 Moving from the Test Installation to a Production Server
To obtain a fully licensed VisNetic MailServer you must always start by downloading
and installing VisNetic MailServer in TRIAL mode. To obtain the License that you
require you will first need the "Reference Key". This is a unique number generated upon
installation and is used to generate your unique license key for that particular installation.
HOWEVER, it does not tie your fully licensed VMS to that installation in any way and
you are free to migrate VisNetic MailServer to another machine.
If you have installed VMS on a test computer in TRIAL mode:
Download and install the latest version on the production PC
Purchase the License (You will need the Reference Key )
Enter the License
Backup your configuration and store it on secure place.
The "backup" will contain all of your settings INCLUDING your License. This allows
you to quickly restore the configuration and license in the event of hardware failure.
If you are using VMS on test computer in the LICENSED mode:
VisNetic MailServer Administrator Guide 17
Use Backup features of the VMS and save the .MCB file
Download and install the recent version on the production PC
Restore the configuration from the .MCB file. The configuration and License will
be restored.
2.5 Configuration and License Backup
VisNetic MailServer provides a Backup and Restore Configuration utility. Backup saves
all configuration, account, domain and user account information plus the license key and
all other files from /VisNetic MailServer/Config/ directory.
It is recommended to backup after final configuration and entering the purchased license
information. In case of the hardware failure you will be able to restore not only
configuration, but your license as well.
Save the configuration information to some safe location. It is recommended that this file
is kept somewhere safe such as written to a removable media and taken off the site
regularly.
2.6 Installation Checking
To check your installation, open up the VisNetic MailServer Administration applet from
the Start /Programs /Deerfield.com /VisNetic MailServer /VMS Configuration
Administration Panel.
VisNetic MailServer is installed correctly, if:
All Mail Server services are running POP, SMTP & Control
Your DNS Server is running and working properly
Your Server IP address is in the "Relaying from field" located under the
"Delivery" tab. (Note: Do not remove the local loopback from this field 127.0.0.1
as it is required for proper mail server operation.) Example:
127.0.0.1;209.122.22.23
VisNetic MailServer Administrator Guide 18
2.7 Check Mail Server Services
Check that all 3 services (SMTP, POP3 and Control) are running (green lights).
2.8 Check DNS Server
Use the DNS Query Test button to ensure proper DNS resolution.
It brings up following dialog window if test is successful.
2.9 Check Relaying
VisNetic MailServer is "closed relay" by default. This means that the only users capable
of sending email via VisNetic MailServer are:
1. Mail Server users with proper SMTP Authentication set in the Client program
2. Mail Server users who authenticate vie their POP account before sending emails
(POP before SMTP Authentication)
VisNetic MailServer Administrator Guide 19
3. Users connecting from computers (client programs, like Outlook Express) via an
IP address that is listed in the field "Relaying From" field in the "Delivery" tab.
If you are not sure about IP address of your Client program, leave relaying settings with
the default values below.
Default list of the IP addresses in the Relaying From field is usually corresponding to the
IP address range of the local LAN and/or web server(s) that use VisNetic MailServer to
relay information from web-based forms.
If you are connecting from the LAN and you are not using authentication methods
described in bullet #1 or #2 above, you will need to add your machine's IP address to the
Relaying From field.
Note: Do not remove the IP address 127.0.0.1, since this is used for VisNetic WebMail
access.
2.10 VisNetic WebMail Access
The VisNetic WebMail client allows access to your email from any TCP/IP connected
computer via a browser. You can read and reply to email from anywhere from any
computer on the Internet as long as it has a web browser installed. To run the WebMail
Client type the following into your browser
Or
On the PC where VMS is installed you can use as hostname "localhost". URL will look
like:
Enter the username and password on the Log-In screen.
VisNetic MailServer Administrator Guide 20
Press the "New Message" button and send the message to admin@yourdomain.com
Now Log-out and log-in back with the username and password for the admin account
created during installation. You will see that the message has been delivered.
VisNetic MailServer Administrator Guide 21
If the message is delivered properly from a local sender to a local recipient, then VisNetic
MailServer is working correctly. If it is not working for Internet sending or receiving, then you
should look for errors with the DNS server that VMS is using and also the DNS servers that are
authoritative for the domain you are trying to receive email for. Additionally, you should check
your firewall settings.
VisNetic MailServer Administrator Guide 22
Chapter 3
Server Administration Methods
3.1 Server Administration Methods
VisNetic MailServer utilizes several ways configuration access:
Local Windows GUI Administration
Remote VMS Configuration Program Administration
Remote Web Admin Administration.
Local Administration is provided by the Windows Configuration Program.
Remote administration of VisNetic MailServer is one of the most useful features for the
LAN and Server administrators.
Each VisNetic MailServer can serve as a Host or as Remote Client. Special plug-in are
not required. Host operation of VMS is provided by the Control Service.
To Administer VMS remotely you must login as an Administer.
New user accounts default to Standard Users. Standard users do not have remote
administration rights. You may set user level by selecting the Accounts icon and
selecting the User tab to one of the following:
Administrator
Domain Administrator
Self Configurable User
The full rights are given only to the Administrator.
VisNetic MailServer Administrator Guide 23
3.2 Local Windows GUI Administration
Local Windows GUI Administration is available via the VisNetic MailServer
Configuration Applet. Accessed by: Start / Programs / Deerfield.com / VisNetic
MailServer / VMS Configuration
3.3 Remote Windows Administration
Each installed VisNetic MailServer is acting as a REMOTE HOST. Host operations are
controlled by the Control Service. If you want to use this feature, ensure you have
allowed the Control Service ports in your network (Firewall) and that your Control
Service is running.
Default ports are:
32000 for regular connection
32001 for secure connection
To connect to the any VisNetic MailServer you need to know:
hostname or IP address of the PC where VMS is installed
Admin level username
Password
To connect to a remote VMS use any VisNetic MailServer Installation.
Just install the VisNetic MailServer at your local machine and run the Windows GUI
Configuration Program.
Note: The version of the remote VMS and local installation must be the same however
you can use VMS in the Trial mode for this purpose.
Then select the Connect icon from the Windows GUI.
Provide the details of the VMS installation you wish to connect to.
Confirm Connection:
VisNetic MailServer Administrator Guide 24
Now you have access to your Host VisNetic MailServer (installed at remote location)
Configuration console.
Remote configuration is very fast, since the all data are automatically
compressed/decompressed during transmissions.
3.4 Web Based Administration
All you need for the Web Based Administration is the PC connected to the LAN
(Internet) and ability to browse web pages.
To connect to the any VisNetic MailServer you need to know:
Hostname or IP address of the PC where VMS is installed (Remote VMS)
Admin level username
Admin level password
The Control Service at the Remote VMS (host) has to be up and the Ports user by the
Control Service has to be "open" at your firewall.
You can use http or secured https protocol. The connection URL is like:
or
It will get you to the Login page:
VisNetic MailServer Administrator Guide 25
Enter the valid Admin Level username and password and you will get to the
administration page.
However there is one option, which is only in the Web Based Administration. You can
watch the Outgoing/Incoming Queue.
If you want to "Send Now" some message waiting in the Outgoing Queue, select it and
press the Reset Message button.
The messages to send for the first time are physically located at:
/Mail/Forward/
VisNetic MailServer Administrator Guide 26
If the first try to send a message failed, then are stored at:
/Mail/Forward/Retry/
VisNetic MailServer Administrator Guide 27
Chapter 4
Server Windows Administration
4.1 Main Window
The Main menu consists of five sections.
Field Description
Open File You can open any text file with VMS text editor.
Save Config Save your current configuration
Reload Refresh entire configuration.
Config
Connect Lets you connect and remotely administrate any existing VMS installation.
Disconnect Disconnect from remote server.
Exit Exit VMS configuration applet
VisNetic MailServer Administrator Guide 28
Field Description
Create Digital Allows you to generate your own digital certificate for secured SSL
Certificates connections.
IP Address Allows you specify concrete IP address for certificates.
SSL
Certificates
Backup Backup your current configuration to the .mcb file (VMS Backup file). File
Configuration contains whole users/domains configuration and license information.
Restore Restore your saved configuration from the backup file.
Configuration
Export License Lets you export license information to the XML formatted file. If you have any
Information license problem, just send this file with short description to our technical
support.
Use Safe If checked, all important dialogs would be confirmed.
Confirmation
Show Splash Allows you enable or disable welcome screen
Screen At
Startup
Require Lets you set forced authentication of VMS configuration applet. Only
Authentication Administrator or user with administration permissions can run and modify
To Access configuration.
Settings
VisNetic MailServer Administrator Guide 29
Do Not If you don't want to backup your license data in .mcb file, you can use this
Include option.
License
Numbers in
Backups
Field Description
All Sections Lets you access all sections in VMS configuration applet. You can use shortcuts too.
Expand all Expand all configuration panels in VMS configuration.
Panels
Field Description
New Domain Creates new domain in VMS. You can use shortcut "CTRL+D"
VisNetic MailServer Administrator Guide 30
Make Primary Make any domain primary.
Add Allows you add account to VisNetic MailServer. Is possible to use shortcuts.
Groups Lets you specify group of users in VMS.
Import You might already have the user accounts set up in the Windows NT user database. To
Window NT save retyping, these can be imported into VisNetic MailServer.
users Select the users you want to import and press the Import button. More users can be loaded
from different domains/servers using the Load button. If there are any aliases or
mailboxes with same value these users will be ignored and not imported. Passwords can
never be retrieved from any Windows system thus will be empty and you need to edit
them.
Account Allows you specify default accounts data. Specified parameters would be used for every
Defaults new mailbox in VMS. You can edit settings manually in "default.ini" file (VMS
directory).
Statistics Display all VMS statistics
4.2 How to Create your own Digital Certificates
Our certificate generator lets you create your own certificate for secured SSL
connections.
VisNetic MailServer Administrator Guide 31
1. Click on the "Tools" in Main Menu toolbar. You can find certificate generate tool
there. Just run "Create Digital Certificates".
2. Fill all important information in the form like below and save output file (cert.pem) to
the VisNetic MailServer directory.
You can also specify several certificates for several IP addresses in "IP Address SSL
Certificates" dialog.
4.3 Configuration Backup and Restore
The VisNetic MailServer Configuration data is stored in the folder:
/VisNetic MailServer/Config/
They are stored information about your:
General server settings
All account settings (domains, usernames, passwords, etc.)
Licenses
You can easy backup your /VisNetic MailServer/Config/ folder by using Backup
Configuration function located on the menu bar / Tools.
VisNetic MailServer Administrator Guide 32
It is recommended to provide a backup after the final configuration and entering your
purchased license information.
In case of the hardware failure you will be able to restore not only configuration, but also
your license. It is recommended this file be kept somewhere safe such as written to a
removable media and taken off the site regularly.
Sequential and Scheduled Backup
Use Backup and Sequential features, if you want to save backup under different name
and in set time. At first set time in default "Schedule Task" window.
To get Sequential functionality add a string of variables anywhere to the backup file
name. Strings with variables have to be delimited by the double quotes.
The file name as:
VisNetic MailServer Administrator Guide 33
will create the backup file:
20040219vms_backup.mcb at the 19th. Of February 2004, however the next day will be
created the new file 20040220vms_backup.mcb
Variable Description
YYYY Year of the actual date
MM Month of the actual date (01 - 12)
DD Day of the actual date (01 - 31)
HH Hour of the actual time in 24 format
NN Minutes of the actual time
SS Second of the actual time (00 - 59)
Configuration Restore
Choosing the Restore option will prompt you for a file containing backed-up data. Once a
file is chosen and opened, the configuration will be restored. So use this option carefully
in order to prevent overwriting your config with an old version.
Should a server have to be rebuilt and all software freshly installed, this provides an
excellent way of retrieving all the users' account information without retyping.
Also, the license key is backed-up with the configuration. Therefore it is a good idea to
make a backup as soon as the product has been registered!
4.4 Find Dialog
We can easily find any user in any domain by "Find" dialog.
I want to find any users name or aliases that contains word "user" in domain
"vmsdemo.com"
VisNetic MailServer Administrator Guide 34
You can specify what Alias/Name or Domain you are finding. Of course is possible to
limit number of results displayed.
All results are displayed in default users list. However as you can see, we are in [Search]
mode (if you want to leave this mode, just press F5 to refresh). This mode displays
searched user only.
VisNetic MailServer Administrator Guide 35
Chapter 5
Server Windows Administration
5.1 Accounts
Accounts allow you to create your domain, users, mailing lists, list servers, and more.
Account Manipulation.
Cut, Copy and Paste can be used to manipulate accounts.
Add will allow the creation of new Accounts to the system
To add a new account you can also use the corresponding icons from the VMS top bar:
The next possibility is the top pull down menu:
Or the same with the Right-Button-Mouse Click.
Account Deletion.
Delete will remove an account. It will only remove:
configuration data
or
configuration data and directory folder with delivered messages
The Account and the directory folder deletion have to be confirmed:
VisNetic MailServer Administrator Guide 36
Notice that the default button selection is YES. So you can remove account by pressing
key Enter only. The use Safe Confirmation default may be changed to No.
However if you will set option Use Safe Confirmation, the default will be No.
5.2 Domain
New Domain will bring up the new domain section and allow more domains to be
entered.
Make Primary will convert the selected domain into the primary domain. At least one
domain must be defined as Primary. The server messages (e.g. disk quota, EICAR Test
Virus) are always delivered to the postmaster of the Primary Domain.
The Primary Domain is marked with the small letter P.
We can say, that Primary Domain Postmaster is "master or masters" - the most informed
user.
There is no particular difference between a primary and secondary domain. You should
realize that domain names and host names are not the same. That means if you have a
secondary domain then if you want your users to connect to mail.secondary.com or
similar, both MX and A DNS records must exist.
VisNetic MailServer displays the domains and accounts in a hierarchical format.
Expanding a domain will show the types of account which belong to it, expanding the
types will show the individual accounts setup.
The default order of the domains is alphabetic by domain name.
VisNetic MailServer Administrator Guide 37
If you need different order, or domains grouping for the maintenance purposes, use
Domain Description field.
By the setting option Show Domain Description, the domains are listed in Domain
Description order.
5.2.1 Domain Administrator
Field Description
Default Alias Specifies the postmaster aliases. Aliases can be separated by the semi-colon
delimiter without spaces. This means you do not need to create those users in the
domain as accounts.
E-Mail Specifies the actual account for all the postmaster aliases. Multiple accounts can
be specified (semicolon delimiter), even remote accounts for different domains.
Domain Administrator E-Mail Option can not be empty.
5.2.2 Domain Unknown Users
VisNetic MailServer Administrator Guide 38
Field Description
Info To Admin If an email is sent to an unknown user, the admin (postmaster) for this
domain will be notified regardless of whether the mail is rejected or
forwarded.
Reject Mail If an email is sent to an unknown user, this option specifies that it should be
rejected and returned to the sender. No message will be ever transferred.
Forward To If an email is sent to an unknown user, the email will be forwarded to the
specified account. It is quite common to setup a catch all account (for server
Domain POP) that will receive all unknown mails.
This is how ISPs offer unlimited email aliases since you can send mail to
anything@domain.com. When using a catch all account it is suggested to
switch on the Add X-Envelope-To option for that account.
5.2.3 Domain Options
Local Domain Options
Local Domain Options are valid for the domain and all users of this domain.
The default value of the options (zero - 0) means: "without limits"
Field Description
Domain Admin Domain Administrator can create up to specified # Accounts.
Account Limit
Domain Disk The total disk space used by the all users from domain can not exceed the
Quota specified quota.
User Mailbox Any user of the domain can receive mails, only until total size of the all
VisNetic MailServer Administrator Guide 39
Size received mails (and not downloaded via PO3 or deleted via IMAP) will not
exceed the value specified there.
User Megabyte User of domain can send mails with total size
Send Limit per
day up to the specified limit per day
User Number User of domain can send total number of mails up to the specified limit per
Send Limit per day
day
User Max. This parameter limits the maximum size of the ANY message send by the
Message size domain user.
Global Domain Options
Global Domain Options are valid for WHOLE SERVER - All Domains, which are
specified in the parametric file.
Field Description
Use Domain Disk This option indicates that specified domains should be checked for disk
Quota quota when receiving new mail. If the quota exceeds the limit the mail
will be rejected. Any domains requiring a quota need to be specified in a
file diskquot.dat (in the Config subdirectory).The file can be opened
with the edit button
The format of the file is as follows:
Domain=limit
Example:
usa.net=5192
*=10000
This would specify that all domains have a 10MB limit apart from usa.net
which has 5MB.
Use Domain User This option is enabling/disabling the usage of the User limits specified
Limits above:
User Mailbox Size
User Megabyte Send Limit per day
User Number Send Limit per day
User Max. Message size
Works for WHOLE SERVER, ALL DOMAINS.
VisNetic MailServer Administrator Guide 40
If you want to control only some of the users, you have to enable this
option and for each individual domain enter the User limit values you
want.
Use Welcome This option specifies that when a new user is created, a welcome email
Messages will be saved into his mailbox. You can specify different messages for
particular domains and not all domains have to have the welcome
message set.
The welcome mails must be created in separate text files. These text files
are referred to in the file messages.dat (in the Config subdirectory) which
can be opened for editing using the edit button
The structure of the file is as follows:
domain=filename
Example:
Deerfield.com=c:\deerfield.com\visnetic mailserver\welcome.tmp
If a line specifies an asterisk as the domain, the specified welcome file
will be used for the rest of the domains. Remember that if you want to use
this option, the asterisk must be on the last line of the file because the
following lines will not be checked.
It would be wise to send such message to any mailbox on the server and
then use the mail\domain\mailbox\xxxxx.tmp.
Example:
From: Support
To: All new users
Subject: Welcome our new user
Dear New User,
We would like to welcome ...
Warn User When A warning email is sent to any user of the domain, when their mailbox
Mailbox Size exceeds specified % of the total reserved space for him.
Exceeds (%)
The 0% means no warning.
The welcome file must be a normal mail i.e. specify fields such as From: Subject: etc and end
the file with a carriage return, period ('.') carriage return at the end.
VisNetic MailServer Administrator Guide 41
5.2.4 Domain Miscellaneous
Field Description
Domain Virtual IP A domain can be logically bound onto IP's. (If the primary domain is
Binding bound to an IP it is required that the other domains are also bound.)
You can specify multiple IP addresses using semi-colon.
When a user connects to authenticate VMS will use the specified IP to
find the domain. It is not recommended to use this option unless you
know what you are doing.
Domain Anti Spam Filter In filters you can specify email addresses, domains and IP addresses
that are or are not allowed to send messages to your server.
This is a text file which defines rules for accepting or rejecting email
for this domain. The Global Anti Spam option must be switched on to
have this working.
Click on the edit button to bring up the text file for editing.
5.2.5 Domain Info
The Info Tab shows information about selected domain.
VisNetic MailServer Administrator Guide 42
Use the "Statistics" button to view all domain statistics information (number of users,
used space, total number of messages, etc).
5.3 User Basic Setup
Field Description
Alias This is the users name at the domain. Example: to setup the email address
support@deerfield.com enter an alias of support.
Multiple aliases can be used by separating them with a semi-colon:
support;help;bugs;info
Mailbox This is the name of the mailbox and mail account. Usually automatically created
by VMS. This is what is used for authentication and mail collection. It defaults
to the same as the alias but does not have to be.
The mailbox name is also used as the login for web admin or remote
configuration.
Password The password for the mailbox. Repeat in the confirmation field.
Name The real name, or an identifier. This is used in autoresponders and for displaying
the accounts. You can also specify a comment in this field. You should use the
semi-colon and then enter the comment. The comment is not used for
autoresponders and account displaying. It's only used in searches and for your
needs.
Eg. "John Doe; my comment over here"
VisNetic MailServer Administrator Guide 43
Comment You can write some commentary for this account.
Important Information regarding duplicate mailboxes!
It is likely there will be duplicate mailboxes across different domains e.g.
sales@domaina.com, sales@domainb.com.
Delivery of email is easy since the domain is specified. However, upon mail collection by
users, in order for VMS to know which mailbox is being requested it compares mailbox
and password combinations. It is possible to have duplicate mailboxes across different
domains, but the passwords must be different.
One way round this is to bind all domains to different IP addresses. Then VMS can
differentiate between domains using IP. Or, make the mailbox unique by specifying the
full email address.
Account Storage Location
Field Description
Mailbox Path This specifies that any email received to this account is stored in the defined
mailbox. The directory name of the mailbox defaults to the name of the alias
but can be different. This field can even contain a full qualified path.
Remote This specifies that mail is not to be stored by this mail account and forwarded
Address onto a remote address instead. This address should be of the format
name@domain.com
Forward To All incoming mail will be forwarded onto any addresses specified here. This is
a separate option not related to "mailbox path" or "remote address". This
provides a mechanism for copying email to remote or local accounts.
Account Type Specifies the account type which can be:
POP3
Ordinary POP3 account accessible via POP3.
IMAP
VisNetic MailServer Administrator Guide 44
IMAP account accessible only via IMAP.
IMAP & POP3
A combination of both IMAP and POP3. You can access the mailbox using
either of the protocols.
Account User Permissions
Pull-Down Item Description
Standard WebMail Access, Mail Client Access, Limited administration via
WebMail.
The account is setup by an administrator for a user and cannot be
changed by anyone other than an administrator.
Self Configurable Like Standard + Web Admin administration of the own account.
User
Passwords, mailbox/forwarding, auto responder and deleting mail
after x days are the types of settings which can be changed. They
can also view their mailbox.
Domain Like Self Configurable, but for all specified domains. Can
Administrator create/modify users at these domains.
Domain administrators cannot change global settings but are
allowed to administer accounts in their domains. At the right there
is a button for controlling domains the administrator can maintain.
Enter the domains on separate lines.
E.g.
deerfield.com
microsoft.com
You can also specify the domain administrator rights on the first
line like this:
RIGHTS=U,M,D
VisNetic MailServer Administrator Guide 45
The characters here stand for separate functions:
U - User accounts
M - Mailing list accounts
E - Executable accounts
N - Notification accounts
R - Remote accounts
D - Domain settings
Administrator Full Server Administration without limitations
Spam This checkbox depends on your Instant Anti Spam settings. User
Administrator can be "Spam Administrator". Such user can administrate Instant
checkbox Anti Spam messages databases and approve messages indexing.
Accounts User State
State Description
Enabled Fully working account.
Disabled (Login) Partially disabled account. Mail is received, but user can not log-
in. This is ideal for temporarily disabling accounts.
Disabled (Login, Disabled Account.
Receive)
Disabled If and email is delivered to this account, sender is considered as
(Tarpitting) "tarpitter" (See SECURITY, Tarpitting) and the IP address is
blocked as set in the Tarpitting Options.
Spam Administrator
VisNetic MailServer Administrator Guide 46
State Description
Spam Enables the Spam Admin access to the system using the Instant
Administrator Messaging Anti Spam plug-in.
Mailboxes Allows you to specify a few mailboxes the spam admin should be
able to maintain or moderate Instant Anti Spam access - Enables
the Instant Messaging Anti Spam plug-in.
5.3.1 User – Import Windows NT Users
Windows NT user database accounts may be imported into VisNetic MailServer.
Select the users you want to import and press the Import button. Additional users can be
loaded from different domains/servers using the Load button. If there are any aliases or
mailboxes with same value these users will be ignored and not imported. Passwords can
never be retrieved from any Windows system thus will be empty and you need to edit
them. Therefore, it is advisable to import the users as a first step of configuration.
5.3.2 User – Shared IMAP Folders
Shared IMAP Folders is a unique VisNetic MailServer feature which enables users to
share specified IMAP folders to the server users - over the Internet.
You can set IMAP folders sharing to any IMAP account.
VisNetic MailServer Administrator Guide 47
The Shared Folders button lets you open the Folder dialog where you can edit/delete and
add new shared folders.
Field Description
Name The folder name that will be displayed in the IMAP session
Domains Can be empty by default. Empty stands for all domains. You can specify
other domains there too.
IMAP Account Each shared folder is linked with an IMAP account. This field contains
the email address of the IMAP account.
IMAP Folder If empty the INBOX of the IMAP account will be used as the shared
IMAP. You can also specify a different folder here.
Shared Folder Access Control List
Field Description
Lookup (l) User can see this folder in their personal list of IMAP folders
Read (r) User can open this folder and view its contents.
Write (w) User can change flags on messages in this folder.
Insert (i) User can append and copy messages into this folder.
Create (c) User can create subfolders within this folder.
Delete (d) User can delete messages from this folder.
Set Seen Flag (s) User can change the read/unread status of messages in this folder.
Administer (a) User can administer the ACL for this folder.
Post (p) User can send mail directly to this folder (if folder allows).
In this dialog you set the rights to each email account that will login to IMAP. You can
also use the anyone account which stands for all non defined accounts.
VisNetic MailServer Administrator Guide 48
5.3.3 User – Options
Field Description
Limit mailbox A quote can be assigned to a mailbox. If the user fills their mailbox any new
size mail will be returned to the sender.
Megabyte send A non-zero value here specifies the amount of data a user can send out in a
limit per day day. Also, if a mail is sent to 2 recipients the usage is doubled. If the user
exceeds the limit he has to wait till the next day until being able to send some
more.
Number send A non-zero value here specifies the number of mails a user can send out in a
limit per day day. The logic is the same as the Megabyte send limit.
Max message A non-zero value here specifies the maximum message size a user can send
size or receive into his mailbox.
User can send This specifies that the user can only send mail to a domain which is
mail only to local configured on this mail server. It will not let the user send mail external to
domains this mail server.
Delete mail older VMS will remove any messages after the specified period. This happens at
than midnight.
Forward mail VMS will forward any messages after the specified period to the account
older than to: listed. Multiple accounts may be specified using the semicolon delimiter
User State Using this option you can disable the account to login or to login and receive
messages. Login means the user cannot login and check his email or change
any settings. Receive means no messages can be delivered to the users.
Tarpitting is good for old unused accounts. Some old mailing lists send
messages to old non-existing accounts. These messages will be considered as
spam.
NT Password If set, the password for the mailbox will be inherited from a user account with
VisNetic MailServer Administrator Guide 49
the same name as the mailbox. The mail server must have the
SE_TCB_NAME privilege. Enter a NT domain to validate against, or leave
empty to validate against the default NT domain. Handy if you use a
Windows NT network with domains.
Any Password This specifies that no matter what password is given, it will always be
accepted.
Field Description
Incoming Mail Specifies a mailbox path or email address to copy any incoming mail to.
Outgoing Mail Same as above, except outgoing mail is copied.
5.3.4 User – Responder
Field Description
Status This option sets up an autoresponder which is useful if someone is
away from their email for a lengthy period of time.
Do Not Respond
The option is disabled.
Respond Always
All messages sent to this account will have the auto response message
VisNetic MailServer Administrator Guide 50
generated.
Respond Once
A response message will be sent to all received messages only once.
VMS keeps a log of previous email addresses so messages will not
loop and will only be sent once to the sender while having this option
set.
Responder File This button opens the responder file for editing. The file is a VMS
script file which can contain commands and variables. You can easily
create a multipart message with attachments and html parts.
The Responder file may use VMS System variables for passing
various system values.
Example:
%%From%% - From field
No Responder For This button opens the file that specifies exception email addresses and
domains of senders that will not get a responder sent when sent a
message to this account.
The file name is norespond.dat and it can contain email addresses and
domains.
Reply From This is the return address that will be used in the auto responder. If
blank the email of the account and name will be used.
Respond only if to me If a message sent to this account contains the email address in the To
field that belongs to this account then a response will be generated.
Expires if Inactive For Account expires if not used for specified number of days.
[Days]
Expires on (yyyy/mm/d) Specifies that the account is only valid until this date. After the
validity expiration, the received mail cannot be received with the
POP3/IMAP4 client. The result is the same as when the account is
disabled.
Notify Before Expiration Specified how many days before the account expiration the
(Days) notification will be sent. The notification is default, if no Notification
file is defined.
Notification File This specifies the path and filename of the report that will be sent to
the user informing them their account will soon expire. If not
specified a standard report will be generated.
Delete Account When Expired Account will be deleted if this option is ON.
Expired
VisNetic MailServer Administrator Guide 51
5.3.5 User – Special
Field Description
NULL Account This option specifies that this is a dummy account. Mail can still be sent to it,
but no mail is saved. However all the forwarding and autoresponder functions
will work. The user will not be able to login to VMS.
ETRN/ATRN This specifies that this is the account in which all the messages will be kept for
Account the remote mail server that will issue the ETRN/ATRN command. This
account must be the first and the only account defined in the domain. It is used
only when the domain is an ETRN/ATRN domain.
Add X- This option specifies that all messages received for this accounts should have
Envelope-To the X-Envelope-To header added with the real recipient. This option is used for
Catch All accounts so the remote mail server knows exactly to whom the
message was sent to.
No mailing list Specifies that this user will be excluded from all VMS mailing lists that have
"Send to All" specified.
NT Password If set, the password for the mailbox will be inherited from a user account with
the same name as the mailbox. The mail server must have the
SE_TCB_NAME privilege. Enter a NT domain to validate against, or leave
empty to validate against the default NT domain. Handy if you use a Windows
NT network with domains.
VisNetic MailServer Administrator Guide 52
ANY Password This specifies that no matter what password is given, it will always be
accepted.
Service Access Enables or disables specified services.
Anti Spam Edits the user anti spam file filter.dat.
Filter
5.4 Mailing List
The mailing list feature is an easy way of sending an email to a single address that will be
forwarded onto all the members of the list. They are especially useful as discussion
groups or connecting with others who share the same interests and ideas.
VisNetic MailServer can go one step further and also be configured as a "list server"
which means it will handle the administration of the mailing lists and their members via
emailed commands.
5.4.1 Mailing List – General
Field Description
Alias Specifies the name for the mailing list. When you want to send a mail to the list it
will be this @domain that you will use.
Description Descriptive text for the mailing list
Owner The email address of the owner of the list. Multiple addresses can be specified
using the semicolon delimiter.
List File If the list is to be used to send mail to various recipients at various domains then
VisNetic MailServer Administrator Guide 53
a list file needs to be used.
The list file specifies the full path and filename of a text file containing the email
addresses of the list members. After specifying the path and filename use the edit
button to edit the members of the list. Place each member on a new line in the
format of "username " as follows :
Ian Atkins
John Doe
or only
iana@rsk.net
john@msn.com
Source Users From List File
A standard list file will be used. See above.
Users From ODBC
Email address can be stored in database. An ODBC source will be used. The
connection string has to be written in the ODBC settings dialog.
Non-Personalized Email:
Fill in the SQL query. The query has to return only one field which will include
the email addresses.
Example:
SELECT Email From Users
It is suggested to use the Test SQL Query button. This button will execute the
query and will show you the result of the query in the text file. The text file
should look like a list file.
Personalized Email:
SQL query can return more than one field. The field names have to match to the
one used in the personalized mail. Personalized field name in the email body
have to be enclosed to the {{}}.
SQL Statement Example:
VisNetic MailServer Administrator Guide 54
SELECT Email, ContactName, Totalsales FROM Users WHERE
Totalsales>'1000'
Personalized Mail Example:
Hello {{ContactName}},
Your total sales exceeded {{Totalsales}}!!! You win a prize - wife of my boss...
Users From Domain
This option will forward a mail received by the list to every user in the domain.
All Users
Message will be forwarded to all accounts on the mail server including all
domains.
All Domain Administrators
Message will be forwarded to all domain administrators on the mail server.
All Administrators
Message will be forwarded to all administrators on the mail server.
SQL Query SQL command used to select the mail recipients (to create mailing list on fly)
Test SQL Listing of the records corresponding to the SQL Query Command
Query...
ODBC Set the ODBC source for Database connection.
Settings...
VisNetic MailServer Administrator Guide 55
5.4.2 Mailing List – Message
Field Description
From: You can specify what each header should contain. It depends on your desire.
& Either you want to set the From field to Sender and Reply To to the email
address of the mailing list (this will cause all replies to go to the mailing list
Reply-To: back to the mailing list) or you want to set the Reply-To field to Sender and
From to the email address of the mailing list (this will cause all replies to go
Headers to the sender of the message).
Set Recipient To: Specifies a new recipient in the To header.
Header
Add to subject This prefixes the subject line with the specified string. If the text is already
present it does not duplicate it. If the subject line is not present it is created.
Header File Specifies a text file that should be inserted at the beginning of all messages
passing through the mailing list. Always a full path name.
Footer File Specifies a text file that should be inserted at the end of all messages passing
through the mailing list.
Originator This is an advanced SMTP option. When connecting to an SMTP server the
MAIL From command is issued.
The possible values are:
Empty Mail From
Sender
Owner
If the Empty Mail From is selected (default) some email servers reject
the message. It can either be empty, filled with the sender or the owner of the
VisNetic MailServer Administrator Guide 56
mailing list.
When you choose the Sender or Owner all bounce backs of the mailing list
will be sent to that email address.
5.4.3 Mailing List – Security
Field Description
Moderated A moderated mailing list is where a message needs to contain a password for
Mailing List the message to be approved and sent to list members. There must be a password
at the start of the Subject. If the password is not specified then the message is
sent to the list owner who can add it and send it back. When the message is sent
out to list members the password part from the Subject is removed! When used
along with the option Server Moderated all messages are saved on server and
when replied to the original message will be sent out to members. In that case
the reply serves as a password only. To delete stored messages on the server
and not sending them out to the mailing list add '-DELETE' to your approval
password.
Some mail clients support the X-Approved MIME header which contains the
password. VMS automatically checks that header. If it finds it and the password
is correct it does not check and remove the first line. It will only remove the X-
Approved header.
Server If the mail is sent without a password it will stay waiting on the server for
Moderated confirmation and the notification email is automatically sent to sender.
If sender will replies to this notification mail - the original mail is sent from the
server to the recipients from the mailing list. This processing can be used for
simple protection against the unauthorized sender.
Password Pass. pro Server Moderated
Allow You can also specify a list of email addresses that are eligible to join the
VisNetic MailServer Administrator Guide 57
Subscribers mailing list in a second text file, and append this to the first with a semicolon
delimiter.
Example
c:\deerfield.com\visnetic mailserver\list.txt;c:\deerfield.com\visnetic
mailserver\allowed.txt
Max Mail Size Specifies the maximum message size that can be sent to the mailing list.
Deny EXPN If a client issues an EXPN command the list members will be returned.
Checking this option prevents this - "No such mailing list" will be returned.
Members Only Specifies that only the members of the mailing list can send messages to the
mailing list. If users have some flags set they need the POST flag.
5.4.4 Mailing List – Other
Field Description
Send to Sender If unchecked and a user (who is on the list) sends a message to the list, he
himself will not get it back. If checked he will receive a copy of his own
message.
Forward Copy to If the owner is not on the list, this option will copy messages to the email
Owner address specified in the "owner" field. However it is suggested that owners
subscribe to the list themselves.
Digest Mailing Specifies that all messages sent to this mailing list will be saved and kept in a
List package file which will contain the list of messages and their bodies. Then at
midnight a single message will be sent to the digest members of the mailing
list.
Process Mailing There are certain variables you can use inside of the body of sent mailing list
List Variables messages. The variables are the same as the ones for Auto Responder. If this
VisNetic MailServer Administrator Guide 58
option is set VMS will replace the variable definitions with the proper values.
Personalized In your message you can use the Personalized Mailing List option and all
Mailing List - message list variables {{item}} will be replaced with the value of the
Variable fields member of the list. The values can be static or gained from the ODBC by an
SQL statement.
Static Mailing List Syntax:
emailaddress;parameters;field1=value1&field2=value2....fieldn=valuen
emailaddress Email address of the recipient.
parameters Parameters are bit values and specify Post, Read
and Digest flags.
Bit 0 - Read/Receive
Bit 1 - Post
Bit 2 - Digest
0 or empty - plain mailing list (default)
1 Read/Receive
2 Post
3 Post & Read/Receive
4 Digest
5 Digest & Read/Receive
6 Digest & Post
7 Digest & Post & Read/Receive
field=value Field definition for the personalized mailing list.
In the email message is field enclosed to the {{ }}
Personalized Mailing List Example:
user@deerfield.com;;name=User&totalsales=1050&pricecode=gtysrv778
ryan@deerfield.com;;name=Ryan&totalsales=1500&pricecode=dert464566
Personalized Mail Example:
Dear {{name}}},
Congratulation! Your sales exceed ${{totalsales}}. Let us offer you the
VisNetic MailServer Administrator Guide 59
special price for the next purchases. Your new pricecode is {{pricecode}}.
Your Deerfield.com Team.
Remove Dead When this feature is enabled, VMS will automatically remove an address
Email Addresses from the members list file when it encounters a permanent fatal error while
attempting delivery.
The removing process is applied when sending a new message to the mailing
list.
Max # Messages If this field is other than 0 it specifies the number of messages that can be
To Send Out in 1 sent per 1 minute. VMS lets you control the flow of outgoing messages using
min. this option. It might become handy when sending large amounts of messages
(more than 10000).
Join/Leave File If the list is administered by a listserver, then when a new user is added VMS
will inform the new user of their subscription and also unsubscription when
leaving the list.
A text file (rules of the list perhaps) can be appended to this information by
specifying a path and filename here. As always the edit button can be used to
edit the file.
The leave file is specified by using a semi-colon and specifying another text
file.
Notify Owner You can notify the owner of the list of certain events. These are:
Join when somebody new joins the mailing list
Leave when somebody leaves the mailing list
5.5 List Server
List Server is used for controlling the Mailing Lists via emails.
The only lists controlled are mailing lists based on text files.
VisNetic MailServer Administrator Guide 60
5.5.1 List Server – Creating a List Server
Field Description
Alias Specifies the name for the list server. When you want to send commands to the
list server it will be this @domain that you will use.
Description Descriptive text for the list server
Owner The email address of the owner of the list server. Multiple addresses can be
specified using the semicolon delimiter. This option is used for replies from the
list server and as a confirmation email address.
List File By default this option should be empty and servers to all mailing lists.
If you need to list allowed mailing lists this file contains a list of all the mailing
lists that can be administered through it.
Place each mailing list on a new line as follows :
List1@domain1.com
List2@domain2.com
Confirmed All subscriptions will have to be confirmed by email by the owner.
Subscription
Command In By default the list server will accept commands that are embedded into the
Subject body of mails sent to it. Check this and VMS will require that commands are
entered into the subject line.
List Server If a user sends a help command to the list server, the list server will send back a
Help standard help response. If a file is specified here, VMS will send it back
instead. If you add a semi-colon and another text file path here this file will be
used in the Confirmation message from the list server when used confirmed
subscriptions.
Allowed These checkboxes specify what commands the list server is allowed to process.
Commands See the list of commands on the next page
VisNetic MailServer Administrator Guide 61
5.5.2 List Server – Commands
Command Description Usage
JOIN or SUBSCRIBE The join or subscribe commands are JOIN [password] {listname},
(JOIN-DIGEST or issued by users who want to join the [mail address], [full name]
SUBSCRIBE-DIGEST) list. These commands are only
accepted if allowed by the list or
server. Otherwise, the owner gets a
message about the user request. SUBSCRIBE [password]
{listname}, [mail address], [full
name]
The values inside the braces are
optional. If no email address is
given, the one they use to send
the request will be used.
LEAVE or Users can leave the list LEAVE [password] {listname},
UNSUBSCRIBE automatically using the leave or [mail address]
(LEAVE-DIGEST or unsubscribe command.
UNSUBSCRIBE- or
DIGEST)
UNSUBSCRIBE [password]
{listname}, [mail address]
The values inside the braces are
optional. If no email address is
given, the one they use to send
the request will be used.
NORMAL or DIGEST Users can change the mode of their NORMAL [password]
subscription either to normal or to {listname}, [mail address]
digest.
DIGEST [password] {listname},
[mail address]
LISTS Use this command to obtain a list of LISTS [password]
all the mailing lists that are served
by this server.
WHICH This command returns you a listing WHICH [password] [mail
of all the mailing lists to which you address]
have subscribed.
The values inside the braces are
optional. If no email address is
given, the one they use to send
VisNetic MailServer Administrator Guide 62
the request will be used.
RECIPIENTS or Get a listing of all members of the RECIPIENTS [password]
REVIEW specified mailing list.
or
REVIEW [password]
HELP Use this command to get a HELP [password]
description of all the list server
commands (as on this page)
5.5.3 List Server – Options
Field Description
Moderated List When running as a listserver, all list server commands are protected by a
Server password. This password is placed between the command name and the
command parameters.
Password Password for moderated list server.
Originator The possible values are:
Empty Mail From
Sender
Owner
If the Empty Mail From is selected (default) some email servers reject the
message. It can either be empty, filled with the sender or the owner of the
mailing list.
5.6 Executables
Executables provide the ability to execute jobs on a server without having to use any
remote admin tools. Simply setup a job in advance, then the job can be executed by
sending an email to the server.
VisNetic MailServer Administrator Guide 63
Do not forget the application must properly exit at the end. All applications usually
require the temporary message file name as the input.
It would be a good idea to use the anti spam filters to only allow your email address
through to this account though or to use password.
Field Description
Alias This is the executable name at the domain. E.g. defrag@vmsdemo.com
would require an alias of defrag
Description Some descriptive text for this executable
Application Specifies the path and filename of the application to execute. This can be
a DOS or W32 application or a DLL. Must not require a user input.
Executable - A standard executable
StdCall - A DLL with the WINAPI (StdCall) interface
Cdecl - A DLL with the Cdecl interface
Parameters Specifies the parameters to execute the application with:
%%From%% - who the mail was sent from
%%To%% - who the mail was sent to
%%Subject%% - the subject of the mail
%%Date%% - the date of the mail
%%Message-ID%% - the header id of the message
%%MessageFile%% - the full path/filename of the message
When passing parameters to the executables, it is a good idea to enclose
them with double quotes in case the parameter has a space embedded in
it.
Password The executable can be protected by a password. If this field is filled the
VisNetic MailServer Administrator Guide 64
Subject of the message will be checked for the password. If found the
password will be deleted from the Subject and executable will be
processed. Else the executable will not be processed.
Forward To Specifies that the contents of any email is also forwarded to the specified
address.
5.7 Remote Accounts
Remote Mail Accounts are user accounts on external POP3 servers. You can assign VMS
to check for waiting email on a remote server. It can either be done for one account or for
the whole domain using the Domain POP feature and other related options.
All Remote Accounts send a message to the Forward To addresses if they are not Domain
POP.
Field Description
Name The name of this remote account. It is used purely for informational purposes.
Server Specifies the POP3 host name server example pop3.demon.com
Username Username of the collected mailbox
Password The password of the remote POP3 account.
Forward to Specifies the list of addresses separated by semi-colons to which the
message(s) should be forwarded.
APOP Check this to ensure that VMS logs in using the secure APOP command. The
remote server must support this. (APOP is a secure login using md5
encryption)
Dedupe VMS will read the message's Message-ID header field and if some messages
VisNetic MailServer Administrator Guide 65
Collected Mail have the same ID the message will be processed only once and no message
duplicates will be done.
Leave VMS will leave the messages on the remote server after retrieving them. In
messages on other words, will not erase them.
server
Delete Message This option is related to the Leave Messages On Server option. If the message
If Older Than on the remote server is older than the specified number of days it will be
deleted.
Delete This option is related to the Leave Messages On Server option. If there is the
Messages If specified number of messages or more on the remote server, messages will be
More Than deleted.
Schedule Specifies the Schedule tasks for this remote account that need to be entered.
This is the standard VMS scheduler dialog. Do not ever forget to setup the
Schedule
Use Direct SSL If checked, whole session will be encrypted by SSL if possible.
5.7.1 Remote Accounts – Domain POP
Field Description
Domain POP Specifies that this remote account is to be used to collect mail for the
entire domain i.e. the remote POP3 account contains all the email for this
domain.
VisNetic MailServer Administrator Guide 66
The messages will be resolved by the header "To: ", "Cc: " or other
methods.
Example if a message has the header "To: John Doe ",
the doe.com domain must exist on VMS and the message will be
delivered to john in the doe.com domain. If the domain does not exist or
the user either, the "Forward To" option will be used and the message will
be delivered to the specified email address. In other words, Forward To
contains an email address to send messages to that are undeliverable and
come via Remote Accounts.
Sometimes all messages are delivered to the Forward To account. This
might be caused by several reasons. If such thing happens make sure the
domain in the To header matches the domain defined on VMS else use
the Special option Domain Conversions. You can also use direct Email
Address Routing which has the same syntax as the VMS Redirect option.
Do Not Process Specifies that the Domain POP procedure should not use the "Received: "
Received Header header and the "for" item. Some remote mail servers set this field to a
different email address then the one in the To header. This can cause
nothing but problems. VMS uses the first Received header created.
Stop Parsing If If processing the received headers VMS will always use the first received
Received Yields A header created in the message. When this option checked VMS will read
Local Address all of the received headers and will check to find if some of them contains
a local email address. If found the processing will be stopped and the
address will be used.
Parse These Headers By default VMS parses some given headers like To, Cc etc. This option
when used lets you specify other MIME header fields for VMS to use.
The window lets you specify additional header items. One per each line.
Real Name Address Specifies that when using Domain POP VMS should try to search through
Matching actual names in the header and only lookup based on the alias. Example
for "John Doe " VMS will look for "John Doe" on the
server and if found it will deliver the message to that account.
If Email You can also limit the feature above only when the email address matches
the given email address.
5.7.2 Remote Accounts – Special
VisNetic MailServer Administrator Guide 67
Field Description
Forward Extra All messages received by the remote account can be forwarded to a given
Copy To email address using this option.
Convert Domain VMS relies on the domains of the recipients to be defined on the server. If
Names your messages received by the remote account do no have the domain name
defined on the server you can create domain name conversions using the
Domains button.
Example:
dummy.com=localdomain.com
Email Address This option lets you specify routing rules for messages received by the
Routing remote account. The same syntax as for the VMS Redirect feature applies.
You can use email addresses, domains anything.
5.8 Static Routes
Static Routes are simply aliases which are able to receive email and forward these
directly to other mail servers or domains based on whatever filter mechanisms are
configured.
Field Description
Alias Specifies the alias for the static route.
Description Some descriptive text.
Action Forward To Address
Message will be forwarded to this address.
VisNetic MailServer Administrator Guide 68
Forward To Domain
Message will be forwarded to this domain with the received recipient.
Forward to Host
Message will be sent to the specified Host machine. It can be a host name
or IP address.
Deliver to This Domain
Message will be delivered to the actual domain without any other
filtering. This is useful when you want to check all messages for
something and then deliver it to the recipient. You can use external filters
to do whatever you want.
Delete
Message will be deleted.
Forward Specifies that even if the domain to forward to is local, to still forward via
the Internet. This is useful when there are more MX records for one
domain and the other domain with higher priority was not working. This
mail server will receive the mail and will try to deliver it to the other
primary mail server.
Value The value i.e. address, domain, host etc
Forward To This option lets you save all messages which meet the filter criteria and
were filtered. This is a relative directory path for local mailboxes. This
should be the same string as for the user’s mailbox path that will receive
the messages. It can even contain a full qualified path.
Filter Settings
Field Description
All All messages will be processed by the static route.
Filters Specifies VMS filters which will be applied to messages.
Each filter has a logical condition of AND or OR. Once the logical value of the
filters is true the action of the Static Route will be processed.
External Filter Specifies an external filter file instead of the built-in VMS ones. The external
filter file must be a DLL with this function or an executable:
TMessageStruct = Packed Record
VisNetic MailServer Administrator Guide 69
szOriginalAddress: Array [$00..$FF] Of Char;
szRecipientAddress: Array [$00..$FF] Of Char;
szFilename: Array [$00..$FF] Of Char; // Name of the temporary message file
End;
There are 3 other options: StdCall, Cdecl and Executable. The 2 first options
specify the type of the DLL.
Function VMSFilterProc(Var MessageStruct: TMessageStruct): Boolean;
StdCall;
Function VMSFilterProc(Var MessageStruct: TMessageStruct): Boolean; Cdecl;
If the function returns true the message will be processed by the server else not.
Do not forget when importing the DLL function that the case matters. The
function’s name is case sensitive.
The 3rd parameter specifies that the filter is an executable and will be called
each time. A first parameter passed to this executable will be the file name of the
message. If the executable returns an exit code other than 0 then the message
will be processed by the server.
Anti Spam As always, an anti spam filter can be applied.
Filter
5.9 Notification
The Notification account is an alias that is designed to convert a message into a suitable
format for Notification delivery.
In essence this usually means chopping the message into Notification chunks and
stripping off attachments.
If the message is received with an attachment, then the attachment is dropped and only
the text of the message is sent.
In order to use this option you need an email gateway from your provider. This means
you need to have an email address that you sent messages to your notification device.
VisNetic MailServer Administrator Guide 70
Field Description
Alias Specifies the alias for the Notification
Description Some descriptive text.
Notify To Specifies the email address of the email gateway that the formatted message
will be sent to.
From If filled this will be in the message's From field.
Max Size This specifies the maximum number of characters that can be accepted in a
single notification. This is specific to the telecoms provider.
Count This specifies that if the message is larger than "Max Size" how many chunks
it is allowed to be split into. A count of 1 and a Max Size of 128 means that
only the first 128 characters of a message will be sent. A count of 2 means
that the first 256 characters of the message will be split into 2 separate
messages and forwarded onto the gateway.
Forward To Specifies an email address that the message will be forwarded to.
Originator The possible values are:
Empty Mail From
Sender
Owner
If the Empty Mail From is selected (default) some email servers reject the
message. It can either be empty, filled with the sender or the owner of the
mailing list
5.9.1 Notification - Other
VisNetic MailServer Administrator Guide 71
Field Description
Into Subject The Subject of the notification message will be compiled from the options
below
To Specifies that the recipient field is placed into the notification.
From Specifies that the sender field is placed into the notification.
Subject Specifies that the subject field is placed into the notification.
Date/Time Specifies that the date and time is placed into the notification.
Body Specifies that the body text is placed into the notification.
You can create the own notification Subject or Message, instead off the arrived one.
Field Description
Subject Any notification account can contain your own subject. You can specify the
content by this option.
Body Any notification account can contain your own body. You can specify the content
by this option.
Text File Any notification account can contain your own body. You can specify the content
by this option. The whole content of the text file will be inserted into the
Notification account.
5.10 Catalog
Catalog allows you:
Mail server to send you file from the Catalog file list on the server. Catalog file
list can contain any files from any folders.
Mail server to send you file from the specified folder
Mail sender to compress content of the any folder and to send it to you in Data
Package compressed file. This file can be automatically decompressed by the
specially defined Content Filer
Mail server to send any of above to the any specified email address.
VisNetic MailServer Administrator Guide 72
See examples for the each listed possibility at the end of this document.
Catalog is activated by the properly specified email send to the catalog account, similar to
the List Server account.
The catalog account is a special storage mechanism where you can have several
catalogs containing several items. Items are links to files.
Each catalog account can be protected by a global password and each catalog item
retrieving can be protected by a special password.
You can also specify what commands are allowed for the account and where the
commands should be placed.
Field Description
Alias Specifies the alias for the Catalog
Description Some descriptive text.
Password Specifies a global password which has to be used for all
commands sent to the catalog account.
Command in By default all commands will be read from the message body. If
Subject you set this option there can be only one command and that is in
the subject of the message.
Allowed The commands you can send to your catalog accounts are listed
Commands below. You can use more commands in a message.
DIR
The DIR command lets you retrieve the catalog item listing.
[Password] is used only when the global password is set. The
VisNetic MailServer Administrator Guide 73
syntax is the following:
DIR [PASSWORD] CATALOG
GET
The GET command lets you retrieve items from the catalog.
[Password] and [CATALOGPASSWORD] is used only when
passwords are set. The syntax is the following:
GET [PASSWORD] CATALOG ITEM
[CATALOGPASSWORD]
Example:
DIR CATALOG1
DIR CATALOG2
GET CATALOG1 Manual.doc
SENDTO
The SENDTO command lets you specify the receiver's email
address. In other words you can send a file from a catalog to
somebody else without even receiving the files from the catalog.
The syntax is the following:
SENDTO EMAIL_ADDRESS
To use SENDTO command you have to Uncheck option
"Command in Subject" and place two commands to the body of
the mail, as shown in the example below.
Example:
SENDTO john@deerfield.com
GET CATALOG1 Manual.doc
Catalogs This buttons lets you define lists of the files used for the transfer
with the catalog feature.
Originator This is an advanced SMTP option. When connecting to an SMTP
server the MAIL From command is issued.
VisNetic MailServer Administrator Guide 74
The possible values are:
Empty Mail From
Sender
Owner
To define/modify files you can send by the catalog account, press button Catalogs.
In the catalog dialog you can add, edit and delete particular catalogs.
In this dialog you configure the whole catalog with its items.
Field Description
Name Specifies the catalog name or ID which will be used in the commands.
Password Specifies the password for Item retrieving (GET command). DIR command
does not need a password.
Folder Folder option allows you to link the catalog with a specific directory so all the
files in it will be the items. You have to specify the full path here.
The advantage of this option is that you can retrieve ANY file from the
specified folder and you do not need to define items (see below).
Allow By this option the GET command will be able to retrieve items from
VisNetic MailServer Administrator Guide 75
Subdirectories subdirectories in the Folder.
You cannot use the "...” for security reason, but you will be able to use "\" in
the item name which is prohibited by default.
Folder Data If you will check this option, the all files from the Folder will be compressed to
Package the file PACKAGE.IDP
The PACKAGE.IDP can be automatically decompressed by the specially
defined Content Filter. See Actions list of the Content Filter options.
Item Specifies the identification of the item which will be used in the commands.
The typical command syntax is:
COMMAND catalog name [item]
Filename Specifies the full path to a filename on your HD which is linked to the Item.
5.10.1 Catalog – Retrieve File Example
Suppose that you have data structure:
Define Catalog Account DataRetrieve@vmsdemo.com
Notice, that is checked Command in Subject.
Press Button Catalogs... and define catalog DATA:
VisNetic MailServer Administrator Guide 76
To retrieve file c:\data\logo.gif send an email to the catalog account as:
Notice, that for the getting file logo.gif you have to specify its item name logofile.
You will get back an email with the file logo.gif in the attachment.
5.10.2 Catalog – Retrieve File from Folder Example
Suppose that you have data structure and Catalog Account DataRetrieve@vmsdemo.com
as in the first example.
Press Button Catalogs... and define catalog FILES:
To retrieve file c:\data\logo.gif send an email to the catalog account as:
VisNetic MailServer Administrator Guide 77
You will get back an email with the file Releasenotes.txt in the attachment.
5.10.3 Catalog – Retrieve all Files from Folder Example
Suppose that you have data structure and Catalog Account DataRetrieve@vmsdemo.com
as in the first example.
Press Button Catalogs... and define catalog ALLDATA:
To retrieve file c:\data\logo.gif send an email to the catalog account as:
You will get back an email with the file Package.idp in the attachment:
VisNetic MailServer Administrator Guide 78
The PACKAGE.IDP contains compressed files of the folder specified in the folder
definition (see ALLDATA above). If the option Allow subdirectories was on, the
subdirectories are included too.
To decompress PACKAGE.IDP use Content Filter with the action Extract All
Attachments to Directory (see Security, Content Filter) or free tool IDP.EXE, which can
be downloaded from ftp://ftp.deerfield.com\pub\current\idp.exe
5.10.4 Catalog – Send File from Server to the Any Recipient Example
Suppose that you have data structure and Catalog Account
DataRetrieve@VMSdemo.com as in the first example.
To send content of the whole ALLDATA folder packed to the one file PACKAGE.IDP to
the email address user@vmsdemo.com, by sending email:
Notice, that catalog commands are located in the Body now. To be able place commands
to the body you have to uncheck option Command in Subject - Catalog Tab.
VisNetic MailServer Administrator Guide 79
Chapter 6
Server Windows Administration
6.1 Server Monitor
Server Statistics contains 4 tabbed sheets.
Protocol Statistics lets you monitor all important information about your server traffic.
You can see Running time, total number of all server/client connections, amount of
server transferred data and statistical graph. Information is available for all VMS
services.
VisNetic MailServer Administrator Guide 80
You can see how many messages were rejected by Content Filters, marked as a Spam,
rejected by Antivirus core, filtered by filters, messages that for any reasons exceed limits
and messages rejected by RBL.
Volume Statistics lets you watch all global server statistics data like Number of domains,
number of users, total free and use space, total size and number of messages waiting in
outgoing queue. Same statistics are available for specific domain or user.
VisNetic MailServer Administrator Guide 81
Active Sessions tab sheet lets you monitor the active connections and sessions to the
server. If you have the service logging on then you can double click on the particular
session and the whole history will be displayed.
If you use right button and click on the line with server session, you can kill any session
in real-time.
Session History tab sheet will save all history events up to the Max History value. You
can also perform filters on the history by using the History Filter button. To enable and
disable the session monitoring use the Monitor Sessions checkbox. You can also view the
whole session history when the logging is switched on by double clicking the history
session line.
VisNetic MailServer Administrator Guide 82
Chapter 7
Server System Tab
7.1 System Tab
This is the VisNetic MailServer Administration applet that provides an overview of the
status of the mail server services rudimentary settings.
The panel at the bottom shows what is happening to VisNetic MailServer in real-time.
Current connections and data transferred to date are shown.
VisNetic MailServer Administrator Guide 83
7.2 Remote Server Control
By default the control panel applet connects to the localhost. If you wish to connect to a
remote VisNetic MailServer use the Connect button , then enter the hostname,
port, admin user and admin password.
The admin user can be any user account which has the Administrator privilege.
7.3 Remote Server Control
Field Description
Mailserver Hostname This specifies the name of the mail server computer. It must not be
empty. It is used when the mail server authenticates itself with other
mail servers. Typically it would be mail. {yourdomain.com} Basically
it should the host name of your mail server which has been registered
on DNS.
Use Relay Server If this server is not going to be sending out email directly (it may be a
small company server on dialup to the Internet which passes mail to
the ISP mail server) then it will need to relay the mail to a server
capable of sending. This field specifies the hostname or IP address of
the relay server.
You can also use the SMTP AUTHentication when relaying. The
same syntax applies to all host options in VMS. You simply need to
specify the host name in the complete URL form:
username:password@hostname
E.g.:
customer01:passxx02@mail.myisp.com
Use DNS Lookup If this server is to be used to send out mail itself, then it will need to
VisNetic MailServer Administrator Guide 84
lookup DNS MX (Mail Exchange) records for external domains.
Enter the hostname or IP address for DNS server(s) here. Separate
multiple entries with a semicolon. Always use the Test DNS button.
Make sure you read the DNS Appendix section.
A special delivery mode is available for static IP delivery inside private networks, among
multiple mail servers, when no DNS server is available.
If a hosts.dat file is found in the Config subdirectory, VMS will override the normal MX
record resolution (DNS Lookup mode) and provide a static domain to hostname/IP
address mapping.
The syntax is as follows:
=
or
=
Example:
domain1.local=mainserver
domain1.local=192.168.0.100
To restore the normal DNS Lookup mode, simply remove hosts.dat from the Config
directory.
DNS Query Test
If you are using the DNS Lookup method to send email via Internet, the valid DNS
Server Hostname (one or more) have to be entered into the DNS Lookup field.
Check DNS by pressing button DNS Query Test. If the DNS Server (at least one from the
list) responds properly, all is OK.
If the DNS Server is not responding properly, you will get an answer:
VisNetic MailServer Administrator Guide 85
Enter valid the hostnames or IP address of at least one DNS server in the DNS field.
You can enter ANY DNS Server hostname or IP, since the all DNS server on the Internet
are replicated automatically. If you are not sure about your DNS leave the default one. It
will work. However, if you put an incorrect one here it will not work.
Note: If the DNS Query Test replies OK, your Mail Server is ready to SEND messages to
the Internet. However if you want to RECIEVE emails from the Internet, you have to set
properly MX Records for your domain at the DNS Server.
If you are not familiar with the DNS Server, contact your Internet Connection Provider
and ask him to set you the MX records for your domain. This service is provided by the
most of the Internet Server Providers or Connectivity Providers for small annual fee.
7.4 Service State
For each of the services the status is showed along with start/stop control buttons.
The green light means, that the service is running.
Service Used for Default Ports
SMTP Send mail 25, 366, 465
POP3 Receive mail 110, 995
IMAP Read Mail 143, 993
HTTP Web Administration, Web Mail, 32000, 32001
Proxy Server
IM Instant Messaging server 5222, 5223
LDAP LDAP Server 389, 636
If some of the functions above are not running, check if the services are running first.
VisNetic MailServer Administrator Guide 86
If some service is not running, try to start it again, however if it is not possible, there is
probably conflict with another program using the same port.
See the next option about standard ports assignments.
Server Diagnostics
The simplest way to check the server functionality and ability to send mail via Internet is
to use the Server Diagnostics... button.
7.5 Service Settings
Click on the Service Settings button. This brings up the advanced service settings. You
do not need to change these settings usually.
VisNetic MailServer Administrator Guide 87
7.5.1 Service Settings – Performance Settings
Field Description
SMTP Client The max number of simultaneous connections to another SMTP server.
Channels
POP3 Client The max number of simultaneous connections to another POP3 server when
Channels collecting mail via POP3.
SMTP / POP3 / The Cache Thread specifies the maximum number of threads that can be reused
Inst. Msg. / for new client connections. Each new connection that is accepted by the server
Control Thread is given a separate execution thread. In order to improve performance, server
Cache sockets store these threads in a cache rather than freeing them when the
connection is closed. New connections can then reuse threads from the cache,
rather than requiring the server to create a new thread every time a connection
is accepted. This can speed up the server.
Listen Back The maximum length to which the queue of pending connections can GROW.
Log If this value is SOMAXCONN, then the underlying service provider
responsible for socket will set the backlog to a maximum "reasonable" value.
Packet Delay If the server is on a very fast connection (eg local LAN) the speed at which
(Outgoing & VMS works might impact on other services' performance. Use this option only
Incoming) when you are sure you need it. You do not need with a 128k and less
connection at all.
Protocol VMS is a very fast mail server and although all supported Internet protocols are
Response Delay synchronous and work with most of the mail clients properly there are some
mail clients that get confused by the speed of VMS. We are talking about
Outlook 2002/XP. Microsoft made an implementation bug. If you put here 10 it
will work just fine.
Session Specifies the amount of time in seconds of session inactivity. If this number is
Inactivity exceeded the session will be automatically ended and timed out.
Timeout
DNS Query Specifies the timeout for the DNS Lookup function. If the DNS server does not
Timeout respond in this given time, the server found the DNS as not responding. The
default value is 20 seconds and can be lowered if you think your DNS server
responds in fewer seconds. You can test this with the DNS Query Tool.
DNS Query Enables the smart dns queries. A powerful feature which can process 10000
VisNetic MailServer Administrator Guide 88
Smart Cache DNS queries per 1 second. It uses real DNS TTL.
7.5.2 Service Settings – Service IP Binding
Use this option to choose the adapters IP addresses that should be used by the services. If
this option is not used all adapters will be used. Multiple addresses can be specified using
semi-colon.
Binding is not necessary for proper multiple domain configuration.
If you need to bind VMS at W2K or WXP, you must disable the IP Pooling features of
this operating system first. Search for more details at Microsoft Web site.
VisNetic MailServer has integrated full IPv6 support, so you can bind VMS to an IPv6
address. Use Edit button, or edit manually bind.dat file. This file contains IP address for
the services to Bind To.
Format is:
// Outgoing_Bind=
// IPv6_Bind=* // Enables IPv6
// Example:
Outgoing_Bind=192.168.0.2
IPv6_Bind=*
7.5.3 Service Settings – Max Parameter Settings
Field Description
Max Hop Count Specifies the maximum number of hops from mail servers. This is
protection from mail looping. This option specifies the maximum number
of mail servers through which a mail can be delivered. If the number is
exceeded the message is returned as undeliverable. This can occur when
there are problems with the DNS Mail Exchange (MX) records for a
domain or when you use the Relay feature and you relay back to VMS.
Max Recipients Specifies the maximum number of recipients in a message. This is a
protection from spam.
VisNetic MailServer Administrator Guide 89
Protocol Max bad This specifies the number of bad commands VMS will accept on a
commands connection before closing the port.
Max Server Specifies the maximum number connections for a server service. If the
Connections connections would exceed a temporary unavailability message will be
returned.
7.5.4 Service Settings – Undeliverable Messages
Field Description
Undeliverable This specifies the number of days that VMS tries to send mail. If the mail
After cannot be delivered in the specified period it is returned to the sender as
undeliverable.
Undeliverable This specifies how many hours pass until the sender of a mail is informed that it
Warning after cannot be delivered. The server will keep trying to deliver the mail until it is
successful, or reaches the "undeliverable after" number of days.
Report Alias / The report alias is the alias that is added to the primary domain and is put into
Report Name the "From: " field when the mail system generates an automatic report such as
Undeliverable report, Disk space monitor report etc. The report name is the
name that comes before the report address.
Info To Admin All undeliverable messages will be also send to the administrator.
Bad Mail This option requires an email address or addresses (separated by semi-colon)
Address which will be used in any case of an undeliverable message which cannot be
send back to the sender. These are messages with empty "from", server
generated messages, sender's mailbox is full etc. The email address can be any
email address including local and external.
7.5.5 Service Settings – Other
Field Description
SSL - Enable bug If SSL compatibility is somewhat broken with some mail clients you
workaround options should enable the bug workaround options. Particularly we are talking
about Eudora and The Bat!
SMTP - Enable E-Mail message is ended by ".”. However, some scripts aren't written
VisNetic MailServer Administrator Guide 90
LF.LF message according to RFC and generated messages are ended incorrectly by
ending "LF.LF". You should enable this option if you have problem with non-
delivered messages from your script. Particularly we are talking about
Perl or Cold Fusion.
Service ID Service ID feature is useful for load balanced installations. Specified ID
will be used as a prefix for messages filenames.
Enable Change If enabled, lets you change user’s passwords over the POP3 protocol.
Password Protocol
7.5.6 Service Settings – Misc Outlook 2002/XP Bug Work Around
Outlook 2002/XP has improperly implemented the multithreaded POP3 protocol service.
This bug can cause problems with reading email from the high-performance
multithreaded servers (like VisNetic MailServer).
The only way to fix this bug is to slow down VMS protocol response.
In most cases the 10 ms works just fine, but you may need to increase this value slightly.
VisNetic MailServer Administrator Guide 91
Chapter 8
Server Professional Tab
8.0 Server Professional Tab
The PROFESSIONAL Tab is available in Trial and licensed versions of VisNetic MailServer Pro.
8.1 Professional Tab – Data Base Settings
This option lets you specify the type of the VMS DB that should be used. You can choose
from 3 different DB types:
VisNetic MailServer Administrator Guide 92
Field Description
Standard File System Standard DB is the same as the Standard VMS version. Users,
Domains and data are stored in the folders/files on the hard drive
Professional Memory File Professional Memory File System caches used accounts temporarily
System in memory and the speed is very high but requires a large amount of
RAM.
Memory Mode Cache
You can specify the cache size for the Professional Memory File
System, of the:
Account User Authentication
User Search
It can significantly speed-up processing of the users.
For each 1200 Accounts you should add 10 MB of the cache
memory.
ODBC ODBC lets you store and access all accounts in any DB via ODBC.
The DB system can be any common DB such as MS SQL, MySQL,
Oracle, MS Access, InterBase, Postgre, Informix or any other.
The only Users and Domains parameters are stored in the tables via
ODBC. The data (mails) are stored in the files.
VMS is DATA - DRIVEN when the ODBC mode is used. You can
ADD/CHANGE user data only by submitting the proper SQL
command.
This mode is also very important for the load balanced installations,
when the domains/users data are stored in the SQL Server tables
shared by the all VMS installations
Connection string contains all needed information to connect and
communicate with a DB:
DSN;username;password
Eg.: mailserver;sa;sapass
Always use the Test Connection button to find out the connection
VisNetic MailServer Administrator Guide 93
string is constructed properly.
Sometimes you might need to tell the DB ODBC engine not to use
the ODBC Cursors or to use Magic Quotes (for MySQL). You have
to create the DB.INI file in the VisNetic MailServer directory. It has
the following structure:
MagicQuotes=1
ODBCCursors=0
OracleSyntax=0
Note: MySQL users should use myODBC 3.51
Before using the server you need to create the table’s structure in the
DSN first. Use the Create Tables button.
ODBC Settings step by step:
1. Create a System DSN in the ODBC Data Sources to connect to your DB.
2. Create the proper Connection string in the DB settings of VMS. Check with the Test
Connection button.
3. Save the settings.
4. Click the Create Tables button.
5. If successful you can import the previous VMS users by clicking the Convert To
ODBC button.
6. Press F5 to reload and you are ready to go.
Please use the Conversion buttons with caution. Conversion must be done only once to an
empty DB or empty VMS File System.
8.2 Professional Tab – ODBC Logging
You can set the logging system so it inserts log into any DB system using ODBC. Set the
connection string and create the tables. Warning! The each server protocols operation is
one line in the table. Use this logging carefully, on the high-volume servers can became
the Log table very big.
VisNetic MailServer Administrator Guide 94
8.3 Professional Tab – LDAP
LDAP is an acronym for Lightweight Directory Access Protocol.
LDAP lets you "locate organizations, individuals, and other resources such as files and
devices in a network, whether on the Internet or on a corporate intranet," and whether or
not you know the domain name, IP address, or geographic whereabouts.
An LDAP directory can be distributed among many servers on a network, then replicated
and synchronized regularly. An LDAP server is also known as a Directory System Agent
(DSA).
LDAP was developed at the University of Michigan; its "lightweight" in contrast to DAP,
a part of the older X.500 direct protocol for networks.
VMS implementation of the LDAP is based on the OpenLDAP Project at
http://www.openldap.org/, extended with SSL support and is available in VisNetic
MailServer Professional only. The whole LDAP server is installed and configured
automatically during the VMS installation and includes also proper configuration for
Netscape Messenger and Outlook Express (schemas).
8.3.1 Professional Tab – LDAP Architecture
LDAP utilizes Client-Server Architecture.
LDAP Server is installed together with your VisNetic MailServer Professional and
resides in the folder VisNetic MailServer\LDAP\
LDAP Client is usually your email client, or other application. Many current email
clients, including Microsoft Outlook, Eudora, and Netscape Communicator are able to
access this LDAP Server.
8.3.2 Professional Tab – LDAP Server
VisNetic MailServer Professional supports LDAP v3 and is based on the OpenLDAP
project. Any additional information can be found on that site. See the license agreement
in the LDAP\readme.txt file.
Once installed you can start the LDAP server and it will be ready and working. It has its
suffix already created so you can go on with creating new entries immediately.
VisNetic MailServer Administrator Guide 95
LDAP runs under the Control service and works only on Windows NT and higher
(NT,2000,XP) platforms. It does not support Windows ME,95,98.
LDAP setting files can be found in the VisNetic MailServer\LDAP directory and follows
the OpenLDAP project.
To activate LDAP you must have the Professional version of VisNetic MailServer and
have VMS running on Windows NT platforms. Click Active and Save. LDAP server will
start immediately.
When started you can see it is really running in the System tab where it has to say
"LDAP" under the control service.
You can also change the LDAP ports. LDAP in VMS supports SSL so you can connect to
the LDAP over a secure connection using the certificates installed on VMS. Same
certificates as for HTTP and other services will be used.
The Reload button will make sure to restart the LDAP server so it reloads all of the
LDAP setting files. This is mostly handy when changing the schemes or slapd.conf file so
you do not have to restart the Control service manually by stopping and starting it. You
just press the Reload button. Make always sure to check the LDAP running status. If you
do any errors in the settings the LDAP server will not start.
8.3.3 Professional Tab – LDAP Configuration
VisNetic MailServer LDAP will let you immediately add, modify, delete and search
records on LDAP.
The main settings are done in the file LDAP\slapd.conf. The file looks like this:
# $OpenLDAP: pkg/ldap/servers/slapd/slapd.conf,v 1.8.8.7 2001/09/27 20:00:31 kurt Exp $
#
# See slapd.conf(5) for details on configuration options.
# This file should NOT be world readable.
#
include schema/core.schema
include schema/inetorgperson.schema
# Define global ACLs to disable default read access.
VisNetic MailServer Administrator Guide 96
# Do not enable referrals until AFTER you have a working directory
# service AND an understanding of referrals.
#referral ldap://root.openldap.org
#pidfile slapd.pid
#argsfile slapd.args
# Load dynamic backend modules:
# modulepath %MODULEDIR%
# moduleload back_ldap.la
# moduleload back_ldbm.la
# moduleload back_passwd.la
# moduleload back_shell.la
#
# Sample Access Control
# Allow read access of root DSE
# Allow self write access
# Allow authenticated users read access
# Allow anonymous users to authenticate
#
#access to dn="" by * read
#access to *
# by self write
# by users read
# by anonymous auth
VisNetic MailServer Administrator Guide 97
#
# if no access controls are present, the default is:
# Allow read by all
#
# rootdn can always write!
#######################################################################
# ldbm database definitions
#######################################################################
database ldbm
suffix "dc=root"
rootdn "cn=admin,dc=root"
# Cleartext passwords, especially for the rootdn, should
# be avoid. See slappasswd(8) and slapd.conf(5) for details.
# Use of strong authentication encouraged.
rootpw admin
# The database directory MUST exist prior to running slapd AND
# should only be accessible by the slapd/tools. Mode 700 recommended.
directory ldbm
# Indices to maintain
index objectClass eq
Include
This item lets you include additional schema definitions. All schema definitions are
located in the LDAP\Schema directory. You can create your own definitions and edit the
existing. Make sure to follow the creation rules otherwise LDAP will not start. If you are
VisNetic MailServer Administrator Guide 98
a beginner use always the existing schema definitions. Includes are used on multiple
lines. Please, see the Schema paragraph below.
Suffix
This item identifies the suffix you will use the LDAP server under. All client connections
will have to use this suffix. All DB records are also under this suffix so when you change
the suffix you need to create the new records again under the suffix. Usually the suffix is
like your domain name.
suffix "dc=deerfield,dc=com"
We wanted you to be able to use the LDAP right always so we created the suffix
suffix "dc=root"
Rootdn
This item identifies the administrator user of LDAP that does not need to exist in LDAP
and still perform any actions like add, edit and delete records. It always has to contain the
suffix at the end. The default is.
rootdn "cn=admin,dc=root"
rootpw
This item contains the password for rootdn the administrator account in LDAP.
The rest of the slapd.conf lets you perform additional changes. Make sure you do not
change them unless you know what you are doing. Any additional information can be
found at http://www.openldap.org/.
8.3.4 Professional Tab – LDAP Shared Address Book
The users of the VisNetic MailServer can be automatically synchronized with the LDAP
Server. The workstation clients (Outlook, Netscape Messenger, etc.) can be configured to
read email addresses from the LDAP Server. By the using LDAP synchronization you
can have Shared Address Book now.
To use this feature:
Enable the Shared Address Book feature:
VisNetic MailServer Administrator Guide 99
Press the button Complete User Synchronization - it will convert all existing
VMS users - except ones defined in the bypass file.
To create/edit bypass file press the button. Enter the domains and users, which will
be NOT synchronized there.
If you want to see the accounts converted to the LDAP Server, use a free LDAP Browser,
one which can be downloaded from:
http://www.softerra.com/download/download.php
The commercial version - LDAP Administrator can even modify/add new contacts at the
LDAP Server.
VMS accounts are by default stored to the location given by the suffix of the slapd.conf. -
to the root. You can specify another location for the VMS accounts in the user suffix,
however keep in mind, that you have to specify the folder for the user suffix prior its
usage.
The user suffix can contain the variable %s. The %s will be replaced with the domain
name. If you will use it in the path, you can easy separate storage by domains.
Example:
usersufix o=user%
8.3.5 Professional Tab – Using LDAP
Adding, modifying and deleting records on LDAP can be done using different LDAP
tools. We recommend using LDAP Administrator from Softera
(http://www.softerra.com/)" which is a shareware and can be downloaded from. It has a
nice windows-like explorer interface and works properly.
All mail clients supporting LDAP allow you to search records on LDAP servers. Some
mail clients have a better LDAP implementation and searching is smooth and some are
cumbersome and hardly to use.
Configuring Netscape Messenger
Configuring Netscape Messenger to use LDAP servers is easy and is done in the Address
Book area. Click File and New Directory.
VisNetic MailServer Administrator Guide 100
Description can be anything you would like to see in the Address Book. Server needs to
be the IP or the host name of the LDAP server. Search root is the suffix or desired root
you want. Leave the port numbers default. You can use the secure SSL connections if
needed. Configuring is done.
To search the directory. Click the directory and press Search. A dialog will appear.
Press search and a list of items will appear in the directory listing. Netscape messenger
has really a nice way of using LDAP. The list and the search are cached and next time
you open the directory last search results will be present.
Configuring Outlook Express
Outlook Express has slightly less support of LDAP. Each time you want to use it you
have to perform a search and select the directory you want to search. To configure
Outlook Express to use LDAP you have to do this. Select the Tools - Accounts -
Directory Service and click Add Directory Service.
VisNetic MailServer Administrator Guide 101
Searching in Outlook is a bit too complicated. You have to open the Address Book and in
the Edit menu item use the Find Persons item. Select the LDAP directory and fill in the
desired search conditions. Click Search.
8.3.6 Professional Tab – LDAP Tools
There are some tools in the LDAP directory that help to administer LDAP DB. The tools
have the same parameters as the tools of the OpenLDAP project.
Slapadd
Slapadd lets you add records to LDAP DB using the LDIF format. You can see an
example in the LDAP directory. The 2 files create.ldif and create.bat this batch file
creates the suffix in the LDAP DB using the slapadd tool. Similarly you can add more
records by editing the create.ldif file. Syntax of the LDIF format can be found on the
Internet.
Schema
The LDAP schema, as with all database schemas, is the definition of what can be stored
in the directory. The basic thing in an entry is an attribute, like givenName. Each attribute
is associated with a syntax that determines what can be stored in that attribute (plain text,
binary data, encoded data of some sort), and how searches against them work (case
sensitivity, for example). An objectclass is a three-tuple, consisting of (must have,
required, may have), saying what other attributes can or should be present.
VisNetic MailServer Administrator Guide 102
There is a standard core of schema definitions (object classes, attributes and syntaxes),
and you can define your own to suit your particular needs. Most every organization will
want to do that.
The best resource for information is where you can browse object classes, attributes,
syntaxes and matching rules.
Additional Resources Include:
LDAP Zone http://www.ldapzone.com/
ldapman.org http://www.ldapman.org/ has some great introductory articles.
The LDAP Schema Repository http://ldap.akbkhome.com/ is indispensable for
figuring out what to stuff in there and how.
A System Administrator's View of LDAP
http://people.netscape.com/bjm/whyLDAP.html by Bruce Markey from Netscape
is a very clear introduction to our use of it (note how his layout style resembles
ours :-P).
Jeff Hodge's LDAP roadmap and faq
http://www.kingsmountain.com/LDAPRoadmap/ which seems to be the
authoritative guide to links. Unfortunately, it's so badly organized that it's almost
not worth it. Beware that this guy is way confused about "versioning" his web
site, so you may very well find yourself reading something out-of-date by more
than a year! Check the "Last updated" on top of the page and try the other
versions.
The Yahoo! category
http://dir.yahoo.com/Computers_and_Internet/Communications_and_Networking/
Protocols/LDAP__Lightweight_Directory_Access_Protocol_/ has fine links.
Here's something about the Abstract Syntax Notation
http://www.techapps.co.uk/asn1gloss.html used in specifying the protocol.
Here's something about the Basic Encoding Rules
http://renoir.vill.edu/~cassel/netbook/ber/node1.html defining what the protocol
looks like on the wire.
More about BER, this time LDAP-specific
http://users.neca.com/vmis/berldap.htm
8.4 Professional Tab – Remote Server Watchdog
VisNetic MailServer lets you monitor other remote servers and their specific services.
You need to specify the host and the port and the schedule. Once the server is down you
will be notified by a server generated email message containing the server name and the
time of the possible breakdown.
Each watchdog record can have a different notification email address and different
unreachable time if filled.
VisNetic MailServer Administrator Guide 103
Field Description
Active Specifies the server watchdog feature is enabled.
Report To Email Address All server generated email messages will be sent to this email address
or addresses. This item can be left empty for the watchdog item. In
this case the default global one will be used.
Server is Down When Sometimes it is desirable to consider the server being down for more
Unreachable for More than number of minutes. Specify the number of minutes. Only then
the server will report the state of the server being down. This item can
be left empty for the watchdog item. In this case the default global
one will be used.
Notify when Server is If the server was unreachable and VMS finds it back online then a
Back Online notification will be sent to the email address containing the total down
time.
Send String String that would be send to server on defined port. Example: "GET"
for retrieve an response from webserver.
Result Reg Ex Regular expression that describes correct remote server response.
8.5 Professional Tab – Multiple CPU Support
Specifies that all CPUs will be used on multi CPU machines. Otherwise only the first one
will be used.
VisNetic MailServer Administrator Guide 104
8.6 Professional Tab – Task Schedule
Task Schedule is a feature that lets you execute any application or associated program at
any given time using the schedule. Each task has a different schedule and you can run
any application with any parameters.
This feature can be mainly used for automated daily reports of any kind.
If you will check the option Send Email Message, you can define simple email message,
which can be send to some email address at pre-defined time.
Click on the button Message... to specify the email.
8.7 Professional Tab – TCP/IP Tunnel
This feature allows you to create several TCP/IP tunnels. Tunnel is in fact TCP/IP
gateway listening on a specified port and forwarding all TCP/IP datagrams to a
destination address and port in both directions.
Format of this file is following:
,,
- IP:Port / :Port
- IP:Port
- 1:;0:;1:;.. (1 - Allow, 0 - Reject)
VisNetic MailServer Administrator Guide 105
Example:5000,gate.deerfield.com:80
Listens on all interfaces on port 5000 and sends data to gate.deerfield.com port 80
127.0.0.1:5001,194.213.224.2:25,1:192.*.*.*
Listens on IP 127.0.0.1 port 5001 and sends all data to 194.213.224.24 port 25 only for
connections from 192.*.*.*
VisNetic MailServer Administrator Guide 106
Chapter 9
Server Options Tab
9.1 Options
9.2 Options - Logging
If you are using Server Monitor for viewing the individual sessions, the Logging for the protocol
VisNetic MailServer Administrator Guide 107
you are studying have to be set to the Debug or Debug & Summary Logging
Field Description
Logging Levels No Logging
The logging is switched off.
Debug Logging
The most detailed logging will be used showing all service traffics.
Summary Logging
A summary logging is simply the most important information to be logged and
also the summary of the whole action for the service. In other words what
would take few lines for the Debug logging here it would take a single line with
more information.
Debug & Summary Logging
Both Debug and Summary logging will be used.
Logging Cache 0 specifies no cache. Otherwise a log cache is specified in KB. Logs are kept in
memory and flushed to disk when the cache has been exceeded.
Delete Logs If logging is enabled it is usual to keep the number of log files to a manageable
Older Than limit. The 'Delete logs older than:' setting will delete old log files after the set
number of days has passed.
Output Debug If the 'Output Debug String' is checked, whenever a log is switched the
String Windows API function OutputDebugString will be called with the event log
value. This is useful for online monitoring of the services and it can be done
remotely. In order to use this option, you have to have a tool that will display
these messages, like the
http://www.sysinternals.com
Do not forget to switch on the option for CRLF Returns in the tool. Otherwise,
it will not display the messages.
VisNetic MailServer Administrator Guide 108
9.3 Options – Other Options
Most of the text and configuration files can contain comments which is signaled by the
"//" 2 slash characters.
Field Description
Login With If you have a large number of domains and users it is advisable to use this
Email Address option. If you do, then enabling this option reduces mail authentication and
login time - VMS is able to find the domain faster as is specified inside by the
email address. Basically a performance option for large sites. If you do not
specify the domain name the primary domain will be used by default.
Convert % To This option is for administrators who use full email addresses as usernames and
@ Netscape and Mac users who cannot use @ in the login name. With this option
enabled Netscape and Macintosh users can login as name%domain.com and the
authentication engine will convert this to name@domain.com
Atomic Clock This option lets you to synchronize the server clock from the world's time
Sync servers using the Daytime protocol. It is synchronized when enabled this option
and after midnight every day. Time Zones are considered.
You can also define your own Daytime servers and time zones.
Use SMTP This is the text that will be displayed whenever a client contacts the server to
Policy Banner send mail. Using the edit button will bring up the text editor, enter some text
then close the window and either save or discard your changes.
NB You may have to stop the SMTP service to enable editing. Here is an
example. All the text beginning with the line of asterisks was entered.
220-mail.domain.com ESMTP VisNetic MailServer 2.10.350; Sun, 22 Oct 2000
14:32:28 +0100
220-*********************************************************************
220-* Secure Mail Server *
220-* *
VisNetic MailServer Administrator Guide 109
220-* All connections are logged! *
220-* This server employs AntiVirus and antispam technology *
220 *********************************************************************
Use This file is filter for the name of the server that is specified during the
HELO/HELO HELO/EHLO command in a SMTP session so you can easily block some
Host Filter servers without knowing their IP.
Server Title When connecting to VMS it gives the response above including version on the
first line. Sometimes you want to put a different text value there so nobody
knows it is VMS. Create a file called config\servertitle.dat and edit the first line
to match the VMS name you want.
Protocol Policy This file specifies several protocol policy settings. The policies reflect all
services.
AUTH Policy
You can either leave this value empty and the default values (all AUTH
schemes) will be used. Sometimes you might need to disable some schemes or
change their order. Use the syntax as below.
AUTH=NTLM CRAM-MD5 LOGIN PLAIN
Example: AUTH=CRAM-MD5 LOGIN PLAIN
The NTLM Authentication is by default DISABLED. Use it carefully, since it
can cause authentication problems in some Outlook versions (Microsoft
implementation issue).
Convert From: VMS lets you to change the domain name of the originator recipient. When
Header sending a message this option converts the domain name to the new one
specified in this file config\headerconvert.dat. The structure of the file:
{olddomain}={newdomain}
{olddomain}={newdomain}
E.g.: vmsmail.com=deerfield.com
usa.net=netaddress.com
SSL - IP This file lets you specify other than the default certificate for SSL server
Addresses connections.
Certificates
The default certificate is kept in the file cert.pem. You can edit it and use your
own certificate.
You can also have multiple SSL certificates on one system. Each certificate can
be used for a different IP address.
VisNetic MailServer Administrator Guide 110
Syntax & Example:EXAMPLE
[Server]
193.179.195.74=c:\certificates\deerfieldcert.pem
193.179.195.75=c:\certificates\vmscert.pem
WebServer The integrated web server engine is controlled via these settings. Webmail
Service engine is used for the Web Mail and Web Admin access and i running under
Settings Control Service.
All settings are stored in the file /VisNetic
MailServer/Config/WebServer.CFG To edit this file press the EDIT button
or use any plain text editor. Parameters descriptions are located in the
section Advanced Web Mail Settings.
This web server engine supports html and PHP and can be used for regular PHP
based web sites too.
Hide Systray This option specifies that the systray icons should not be visible in the
Icons Windows 9X environment for the selected services.
Auto Start Auto start checkbox has the effect of starting the service automatically on
machine boot. (This functionality is standard using Windows NT/2000
Services, Auto start is necessary only for the W9X)
Message String Lets you customize all default system messages (delivery notifications, server
Translation lists or mailing list messages etc.).
9.3 Options – User Statistics
Activating User Statistics enables the server to log all user activity. For each user it will
record the size and number of received and sent. It will even log the activity of unknown
and external users.
The user statistics logs can be exported by using the User Statistics Logs button. The
From and To fields indicates the timescale over which to obtain log entries. The Filter
VisNetic MailServer Administrator Guide 111
indicates multiple filters separated by commas. You can enter here email addresses or
domains:
info@deerfield.com;vmsdemo.com
The format of the use statistics log file is following:
Domain,Alias,Received,Received_Amount,Sent,Sent_Amount,SentOut,Amount_SentOut
,Last Sent,Last Received,Last Login
Amounts are in bytes. You can import this file to any database or system analysis tool.
The line before the last line of the log file contains statistics for external, unknown users
and messages self created. Last line contains the summary.
To log a particular service, just select the logging type you need. Debug logging level is
recommended for SMTP.
The filename of the log files are of the format SYYYYMMDD.log
S = Service type (S)MTP, (P)OP/IMAP or (C)ontrol or (E)rror
YYYY = Year example 2000
MM = Month example 10
DD = Day example 23
So P20001023 would be the POP3/IMAP4 log for 23rd Oct 2000.
9.4 Options – Data Storage Directories
The directories section specifies where VisNetic MailServer creates various files. The
directories need not be created in advance VMS will create all directories as required.
Also, the file path.cfg (in the VisNetic MailServer directory) can be edited when needed -
first line specifies where the Config directory is and the second line specifies where the
HTML directory is (for remote web admin).
Field Description
Mail Specifies a default directory under which the user's mailboxes will be created. For
Path example, if we had a user called admin in the domain of vmsdemo.com then the
default directory for the admin users' inbox would be c:\deerfield.com\visnetic
mailserver\mail\vmsdemo.com\admin. This directory also contains the Outgoing
VisNetic MailServer Administrator Guide 112
queue folder which is called Forward. This folder holds all messages to be sent out. If
this directory contains undelivered messages it is likely something is wrong with your
internet or configuration options.
Temp The Temp area is used to receive mail as it comes in. After the mail has been received
Path by VMS it is copied into the correct mailbox (or mailboxes!) and then removed from
the Temp area. This directory is automatically cleared when VMS starts up.
Log Path Defines which directory log files are created in. These will be the
SMTP/POP3/IMAP4 and Control log files. Log files can be viewed from the Web
Admin or the Configuration program.
9.5 Options – Proxy Server
VisNetic MailServer has a built in Proxy Serve. Configure your web browser to use
proxies then enable the proxy server by activating it on the General tab. The proxy server
host name will be the VisNetic MailServer machine's host name or IP. The port is the
same as control server is running on (default 32000).
VisNetic MailServer Administrator Guide 113
9.5.1 Options – Proxy Server / General Settings
To monitor activity on the Proxy Server you can enable Logging features.
If your ISP has utilizes a Proxy Server you can specify it as "Parent". This setting can
increase the speed of the browsing, however may also cause problems on some bad
designed database driven web sites - you can get "old data" while providing SQL
Requests.
Authentication
You can also specify special users that are allowed to use the proxy server when they
authenticate. These users are not VMS Account users. They are all new users you need to
define in the Users field.
Example:
user1:pass1
user2:pass2
When no filters are used and you require authentication all users must authenticate before
accessing any URL. If you create filters then specifically allowed users do not have to
authenticate and users specifically denied cannot authenticate.
VisNetic MailServer Administrator Guide 114
Filters
Filter proxy filter file can contain a URL, Hostname, IP address or Port. Example:
1:http://www.adult.com
1:www.deerfield.com
0-191.*.*.*
193-255*.*.*
192.168.0.10
:0-79
:81-65535
Proxy Tunnel Filter file is for SSL access. In that case the proxy server does not know
the URL only IPs, Ports and Hostnames ale allowed in the filter file.
9.5.2 Options – Proxy Server / AntiVirus Settings
VisNetic MailServer’s Proxy Server has a very good proxy Antivirus. It requires the
Deerfield Integrated Antivirus. Once enabled all downloaded files will be scanned for
viruses.
Memory scanning mode holds all bytes received up to the limit. The file is scanned and if
no viruses are present the file is sent to the browser. If a virus is found an error page will
be sent to the browser.
Large file scanning mode sends the percentage of the size to the browser and the rest of
the file is not sent. Once the whole file is received by the proxy server it is scanned and
either sent to the browser with the correct content or all zero data when infected. Infected
files will be corrupt.
Bypass types lets you specify extensions not to be scanned.
9.6 Options – Header / Footer
Click on the "Active" checkbox
And then use the "Header/Footer" button to bring up setup dialog.
VisNetic MailServer Administrator Guide 115
This option inserts headers and footers into messages automatically.
You can specify a header, footer or both. This option works together with the file
tags.dat (in the Config subdirectory) which can be opened for editing using the edit
button. Placing tags.dat in the domain config directory overrides the global settings.
If you do not wish to use a header or footer, leave the corresponding line blank. Only
plain/text files can be used. You can specify for what messages the header/footer should
be added by the checkboxes in the Header/Footer dialog.
Local To Local - The sender is local and recipient is local
Remote To Local - The sender is remote and recipient is local
Local To Remote - The sender is local and recipient is remote
Remote To Remote - The sender is remote and recipient is remote
9.7 Options – Disk Space Monitor
Field Description
Monitor Active Check the 'Monitor Active' checkbox to enable the Disk Space Monitor.
VMS can monitor all of your HDs free disk space and can alert you by
sending a message to your email address.
Minimal Disk Enter a figure (in Megabytes) into this field which will be used as a
Space threshold. When available disk space falls below this figure a warning will
be sent.
Report Address This is the email address that the warning report will be sent to. Multiple
email addresses delimited by a semicolon can be specified.
You can also use the diskspace.dat file for more disks to monitor:
C=400
D=800
If the threshold is reached a warning mail will be sent out similar to below:
From: Mail Delivery Subsystem [MAILER-DAEMON@deerfield.com]
Sent: 23 October 2000 21:31
To: admin@deerfield.com
VisNetic MailServer Administrator Guide 116
Subject: Warning: system report
Warning: system report
Disk Space Monitor has detected low disk space on drive D: 410 MBytes
9.8 Options – Auto Archive
Clicking in the "Active" checkbox then "Auto Archive" brings up the dialog below.
button.
Field Description
Active The Auto Archive option enables archiving all messages delivered to the
server. SMTP and IMAP delivery is considered.
Archive Path Specifies the directory where the archive will be placed.
Similarly as the Mail directory is maintained another Archive directory will be
created and all messages will be mirrored online from the Mail directory. You
can easily browse thru the Archive directory and get messages even deleted.
If you will specify non-existing folders, they will be created automatically when
first archive event will happen.
Example: If you will receive at your server mails for the domain
vmsdemo.com and user admin, they will be archived to the folders:
C:\data\mailarchive\vmsdemo.com\user\
Currently the Archive does not get cleared so be careful not to exceed your HD.
Archive By default only the local incoming messages are archived. By checking this
Outgoing option all outgoing messages will be archived in the Outgoing folder.
Messages
Example: The mails send from the server with the archive path above will be
saved to the folder:
C:\data\mailarchive\outgoing\
VisNetic MailServer Administrator Guide 117
Sequential Auto Archive
Use Sequential Auto Archive, if you want to separate archived mails for each year, day,
hour, etc. To get this functionality add string of the variables below, anywhere to the
archive path.
String with variables must be delimited by the double quotes.
The path as:
will create the archive folders depending on the actual year, date and month as:
C:\data\20030327-mailarchive\ for 27th. Of March 2003
C:\data\20030328-mailarchive\ for 28th. OF March 2003, etc.
Variable Description
YYYY Year of the actual date
MM Month of the actual date (01 - 12)
DD Day of the actual date (01 - 31)
HH Hour of the actual time in 24 format
NN Minute of the actual time (00-59)
SS Second of the actual time (00 - 59)
9.9 Options – Auto Backup
Use Backup and Sequential features if you want to backup under different name and in
set time.
VisNetic MailServer Administrator Guide 118
To get Sequential functionality add string of the variables below, anywhere to the backup
file name. Variables must be delimited by double quotes.
The file name below will create the backup file as:
20040219vms_backup.mcb at the 19th. Of February 2004, however the next day will be
created the new file 20040220vms_backup.mcb
Variable Description
YYYY Year of the actual date
MM Month of the actual date (01 - 12)
DD Day of the actual date (01 - 31)
HH Hour of the actual time in 24 format
NN Minutes of the actual time
SS Second of the actual time (00 - 59)
Configuration Restore
Choosing the Restore option will prompt you for a file containing backed up data. Once a
file is chosen and opened, the configuration will be restored. Use this option carefully in
order to prevent overwriting your config with an old version.
VisNetic MailServer Administrator Guide 119
Chapter 10
Server Security Tab
10.1 Security – Content Filter
Just click on the "Active" checkbox and then use the "Content Filter" button to bring up
setup dialog.
VisNetic MailServer Administrator Guide 120
VisNetic MailServer has a very powerful and intuitive content filter tool which allows a
whole host of functionality based on message content. Messages can be forwarded,
trashed, rejected or allowed, or programs/DLL's can be executed. You can even create a
filter for attachments and use layman’s logic. Filters are issued for all messages passing
thru VMS (incoming and outgoing).
The B Button is used for by-passing the Content Filter for specified hostnames or IP
addresses. Activate the filter and Click the Content Filter to edit filters.
The check box on the left enabled or disables the particular filters. You can
add/edit/delete filters and you can also move the filters up and down using the arrow
buttons.
You can import other content filters from a XML file or you can simply export your
content filters to a XML file and share it.
VisNetic MailServer Administrator Guide 121
10.1.1 Security – Content Filter / Editing
This window specifies the whole content filter item.
Field Description
Conditions This checkbox list contains all conditions you can use to filter messages. You
simply click the checkbox and the condition will be added to your filter. To add
more conditions of the same type use double-clicking on the condition item.
When added to the description window some conditions might have links you
need to click to specify the proper information.
Attachment
Specifies the whole name of the attachment in the message.
Sender & Recipient
Specify the real sender and recipient as in the SMTP session MAIL FROM and
RCPT TO.
Message & Body
Message specifies the whole message decoded including the MIME headers and
VisNetic MailServer Administrator Guide 122
attachments. Body is only the main message part.
Custom Header
Lets you specify your own message MIME header. You have to type in the Text
field exactly the same string as in the message itself. Eg. 'X-Mailer: Web Mail'.
Any Header
Specifies the whole message header area.
Message Violates RFC822
When creating messages, some mail clients include bare LFs and thus violate
RFC822 (http://www.faqs.org/rfcs/rfc822.html).
A bare LF is an ASCII linefeed (LF) character not preceded by an ASCII
carriage-return (CR) character. Every line in an Internet mail message is required
to end with CR LF. The entire message ends with CR LF dot CR LF. RFC822
specifically prohibits other uses of LF.
This problem generally occurs in either new mail clients not following RFC822
or in spam messages generated by web server applications. In such cases, some
receiving mail clients cannot process particular messages and will hang up or
disconnect from the mail server. These problems have been reported from
Outlook and Eudora.
This filter will check all incoming messages for bare LFs and will make sure it
rejects these improperly formatted messages.
Some mail clients are incorrectly ending lines with LF and, in most cases, ending
the entire message with LF dot LF. That's not CR LF dot CR LF, so most of the
servers will sit there waiting for the rest of the message. After a while it will give
up and drop the connection. Your mail doesn't get through.
In some cases, the problem goes unnoticed since some mail servers convert a
bare LF into CR LF, and accept LF dot LF as the end of a mail message. This
behavior is specifically prohibited by RFC821, though, so a filter such as this one
VisNetic MailServer Administrator Guide 123
will alert the sender to the problem when the receiving mail server follows the
rules set forth by RFC standards.
Actions Contains the whole list of all actions you can use on filtered messages. By
checking and un-checking the checkbox the action will be added or removed
from the description.
Some actions have a link you need to click to specify the proper information.
Reject/Accept/Delete
Specifies the message mode the server should perform.
Delete seems like the message was received but is deleted and not delivered.
Stop content filter processing
No other filters will be processed.
Forward to email address
You can forward the message as been received to any email address.
Copy to email address
You can copy the message after changes to any email address.
Respond with message
Specifies the responder to the message. All system variables %% are supported.
Send message
You can send a custom email message. All system variables %% are supported.
VisNetic MailServer Administrator Guide 124
Execute application
VMS can execute any application or DLL.
Edit message header
You can change headers of the message as you want. You can also use the
system variables %%.
Example:
Change Header:
Subject: [SPAM] %%Subject%%
Add header/footer
A header or footer can be added to the message
Strip all attachments
All attachments can be stripped off.
Extract Attachments to Directory
The attachments of the message will be extracted to the specified directory.
If you will check the option Extract Data Packages - the specially compressed file
PACKAGE.IDP will be extracted to the specified directory.
The PACKAGE.IDP can be created with the Catalog Account features, or by the
using free utility IDP.EXE.
The VMS configuration backup file (.MCB) is compressed by the same way and
for the decompression this content filter action can be used for the automated
decompression.
Add text to a file
You can append text to any text file on your system. All variables are supported.
This option is primarily used for an auto subscription mailing lists, auto white list
and spam filters.
Respond with SMTP Message Text
VisNetic MailServer Administrator Guide 125
The original SMTP Message Text will be replaced with this one.
Description This area specifies the whole filter together. You can click the link properties to
specify the desired values.
When browsing thru conditions the arrow buttons on the top will change to
enabled and disabled states. By these buttons you can move particular conditions
up and down.
You can also use the Delete button to remove a condition. This is specifically
handy for multiple conditions of the same type.
There are also bracket buttons. When these are used you can create complex
boolean conditions.
Example:
((Subject Contains Hello And Sender Jakub) Or (Subject Contains Bye And
Sender John)) Or Subject Contains Bye
Title Specifies the title of the content filter. This title will be also displayed in the
SMTP session when rejected a message.
10.1.2 Security – Content Filter / String Condition
Conditions specify multiple filter criteria. Each filter relate to a following and previous
filter with a boolean operator And, Or. You can have as many filters as you want.
To specify the action and condition properties click the link in the description area. All
property dialogs are very intuitive. The one that needs more explanation is the String
Condition
Field Description
Function Specifies the function to perform on string matching.
Contains List
VisNetic MailServer Administrator Guide 126
Will try to match separate strings from the String area. Strings are
separated with semi-colons.
Contains
Tries to match the string.
RegEx
Uses the GNU Regular Expression. VMS automatically converts all
message strings to lowercase so use the RegEx with lower case. The String
area will not be converted to lower case.
Example:
(!){4,}$
Tries to match 4 or more "!" at the end of the tested string.
^$
Tries to match an empty string
See the RegEx Basic Tutorial after this section
Starts With
Starts with the specified string
End With
Ends with the specified string
Is String
Equals to the specified string
Not Negates the whole function logics.
String Specifies a value of the string to be matched.
Case Sensitivity When unchecked all strings and expressions are converted to lower case.
After that all string functions are processed. You do not have to worry
about the case then. For the RegEx filter the RegEx expression is not
converted to lower case, only the text to be searched. When checked the
strings are checked as they are. No conversions performed.
Parse XML This option lets you make string queries against HTML messages so all
HTML tags will be removed and entities will be converted to characters
VisNetic MailServer Administrator Guide 127
during the comparison
Example:
Hello brother, this is For you;
When switched this option on the compared string in the case above would
be:
Hello brother, this is For you
10.1.3 Security – Content Filter / Basic RegEx Tutorial
First of all, let's take a look at two special symbols: '^' and '$'. They indicate the start and
end of a string, respectively, like:
"^The" matches any string that starts with "The"
"of despair$" matches a string that ends in the substring "of despair"
"^abc$" a string that starts and ends with "abc" -- that could only be "abc" itself!
"notice" a string that has the text "notice" in it.
You can see that if you don't use either of the two characters we mentioned, as in the last
example, you're saying that the pattern may occur anywhere inside the string -- you're not
"hooking" it to any of the edges.
'*', '+', and '?'
There are also the symbols '*', '+', and '?', which denote the number of times a character
or a sequence of characters may occur. What they mean is: "zero or more", "one or
more", and "zero or one." Here are some examples:
"ab*" matches a string that has an a followed by zero or more b's ("a", "ab", "abbb",
etc.)
"ab+" same, but there's at least one b ("ab", "abbb", etc.)
"ab?" there might be a b or not
"a?b+$" a possible a followed by one or more b's ending a string
Braces { }
You can also use bounds, which come inside braces and indicate ranges in the number of
occurrences:
VisNetic MailServer Administrator Guide 128
"ab{2}" matches a string that has an a followed by exactly two b's ("abb")
"ab{2,}" there are at least two b's ("abb", "abbbb", etc.)
"ab{3,5}" from three to five b's ("abbb", "abbbb", or "abbbbb")
Note that you must always specify the first number of a range (i.e, "{0,2}", not "{,2}").
Also, as you might have noticed, the symbols '*', '+', and '?' have the same effect as using
the bounds "{0,}", "{1,}", and "{0,1}", respectively.
Now, to quantify a sequence of characters, put them inside parentheses:
"a(bc)*" matches a string that has an a followed by zero or more copies of the sequence
"bc"
"a(bc){1,5}" one through five copies of "bc."
'|' OR operator
There's also the '|' symbol, which works as an OR operator:
"hi|hello" matches a string that has either "hi" or "hello" in it
"(b|cd)ef" a string that has either "bef" or "cdef"
"(a|b)*c" a string that has a sequence of alternating a's and b's ending in a c
('.')
A period ('.') stands for any single character:
"a.[0-9]" matches a string that has an a followed by one character and a digit
"^.{3}$" a string with exactly 3 characters
Bracket expressions
Specify which characters are allowed in a single position of a string:
"[ab]" matches a string that has either an a or a b (that's the same as "a|b")
"[a-d]" a string that has lowercase letters 'a' through 'd' (that's equal to "a|b|c|d" and even
"[abcd]")
"^[a-zA-Z]" a string that starts with a letter
"[0-9]%" a string that has a single digit before a percent sign
",[a-zA-Z0- a string that ends in a comma followed by an alphanumeric character
9]$"
VisNetic MailServer Administrator Guide 129
You can also list which characters you DON'T want -- just use a '^' as the first symbol in
a bracket expression (i.e., "%[^a-zA-Z]%" matches a string with a character that is not a
letter between two percent signs).
In order to be taken literally, you must escape the characters "^.[$()|*+?{\" with a
backslash ('\'), as they have special meaning. On top of that, you must escape the
backslash character itself in PHP3 strings, so, for instance, the regular expression
"(\$|„)[0-9]+" would have the function call: ereg("(\\$|„)[0-9]+", $str) (what string does
that validate?)
Just don't forget that bracket expressions are an exception to that rule--inside them, all
special characters, including the backslash ('\'), lose their special powers (i.e., "[*\+?{}.]"
matches exactly any of the characters inside the brackets). And, as the regex man pages
tell us: "To include a literal ']' in the list, make it the first character (following a possible
'^'). To include a literal '-', make it the first or last character, or the second endpoint of a
range."
10.2 Security – Instant Anti Spam
VisNetic Instant Anti-Spam incorporates all of the known and most advanced anti-Spam
methods for identifying Spam. The total and unique solution gives you the power to
identify more than 99.5% of Spam messages with an extremely low number of false
positives.
Cutting Edge Technology:
VisNetic Instant Anti Spam merges time-tested technologies such as Content Filtering,
Anti Spam filtering and Static Filters and integrates them with our new cutting edge
Bayesian Filtering technology. Bayesian filtering technology calculates the
probability of a message being Spam but analyzing the message content. The system can
run in automated, auto-update, mode requiring no administration at all.
Sophisticated Self Learning Mode:
VisNetic Instant Anti-Spam can also run in a sophisticated "self learning" mode. This
mode allows the system to learn from mistakes by allowing users to easily teach the
system by feeding it known Spam that is received by your organization back
to the VisNetic Instant Anti-Spam System.
Hands Off Auto-Update Mode:
VisNetic MailServer Administrator Guide 130
For those who do not wish to teach the system and maintain the Bayesian Spam database
you can use the Auto-Update system that will function similarly as anti virus download
new updates automatically without any user interference from our web site.
The entire VisNetic Instant Anti-spam solution is very flexible and enables you to
perform an array of actions with Spam messages. Spam messages can be:
Deleted
Reject, or;
Change their subject and place them under a Spam folder
Full Control of Spam:
The "Spam Folder" in VisNetic Instant Anti spam is a new and unique feature that allows
users to store Spam messages, on the server. Users can then browse their Spam and Inbox
folders and can move messages from one folder to the other.
Ease of Administration:
A new type of users called "Spam Administrator" is a new feature that has been
introduced which allows any user in VisNetic MailServer to monitor and maintain both
Spam and Genuine messages and teach the system to significantly improve
identification accuracy. An administrator’s basic function is to correct false positives and
make the system running properly or even more efficiently. Spam administrators use a
special instant messaging plug-in. With this IM interface a Spam Administrator
can manage the Spam database and user folders. Furthermore it allows for the creation of
your own White and Black lists which can significantly improve the systems accuracy
and achieve near-100% accuracy.
You can enable Instant Anti Spam engine by "Active" checkbox in this table. Button "B"
lets you set bypass rules for the accounts, IP addresses, domains etc. In other words the
filter will not be activated for them.
VisNetic MailServer Administrator Guide 131
Instant Anti Spam configuration dialog contains of four configuration tabs and buttons
for index all spam messages in the queue and button for direct spam file settings.
Field Description
Add Text to Messages identified as spam will have added text prefix to the subject. The
Subject string can contain the system variables. The default value in this field is [Spam]
Place Spam This option enables Spam Folder support. All spam messages will be placed
Messages under the user's spam folders. Users can then browse their spam and inbox
Under Spam folders and correct any mistakes, create black & white lists or simply view the
Folders content of folders. You can enable or disable particular folders in user account
settings. .
Delete Spam Messages older than the given amount of days will be automatically deleted
Messages once the user logs in to collect messages. 0 means that feature is disabled.
From Spam
Folders When
Older Than
User Smart Auto learning system creates a unique feature of spam and genuine auto
Learning Auto indexing to the spam database. The engine uses the threshold for genuine and
Indexing spam messages when they should and should not be indexed to the DB. Please,
System do not use this feature unless you know what you want to do.
Process Index Lets your index all messages waiting in Index queue.
Queue button
Spam File You can edit whole Instant Anti Spam settings manually by this button.
Settings
Field Description
Information Displays the last update date and the version of the SPAM DB
Update Lets you specify the schedule to update the Spam DB from our server. If you do
Schedule not want to maintain the DB yourself, you should use this feature so all new
spam messages can be recognized properly. Think about it as AntiVirus updates.
New viruses need new virus bases. Anti Spam system needs new spam and word
database.
VisNetic MailServer Administrator Guide 132
This option lets you specify your own stop words that will be ignored by the indexing and
recognition process.
Field Description
Forbidden Certain character sets do not have any words separators. These languages cannot
Charsets be used by the bayesian filters and might not work properly. It is suggest to
bypass all of these character sets from the bayesian filtering process by
specifying them in this field
Mark You can easily mark all messages with forbidden charsets as a spam. This option
Messages with uses the forbidden character set field above.
Forbidden
Charsets As
Spam
Mark All MIME complaint messages should have a character set (charset)
Messages specification in all messages parts. If there's none and still the message includes
With Missing some non ascii characters the message should be considered as spam. All mail
Charsets And clients insert the character set automatically.
Characters
Higher Than
0x7F As Spam
VisNetic MailServer Administrator Guide 133
How it works ? - VisNetic Instant Anti Spam & Bayesian Filters
Bayesian filters is a method for spam recognition based on the Bayes theorem which
calculates the probability of a message being spam based on its content. It is a statistical
approach to spam. The system requires a Spam DB which stores all words/tokens it found
in previous messages. Each token has a number of genuine occurrences and spam
occurrences. Using the total number of indexed spam and genuine messages and number
of occurrences in either curposes we can calculate the probability of a token being spam.
In the end we combine all token probabilities together and calculate the final message
spam probability. Using this method the system is accurate about 99.5% in identifying
spam messages and has very low false positives.
In order to have the system running smooth and accurate we need to maintain the Spam
DB. Deerfield.com does that ourselves and offers the Spam DB to all customers. It might
be a good idea to maintain the DB yourself as we might not receive the same spam
messages as you do. Teaching the system from genuine and spam messages is called
Indexing. VisNetic MailServer stores the Spam DB in the VisNetic MailServer\Spam
folder in the file called Spam.db. All indexing reflects in updating this file. Indexing is
immediate and the Spam DB is updated daily or on the service shutdown for performance
reasons.
Considering human interference with the DB we always make human mistakes.
Sometimes we might index a message to the Genuine corpus although it is a spam
message. To correct this problem you can easily move the message to the Spam folder
then index again. VMS will automatically detect the previous indexing and will de-index
the message and index it to the proper Corpus. That way the system and DB will remain
accurate. Making mistakes might end up in the system being not helpful and accurate.
The actual indexing should follow a few rules. Either start the IM Instant Anti Spam
Plugin or VisNetic WebMail. Go thru all messages in the Inbox folder and all spam
messages move to the Spam folder. Do the same with the Spam folder. You should end
up with the correctly sorted folders. Now you can click the Index Now button. All
messages will be immediately parsed for tokens and indexed to the DB accordingly
depending on which folder they are located. Following this simple rule will help you
keep the system running smooth. You should also make sure when you do manual
indexing that you index roughly the same number of genuine & spam messages.
VisNetic MailServer parses all messages, removes HTML tags from HTML messages
and simply creates the right tokens. Some messages with character sets that do not have
spaces as word separators tokenazation is not possible. These messages should not be
indexed and you should rather create the charset filter for them.
Instant Messenger Instant Anti Spam
You can easily control the entire Instant Anti Spam engine by our Instant Messenger
plug-in. This plug-in can be used as a pre-processor for your mail traffic. It allows you to
VisNetic MailServer Administrator Guide 134
manage your entire inbox, write and reply to messages, forward them, create your own
personal black list and white list. The technology is based on XML scripting language, so
it's very fast and reliable. Every action is executed direct on server side.
VisNetic Instant Anti Spam Plug-in allows simple management of your Inbox. You can
use this interface as some kind of pre-processor for your real e-mail client, move
messages between folders, compose new e-mail messages, reply, forward and run
external mail client. Our IAS plug-in is compatible only with JAJC instant messaging
client and is based on XML protocol.
How to install this plugin?
Jajc is available for download at: http://www.deerfield.com/download .
To run client, just click on the new icon in JAJC
Now you can simply perform any action by icons at the bottom of interface. All data is
stored on the server, so if you for example a message is deleted, it is deleted fro the server
as well.
There are in fact two levels of access:
VisNetic MailServer Administrator Guide 135
Ordinary user access - user has ability to manage entire Inbox and if enabled anti spam
filter, create his own black and white list.
Spam administrator access - Spam Administrator has ability to index spam messages to
the database (when spam messages were placed under the spam folder). Every ordinary
user can be set as a Spam Administrator in accounts user settings table (see below).
How to create Spam administrator?
Open Accounts table, and select concrete user...
In accounts table is a "Spam Administrator" checkbox. Just enable this field and use
"Mailboxes" button to set Spam Administrator permissions. Syntax in that file is
following;
Enter the mailboxes on separate lines
Example:
john@domain.com
Jenny@domain.net,1
This setting allows you manage Jenny’s Inbox.
,[0|1],[GenuinePath;SpamPath],
Results looks like:
VisNetic MailServer Administrator Guide 136
Now you can simply select messages from Admin, place them under the Spam folder and
index as Spam. Next message from Admin won't be delivered. That's why Spam
Administrator has ability to manage other users mailboxes..
How ordinary users can create black list and white lists?
Open Accounts settings and there enable Spam Filter for concrete users...
This setting lets you move any message from your inbox to black or white list. Just select
message and then press White list or Black List icon. See below
VisNetic MailServer Administrator Guide 137
When you press add button, this message will be placed in the black list folder, and won't
be delivered to user next time.
10.3 Security – Anti Spam Filter
Just click on the "Active" checkbox and then use "Spam Filter" button to brings up spam
filter configuration
VisNetic MailServer Administrator Guide 138
This option indicates that Global Anti Spam filter, Domain Anti Spam filter and Greeting
filter should be used. In this way separate filters can be specified for the entire mail
server as well as separate domains. These filters will be used together plus the user Anti-
Spam filter. The user Anti-Spam filter does not relate to this option in any way. They are
only filters for separate accounts. The global filter takes priority and will be executed
first. Last will be the account filters.
This file specifies the anti spam filter items. In anti spam filters you can specify any
conditions and string functions you could ever need. Most of the time you can use the
Anti Spam Filter dialog to edit those.
Structure of the filter file:
The file is constructed by several anti spam filter items. Each filter is placed on a separate
line. By default all filters will reject all messages. Sometimes you might want to accept
some messages instead. For this purpose you can use the prefixes at the beginning of the
line:
0: - Reject
1: - Accept
2: - Delete
This will make a filter exception but will not affect other filters. You can also specify the
whole area to be accepted or rejected by a single line containing 1 or 0. That means all
VisNetic MailServer Administrator Guide 139
following filters are meant to be rejected (0) or accepted (1) unless the filter record itself
has the reject/accept prefix.
Syntax of the filter:
Items:
H - Header
B – Body
A - Attachment
S - Sender
R - Recipient
I - IP Address
Y - Any Header
P - rDNS (PTR)
Functions:
~ - Contains
^ - RegEx
{ - Starts With
} - Ends With
= - Is
! - NOT (Negates the function)
$ - Case Sensitive
Filter Examples:
A~.com;.exe;.bat;.cmd;.scr // Attachment contains any of the file types
H~Subject: win;free;!!! // Header contains any of the strings
I=205.128.218.193 // IP Address
VisNetic MailServer Administrator Guide 140
Y$^^Subject: WIN Free!!!$ // Any header case sensitive RegEx expression
H!~Subject: money // Header does not contain the string
205.*.*.193 // IP Address matches the mask
domain.com // Sender domain name match
bill*@domain.com // Sender email address matches the mask
More Sophisticated Filter Examples:
1:H~Subject: please help // Accept if subject contains "please help"
A~.com;.exe;.bat;.cmd;.scr // Reject attachments containing
1 // Accept the following filters
IP=192.168.0. // 1 Accept messages from IP 192.168.0.1
0 // Reject following filters
A~.vbs;.bat // Reject attachments containing any of the file types
10.3.1 Security – Anti Spam Filter / Bypass File
VMS supports several bypass files. That means if a certain named file exists with some
content the content filters, anti spam filters, RBL or tarpitting will be ignored.
If a message has a recipient or sender and it is listed in the bypass file the proper filter
will be ignored. The bypass files are located in the VisNetic MailServer\Config directory.
The files can contain email addresses and domains, IP addresses, masks each per line.
Each VMS option supporting Bypass files has the small Button.
10.4 Security - AntiVirus
The Server Antivirus field contains the Server Antivirus button for the Anti Virus
configuration and it also contains the States of the Integrated Antivirus and its Updates.
Internal Antivirus state considers the functioning engine, running SMTP or POP3 and
enabled Integrated Antivirus.
VisNetic MailServer Administrator Guide 141
10.4.1 Security – AntiVirus / Settings
VisNetic MailServer supports full virus checking and has an integrated antivirus built-in
using the awarded VisNetic AntiVirus Plug-in engine. When configured use the Send
EICAR Virus Test Message to test your anti virus settings.
Field Description
Use Integrated This option will make VMS to use the Available VisNetic AntiVirus Plug-in. If
Antivirus enabled, all mail sent thru VMS will be checked for viruses.
Use External This button allows you to use other external anti virus packages. If enabled, all
AntiVirus mail sent thru VMS will be checked for viruses.
Scan All This option will force VMS to parse all message parts. That means not only the
Message Parts attachments will be parsed for the anti virus to be scanned but all message parts.
This is much more efficient and powerful than scanning the attachments only.
Reject / By default all messages containing a virus will be rejected. However, you might
Remove not want to reject them but only remove the virus and the rest of the message
deliver to the recipient. In that case use the Remove check.
Clean Infected When this option checked infected messages will be tried to be cleaned. Some
Messages If viruses cannot be cleaned. If this is the case the message will be processed
Possible regarding the Reject/Remove options. If message could be cleaned it will be
delivered without the virus.
Quarantine VMS supports a quarantine option which lets you forward the infected message
Infected to any email address or store it directly to the specified folder.
Messages
The address may be local or external. The control accepts email addresses
VisNetic MailServer Administrator Guide 142
separated by semi-colon.
Attachments If checked, the only infected attachments will be saved to the specified folder,
or send to the email address.
Notification To If checked, any emails which are found to have a virus will cause notification to
be sent to the selected entity.
Administrator /
Recipient /
Sender
10.4.2 Security – AntiVirus / Integrated AV Mode
The Integrated Antivirus Scanning Mode lets you specify the conditions when to scan
messages. It is suggested to use the Scan All Messages mode. With that mode the server
will scan any message that comes to or thru the server.
You can separately scan accounts and make exceptions as much as you want. You can for
instance check only mailing lists and not other accounts. Anything is possible with this
new Scanning Mode feature.
Field Description
Scan All This mode specifies that all messages passing thru the server should be
Messages scanned. Outgoing and incoming messages included.
Scan Following The other specifies certain conditions when to scan messages for viruses.
Outgoing By checking this option any message going outside the server will be scanned
for viruses.
All Accounts This radio button specifies that all accounts receiving messages should be
Except scanned for viruses except the ones that are checked with the Antivirus
Selected Scanning option. If both Domain and the Account in it are checked then the
account will be scanned. If either of the two is checked the account will not be
scanned.
Selected This radio button specifies that only the domains with the Antivirus Scanning
VisNetic MailServer Administrator Guide 143
Domains Only option checked should be scanned for viruses.
Selected This radio button specifies that only the Accounts with the Antivirus Scanning
Accounts Only option checked should be scanned for viruses.
10.4.3 Security – AntiVirus / Plug-in Settings
VisNetic AntiVirus Plug-in features a multi-threaded scanning engine and SMTP-based
virus update notifications. VisNetic AntiVirus Plug-in is powered by Kaspersky Labs,
known for its ability to rapidly identify new viruses and update antivirus signatures.
Because it is installed on the email server computer, rather than dispersed on each client
computer, VisNetic AntiVirus Plug-in is a superior antivirus solution, able to protect
the network from email borne viruses.
VisNetic AntiVirus Plug-in is supported by Kaspersky's continually updated virus
signature list. Designed to download only the necessary update information in a small
download, VisNetic AntiVirus is able to update quickly, with minimum bandwidth
requirements. Making it easier to download and install virus updates makes the job of
protecting the network from email viruses easier.
Urgent Updates are automatic and occur with no user intervention.
VisNetic MailServer Administrator Guide 144
A scheduler further enhances AntiVirus Plug-ins ability to secure an entire networks
email. Set by default to update itself daily, VisNetic AntiVirus Plug-in can support any
update frequency, even to the minute.
10.4.3 Security – AntiVirus / Miscellaneous
Field Description
Logging Antivirus logging lets you log all antivirus events to a log file similarly as the
server logs. Antivirus logs are placed into the Logs\Antivirus directory. You can
specify to delete logs older than few days.
Debug - Logs all events including all scanned files
Summary - Logs only infected filenames and updates
Bypass File Like any other filter option VMS lets you bypass scanning of some messages.
The bypass file can contain email addresses, IPs and other things specific to
bypass files.
VisNetic MailServer Administrator Guide 145
10.4.4 Security – AntiVirus / External AV Filters
Note: For Windows 9x and DOS command line scanners always perform the following:
Make a shortcut link (a .pif file) to the executable.
Set the properties of the shortcut link to close the window on exit.
Use the shortcut link as the executable.
Click on the External Antivirus button. This will bring up a panel where the third party
virus scanners may be configured.
Enter the path and executable name in the Virus Scan Application field.
Enter any parameters in the Parameters field.
Return Values you can either be empty in that case the interval is 1-* or you can specify
your return values. Example: 1;2;4;8-255. See the exit codes of your antivirus
application. You can also specify the timeout for the antivirus. TIMEOUT=0, or
TIMEOUT=30. By default TIMEOUT is set to 30 seconds. 0 stands for no timeout.
File Deleted Checking is for such antivirus programs that do not return the exit code
properly. In such case tell them to delete the infected files. VMS will recognize this and
will assume the file was infected. This option is recommended to be used with Norton
Antivirus.
The parameters will be different for all packages, but look for parameters which turn off
memory/bootsector scanning, archive parameters so .zip and .arj files contents are
scanned etc.
External Antivirus Setup Examples
McAfee 4.7.0
VisNetic MailServer Administrator Guide 146
Virus Scan Application: scan.exe
Paramaters: /ALL /NOMEM /NOBEEP /UNZIP %s
Return Values: 1-*
F-Prot
Virus Scan Application: f-prot.exe
Paramaters: /ARCHIVE /NOBOOT /NOMEM %s
Return Values: 1-*
AVG 6.0
Virus Scan Application: avg.exe
Paramaters: /NOMEM /SCAN /NOSELF /ARC %s
Return Values: 1-*
10.5 Security – Security
Field Description
Disable This will prevent anyone from using the ESMTP service. If a remote server
ESMTP issues the EHLO command VMS will reply with an error code. Outgoing SMTP
connections will not use ESMTP and will use the standard SMTP commands.
This is sometimes desirable when remote servers and routers/proxies have
implementation bugs. Should be switched off.
Deny VRFY This prevents anyone from using the VRFY command to check whether a mail
account exists on the server or not. If a remote server issues the VRFY
command VMS will reply with a not supported error message. You can leave
this option switched off.
Deny Telnet This prevents anyone from using telnet to access the ports used by VMS.
Normal keyboard operations are interfered with. Should be switched off. Our
support team cannot test your mail server via telnet when switched on to help
you.
Disable Web This prevents anyone from using the web administration functions of VMS
Admin (default port 32000). Access denied is returned.
VisNetic MailServer Administrator Guide 147
Denny SMTP If set, the server will not accept the SMTP AUTH command. Removing this
AUTH setting allows the clients to specify authentication for their outgoing mail server.
Following AUTH schemes are supported: LOGIN, PLAIN, CRAM-MD5
This option works in conjunction with the Relaying From control. The Relaying
From control needs to be switched on otherwise no authentication will be
required. The IPs specified in the Relaying From control do not need to SMTP
AUTHenticate. All other IPs must authenticate in order to relay messages.
Web Admin If set, this allows domain administrators to read the contents of other user’s
mailbox mailboxes.
viewing
Web Admin If set, this allows domain administrators and administrators to read the messages
message in other user’s mailboxes.
viewing
Secure Web If set, then all file paths are checked to be in the Config path and above from
Admin Web Admin. This prevents user access to important files.
Hide IP From This option hides the IP address from the message's Received: MIME header.
Received Using this option no-one will be able to see the configuration of your local
Header network.
10.6 Security – Service Watchdog
VisNetic MailServer provides a self checking option which will restart services in the
highly unlikely event that they fail or somebody stops them.
In order for the Watchdog functionality to work the Control service must also be running.
The control service will check (in the interval specified) to see if the required services are
still running. If not, they will be restarted automatically.
10.7 Security – Tarpitting
VisNetic MailServer provides a great feature called tarpitting. With Tarpitting enabled,
VMS checks for unsuccessful attempts to deliver messages to unknown users by external
or local non existing users. If the number of attempts in a session exceeds the Count field
the IP address of the sender will be remembered for the Period and no access from that IP
address will be allowed within the period.
VisNetic MailServer Administrator Guide 148
Basically this option serves as a protection from spammers trying to spam your mail
server accounts. Spammers usually have a dictionary of aliases they try to deliver to your
domain. Once the count of unknown aliases exceeds the limit they will not be able to
spam you for the given period of time.
Sometimes you might want to enable some IP address and do not want to wait for the
period to expire or simply specify a white list. The file is called Config\tarpitbypass.dat
and contains the white list IP addresses.
Cross Session Processing - By default the Tarpitting feature works in one session only.
By enabling this checkbox it will work cross session.
Close Connection - When the session is tarpitted you can either leave the session open or
force it to close the connection.
10.8 Security – Static Filters
Static Filters are special DLL filters that are loaded in memory and each time a message
is received filters are applied to it. The format for the DLL file is the same as Content
Filter DLL files using Cdecl parameter passing.
The static filter settings are kept in the file config\staticfilters.dat. It has the following
structure:
Title=
Filter=
Message=
SMTPMessage=
Enabled=
Multiple filters are separated by a blank line. Currently you can use the RegEx filter
developed by Doug Swallow and do not have to use the Content Filter.
Example:
Title=Reg Ex Filter
Filter=c:\filters\mregexflt.dll
VisNetic MailServer Administrator Guide 149
Message=Reg Ex Filter Rejection
Enabled=1
Title=LF Filter
Filter=c:\filters\lffilter.dll
Message=Contains bare LF
SMTPMessage=551 5.7.1 Message contains bare LFs (violates RFC822)
Enabled=1
10.9 Security – Firewall
Clicking on the "Active" checkbox and then on the "Firewall Settings" button brings up
firewall configuration window.
Field Description
Active This enables the firewall functionality which is defined in the following 3 fields.
Basically this is not an anti relaying feature. It is a firewall and that means only
the specified IP addresses will be able (or not) connect to the server. If the Grant
checkbox is unchecked the listed IPs will not be able to connect. If it is checked
only the listed IPs will be able to connect.
These fields are used to list IP addresses or subnets. The format can be
aaa.bbb.ccc.ddd or *.*.*.*. or a range a-b.*.*.* The asterisk stays for the subnet.
The minus stands for a range between a and b. Entries are separated by semi-
colon delimiters.
VisNetic MailServer Administrator Guide 150
Chapter 11
Server Delivery Tab
11.1 Delivery – Anti Relaying & Anti Spam
Field Description
VisNetic MailServer Administrator Guide 151
Relaying From If checked, this specifies that only listed IPs are allowed to send mail through
the SMTP server out. The local machine (127.0.0.1) should always be
specified.
IPs and domains are separated by a semicolon delimiter. For example,
192.168.1.*;127.0.0.1;194.213.224.5-20
If you have a large number of entries then it may be easier to use the file
relay.dat (in the Config subdirectory) to specify the IPs and domains.
The format is each record on a separate line. For example,
192.168.1.*
127.0.0.1
You can also specify domains in this field. It can only be a full domain name.
In that case VMS will validate the MAIL FROM command to match the
domain name on the system. It is not very safe as the SMTP MAIL FROM
command can be easily forged. For this problem we created a domain IP
shielding system where you can assign to your existing domains IP addresses
that are able to relay messages.
domainshield.dat
This file contains list of domains and their IP addresses. If the domain does
not exist here it will be considered that any IPs can relay. Each line contains
one domain and IPs.
Structure:
domain=IP;IP;IP...
Example:
Deerfield.com=127.0.0.1;192.168.*.*
POP before If a client connects to the POP3 or IMAP service (to check mail) and is
SMTP authenticated, then the client's IP address is remembered for the time span
specified. Within that time span, the client is allowed to use the SMTP
service. The time span is specified in minutes. This option does not affect
Relaying from by default.
RBL - Realtime An RBL is a service which provides a list of known spammers. If a sender is
Blackhole list
VisNetic MailServer Administrator Guide 152
found to be on the RBL then the messages are rejected.
Specify the RBL provider domains in the file rbl.dat (in the Config
subdirectory) which can be opened for editing using the edit button.
The format is each provider domain on a separate line. Currently we
recommend blackholes.mail-abuse.org, sbl.spamhaus.org and
relays.osirusoft.com. You can enter more RBL domains found from the net.
For example:
relays.ordb.org
Each RBL line can have a comment separated by semi-colon that gets
displayed in the SMTP server response. It can contain any link or info on how
to deal with RBL.
Eg: relays.ordb.org; Comment and URL here
There is also a bypass file for RBL. The file is named config\rblbypass.dat
and contains IP addresses and email addresses that are not to be checked
against RBL servers.
Use as least RBL servers as possible. Only 1 is suggested.
Possible RBL servers:
bl.spamcop.net
relays.ordb.org
orbs.dorkslayers.com
dev.null.dk
relays.osirusoft.com
relays.visi.com
blackholes.wirehub.net
dynablock.wirehub.net
proxies.relays.monkeys.com
ipwhois.rfc-ignorant.org
VisNetic MailServer Administrator Guide 153
Reject if Another security check is to receive mail only if the sender is a valid email
originator's address. Checking to see if the sender's domain has a Mail Exchange DNS
domain has no record is one way of doing this. If checked VMS will perform a MX lookup
MX record and reject the mail if no MX record exists. Sometimes when you have
incorrectly configured your DNS server this can cause real harm.
Reject if sender's This security option check is to receive mail only from servers that have
IP has no rDNS reverse DNS PTR record (rDNS).
Do not relay if VMS will only forward mail if the sender's domains are one of those setup in
originator's VMS. It will not allow empty email addresses to send messages out.
domain is not
local It is NOT RECOMMENDED to use this option.
Domain IP Domain IP Shielding is additional option for the Relay From.
Shielding
It is important to use it, when you are going to use hostnames in the Relay
From field or file - without Domain IP Shielding it will cause, that your VMS
is OPEN RELAY!
The Domain IP Shielding file contains list of domains and their IP addresses.
If the domain does not exist here it will be considered that any IPs can relay.
Each line contains one domain and IPs.
Structure:
domain=IP;IP;IP
Example: domain1.com=127.0.0.1;192.168.*.*
domain2.com=127.0.0.1;194.135.*.*;192.*.*.*
11.2 Delivery – Delivery
Field Description
Use TLS/SSL Specifies that all outgoing messages will be forwarded using the STARTTLS
ESMTP command. If the remote mail server supports TLS/SSL messages will
be transferred in a secured manner using the Secure Socket Layer (SSL). It is
similar to https protocol. Messages are not transferred in a plain text and
VisNetic MailServer Administrator Guide 154
nobody can monitor the TCP/IP protocol. All VMS vs. VMS transfers will be
completely secured. It is recommended to use this option.
Retry with There are some lousy routers and proxies on the Internet that do not follow
SMTP when RFC821 and do not support SMTP EXTENTSIONS they report they do. In
ESMTP failed such cases sending SMTP server gives up with an error. It is a RFC822
violation and such routers and proxies should be replaced or the function should
be disabled. Basically what happens is that the sending and receiving servers
are communicating thru the proxy in between. The sending and receiving
servers support some extensions the proxy does not. However when the sending
server receives the list of supported extensions the proxy does not change it in
the way so it reports what it really supports. In such case the sending server
issues a command and receives a bad response from the proxy.
VMS has a work around so in such cases it will retry to send the message using
plain SMTP without any extensions.
Max message Specifies the maximum message size that can be sent through the mail server.
size When a message exceeds this limit, it is rejected.
Search for alias If a message is sent to xyz@domain.com but xyz is an unknown alias, checking
in other local this option will make VMS to check for the alias in other domains. So if it finds
domains xyz@another.com it will give the message to that user instead. Might be
sometimes dangerous.
Activate VMS will obey special headers like "Return-Receipt-To" and "Deferred-
Message Delivery". If an email is received with a "Return-Receipt-To" header VMS will
Header automatically reply to say the mail has been received. NB This is not the same
Functions as the receipt notification features in Outlook. Deferred delivery defines when a
mail is to be delivered (only for outgoing messages).
No Auto Specifying domains here will prevent an autoresponder from firing. Each user
Responder has a personal No Auto Responder file in the mailbox folder called
norespond.dat which has the same format. Email addresses and domains
separated by semi-colons.
Require This option specifies that the SMTP session should always start by introducing
HELO/EHLO the servers (or mail client) by the command HELO or EHLO. If no introducing
is done server will not accept any messages.
Redirect This feature lets you redirect messages due to email addresses. All settings are
located in the redirect.dat file. It has the following format:
{email}={email}
{domain}={email}
{domain}={domain}
Example:
VisNetic MailServer Administrator Guide 155
info@deerfield.com=info@business.com
sales@luko.com=info@business.com
deerfield.com=vmsmail.com
microsoft.com=sales@deerfield.com
When a message for info@deerfield.com arrives it will be redirected to
info@business.com and when a message for sales@luko.com arrives it will be
redirected to info@business.com. Messages for any deerfield.com domain will
be sent to vmsmail.com instead. Messages sent to microsoft.com will be sent to
sales@deerfield.com instead.
11.3 Delivery – ETRN and ATRN Settings
Field Description
ETRN/ATRN Specifies that when server connects to the Internet it should perform the
ETRN or ATRN command to the hostnames specified in the ETRN list
with their given parameters. When you press the ETRN button an ETRN
dialog appears. You can specify the hostnames and parameters for the
ETRN command.
ETRN
Parameter is usually the domain name. VMS has a great advantage of
more than one ETRN command. This option is used when the remote
server holds all messages for this server and by this action, it will know
this server is connected and it sends the messages in the queue. Therefore,
this is a client ETRN. VMS has also the feature of the server ETRN
Queue.
If the remote ETRN queue has more domains for the same machine you
can use the semi-colon and specify other commands in the parameters
section. More ETRN commands will be issued in the same session.
ATRN
If you need VMS to use ATRN check the ATRN switch. ATRN requires
to authenticate on the remote server thus requires a usersname and
VisNetic MailServer Administrator Guide 156
password. The format of the parameter is as following
{domains};{user}:{pass}
Example: deerfield.com;atrnuser:atrnpassword
ETRN & ATRN Settings
You can specify more than one ETRN/ATRN Commands for the different servers and
domains.
The all command are provided together.
Commands are provided in pre-scheduled time, or when Proceed Now is selected.
11.4 Delivery – Connection
Field Description
Network This specifies that VMS will connect to the Internet via network. No other
Connection settings are needed. This is the preferred connection type.
Dial on Demand This specifies that VMS should not try to send until either the schedule or
Router "other connection options" condition is true - it prevents VMS from opening
up a dial on demand connection too frequently.
You might want to use the config\demand.dat file to execute an application
before connecting. The file consists of one line that specifies the application to
execute and its parameters.
Dial-Up This specifies that VMS will open up a dialup networking connection
VisNetic MailServer Administrator Guide 157
Connection according to the schedule or the Other options.
If the connection is already in use VMS will automatically use the same
connection and will not fail. Disconnecting in this case must be done by the
initiating application or use.
Global Schedule This option lets you to specify global schedule for remote accounts. In that
case you do not need to configure the Remote Accounts with a specific
schedule and you leave it empty. The global schedule will be then used for all
remote accounts. If you specify a different remote account schedule it will
override the global one.
Field Description
Login Name / These will be passed through to the dialup networking connection.
Password
Disconnect after max After the specified period of inactivity on the dialup networking
idle time: connection the line will be dropped.
Schedule A connection to the Internet can be scheduled through the standard
scheduling dialog box. This schedule overrides all subsequent schedules
in Remote Accounts and others. We do not want to fire up the connection
from Remote Accounts.
VisNetic MailServer can be configured to make a dialup connection if it reaches a certain
number of outbound messages, if a message is waiting for more then x minutes, or if a
message is sent with certain values in the header.
Example someone sends a mail and clicks the high priority button. The mail will have a
header of "Priority" and a value of "High".
Enter each header item on a separate line.
Example: Priority: High
X-Priority: High
VisNetic MailServer Administrator Guide 158
Chapter 12
Server Instant Messaging Tab
12.1 Instant Messaging
VisNetic MailServer Instant Messenger allows you to provide new, secured instant
messaging services to all VisNetic MailServer Users.
Detailed explanation of the Instant Messenger features in the Instant Messenger chapter.
Check Box Active will enable/disable the IM Messaging Server for all users. If you want
to disable it just for some of them, use Special options of the user Account.
Field Description
Redirect Unknown It is "workaround" for the improperly specified Client Login. If the
Domain to Local Domain non existing domain is used during the login, IM Server will try to
find a user at the primary login of the mail server and log-in this user.
It is useful for first-time IM users. Different IM clients are using
terminology, which is sometimes not matching to the VisNetic
MailServer. The client Server means mostly VMS Domain. If they
will enter the host name to the Server labeled field, IM will try to use
primary domain instead.
This option is ON by default.
VisNetic MailServer Administrator Guide 159
Enable Anonymous If checked, the Instant Messenger Server can communicate with other
Server To Server servers, even without specified servers in the Trusted Hosts options.
Communication
Enable Account Check to allow use VMS Instant Messenger by NON VMS users.
Registration
Enable Server OS Report If enabled, the version of the operating system is returned as response
to the request from Instant Messenger Client.
It is NOT recommended to check this option.
Typical version response with the checked option:
Description: VMS Instant Messaging Server
Version: 6.0.3
OS: Windows 2000 (Build 5.0 2195 Service Pack 3)
Service Domains You can specify services for your Instant Messaging server there.
Currently implemented service is group chat - conference.
Syntax:
[]
category=conference
type=public
name=
browse=
history=;;[0|1] // Enables history logging for
the room - path params ("yyyymmddhhnnss", {name}, {service})
[].
Parameters Description
[]
It is virtual hostname, which will be used by clients using the service
to log-in. It is created from some domain name by the prefix -
servicename, e.g. [chat.deerfield.com]. chat is servicename there and
VisNetic MailServer Administrator Guide 160
the deerfield.com is the domain.
If you want to allow just one conference. Use form:
[]
DO NOT define the servicename.domain as the real domain in
VMS.
category=conference
the only value conference is allowed. It will handle the
[] as an conference - group chat
type=public
the only value public is allowed. It will create the conference as
anonymous.
name=Deerfield General Chat
Any descriptive text.
browse=public or private
This parameter enables/disables listing of the specified service
(conference) in the BROWSE command of the user client.
Browse without any value (browse=) will disable listing.
history
History is used for the logging of the specified conferences.
history=*;c:\IM\log\allconf.log
Will log communication of the all conferences to the file allconf.log
The path to the log file can contain variables:
"yyyymmddhhnnss" - system datetime variable
{servicename} - name of the logged service
{domain} - domain of the logged service
VisNetic MailServer Administrator Guide 161
Examples:
[chat.deerfield.com]
category=conference
type=public
name=Public Chat
browse=public
history=general;c:\IM\Logs\General.log;1
history=chat;c:\IM\Logs\Chat.log
[rooms.deerfield.com]
category=conference
type=public
history=*;c:\IM\Logs\{Room}@{Service}.log
If you want to have just one conference define servicedomaina as:
[chat@chat.deerfield.com]
category=conference
type=public
Trusted Hosts This option specifies the domains of the trusted servers to enable the
server to server communication. Each server that needs to share the
presence, messages and other instant messaging features needs to be
enabled in this file.
You can easily create a group of trusted servers across different
domains and users can chat, send messages to any other instant
messaging server that is in the trusted hosts file.
Syntax:
;...=[:][;SSL]
;...=[:][;SSL]
VisNetic MailServer Administrator Guide 162
Examples:
Deerfield.com=im.deerfield.com:5223;SSL
visneticmailserver.com=mail.visneticmailserver.com:5222
Remember that each IM server has to have the remaining trusted
domains specified in the file too otherwise the route back (server
response) would not work.
In the example above we have the domain deerfield.com on the
im.deerfield.com server and the communication will be done using the
SSL. The deerfield.com server has to have our domain and host in its
trusted hosts.
Server Port The port number 5222 is used for the standard non-secured IM
communication.
SSL Server Port The port number 5223 is used for the SSL secured IM
communication.
Enable Server File If checked files aren't transferred between users directly, but all files
Transfer are stored first on the server and then sent to end user.
To use VisNetic MailServer Instant Messenger you need to download and install Instant
Messenger Client or setup your existing one to work with the VisNetic MailServer
Instant Messenger.
12.2 Instant Messenger Gateways
Instant Messenger Gateways
VisNetic MailServer's IM server can also be enabled, via a gateway, to work with ICQ,
AIM, Yahoo and MSN IM servers. This is the first time in the history of a mail server
product, that five IM services can be accessed by a single IM client. The IM Gateway
functionality is only available with the VisNetic MailServer Unlimited Users License or
IM Gateway license,sold separately. Additional information is available at:
http://www.deerfield.com/products/visnetic_mailserver/instant_messaging/
From the VisNetic MailServer configuration console:
MSN Example;
1. Click the Instant Messaging icon
2. Select Active in the Instant Messaging Server field
3. Click the Services button in the Instant Messaging Server field
VisNetic MailServer Administrator Guide 163
4. Click Example button to open the IMServices.dat file
5. Copy and Paste the MSN example into the opened IMservices.dat file.
[msn.localhost]
category=service
type=msn
name=MSN Transport Gateway
ns=jabber:iq:register;jabber:iq:gateway
module=Modules\MSN.DLL
6. Update the [msn.localhost] to your domain. As example [msn.demo.d2g.com]
7. Save the configuration file
From the VisNetic MailServer computer:
Download and Install the VisNetic MailServer Chat Client (JAJC Jabber Client).
Available from http://www.deerfield.com/download/visnetic_mailserver
From the System icon, stop then start the Instant Messaging service
Connecting JAJC to the VisNetic MailServer IM:
Assume, that we have installed VisNetic MailServer and created users with the domain
demo.d2g.com. The hostname of our VisNetic MailServer is: mail.demo.d2g.com
To connect to your VisNetic MailServer Instant Messenger:
1. Double click on the JAJC icon in the System Tray
2. Click the light bulb button
3. Select Tools | Accounts
4. Enter your VisNetic MailServer account name (e.g. miker) in the Username
field
5. Enter your VisNetic MailServer password in the Password field
6. Enter the VisNetic MailServer Hostname (located under the System icon in
the VMS Configuration console) (e.g. mail.demo.d2g.com) in the Server
field
Port Port number used for the IM communication. Default is 5222 for the
standard communication and 5223 for encrypted by the SSL. Do not forget to
open the IM port on your firewall, router or proxy server!
From the VisNetic MailServer computer:
1. Right Click the JAJC icon in the System tray
2. Select Register Service then MSN Transport Gateway
VisNetic MailServer Administrator Guide 164
3. Enter valid MSN email address and password. This may be a MS Passport
.Net password created specifically for your organization for the purposes of
registering the MSN gateway.(e.g. msngateway@yourdomain.com)
4. The MSN icon and gateway domain (e.g msn.yourdomain.com) will be listed
under Agents
To Add users through the Gateway:
1. Double Click the IM icon in the System tray
2. Right Click Add Users thru Gateway
3. Enter email address of the registered MSN user, replacing the @ with a %.
(e.g. msn_user%anydomain.com)
4. Define their nickname and add them to an existing group or create a new
group
5. To Instant Message Right Click and select Message
Chapter 12
Server License Information Tab
VisNetic MailServer Administrator Guide 165
The info tab of VisNetic MailServer contains your VisNetic MailServer, AntiVirus Plug-
in, Instant Anti Spam and Instant Messenger license information, upgrade options, and
contact information for purchase and support.
VisNetic MailServer Administrator Guide 166
Chapter 13
Instant Messenger
13.1 Instant Messenger
VisNetic MailServer Instant Messenger allows you to provide new, secured instant
messaging services to all VisNetic MailServer Users.
All VisNetic MailServer users can chat, transfer files and join group conferences using
secured SSL protocol now.
VMS Instant Messenger implements the Jabber open XML protocol, for more details see
http://www.jabber.org/user/userguide/. However we are not using any open source code,
the entire implementation is proudly written by us.
Implementation of the Jabber open XML protocol brought the compatibility with various
instant messenger clients and other modules supporting this standard. You can use any
Jabber compatible client.
Having your own chat communication with your business partners is extremely simple
now. All you need is:
VisNetic MailServer version 6.x and greater
Open ports 5222 for standard and 5223 for secured communication at your
firewall
Download and install any Jabber compatible client at each workstation. VisNetic
MailServer Instant Messenger is compatible with all Jabber clients. You can find
plenty of them on the Internet.
We are recommending the JAJC (Just Another Jabber Client) available for download
from: http://www.deerfield.com/download/VisNetic_MailServer
VisNetic MailServer Instant Messenger allows communication between:
All users of a single domain using a VisNetic MailServer installation
All users of all domains using a single VMS installation
All users of all domains using any VMS installation
VisNetic MailServer Administrator Guide 167
VisNetic MailServer Instant Messenger Features Overview
Message Send ( incl. Off-Line Delayed Delivery)
Chat
Multi-User Chat (+ Chat with 2 in a multi-user chat environment, Participant
Status, Server Conference Messages)
Presence (+ Delayed Delivery)
Subscription
File Transfer
Privacy - Black & White List
Private - Private Store - All Data
vCard - Personal Details
Roster - Contact Management Stored On The Server
Avatar - user definable graphics for the personal ID
Browser - to see the defined chat rooms
Offline Data Processing
Server To Server Communication - (Server Joins Across Nodes) Trusted Hosts
Last User Logon, User Server Version + Time
Message Event Notification
Account Registration
Digest Authentication
Password Change
SSL
Admin - Online users, Send a message to all online users
13.2 Basic IM Setup
VisNetic MailServer Instant Messenger comes pre-configured with the each VMS
installation. You can use it without any other configuration for the:
Single Domain Multiuser
Multi Domain Multiuser
To configure advanced - Multi Server usage and chat rooms you must define the
parameters as defined in Chapter 11.
The Instant Messenger parameters can be configured in the VMS Windows
Configuration program only. It is not possible to configure it over the WebAdmin
interface.
System Tab - Service Settings
You can control the cache for the IM users.
VisNetic MailServer Administrator Guide 168
Options Tab - Logging
The different level of the IM activities logging can be selected
there.
The log data are stored in the folder:
C:\Program Files\Deerfield.com\VisNetic MailServer\logs
The IM log file is a plain text file, the filename starts with the
letter "i" following by the date in a form YYYYMMDD, e.g.
i20030327.log
IM log file contains the Jabber XML protocol strings. For
more details about the open Jabber protocol see the
http://www.jabber.org/user/userguide/
Inst. Msg Tab Tab dedicated for the Instant Messenger settings only. You do
not need to configure default values for the basic Instant
Messenger setup.
Info Tab - License Keys VMS comes with the Instant Messenger TRIAL license, which
is valid for 30 days. There are no restrictions against the
purchased license.
13.3 Single Domain IM Communication
Single Domain IM Communication is between users of the same domain.
Each user must install the IM Client at their workstation. To chat with another user;
Connect to the VMS Instant Messenger with the domain used by the both users
Add all users you wish to communicate with by adding them to your “Contact
List”
JAJC Installation
Download the JAJC from the http://www.deerfield.com\download\visnetic_mailserver
Install JAJC by double-clicking the jajc.exe file.
VisNetic MailServer Administrator Guide 169
Connecting JAJC to the VMS IM
Assume that we have installed VisNetic MailServer with the domain demo.d2g.com.
The hostname of our VisNetic MailServer is: demo.d2g.com
To connect to your VMS Instant Messenger run JAJC and enter your account data and
domain name.
Field Description
Account All user log-in data are associated with the Account. You can define
as many profiles as you want by clicking on the icon. Pick the one
you want to use for log-in in the pull-down menu.
Account Alias Alias of the any existing VMS user. If you have specified more
aliases, you can use any of them.
Account Password Password of the VMS account with the specified user name.
Domain Domain name for the User Name above. It can be any domain
specified in the VMS configuration.
Resource Anything. Ignored by the VMS IM Server.
Priority Anything. Ignored by the VMS IM Server.
After Connect Stay… Online, Ready for Chat, Away, Extended Away, Do not Disturb or
Invisible.
VisNetic MailServer Administrator Guide 170
Login_ Server (IP) Hostname or IP address of the VisNetic MailServer you are
connecting to.
Server Port Port number used for the IM communication. Default is 5222 for the
standard communication and 5223 for encrypted by the SSL.
Do not forget to open used port at your firewall!!!
Use Secured (SSL) Check, if you want to use the SSL communication. Default is ON.
Connection
Press OK, and you will be connected to the VisNetic MailServer Instant Messenger
Server.
Adding Users to the Contact List
If you want to see the status of another user and communicate with them (On-line or Off-
Line), you have to add him to your "watch list".
Click on light bulb icon and select Add Contact menu item.
VisNetic MailServer Administrator Guide 171
The Jid is email address of VisNetic MailServer & Instant Messenger user.
If the opposite client has been set to confirm request, there is a new group named
guiutils_waiting. Click on the line with the bulb, confirm it and the new user was added
to your watch list (roaster).
After his approval, he will be displayed in your list like:
VisNetic MailServer Administrator Guide 172
To use Instant Messenger features just right - click on the user and select the required
function.
13.4 Multiple Domain IM Communication
Special configuration is unnecessary for multi-domain single server communication.
Assume you have multi-domain installation as:
Domains: vmsdemo.com and demo.d2g.com
If the user admin@vmsdemo.com wants to communicate with admin@demo.d2g.com t
via Instant Messenger, they both have to:
Connect to the same VisNetic MailServer (both domains must reside on the same
server)
Add each other user to their contact list (roster).
The connection of the user admin@vmsdemo.com to the JAJC client has been described
in the previous section.
13.5 Multi Server IM Communications
Multi server Instant Messenger Communication covers the most advanced features of the
VisNetic MailServer Instant Messenger.
Suppose that we have two VMS Servers connected to the Internet. So far the all users of
the Instant Messenger were connected to the same server. However if you want to
VisNetic MailServer Administrator Guide 173
communicate with the users from another server, you do not need to connect to these
servers directly.
You can connect to ANY Server.
When you will add the user from foreign server - VisNetic Instant Messenger will
recognize it and will connect with this another server automatically!!!
However to achieve this functionality you have to set either:
Anonymous Communication
Or
Trusted Hosts
at both servers.
Anonymous Server to Server Communication
To enable anonymous communication just check the option with the same name:
Anonymous Server to Server communication works only for domains with the same IP address
as the IP address of the host computer.
If the IP addresses differ, you must use trusted hosts.
Trusted Hosts Server to Server Communication
It is the recommended server to server communication, since you can control which
servers can communicate together.
To achieve that you need only specify the allowed domains and hosts of the opposite
servers.
Click on the button Trusted Hosts...
VisNetic MailServer Administrator Guide 174
The trusted hosts file is stored in the file /visnetic mailserver/config/IMhosts.dat.
For the example above, you need to specify trusted hosts:
Mail Server Trusted Hosts (IMhosts.dat) Specification
mail.vmsdemo.com Demo.d2g.com;demo.d2g.com=mail.demo.d2g.com:5223;SSL
mail.demo.d2g.com vmsdemo.com;im.vmsdemo.com=mail.vmsdemo.com:5223;SSL
Notice, that we do not allowed communication for the domain myotherdomains.com of
the host mail.vmsdemo.com. In the both cases we used the secure communication.
The non-secured server to server communication must be specified in the form:
=
13.6 Anonymous Group Chat
Anonymous Group Chat allows chatting of several connected users simultaneously.
You must first define the chat rooms. To do so open VMS Configuration program and
select Inst. Msg Tab.
Click on the Services button and specify the chat room name.
VisNetic MailServer Administrator Guide 175
The chat room MUST NOT be any existing domain of the VisNetic MailServer. There
are no DNS records associated with the domain; it is just an internal VisNetic Instant
Messenger issue. In our example we have used the name of the chat room:
chat.vmsdemo.com
Join a Conference - anonymous chat room.
To create/join anonymous group chat from the JAJC client, click on the bulb icon in the
left top corner of the JAJC client and select from the menu option Join/Create Group
chat.
Specify the chat room and login details:
Field Description
Server Domain name specified in the Services… as one, which will be
used for chat room.
Room Chat Room name
Nick Any ID of the user, which is joining the chat.
Password Do not use for anonymous chat.
Click on the button OK and you will be connected to the Group Chat Room.
VisNetic MailServer Administrator Guide 176
If you want to chat with the some of users from the conference privately, double click on
his icon on the right side.
If the conference you want to join is located at another server, you have to add the chat room
name to your trusted hosts.
The only exception is if you have enabled anonymous server to server connection and the IP
address of the domain connected with the chat room is the same as an IP address of the host
computer.
VisNetic MailServer Administrator Guide 177
Chapter 14
Web Access
14.1 Web Access
VisNetic WebMail, integrated with VisNetic MailServer 6.x, allows users access to
their email accounts, folders, address books, and spell checkers with any standard web
browser. By using a web browser to access email, users can access their email from
anywhere on the Internet. Unlike typical email client applications, VisNetic WebMail
does not require reconfiguration to use. It does not leave any traces of messages on the
Internet terminal, which is an ideal feature for anyone who travels. VisNetic WebMail
also stores all of the messages on the VisNetic MailServer, not a third party server. This
is a key feature for anyone who uses email for sensitive or confidential communications.
To access VWM from your web browser, enter the URL as follows:
http://localhost:32000/mail
For example: http://mail.domain.com:32000/mail
The VisNetic WebMail login will appear. Enter your username and password and click
Login.
VisNetic MailServer Administrator Guide 178
Settings and configurations for VisNetic WebMail are located in the VisNetic
MailServer/WebMail directory.
To configure virtual hosts and other web server settings, you need to edit the VisNetic
MailServer\Config\WebServer.cfg file. The same rules as for web mail apply.
Primary Features
Multi domain support
Multi-language Interface
Multi-skin Interface
User definable folders
User definable logo
Remote web administration
Spell checker
Group support
Automatic sign up
Fully customizable
TCP/IP Protocols - SMTP/POP3/IMAP4
Multiple file attachments
SSL
Header/Footer, Address book importing
Disk Quota
14.2 Administrator Settings
WebMail Access of VisNetic MailServer comes pre-configured and you do not need to
change it. However you may change a lot of global settings, e.g. which language will be
used as default, change logo and many others.
To do that log-in to the WebMail using Administrator account details at URL:
http://localhost:32000/mail/
Select the Settings Tab and the Administrator Settings.
Field Description
VisNetic MailServer Administrator Guide 179
SMTP Server The name or IP address of the SMTP server that web mail will use to
send messages.
Make sure this works properly and that the mail server lets you relay
through. If no, add IP address of the SMTP Server to the field
Relaying From: (VMS Configuration, Delivery Tab).
Port The port used by the SMTP server. Most servers use port 25.
Default Incoming Mail The default mail server host for account management. When creating
Server new accounts this setting will be automatically entered. Beware of the
Domain IP binding on the mail server unless you create virtual
domains and each will have a different incoming mail server whose IP
corresponds to the one the domain is bound to. Incorrect setting might
reflect in an inability for users to login.
Integrate with a mail This links web mail into the account management of an existing mail
server server.
Make sure the Default Incoming Mail Server is correctly set;
particularly the mail server IP binding is not used.
Domain This is used for integration - web mail will be integrated with these
domains. Separate domains with a semicolon.
(If multiple domains are specified, the user is asked to pick one from a
list box at login - only when not using the "Complete VisNetic
MailServer Integration" (see below).
Example: Deerfield.com
Allowed Domains If used "Complete VisNetic MailServer Integration" you might want
to allow only certain domains to login. Web mail knows what domain
it logs in only in the "Complete VisNetic MailServer Integration" and
therefore this cannot be used for other modes of integration.
Example: deerfield.com;vmsmail.com
Primary domain is deerfield.com and only vmsmail.com and
deerfield.com can login in.
IP Address Checking If checked, the IP address of the Web Mail connected PC is became
the part of the Session ID.
Using IP Address Checking increases security, since if newly
connected user (in dial-up or another dynamic - IP connections) has
always new Session ID and the data of the previous session can not be
read. It prevents unauthorized data reading if previous user was NOT
logging out.
VisNetic MailServer Administrator Guide 180
However it can cause a problem to the users which are connected to
the Internet via DSL or routed connection, since these connections can
change IP during the session and in such case the user session will be
also terminated.
Field Description
Max Message Size Specifies the maximum size of a message in KB users can send out. If
the size exceeds message will not be sent.
Use Disk Quota In conjunction with the disk quota size, this option ensures that users
do not exceed their allotted space. Users will be automatically
informed about their quota status. When the limit is reached no more
messages will be received and the user must delete some of the
messages.
Disk quote size Specifies the size in MB.
Delete Trash Messages This automatically deletes trash messages after a specified number of
Older Than (Days) days.
Use header/footer Specifies that web mail should attempt to attach the contents of the
header/footer files to outgoing emails. The files should contain the
exact plain text that will be attached to every message.
Header file The full filename containing the header text. If this field is empty no
header will be attached.
Footer file The full filename containing the footer text. If this field is empty no
footer will be attached.
Content Type charset A default character set can be specified here which will be entered
into the MIME headings. Countries with special national characters
should enter their charset here. Example:iso-8859-2
VisNetic MailServer Administrator Guide 181
Content transfer Set to 7bit or 8bit.
encoding
Use ISO-8859-2 If checked this will perform inner web mail conversion from
Conversion Windows1250 to ISO-8859-2 character sets.
Allow sign-up process This allows a visitor to web mail to create their own account. If using
integration this will only work if VMS is the mail server (see the
separate section on integration)
The default values for the new users are given by the content of the
file /VisNetic MailServer/Config/Default.ini. This file can be edited
manually or via VMS Configuration Program Options – Other
Options.
The values from the Default.ini file are used only if the option Use
Account Defaults is checked.
Login with Email If checked, the full email address must be used as User Name during
Address the login.
Store WebMail Folders If checked, all web mail will be stored in the Mail Folder.
in Mail Folder
Field Description
SSL Login Only If checked, logins are restricted to https connections only.
VisNetic MailServer Administrator Guide 182
SSL Port Allows you to specify SSL Port
Background Color This specifies the background color of the web mail pages. Use hex
notation (#FFFFFF is white), or use words such as: "white", "red".
Title Text The text that will appear in the web browser banner.
Logo File The URI path of the file to be used instead of the web mail logo. Copy
your logo into the html\images directory. Use web notation for the
path e.g. images/mylogo.gif
DO NOT use path with the hard drive letter like: c:\mydata\logo.gif
Web Mail Layout Select the default Layout there. This layout will be used as "main"
layout.
Web Mail Language Select the default Web Mail language. This language will be used
during the login and for the new users. Each user can change their
default language.
Charset If NONE (default) is selected, the emails in the Web Mail interface
are displayed with the charset of the browser. To force encoding in
another charset select one from the pull down menu.
Disable HTML If checked, users are unable from composing HTML based messages.
Composing
Default HTML Checked by default, all users will be HTML based.
Composing
Welcome Page When this option is checked a welcome page welcome.html will be
shown after each login to the system. You should edit the welcome
page yourself.
Default Save Sent If checked, the option "Save Sent Messages to Sent Folder" will be set
Messages To Sent Folder ON for new users.
Default Move Deleted If checked, the option "Move Deleted Messages To Trash" will be set
Messages To Trash ON for new users.
14.3 Administrator Global Address Book
If you are logged as administrator and you will enter the Address Book, there is a new
hyperlink - Global Address Book.
To create address book entries, which can be used by the all users just click on the Global
Address Book and enter data entry there.
VisNetic MailServer Administrator Guide 183
The entries from this global address book are displayed together with the user defined
address book in the user "pull down" menu.
14.4 WebMail access without port 32000 in the URL
If choosing to use VisNetic WebMail on port 80 you must change the default Control
Port from 32000 to 80 and 32001 to 443 (SSL).
To do that open the VMS Configuration program, select System and change the values
for Control service, which is used for the Web Mail access.
Resulting setup will look like:
Stop and Start again the Control Service and your Web Mail access will work with the
URL:
http:///mail/
Or
https:///mail/
Example:
http://localhost/mail/
If you are unable to start the Control Service again, it means, that port 80 is used by
another program. It is probably another WEB Site running under IIS on port 80.
To fix this problem you have to:
Stop the other process running on port 80 (stop IIS)
Or
Bind each web (IIS) to the another IP address, as is used by the VisNetic
MailServer
VisNetic MailServer Administrator Guide 184
If you want to bind IIS web sites to another IP address as used by VMS and if you are
using Windows 2000 or Windows XP, you have to disable IP pooling first. The full
article is located at:
http://support.microsoft.com/default.aspx?scid=KB;en-us;q238131
To disable IP pooling:
1. Start the command prompt and make sure you are in the X:\Inetpub\Adminscripts folder
(where X is the IIS installation drive). To do this, type the following lines at the command
prompt:
X:
CD\Inetpub\Adminscripts
2. After you open the Adminscripts folder, type the following line at the command prompt:
cscript adsutil.vbs set w3svc/disablesocketpooling true
The command replies as follows:
disablesocketpooling : (BOOLEAN) True
3. Stop and start the IISAdmin service.
4. Restart the WWW service.
14.5 WebMail access without \mail in the URL
Default Web Mail Access of VisNetic MailServer uses URL schemas:
http://:32000/mail/
Or
https://:32001/mail/
If the VisNetic MailServer is using port 80 and 443 instead of default values, the URL as:
http:///mail/
Or
https:///mail/
To remove /mail/ from the URL you have to use the Virtual Hosts Redirection feature.
Let's assume that we wan to access Web Mail by using URL:
http://webmail.mydomain.com/
To achieve that you have to:
Change Control Service Ports of VMS to 80 and 443 (as described in the
previous section)
VisNetic MailServer Administrator Guide 185
Create DNS record pointing webmail.mydomain.com to the IP address where the
VMS is running
Edit /Program Files/Deerfield.com/VisNetic MailServer/Config/WebServer.CFG
by the plain text editor and adding line under the section [Virtual-Host]:
webmail.mydomain.com=c:\Program Files\Deerfield.com\VisNetic
MailServer\html\mail\
The resulting Webserver.cfg will look like:
[Settings]
Bind_To_IP=
Use_ISAPI=0
HTTP10=
[Default]
; [filename]
index.html
index.wml
[Filter]
; [file type]=[script interpreter file path]
; [executable file type]=
.html=webmail\web.dll
.wml=webmail\web.dll
.html=webmail\web.exe
.wml=webmail\web.exe
[Virtual-Host]
; [hostname]=[base path]
webmail.mydomain.com=c:\Program Files\Deerfield.com\VisNetic MailServer\mail\html\
[Free-Path]
; [path]
html\mail\
14.6 WebMail Multi-Domain Configuration (Virtual Hosts)
A virtual host is essentially a separate setting of VisNetic WebMail dedicated for a
particular domain. Virtual domains offer many advantages.
Customization with VisNetic WebMail is possible at the domain level. As
example, different ‘logos’ could be utilized for each domain.
A copy of the directory structure is made for each domain and can be
placed anywhere – this means that a domain could have all its users on a
separate disk.
VisNetic MailServer Administrator Guide 186
Users logging into their VisNetic WebMail domain do not get greeted
with a drop down box for domains – the correct domain is chosen based
on the entered URL.
Each virtual host is assigned to a different URL, so you could have
webmail.domaina.com, webmail.domainb.com, etc.
14.6.1 Virtual Host Redirection
Accessing VisNetic WebMail via http://localhost:32000/mail/ will be replaced with:
http://webmail.localhost:32000
Edit file \WINNT\system32\drivers\etc\hosts
o 127.0.0.1 webmail.localhost
Open file \Program Files\Deerfield.com\VisNetic
MailServer\config\webserver.cfg and go to section [Virtual-Host] enter re-
direction command: webmail.localhost=c:program
files\deerfield.com\visnetic mailserver\html\mail
[Virtual-Host]
; [hostname]=[base path]
webmail.localhost=c:\Program Files\Deerfield.com\VisNetic MailServer\html\mail
Enter URL: http://webmail.localhost:32000/. You see that webmail.localhost has been
redirected to the VisNetic WebMail Login Screen. Admin access is through
http://webmail.localhost:32000/admin/.
If you want to create access to your email using WAP enabled devices, the webmail.cfg
line would be: webmail.localhost=c:\program files\deerfield.com\visnetic
mailserver\html\mail\wap\.
14.6.2 Multi-domain Virtual Hosts Configuration
Multi-domain Virtual Hosts Configuration allows you to create WebMail login and
configuration for each domain user. The example will provide instruction for creating
WebMail for two domains:
Company.mail and Domain.mail
Each VisNetic WebMail user will have its own login URL, logo and Other setting.
To accomplish this follow the steps below;
Prepare domain names at DNS
To emulate DNS at your PC where VisNetic MailServer is installed, add the two new IP
addresses to your TCP/IP network adapter protocol.
VisNetic MailServer Administrator Guide 187
IP addresses for our example are: 192.168.100.100 and 192.168.100.101
Then add lines to your host file: \WINNT\system32\drivers\etc\hosts
192.168.100.100 company.mail
192.168.100.101 domain.mail
Prepare folders for virtual hosting of these domains
Create folder VirtualHosts with subfolders company.mail and domain.mail
We will create the virtual host company.mail forst.
Copy the folder \Program Files\Deerfield.com\VisNetic MailServer\html\mail and
\Program Files\Deerfied.com\VisNetic MailServer\webmail\ to the folder
\virtualhosts\comapny.mail\.
Rename folder \mail\ to \html\.
Create virtual domain redirection in webserver.cfg
Open file: \Program Files\Deerfield.com\VisNetic MailServer\config\webserver.cfg and
go to section [Virtual-Host], add two additional “redirection lines”.
[Virtual-Host]
; [hostname]=[base path]
webmail.localhost= c:\Program Files\Deerfield.com\VisNetic MailServer\html\mail
company.mail=c:\virtualhosts\company.mail\html
domain.mail=c:\virtualhosts\domain.mail\html
Create virtual domain redirection in config.html
Prepare file (in text editor) config.html with:
VisNetic MailServer Administrator Guide 188
and copy it to the html folder of the company.mail virtual hosts structure.
\virtualhosts\company.mail\html\config.html
NOTE: The config.html cannot use backslash (alt – 92) in path and cannot have a dot in
the defined variable. For example, “companymailpath” is a variable that cannot contain a
dot, but must be unique to any variables used by VisNetic WebMail.
Do the same for domain.mail. The content of the config.html is:
Now try to access your web mail for domain.mail at: http://domain.mail:32000/
Change setting for each domain
Log-in to the company.mail domain as admin: http://company.mail:32000/admin
NOTE: All changes you will do at the Admin level will affect only company.mail now.
To change the logo. Create a logo named company.mail.gif and place it in the
c:\virtualhosts\company.mail\html\images folder.
Click on Settings and set new logo file: company.mail.gif. Change default values to:
Title Text: Company.mail WebMail
Logo File: c:\virtualhosts\company.mail\html\images\company.mail.gif
Logo Width: 260
Logo Height: 62
Click Save then close browser.
Open your browser again for company.mail WebMail: http://company.mail:32000/
You will see a new login screen with the company.mail logo.
14.7 Secure WebMail Access
SSL is an encryption method based on public and private keys. It ensures that
information being transferred between a webserver and a web browser securely. VisNetic
WebMail uses its own built in webserver that supports the SSL standards, once enabled.
VisNetic MailServer Administrator Guide 189
Testing Secure Socket Layer
Test your installation by connecting to the SSL port of 32001. Ensure that https is
specified instead of http
https://127.0.0.1:32001/mail/
If all is working you will be greeted with a warning:
What does the warning mean?
An SSL certificate requires 3 conditions to be met:
That it has been issued by a company who is trusted.
That the date on the certificate is valid
That the website name matches the name on the certificate.
There are only a few companies who issue certificates that are automatically trusted by
web browsers (e.g. Verisign and Thawte). As this certificate is issued by the VisNetic
MailServer software the web browser does not ‘trust’ it.
To resolve this, click on the ‘View Certificate’ button and then ‘Install Certificate’.
Follow the prompts. This tells the web browser that the certificate can be trusted.
Unfortunately it is not possible easy to fix point (3). A certificate is matched to a website
address at creation. To fix this point you have to use officially purchased certificate and
convert it to the VisNetic MailServer form.
SSL and Certificates is a highly complex subject. Trusted certificates that do not have
warnings have to be paid for from an issuer like Verisign or Thawte. If you wish to
pursue obtaining your own certificate from a trusted issuer then contact VisNetic
MailServer software who will be able to assist.
VisNetic MailServer Administrator Guide 190
The certificate is kept in the file cert.pem. You can edit it and use your own certificate.
Our SSL system has the advantage of having multiple SSL certificates on one system.
Each certificate can be used for a different IP address. The cert.pem is used as a default
certificate. There is a file cert.dat with the following structure:
Cert.dat
[Server]
// [IP]=[certificate file path]
193.179.195.74=c:\certificates\secure.deerfield.com.dat
At the certificate warning proceed by clicking on the ‘Yes’ button. The VisNetic
MailServer login screen will be shown.
For Internet Explorer Users, in the bottom of the web browser status bar towards the right
the secure symbol will be shown:
This confirms to the user that the connection is secure.
Important!
It is only the connection between the web browser and the webserver that is secure. The
encryption during the transmission of a message to another mail server depends on the
recipient server features. However by default VMS tries to send the message by using
TSL/SSL.
14.8 Advanced WebMail Settings
VisNetic WebMail uses its own built-in web server which is installed upon installation of
VisNetic MailServer. The properties of this web server are controlled via configuration
file /Deerfield.com/VisNetic MailServer/Config/WebServer.CFG
You can edit this file with any plain text editor, or by using the VMS Configuration
program through Options, Other Options.
VisNetic MailServer Administrator Guide 191
WebServer.CFG
// Web Server Settings File
//
// This file contains the whole web server engine settings. You can create new
// virtual hosts, redirects, MIME type associations, aliases and many more.
//
// Settings Section
//
[Settings]
Use_ISAPI=0
// Use_ISAPI - Values: 0/1/2, 0 - Disabled, 1 - Full ISAPI Mode, 2 - Smart ISAPI Mode
// Bind_To_IP - Allows you to bind the whole server engine to different IPs than in
// the Config Service Settings
// Allowed_PUT_Virtual_Hosts - Allows you to specify a host name that will accept
// PUT commands
//
VisNetic MailServer Administrator Guide 192
// Default Section
[Default]
index.html
index.wml
// Might contain more lines and specifies the default filenames for HTTP
//
WebServer.CFG - part 2
[Filter]
.html=webmail\web.dll
.wml=webmail\web.dll
.html=webmail\web.exe
.wml=webmail\web.exe
// Filter section lets you specify our own CGI and ISAPI filters.
// =
//
// Alias Section
[Alias]
// Alias section lets you create directory redirects or virtual directories.
// [alias]=[base path]
//
// Virtual Host Section
[Virtual-Host]
mail.deerfield.com
VisNetic MailServer Administrator Guide 193
wap.deerfield.com=html\mail\wap\
*=html\mail\
// Virtual hosts let you specify different web server file locations for each host
// [hostname]=[base path]
// There is a special hostname * which stands for all hostnames (default) and should
// be used at he last host name. Hostname without the equal sign = specifies the hostname
// for the Web Admin service.
//
// Free-Path Section
[Free-Path]
html\mail\
// Free path section can help you define URI parts for the Web Admin service which will not be
// required to authenticate the session. Use backslashes.
// [URI]
//
// MIME Section
[MIME]
.jad=text/vnd.sun.j2me.app-descriptor
.jar=application/java-archive
// The MIME section lets you define additional MIME types.
// [file type]=[mime type]
//
// Redirect Section
VisNetic MailServer Administrator Guide 194
[Redirect]
// The redirection feature lets you redirect any URL passing thru the web server engine to any
other
// URL via the HTTP protocol.
// [URL]=[URL]
VisNetic MailServer Administrator Guide 195
Chapter 15
WAP Access
15.1 WAP Access
VisNetic WebMail also supports the WAP (Wireless Application Protocol) protocol of
delivering web information to WAP compatible devices. The WAP Mail has been tested
with the Nokia WAP Toolkit 2.0 and Microsoft Mobile Explorer.
Users accessing their inbox via a mobile telephone will have the ability to send and
receive emails, but not change settings.
There are also no administrator pages provided. This is a simple but powerful service to
send and receive emails while on the move.
Some phone providers are requiring to use only port 80 for the WAP access only.
Change the default port 32000 to the 80 in the VisNetic MailServer System Tab, as described in
the previous chapter.
15.2 Connecting to the Service
Enter the following URL on your mobile device:
http://:32000/mail/wap/
Always add the slash at the end of your URL! Even though it is a plain host name.
To use URL without /mail/wap/ use the same virtual redirection as described in the
previous chapter.
Example:
Add to the [virtual-host] of the webmail.cfg
wap.domainA= c:\program files\deerfield.com\visnetic amilserver\html\mail\wap\
VisNetic MailServer Administrator Guide 196
Chapter 16
Advanced Server Protection
16.1 Relaying and the “we do not relay” message
Relaying is a common problem. It means that a server allows somebody to send messages
outside. It is desirable to allow sending messages only to your users. Thus you need to
use antirelaying options not to allow spam and relaying thru your server to unwanted
users (spammers) from outside. The error message "550 5.7.1 ...we do not relay "
means your anti relaying settings are incorrectly set and you simply cannot send
messages thru your server out.
We do not suggest using any anti relaying options other than Relaying From, POP Before
SMTP. All other anti relaying options in the Delivery tab sheet should not be used.
Switch on all of the 3 options and into the Relaying From field enter:
127.0.0.1;192.168.*.*;10.*.*.*;172.16-31.*.*
That means all of these IP addresses will be able to relay. All of them are LAN IP
addresses. It's also suggested to specify the server's IP address in the field too. By this
your LAN will be able to send messages out just fine.
Sometimes you might need to allow relaying for your customers outside your LAN. That
is a small problem but can be solved. Usually all relaying is IP address based. Just like on
your LAN. ISPs know their IP addresses and allow relaying from all of these addresses. It
is suggested for users from outside to use their ISP's mail server to send messages out.
Sure, but you want them to use your mail server. You can use 2 options on your server to
fix this. Either the POP Before SMTP or SMTP Authentication. Using Relaying From is
not possible because the IP addresses of your external users are unknown and change
dynamically.
POP Before SMTP
The user needs to check his mail before sending messages out. The server will record the
user's IP and for some period of time will allow sending messages out from the IP. The
problem is that most of the mail clients (Outlook Express) send messages first and then
receives. Users would need to remember to check for messages manually before sending.
SMTP Authentication
VisNetic MailServer Administrator Guide 197
This is a more professional way of allowing external users to relay thru your server. The
user will authenticate during the SMTP session and by that the server knows it is a legal
user and will let him relay. The thing is that users need to configure their mail clients to
use the SMTP authentication and you also need to switch off the Disable SMTP Auth
option in the Security tab sheet. This option works in conjunction with the Relaying From
control. The Relaying From control needs to be switched on otherwise no authentication
will be required. The IPs specified in the Relaying From control do not need to SMTP
AUTHenticate. All other IPs have to authenticate in order to relay messages.
16.2 Relaying and Spam
There is a fine line between making VisNetic MailServer a secure mail server and ending
up with a ‘broken’ mail server that refuses to send/receive mail! The most important
issues surrounding security are relaying and spam.
Relaying is essentially the sending out of messages. This is something that is required for
authorized users, but external users or intruders should not be allowed this privilege.
Spam (or spamming) is the sending of unsolicited messages to an email address. These
are typically mail shot type emails offering goods and services. They should be treated
with extreme caution since a reputable company does not spam!
Organizations that spam across lengthy email lists are always on the lookout for servers
that allow relaying; in this way the identity of the spammer can be protected. Therefore it
is important to consider the relaying and anti-spam features of VisNetic MailServer.
Three scenarios are covered:
A company or department who uses VMS for internal use only. (Internal)
A company or department who use VMS for both internal and external use, and
have a permanent Internet connection or use dialup. (External)
An ISP who uses VMS as the email service for all customers. (ISP)
Each will have different needs and concerns.
All Uses
The best protection from spam is to use the RBL. You can also use the Anti Spam Filters
but the problem is that these need constant editing to keep the files up to date. The RBL
is administered by Internet users so it's regularly updated.
Content filters are another issue against spam and also viruses: for example, setting up a
content filter that rejects any messages with the string I Love You in the header.
Internal Use
VisNetic MailServer Administrator Guide 198
Security is not so much of an issue if VMS is being used in an intranet environment.
There is no need to enable Firewalls or the various deny options. Nor is Anti-relaying
required. It is unlikely that a worker is going to ‘spam’ his fellow colleagues! For this
environment it is recommended that the anti-relaying functionality is not enabled. There
is no email coming in externally so we need not worry about validating the originator
either.
As all the mail is being sent/received through local domains, there are 2 useful settings:
‘Do not forward if the originator’s domain is not local’ and under each user account
option enable ‘User can send mail only to local domains’.
External Use
If a company has a mail server that can be seen from the Internet it would be a good idea
to enable the firewall for the Control service so that only a couple of PC’s internally can
be used to change any settings. Denying the ability to telnet into the services is also a
good idea.
The last thing a company wants is for their email server to be used to send out spam or
unauthorized mailing lists. This reflects badly on the company and could have dire
consequences. It is most important that the only people who are allowed to send mail
through the server are employees. However, this scenario is easy to deal with since all the
employees are on fixed, easily definable networks.
For example, let’s assume that a company sets up 3 departments on 3 subnets of a private
address range:
192.168.1.X
192.168.2.X
192.168.3.X
Only clients with these IP addresses are allowed to send mail through the SMTP service.
Enable the ‘Relaying From’ functionality, and enter either 192.168.* or (more securely),
enter 192.168.1.*;192.168.2.*;192.168.3.*
Even easier, the domain(s) that the company can be specified instead of IP addresses.
This will only allow users on the internal networks to use the server to send mail.
Remember to include either the subnet or IP address of the server itself!!
If the server receives email from an external source, it is a good idea to check that the
email address has come from a valid domain. Enable the ‘Reject mail if the originator’s
VisNetic MailServer Administrator Guide 199
domain has no MX record’ option - if email comes from an invalid address or has no
return path then it will be rejected.
Internet Service Provider
The ISP has the hardest time since it is very easy to over-secure the mail server and
prevent customers from sending/receiving email.
Certainly secure web-admin and Deny telnet should be specified, but since access could
be gained from anywhere it is recommended to not use the firewall options.
It is a good idea to check that that any incoming mail has come from a valid domain.
Enable the ‘Reject mail if the originator’s domain has no MX record’ option - if email
comes from an invalid address or has no return path then it will be rejected.
With regards to anti-relaying there are 2 kinds of ISP; one who also controls the user’s
access to the Internet (hence all the users will have easily identifiable IP’s and subnets)
and one who is an independent ISP and requires users to be able to use the server no
matter how they connect to the Internet.
For both types of ISP it is paramount that the server is not used to send out spam
however.
For the ISP who knows what subnets and IP’s the users are connecting with, it is simply a
matter of enabling the anti-relaying functionality and entering the subnets/IP’s in the
field.
If there are a large number of entries required then it is easier to create the file relay.dat
(in the Config subdirectory) and specify entries on a separate line eg:
192.168.1.*
127.0.0.1
For the ISP who has customers connecting from various IP’s it is not feasible to enter
subnets and IP’s in the relaying field. Instead, anti-relaying should be enabled for
everything except the local machine and alternative methods of user-authentication used
such as POP3 before SMTP, and the SMTP Auth command.
Both POP3 before SMTP and SMTP Auth will require that the sender has an account on
the mail server in order to be able to use the SMTP service.
VisNetic MailServer Administrator Guide 200
16.2 Spammers and Tarpitting
One of the basic spammer techniques is to use SMTP servers other than their own. It
brings them many advantages. They are hiding identity and they use bandwidth paid for
by someone else.
Some servers have option "Relay if user is local", which is used mostly for LAN
installations (not connected to the Internet).
VisNetic MailServer has this option also (Delivery - Do not relay, if originator is not
local), however is strongly recommended DO NOT USE IT.
If this option is checked and a spammer happens to know some local username /
password, they can use server for relaying - sending unwanted mails.
To find valid usernames spammers use special programs, which are randomly checking
SMTP servers for name. Such programs are sending in loop common names, like: info,
john, sales, etc. and waiting for confirmation, that the name is valid.
Such testing can cause a heavy amount of traffic on your server, unnecessarily, so it is
good idea to block it.
VisNetic MailServer provides a great feature called Tarpitting. When Tarpitting is active
VMS checks for unsuccessful attempts to deliver messages to unknown users by external
or local non existing users. If the number of attempts in a session exceeds the Count field
the IP address of the sender will be remembered for the Period and no access from that IP
address will be allowed within the period.
Basically this options serves as a protection from spammers trying to spam your mail
server accounts. Spammers usually have a dictionary of aliases they try to deliver to your
domain. Once the count of unknown aliases exceeds the limit they will not be able to
spam you any more for the given period of time.
Sometimes you might want to enable some IP address and do not want to wait for the
period to expire or simply specify a white list. The file is called Config\tarpitbypass.dat
and contains the white list IP addresses. Cross Session Processing - By default the
Tarpitting feature works in one sessions only. By enabling this checkbox it will work
cross session. Close Connection - When the session is tarpitted you can either leave the
session open or force it to close the connection.
VisNetic MailServer Administrator Guide 201
16.3 Disable Receipt of Improperly Formatted Emails
Improperly formatted emails are sometimes used by the spammers or hackers as attack to
the mail server. Each server is reacting differently. It some cases can these emails cause
that users can not download some messages - or they can even shoot down SMTP or
POP3 service! Unfortunately the RFC822 specifications are not allowing to build in
unconditional rejecting of the bad formatted mail.
To disable receipt of such email in VisNetic MailServer you should use the Content Filter
Specify the Content Filter, which will reject all improperly formatted mails. Use as
condition:
Where Message Violates RFC822.
You can also create such filter by importing from the following XML file:
<<< Bad Formated or Empty Sender Mails >>>
True
True
7
VisNetic MailServer Administrator Guide 202
8
7
10
<>
True
VisNetic MailServer Administrator Guide 203
Chapter 17
Developer and System Integrators
17.1 API
The API (Application Programming Interface) for VisNetic MailServer is designed for
those who want to manipulate domains, users, mailing lists, notification accounts and
executables from external applications. It allows you to get lists of accounts, add, delete,
edit and read the settings.
The API.DLL can be found in the VisNetic MailServer directory and is used by the
Users.exe and Domains.exe command line tools. The source code for the tools is written
in Delphi and can be found in the API directory. In the API directory there are also other
programming languages examples.
Using the API
The API can be used in any programming language such as Delphi, BC++ Builder, MS
VC++, ASP, VB etc. All you need to do is to import the functions from the API DLL
(Dynamic Linked Library). The API.DLL is not a COM object.
API description is available in Deerfield.com\VisNetic MailServer\API directory.
17.2 API Variables and Values
The API Variables and Values are used for API programming or as parameters in the line
command tools USERS. EXE and DOMAINS.EXE described in a next section.
By using API Variables and Values you can provide in the "command line mode" almost
anything you can do in the VisNetic MailServer Windows Administration program.
You can find description of API Variables and Values in Deerfield.com\VisNetic
MailServer\API directory.
17.3 Users and Domains Command Line Tools
The users.exe and domains.exe command line tools can be found in the VisNetic
MailServer directory. You can also find the source code in the API directory. These tools
VisNetic MailServer Administrator Guide 204
can be used for user and domain manipulation such as editing/adding/deleting etc. You
can even use it for exporting and importing users. The user’s tool is limited to work on
one domain only. That means you would need to run the tool subsequently to
export/import users from multiple domains.
Typical usage of these tools is for command line maintenance - adding new users, etc.
The default values for the new users are given by the content of the file /VisNetic
MailServer/Config/Default.ini. This file can be edited manually or via VMS
Configuration Program – Options / Other Options
The values from the Default.ini file are used only if the option Use Account Defaults is
checked.
Users Usage
By running the users.exe without any parameters you will get the output below.
API User Manager – VisNetic MailServer
Copyright (c) 2002 Deerfield.com. All rights reserved.
E-mail: info@deerfield.com
Usage: USERS {commands} -u{user|*@[domain]} [properties] [parameters]
Usage: USERS -STATISTICS
{commnads}
-a Add new user
-c Change user's properties
-d Delete a user
-l List a user
-e[delimiter char] Export users
-g[delimiter char] Import users from a file into a domain
-STATISTICS Creates the user statistics file
-h This help
-u{user[@domain]} Specifies the user's address
{properties}
-n{name} Specifies the user's name
-p{password} Specifies the user's password
-m{mailbox} Specifies the user's mailbox name
VisNetic MailServer Administrator Guide 205
-b{mailbox} Specifies the user's mailbox path
-i{+/-}{KB} Specifies the user's max mailbox size
-k{KB} Specifies the user's max message size
-r{address} Specifies the user's remote address (no local mailbox)
Empty address stands for no remote address
-f{address list} Specifies the user's forward address list
-4{+/-} Specifies that the user can use the IMAP4
-z{+/-} Specifies that the user is self configurable
-s{+/-} Specifies that the user is the administrator
-x{+/-} Specifies that the user is the domain administrator
-j{+/-} Specifies that the user uses the NT Password
-o{+/-} Specifies that the user is disabled
-q{file path} Specifies auto responder file path
-t{+/-}{days} Delete mail older than x days
-w{+/-}{days};{address} Forward mail older than x days to y
-q{file path} Specifies auto responder file path
-#{parameter}=[$]{value} Specifies API variables and values
{parameters}
-cfg{path} Specifies the full path to the VisNetic MailServer
directory
Adding a user
Let’s add a new user with the name John Doe, alias john, mailbox john and password
secret into the domain deerfield.com. You do not need to specify the domain name if it is
a primary domain.
users -a -ujohn@deerfield.com -mjohn -psecret -n"John Doe"
In the case of a primary domain and alias equals the mailbox name.
users -a -ujohn -p"my secret" -#2=$"John Doe"
Notice the quotes which should be used for space containing parameters.
The last parameter is a special API syntax you can use for any parameter this tool does
not support directly.
See the API variables and values in the API Section.
VisNetic MailServer Administrator Guide 206
users -a -uu1@demo.com -mu1@demo.com -ppass1 -#58=100
This will add a user called u1@demo.com with a password of pass1 and a send limit of
100 messages per day.
Deleting a user
Let’s delete the user just created.
users -d -ujohn@deerfield.com
Editing a user
You might want to change the password for the user john to topsecret.
users -c -ujohn@deerfield.com -p"topsecret"
Listing a user
The listing feature displays one user information. It cannot be used for more users at
once.
users -l -ujohn@deerfield.com
Exporting and Importing users
The exporting feature exports the list of the given domain mask or all domains to screen.
If you need to save it to a file you need to redirect the output to a file. The first example
prints all users from the domain deerfield.com to screen.
users -e -u*@deerfield.com
or for all domains
users -e -u*@*
The exported data contain the program title before the actual lines. If you need to import
the data you need to delete those lines first. The format of the file can be easily found out.
Administrator's password will not be shown ever, instead it will contain the star character
"*". Exporting users to a text file follows.
users -e -u*@deerfield.com > c:\temp\export.txt
The text file after removing the information lines might look like this:
john@deerfield.com,john,*,deerfield.com\john\,John Doe,,,0,0
VisNetic MailServer Administrator Guide 207
support@deerfield.com,support,topme,deerfield.com\support\,Support Team,,,0,0
The format of the file follows
[Alias]@[Domain],[Mailbox],[Mailbox Path],[Name]...
Import Users.
In order to import users from the file you need to do this.
users -g c:\temp\export.txt
User Statistics
If you use the User Statistics option the users tool can help you to export the user
statistics to a file so you do not need to use the Config GUI or the web admin. The syntax
is easy:
users -STATISTICS "2002/02/01" "2002/02/28" "*" "c:\temp\stats.log"
Domains Usage
By running the domains.exe without any parameters you will get the output below.
API Domain Manager – VisNetic MailServer
Copyright (c) 2002 Deerfield.com. All rights reserved.
E-mail: info@deerfield.com
Usage: DOMAINS {commands} {domain} [properties] [parameters]
{commands}
-a Add new domain
-c Change domain's properties
-d Delete a domain
-l List a domain
-e[delimiter char] Export domains
-g[delimiter char] Import domains from a file
-h This help
{properties}
-s{description} Specifies the domain's description
-i{+/-} Info To Admin
VisNetic MailServer Administrator Guide 208
-u{forwardto} Unknown Users Forward To
-f{alias} Admin Default Alias
-m{email} Admin Default Email
-t{domain type} Domain Type (0..3)
-v{domain type value} Domain Type Value
{parameters}
-cfg{path} Specifies the full path to the VisNetic MailSerevr
directory
Adding a domain
Lets add a new domain with the name deerfield.com and description Deerfield Domain
domains -a deerfield.com -s"Deerfield Domain"
Notice the quotes which should be used for space containing parameters.
Deleting a domain
Let’s delete the just created domain.
domains -d deerfield.com
Editing a domain
You might want to change the description of the domain.
domains -c deerfield.com -s"Deerfield Software Domain"
Listing a domain
The listing feature displays one domain information. It cannot be used for more domains
at once.
domains -l deerfield.com
Exporting and Importing domains
The exporting feature exports the list of all domains to screen. If you need to save it to a
file you need to redirect the output to a file. The first example prints all domains to
screen.
domains -e
VisNetic MailServer Administrator Guide 209
The exported data contain the program title before the actual lines. If you need to import
the data you need to delete those lines first. The format of the file can be easily found out.
domains -e > c:\temp\export.txt
In order to import domains from the file you need to do this.
domains -g c:\temp\export.txt
VisNetic MailServer Administrator Guide 210
Chapter 18
How VisNetic MailServer Works
18.1 How VisNetic MailServer Works
Services
VisNetic MailServer consists of three services and the configuration program. Services
are programs that run in the background of Windows and do the work for you.
SMTP service handles the mail delivery, forwarding the mail, disk space monitor and all
account options. This service handles the most work of the mail server and should always
run.
POP3/IMAP4 service handles the message sending to the mail clients when users want to
get new mail from the server. This service also handles the Remote Accounts and the
Antivirus System. This service should be always run as well.
Control service handles the DialUp connections, Remote Administration, Web
Administration, and the Watchdog option. If you do not need any of these you do not
have to run this service.
Files & Directories
In the VisNetic MailServer directory there are all the executable, help, readme files, and
the default.ini. In the HTML directory, there are files for the Web Administration. The
CONFIG directory contains all configuration and settings. The LOG directory contains
all logs.
SMTP, POP3/IMAP4 and Control logs can be switched on individually. Error logs are
always made when errors occur. The log structure:
[IP Address] [Thread ID] [Date Time] [Action]
Example:
SYSTEM [00000000] Fri, 19 Jan 2001 11:36:54 +0100 SMTP Service started
VisNetic MailServer Administrator Guide 211
In the MAIL directory, there are domain directories and the FORWARD directory. In the
forward directory is the queue for outgoing mail. All mail has extension .tmp. When mail
is being transmitted its extension changes to .tm$. In the domain directories there are
mailbox directories for the received mail.
In the TEMP directory, files are being currently received. After they have been received
they are copied to the mailbox(es) and then deleted.
Mail Sending & Receiving
There is no difference between local and Internet mail receiving. Therefore if you can
receive your local mail you can also receive Internet mail. If mail is not being delivered
from the Internet it is likely that security options set are preventing this, or the DNS MX
records on the domain has been entered incorrectly.
Sending the mail follows a different path. When mail is being sent to a local account it is
immediately delivered to the local mailbox and the mail does not go to the Internet. Mail
server recognizes that according to the configured domains in the Config program. When
there is a recipient with the local domain, it is delivered to the local domain. When it
finds out it is an external recipient (domain) it places the mail in the FORWARD
directory (outgoing queue) and tries immediately to deliver the message. This is all done
in separate threads (processes). VMS is a full multi threaded multiple CPU support
server.
The greatest advantage of VisNetic MailServer is its safety and security. All of the
services run the TLS/SSL support (Secure Socket Layer) and you can set your mail
clients to support and use this option. In such case all message transmission to and from
server will be totally secured. VMS goes beyond this and when found a remote mail
server supporting this feature too (another VMS) the whole TCP/IP communication is
secured in the same manner. Therefore a network of VisNetic MailServer would totally
put hackers out of their business.
18.2 SSL Certificate Conversions
VisNetic MailServer supports SSL. VMS uses an SSL certificate issued by Deerfield.com
and as such generates warnings when used. It is likely that customers wishing to pursue
SSL already have a certificate installed for a given domain and would like to use their
existing certificate with VisNetic MailServer. This document explains how to convert an
existing certificate into the proper format for VMS.
Overview
SSL is an encryption method based on public and private keys. It ensures that
information being transferred between a webserver and a web browser cannot be seen by
anyone and thus ensures privacy.
VisNetic MailServer Administrator Guide 212
VisNetic MailServer uses its own certificate built in webserver. This fully supports the
SSL standards once SSL support has been enabled.
Enabling Secure Socket Layer
The SSL software is provided as standard with VisNetic MailServer.
For VisNetic WebMail access test your installation by connecting to the SSL port of
32001 (instead of 32000). Ensure that https is specified instead of http
Example:
https://127.0.0.1:32001/mail/
For VisNetic MailServer Web Administration use the URL above without /mail/
Example: https://127.0.0.1:32001/
If all is working you will be greeted with a warning:
What does the warning mean?
An SSL certificate requires 3 conditions to be met:
1) That it has been issued by a company who is trusted.
2) That the date on the certificate is valid
3) That the website name matches the name on the certificate.
There are only a few companies in the world who issue certificates that are automatically
trusted by web browsers (e.g. Verisign and Thawte). As this certificate is issued by the
VisNetic MailServer software the web browser does not 'trust' it.
To resolve this, click on the 'View Certificate' button and then 'Install Certificate'. Follow
the prompts. This tells the web browser that the certificate can be trusted.
Unfortunately it is not possible to fix point (3). A certificate is matched to a website
address at creation. The only way is to purchase the official certificate for the Web site.
VisNetic MailServer Certificate Format
Find the file cert.pem in the installation directory. It should look like this:
-----BEGIN RSA PRIVATE KEY-----
VisNetic MailServer Administrator Guide 213
MIICWwIBAAKBgQDhhrFex+K/HBZe/Sgl2nZmppRRmADgaRByOMURyI36gvQ1+FNO
uYfoPcOr/t3TiqfKmt4deBJU/l5EOH+VAcYGFjpOpmaS7HZbRBhrew53LLpk333L
aPLwKPBQNFgYOtZzB+CvwnAa4nAtkZYlkRMlnASYzXfHowuVu8ehVs5iTwIDAQAB
AoGAYnIpevZGRKY+HbjkjaGPjb+pfvSbbVpvk2y0mc6yK2h+shB0TSkv6nELuUjI
DE+6bvarfrGrTu66t4zyJFlh1vRWgezw7PddR6l1iUZX3M2jdfrj/Z9hcHoMgIEN
6flUhsUDR1/dYFLmC7erXiXpAlu2gx0vE+JlRkKh1lrcGgECQQD8SGa3vOqFoFcp
ghEZXpzqcYIvJfrtpPna7r1CNezMRvpYpC8hT5G7/t7fVtUtOfGURGkT2aYmtZeQ
T9hMhpu9AkEA5Nld4QkRa1Nyk3Qb/k/lYKLEovA4rySV2A446NdVLLZqI2fq1qH3
QChMtlYG7c6Iv6dIv3fkn1UOa9Mx4AVw+wJAfCwiqrMId6b438xOID+KWnZuDkjS
Xh/CfvjdHHawS8dvtytwqyOf5nlHN4RkvrLzbffSBFwvRIRCylwSaXAjvQJAbZYl
XXixLbrlF/U23n418iOflAMCseQMGU0eNWnAMMwdYV0G2Mbwlnl12q6xXLlVRKl/
rahlA2OAp2OX85XHdwJANv7ayfVDTMlfOdXB5nOJM9Y8/2h9TCVLUstxKh4qM9Hp
yVFxyTCRm/qplHLNuklGuWP55vEoblbba9aqYzWJjw==
-----END RSA PRIVATE KEY-----
-----BEGIN CERTIFICATE-----
MIICjTCCAfYCAQAwDQYJKoZIhvcNAQEEBQAwgY4xCzAJBgNVBAYTAkNaMRcwFQYD
VQQIEw5DemVjaCBSZXB1YmxpYzEPMA0GA1UEBxMGUHJhZ3VlMRkwFwYDVQQKExBJ
Y2VXYXJwIFNvZnR3YXJlMRkwFwYDVQQDExBJY2VXYXJwIFNvZnR3YXJlMR8wHQYJ
KoZIhvcNAQkBFhBpbmZvQGljZXdhcnAuY29tMB4XDTAwMDcyNDE0MDA1N1oXDTA1
MDcyMzE0MDA1N1owgY4xCzAJBgNVBAYTAkNaMRcwFQYDVQQIEw5DemVjaCBSZXB1
YmxpYzEPMA0GA1UEBxMGUHJhZ3VlMRkwFwYDVQQKExBJY2VXYXJwIFNvZnR3YXJl
MRkwFwYDVQQDExBJY2VXYXJwIFNvZnR3YXJlMR8wHQYJKoZIhvcNAQkBFhBpbmZv
QGljZXdhcnAuY29tMIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDhhrFex+K/
HBZe/Sgl2nZmppRRmADgaRByOMURyI36gvQ1+FNOuYfoPcOr/t3TiqfKmt4deBJU
/l5EOH+VAcYGFjpOpmaS7HZbRBhrew53LLpk333LaPLwKPBQNFgYOtZzB+CvwnAa
4nAtkZYlkRMlnASYzXfHowuVu8ehVs5iTwIDAQABMA0GCSqGSIb3DQEBBAUAA4GB
VisNetic MailServer Administrator Guide 214
AEpb8ci98bywKDgm2ZZAndtisHLQa7rI1ZozmgYAS90qcShfXcrOlD1+si4wVanY
wOd93LjXuR5IzMUM48w7QeDYZxXeAcpmrp8PDvw54RZG2JyH7hITrDSw69Budw0C
VeCM6hHpRejRBf8DK+WNqG3CZh74jgDd3NGb+MijVagF
-----END CERTIFICATE-----
The file takes the format of base-64 encoded sections, the private key followed by the
certificate.
18.2.1 Certificate Conversion from IIS 4.0
When the certificate was first requested you would have created a certificate request file.
This would have looked like this:
-----BEGIN NEW CERTIFICATE REQUEST-----
MIIBJjCB0QIBADBsMQswCQYDVQQGEwJHQjEOMAwGA1UECBMFRXNzZXgxETAPBgNV
BAcTCFJvY2hmb3JkMRkwFwYDVQQKExBTaW1wbHkgV2ViRGVzaWduMQ4wDAYDVQQL
EwVTYWxlczEPMA0GA1UEAxMGU2ltcGx5MFwwDQYJKoZIhvcNAQEBBQADSwAwSAJB
ALO0a8hNfU6Nb/JcIFPNgvxfUdp6Bo/NAK6+9tO2p6YbiWBf2mQw0WDOPELiRkly
kg0sNT9B6eFKH9qYHx9XipkCAwEAAaAAMA0GCSqGSIb3DQEBBAUAA0EAXaiLgP5S
VQlRjg0k5q2xXZSCFrwf4EbIb7xiAkIEStLiZP0RRv9OIBVlBbbuP2oY4Kgm7Jzx
DN/Ak597m0iBEw==
-----END NEW CERTIFICATE REQUEST-----
The organization who issued you your certificate would have replied with the certificate
in the following format :
-----BEGIN CERTIFICATE-----
MIICTTCCAbagAwIBAgIDdYWzMA0GCSqGSIb3DQEBBAUAMIGHMQswCQYDVQQGEwJa
QTEiMCAGA1UECBMZRk9SIFRFU1RJTkcgUFVSUE9TRVMgT05MWTEdMBsGA1UEChMU
VGhhd3RlIENlcnRpZmljYXRpb24xFzAVBgNVBAsTDlRFU1QgVEVTVCBURVNUMRww
GgYDVQQDExNUaGF3dGUgVGVzdCBDQSBSb290MB4XDTAwMDkyNDExMjYwMFoXDTAw
MTAyNTExMjYwMFowbDELMAkGA1UEBhMCR0IxDjAMBgNVBAgTBUVzc2V4MREwDwYD
VQQHEwhSb2NoZm9yZDEZMBcGA1UEChMQU2ltcGx5IFdlYkRlc2lnbjEOMAwGA1UE
VisNetic MailServer Administrator Guide 215
CxMFU2FsZXMxDzANBgNVBAMTBlNpbXBseTBcMA0GCSqGSIb3DQEBAQUAA0sAMEgC
QQCztGvITX1OjW/yXCBTzYL8X1HaegaPzQCuvvbTtqemG4lgX9pkMNFgzjxC4kZJ
cpINLDU/QenhSh/amB8fV4qZAgMBAAGjJTAjMBMGA1UdJQQMMAoGCCsGAQUFBwMB
MAwGA1UdEwEB/wQCMAAwDQYJKoZIhvcNAQEEBQADgYEAaBAP6YMGRzaBXRmmUxL9
D/sl+SI3TsPq/2Lu3CINHO4wyq0bBr+xKjr8FiM9rzYdDy66Cyux4RA89s2DzKtX
kCTZGnz0uBOr452WEjfhkmnm2dyB0bFe94Lb1lZ7wB1FmPrjIiWP49EAgtuMtiTA
sAXR6juqZdMpEkm1kfD4K2k=
-----END CERTIFICATE-----
The certificate itself is in the correct format for VisNetic MailServer but we also need to
obtain the private key. This can be extracted from IIS with a little manual intervention.
You will need some tools to do this:
a) A copy of the openssl executable with RSA encryption
b) A text editor that understands hex.
The openssl tools can be downloaded from anonymous ftp at
ftp://ftp.siwd.net/ssl/openssl_tools.zip. A good hex editor can be found at
http://www.ultraedit.com
(These instructions are courtesy of post to the openssl-users newsgroup)
MSIIS exports the private key and certificate in the same file. If you want to extract only
the private key, you can do it as follows:
1. Export a backup file of the Certificate from the Key-Manager. Call it cert.key.
2. Edit cert.key and find this string in the binary file: "private-key"
3. Trace back until you find this Hex value: "30 82"
4. Write from that position to a new file (tmp.bin).
5. With OpenSSL: openssl rsa -inform NET -in tmp.bin -out key.pem
6. Type password.
7. The private key is now in a separate file :-)
VisNetic MailServer Administrator Guide 216
The above image shows an IIS key open in the "Elvis" text editor in HEXADECIMAL
mode. The characters in red will be deleted and the rest of the file -- from "30 82"
onwards -- will be saved.
So now you should have your private key in a file called key.pem and it should look like
this:
-----BEGIN RSA PRIVATE KEY-----
MIIBOgIBAAJBALO0a8hNfU6Nb/JcIFPNgvxfUdp6Bo/NAK6+9tO2p6YbiWBf2mQw
0WDOPELiRklykg0sNT9B6eFKH9qYHx9XipkCAwEAAQJAJQGqkH0kqOCHhSljnt5b
cw1OFee7IjHdSh8ZRVAABjyc8Kt5MZ4nVgpGEBv4Wz4X+Un3xW18bKF9uREViQeV
gQIhAOShEojbao1Z5QF9hPkC6fDPs/rPmjaBWbLQKbyXKHT9AiEAyTfvMu+sJZkD
tS/afFUhiA/Bp44OjRgMwh+MAJ0uDM0CIDEXRNuOAXsIalu/j+XH8mN6tbKNERfS
/meeutd7vXwhAiBJjVyubdWrWKd2T6u5zxSWu8u6B79h6+yd+RIgF1SB8QIhANDG
YzjKKPILB7euU0bfuJxWglYou9TAma5HzdeBCd7V
-----END RSA PRIVATE KEY-----
Find the certificate that was sent back by the issuing authority and concatenate it onto the
end thus giving you a file similar to:
-----BEGIN RSA PRIVATE KEY-----
MIICWwIBAAKBgQDhhrFex+K/HBZe/Sgl2nZmppRRmADgaRByOMURyI36gvQ1+FNO
uYfoPcOr/t3TiqfKmt4deBJU/l5EOH+VAcYGFjpOpmaS7HZbRBhrew53LLpk333L
aPLwKPBQNFgYOtZzB+CvwnAa4nAtkZYlkRMlnASYzXfHowuVu8ehVs5iTwIDAQAB
AoGAYnIpevZGRKY+HbjkjaGPjb+pfvSbbVpvk2y0mc6yK2h+shB0TSkv6nELuUjI
DE+6bvarfrGrTu66t4zyJFlh1vRWgezw7PddR6l1iUZX3M2jdfrj/Z9hcHoMgIEN
6flUhsUDR1/dYFLmC7erXiXpAlu2gx0vE+JlRkKh1lrcGgECQQD8SGa3vOqFoFcp
ghEZXpzqcYIvJfrtpPna7r1CNezMRvpYpC8hT5G7/t7fVtUtOfGURGkT2aYmtZeQ
T9hMhpu9AkEA5Nld4QkRa1Nyk3Qb/k/lYKLEovA4rySV2A446NdVLLZqI2fq1qH3
QChMtlYG7c6Iv6dIv3fkn1UOa9Mx4AVw+wJAfCwiqrMId6b438xOID+KWnZuDkjS
Xh/CfvjdHHawS8dvtytwqyOf5nlHN4RkvrLzbffSBFwvRIRCylwSaXAjvQJAbZYl
VisNetic MailServer Administrator Guide 217
XXixLbrlF/U23n418iOflAMCseQMGU0eNWnAMMwdYV0G2Mbwlnl12q6xXLlVRKl/
rahlA2OAp2OX85XHdwJANv7ayfVDTMlfOdXB5nOJM9Y8/2h9TCVLUstxKh4qM9Hp
yVFxyTCRm/qplHLNuklGuWP55vEoblbba9aqYzWJjw==
-----END RSA PRIVATE KEY-----
-----BEGIN CERTIFICATE-----
MIICjTCCAfYCAQAwDQYJKoZIhvcNAQEEBQAwgY4xCzAJBgNVBAYTAkNaMRcwFQYD
VQQIEw5DemVjaCBSZXB1YmxpYzEPMA0GA1UEBxMGUHJhZ3VlMRkwFwYDVQQKExBJ
Y2VXYXJwIFNvZnR3YXJlMRkwFwYDVQQDExBJY2VXYXJwIFNvZnR3YXJlMR8wHQYJ
KoZIhvcNAQkBFhBpbmZvQGljZXdhcnAuY29tMB4XDTAwMDcyNDE0MDA1N1oXDTA1
MDcyMzE0MDA1N1owgY4xCzAJBgNVBAYTAkNaMRcwFQYDVQQIEw5DemVjaCBSZXB1
YmxpYzEPMA0GA1UEBxMGUHJhZ3VlMRkwFwYDVQQKExBJY2VXYXJwIFNvZnR3YXJl
MRkwFwYDVQQDExBJY2VXYXJwIFNvZnR3YXJlMR8wHQYJKoZIhvcNAQkBFhBpbmZv
QGljZXdhcnAuY29tMIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDhhrFex+K/
HBZe/Sgl2nZmppRRmADgaRByOMURyI36gvQ1+FNOuYfoPcOr/t3TiqfKmt4deBJU
/l5EOH+VAcYGFjpOpmaS7HZbRBhrew53LLpk333LaPLwKPBQNFgYOtZzB+CvwnAa
4nAtkZYlkRMlnASYzXfHowuVu8ehVs5iTwIDAQABMA0GCSqGSIb3DQEBBAUAA4GB
AEpb8ci98bywKDgm2ZZAndtisHLQa7rI1ZozmgYAS90qcShfXcrOlD1+si4wVanY
wOd93LjXuR5IzMUM48w7QeDYZxXeAcpmrp8PDvw54RZG2JyH7hITrDSw69Budw0C
VeCM6hHpRejRBf8DK+WNqG3CZh74jgDd3NGb+MijVagF
-----END CERTIFICATE-----
Your file is now in the same format as that required by VisNetic MailServer. Rename this
file as cert.pem and move it into the VisNetic MailServer installation directory (you may
wish to backup the old file first). Restart the services and then attempt to connect using
the SSL port and https protocol.
18.2.2 Certificate Conversion from IIS 5.0
The process is slightly different for IIS5.0. It is far easier to just request and install a
certificate onto the server, then extract the bits we need.
VisNetic MailServer Administrator Guide 218
Request and Install the certificate for the website in the normal manner. You should have
backed it up anyway, but if you have not then it is likely that the Certificate Manager also
needs setting up.
Start -> Run mmc.exe
Under the Console Menu choose Add/Remove Snap-in.
Choose Add then Certificates (for Computer Account, Local Computer)
Under the Console Menu choose Save As and save as "Certificates Manager".
Open up the Certificates Manager (it will have been placed into the administration tools
on your Start Menu)
Find the certificate you want to use (Look under Personal Certificates). Right click the
certificate and choose Export.
When asked, reply "Yes, export the private key". The correct export type is the "Personal
Information Exchange PKCS12" format.
Enter a password twice, then the name of the file to export to.
The Certificates Manager will now export the file to disk.
Using the openssl tool we can extract both the private key and the certificate from the
exported file:
Openssl pkcs12 -in -out cert.pem -nodes
You will need to enter the password to extract the keys.
This will create a file called cert.pem…….
Bag Attributes
1.3.6.1.4.1.311.17.2:
localKeyID: 01 00 00 00
1.3.6.1.4.1.311.17.1: Microsoft RSA SChannel Cryptographic Provider
friendlyName: f0ab0ab6ba76154b8482652adfd0392e_c071ee15-fbd3-4bb8-b597-
cd153273f125
Key Attributes
X509v3 Key Usage: 10
VisNetic MailServer Administrator Guide 219
-----BEGIN RSA PRIVATE KEY-----
MIIBOQIBAAJBAM+aEQRnZbhWjfRqsrSWh8UWlSIeeiWQCcKzaGnMaTbfsGfylATB
ILP4Z/JrIS8UyIxls+qjzp0ycTCEk2/JnqUCAwEAAQJAIWTZA+pV9HcH0p8vK9li
8ZMWXiyk3VH0H/uX+hzFd+vs/zQabi5yYfaxHR1+fwIJ4ktO769w0r+njtKbwORi
qQIhAP5y2+RGaC2JVemqPOIi+tibae8xqR5rN7aRW4MI5MKfAiEA0N4W48CoS7ID
5NAbUHiKNDgnmFsvnVitHEeWw61cvDsCIHR1xcdZol0VOslULcGjGQUDPR1JsYpG
sJ1TMntrGqkpAiBCm9Do6PPC0A511fgf/ZD1fkMCT3Ir16+9KQdnd83vKQIgEbZK
4UF+7O/eTtCRii427cAR00EaqAiKf6cl1v+9qYI=
-----END RSA PRIVATE KEY-----
Bag Attributes
localKeyID: 01 00 00 00
friendlyName: GPC Secure
subject=/C=GB/ST=Staffordshire/L=Lichfield/O=Global Performance Centre
Ltd/OU=Sales and Marketing/CN=secure.gpc1.com
issuer= /C=ZA/ST=Western Cape/L=Cape Town/O=Thawte Consulting
cc/OU=Certification Services Division/CN=Thawte Server CA/Email=server-
certs@thawte.com
-----BEGIN CERTIFICATE-----
MIICuDCCAiGgAwIBAgIDB6cGMA0GCSqGSIb3DQEBBAUAMIHEMQswCQYDVQQGEwJa
QTEVMBMGA1UECBMMV2VzdGVybiBDYXBlMRIwEAYDVQQHEwlDYXBlIFRvd24xHTAb
BgNVBAoTFFRoYXd0ZSBDb25zdWx0aW5nIGNjMSgwJgYDVQQLEx9DZXJ0aWZpY2F0
aW9uIFNlcnZpY2VzIERpdmlzaW9uMRkwFwYDVQQDExBUaGF3dGUgU2VydmVyIENB
MSYwJAYJKoZIhvcNAQkBFhdzZXJ2ZXItY2VydHNAdGhhd3RlLmNvbTAeFw0wMDEw
MzExMzU2MDBaFw0wMTExMTQxMzU2MDBaMIGZMQswCQYDVQQGEwJHQjEWMBQGA1UE
CBMNU3RhZmZvcmRzaGlyZTESMBAGA1UEBxMJTGljaGZpZWxkMSYwJAYDVQQKEx1H
bG9iYWwgUGVyZm9ybWFuY2UgQ2VudHJlIEx0ZDEcMBoGA1UECxMTU2FsZXMgYW5k
IE1hcmtldGluZzEYMBYGA1UEAxMPc2VjdXJlLmdwYzEuY29tMFwwDQYJKoZIhvcN
VisNetic MailServer Administrator Guide 220
AQEBBQADSwAwSAJBAM+aEQRnZbhWjfRqsrSWh8UWlSIeeiWQCcKzaGnMaTbfsGfy
lATBILP4Z/JrIS8UyIxls+qjzp0ycTCEk2/JnqUCAwEAAaMlMCMwEwYDVR0lBAww
CgYIKwYBBQUHAwEwDAYDVR0TAQH/BAIwADANBgkqhkiG9w0BAQQFAAOBgQAP4RW7
XzSg2Y8/rIN06RhS4WfQR/KYrhLaaf31oYIQ44WYF5r6ggxXGW6ZuWsuNXj9thC+
/rwtIMpJb3wZaFUAzGaqLyj45YlrlGRAwZgiwDUDpF6aAg2iMyprMn1pC9GIwlve
nPv///UgXHaASucvE0/pz70/v2CG++oAbP5Jgw==
-----END CERTIFICATE-----
All that is needed now is to remove the extra information from the file and you have the
required cert.pem for VisNetic MailServer.
18.2.3 Creating your own Certificate Conversion for IIS 5.0
1. Go into IIS - Secured Directory - Server Certificate and request a certificate for your
domain. This gives you c:\certreq.txt.
2. Go into mmc.exe and under REQUESTS export the request including private key as
PKCS12. Take off strong encryption. Enter a passphrase twice. This will create
c:\yourfile.pfx
3. Run openssl against yourfile.pfx:
openssl pkcs12 -info -in yourfile.pfx -nodes
This will give you your private key, cut n paste it into a new file priv.txt
openssl req -x509 -key priv.txt -in certreq.txt > cert.txt
4. Go back into IIS and finish off the cert request using cert.txt. Turn on port 443 for the
site...
18.3 If you cannot Send or Receive Email
This article provides the basics of how DNS works and how to check if is properly
configured to send and receive email from/to the Internet using your VisNetic
MailServer.
Introduction
VisNetic MailServer Administrator Guide 221
Most all computers on the Internet communicate via the TCP/IP protocol. Each user
connected to the Internet has assigned the unique identification - IP (Internet Pointer)
address. But searching users based on IP addresses would be very hard (imagine
remember for each WWW site a 12 digit number...) and so the IP addresses are getting
assigned the symbolic names.
Type into your Browser: http://216.32.74.55/ and you will get to YAHOO!
The IP address 216.32.74.55 is translated to the WWW site WWW.YAHOO.COM.
This IP to symbolic name translations are done by DNS servers.
DNS server is an abbreviation for Domain Name System server. Basically all host names
on the Internet are converted to IP addresses by querying the DNS. DNS has many
purposes. The most important one is that without a properly configured DNS server your
Internet connection cannot work because you do not know the real IP addresses of the
desired servers. DNS runs on a UDP protocol port 53. If you want to be able SEND and
RECEIVE email from your server you must have properly configured DNS.
If you installed VisNetic MailServer on your office LAN – and it works – and you are not able
to receive mails from the Internet, it is almost always problem with incorrectly configured DNS
server or your firewall.
What to do, if you have problems RECEIVING mails from the Internet
There are several record types on DNS. With regards to email the two most important
are: A and MX records.
A (Address) records convert a host names into IP addresses.
Example:
www.deerfield.com.com A 207.89.233.203
MX records are mail exchange records.
They are used for delivery of email to its destination mail sever. Basically email
addresses are constructed by an alias and a domain: alias@domain. Example:
info@deerfield.com. Each domain should have at least 1 MX record.
If there is none MX record for domain - mail delivery will not work. (There are some
issues when it might work but generally all domains should have MX records.) Usually
there is only 1 MX record for a domain.
Each MX record for a domain has a preference number and a host name of the server to
deliver messages to. When there are more MX records for a domain the lowest preference
VisNetic MailServer Administrator Guide 222
number has the highest priority and should be tried first to deliver the message to. If that
does not work a lower priority should be tried. Usually there is only 1 MX record for a
domain.
Example: deerfield.com MX mail.deerfield.com 10
The above is an MX record for the domain deerfield.com with a preference 10.
How to check, that your DNS is configured correctly for RECEIVING from the
Internet
You really do not need to be a computer GURU for that. There is a tool called DNS
Query Tool, which is a utility included in VisNetic MailServer. The utility is available in
the Deerfield.com/VisNetic MailServer program group.
Let’s assume that your domain name is: vmsdemo.com and you want to receive mail for
users of this domain. This domain you already established in the VisNetic MailServer and
your Account folder looks like that:
Then check the System setting. If everything is O.K, all three services of VisNetic
MailServer are running (see 3 green lights in the middle of the screen) and you have
checked DNS Query Lookup. Notice, that DNS field contains values: ns1.dn.net;
ns2.dn.net
VisNetic MailServer Administrator Guide 223
You do not need to change these values to your ISP DNS names. All DNS servers are
replicated. VisNetic MailServer will work with ANY DNS server.
The Mail Server Hostname can be anything, it is just identification of your server when
is speaking with the other servers.
Now we can finally start testing, to see if our DNS server is configured correctly. We
need to check three items:
1. DNS server is working
2. Find if there is a MX Record for your domain and where points
3. Find if the IP address where the MX Record points can be reached from the
Internet
1. DNS server is working.
Run DNS Query Tool and type in the DNS server name or IP address you want to
approve. The good idea is to test the same DNS server as is in your System configuration.
If everything is O.K., you can read a message in the left corner of the DNS Query Tool:
DNS Server Response 0 " OK
VisNetic MailServer Administrator Guide 224
2. Find if there is MX Record for your domain and where points.
We are checking domain vmsdemo.com. Put the domain name as a Query and select type
Mail Exchange (MX). You would see that MX record for domain vmsdemo.com points
to the symbolic name: mail.vmsdemo.com. All we need to find is, whether IP address of
the computer, where is installed VisNetic MailServer is the same as an IP address for
symbolic name mail.vmsdemo.com.
3. Find if the IP address where MX Record points can be reached from the Internet.
DNS servers are primarily maintained by your ISP. You should make sure they setup
your DNS records correctly. If you need proper DNS records for your mail server you
should do this:
Find out the IP of your mail server machine
Require an A DNS record such as: mail.yourdomain.com to point to that IP
Require an MX DNS record for your domain to point to mail.yourdomain.com with some
preference (10).
Put in as a query the symbolic name from previous test (mail.vmsdemo.com) and select
Type Host Address (A). The resulting screen should point to some IP address. This is IP
address, where your VisNetic MailServer is supposed to be installed.
And last, final test, is to find that your VisNetic MailServer is running at this IP address.
The computer GURUs will use probably TELNET, but there is more simple ways to
determine this. Each VMS can be remotely configured via TCP/IP. If your VMS
Control/HTTP service is running open your browser and type in:
http://your IP address:32000 e.g. http://194.108.176.130:32000
It will bring you to the WEB Log-On screen of the VisNetic MailServer.
That is really all you need for your mail server to receive messages from the Internet. In
VisNetic MailServer there is a special tool that you can use to verify your DNS records.
The is the DNS Query tool. Run that tool. The DNS field should contain a proper
working DNS server IP or host name. Query should contain the value you want to query.
Type, select the DNS record type. Now verify all your DNS records. For deerfield.com it
would be:
Query:deerfield.com, Type: MX, Result = mail.deerfield.com
Query: mail.deerfield.com, Type: A, Result = {some IP address}
VisNetic MailServer Administrator Guide 225
If your queries do not work either your specified DNS server is not working properly or
your DNS records are not configured right. You should call your ISP on the phone and
ask them for their DNS server IP address and tell them to verify your records.
What to do, it you have problems SENDING mails to the Internet
Receiving messages should be fine by now.
Sometimes there might be problems with sending messages. They might get stuck in the
Outgoing queue. - it is the VisNetic MailServer\Mail\Forward\Retry\ directory.
99% of the time it is a DNS server problem.
Not a DNS record problem but your DNS specification in the VMS configuration
program the system section DNS field. Try to specify another DNS server there
(assuming you are using DNS Lookup option). If it still does not work switch on
VisNetic MailServer SMTP logging and analyze the logs. This LOG can be accessed
locally or by using WEB based access. Select Debug and Summary Logging for the
SMTP and send some messages if you want to analyze the content of your SMTP LOG
file.
Click the Open Log Directory and locate latest SMTP Log File (starts with the s followed
by date).
Look for Client Session records and MX queries. It should look like this:
Client session MX - Issuing query 194.213.224.2 for "vmsdemo.com"
The line above tells there is going to be a query to the DNS server 194.213.224.2 for the
domain vmsdemo.com
The most important record is the following line:
Client session MX - Query response: 0 (1)
That line means DNS server responded with 0 (OK) and returned 1 result. If you have a
different line such as Could not connect. Your DNS server is not working and you should
use a different one. If your line looks like this:
Client session MX - Query response: 0 (0)
It is the same problem as above. Use a different DNS server.
Final lines of interest:
Client session Connecting to "mail.vmsdemo.com"
VisNetic MailServer Administrator Guide 226
Client session Connected
The result of the DNS query returned host mail.vmsdemo.com and VMS is trying to
connect to it. It was successful. Sometimes you might get Could not connect. That means
the remote server is either down or your machine cannot connect to it for some reason
(firewall or incorrectly set up Internet connection etc.).
Try using this from the command line:
telnet mail.vmsdemo.com 25
If that works all your Internet settings are correct.
18.4 Variables
The Variables can be used in the Content Filters, Executable Accounts, Header/Footer
Files, Expiration notification mail, etc.
%%From%% - From field
%%From_Alias%%
%%From_Domain%%
%%From_Name%%
%%To%% - To field
%%To_Alias%%
%%To_Domain%%
%%To_Name%%
%%Sender%%
%%Sender_Alias%%
%%Sender_Domain%%
%%Recipient%%
%%Recipient_Alias%%
%%Recipient_Domain%%
%%Subject%% - Subject of the message
%%Header%% - The whole Header
%%Body%% - The text part of the message body
%%Message-ID%% - Message ID
%%Size%% - Size of the message
%%Date%% - Date of the message received
%%Time%% - Time of the message received
VisNetic MailServer Administrator Guide 227
%%IP%% - IP of the remote server
%%Header HeaderItem%%
Any header item from the message. eg: %%Header Cc%%
%%Include FileName%%
VisNetic MailServer Administrator Guide 228
Appendix A
Technical Support
Technical Support Options
Technical Support for VisNetic MailServer is offered on several different levels. Please
review the support options and select whichever is appropriate for your needs.
http://www.deerfield.com/support/VisNetic_MailServer
Reseller Purchase
Users who purchased VisNetic MailServer from an Official Deerfield.com Reseller will
be referred back to them for support. For information about Official Deerfield.com
Resellers, or to locate a reseller near you visit:
http://www.deerfield.com/corporate/resellers/
Sales and Reseller Inquiries
Sales questions (of a non-technical nature) relative to VisNetic MailServer software
should be directed to sales@deerfield.com. Alternatively, you can call Deerfield.com at
(989) 732-8856.
VisNetic MailServer Administrator Guide 229