Protocols
The Protocols page allows system administrators to configure various settings for every protocol used by a mail server: POP, IMAP, SMTP, LDAP and XMPP, as well as the security settings available. (I.e., TLS/SSL versions allowed.) Basically, these settings dictate how SmarterMail handles messages sent or delivered by these protocols.
- POP
- IMAP
- SMTP In
- SMTP Out
- EWS
- LDAP (Enterprise Only)
- XMPP (Enterprise Only)
- Security Protocols
- Mailbox Migration
POP
Use this card to specify the following POP settings:
- POP Banner - The text that is displayed when initially connecting to the port.
- Command Timeout (Minutes) - If the server receives a command that sends large amounts of data but the data stops coming in for this number of minutes, the command will be aborted. By default, the command times out after 5 minutes.
- Max Bad Commands - After this many unrecognized or improper commands, a connection will be automatically terminated. By default, the maximum number of bad commands is 8.
- Max Connections (0 = Unlimited) - Some protocols in SmarterMail allow you to specify the maximum number of connections. Increasing this value allows SmarterMail to handle more connections of that type at once, but results in higher CPU and memory utilization. By default, the maximum number of connections is 500.
- Max POP Retrieval Threads - SmarterMail is multithreaded, meaning it can do more than one thing at a time. This setting is for the maximum number of threads you want SmarterMail to work on concurrently for retrieving mail using the POP protocol. By default, the maximum number of POP retrieval threads is 10.
- POP Retrieval Interval (Minutes) - The frequency by which SmarterMail checks for new POP messages. By default, the POP retrieval interval is 1 minute.
- Disable insecure auth methods for non-SSL authentication - Enabling this will block any insecure authentication types over non-SSL connections.
IMAP
Use this card to specify the following IMAP settings:
- IMAP Banner - The text that is displayed when initially connecting to the port. The banner supports the use of the following variables, which will be replaced with their corresponding values:
- #HostName#: The hostname grabbed from the URL connected to by the client.
- #ConnectedIP#: The IP address of the client connecting to the mail account.
- #Time#: The current time in the server's timezone. (E.g., Thu, 06 Jan 2022 10:07:54 -07:00)
- #UnixTime#: The current server time translated to a Unix timestamp. (E.g., 1641488874)
- #TimeUTC#: The current server time translated to UTC. (E.g., Thu 06 Jan 2022 17:07:54 +0000)
- Command Timeout (Minutes) - If the server receives a command that sends large amounts of data but the data stops coming in for this number of minutes, the command will be aborted. By default, the command times out after 15 minutes.
- Max Bad Commands - After this many unrecognized or improper commands, a connection will be automatically terminated. By default, the maximum number of bad commands is 8.
- Max Connections (0 = Unlimited) - Some protocols in SmarterMail allow you to specify the maximum number of connections. Increasing this value allows SmarterMail to handle more connections of that type at once, but results in higher CPU and memory utilization. By default, the maximum number of connections is 1000.
- Max IMAP Retrieval Threads - The maximum number of threads you want SmarterMail to work on concurrently. By default, the maximum number of POP retrieval threads is 10.
- IMAP Retrieval Interval (Minutes) - The frequency by which SmarterMail checks for new IMAP messages. By default, the IMAP retrieval interval is 10 minutes.
- Enable IDLE Command - IMAP idle is an extension of the IMAP protocol that allows a mail server to send status updates in real time. Through IMAP IDLE, users can maintain a connection with the mail server via any mail client that supports IMAP IDLE, allowing them to be instantly aware of any changes or updates. When enabled, SmarterMail will inform any connecting IMAP client that it accepts the IDLE command. Note: IMAP clients that do not fully support IMAP IDLE, like Microsoft Outlook, may use the command in such a way that it actually hinders performance.
- Disable insecure auth methods for non-SSL authentication - Enabling this will block any insecure authentication types over non-SSL connections.
SMTP In
Use this card to specify the following inbound SMTP settings:
- SMTP Banner - The text that is displayed when initially connecting to the port. The banner supports the use of the following variables, which will be replaced with their corresponding values:
- #HostName# - The hostname of the IP address to which the connection is made.
- #ConnectedIP# - The IP address of the remote computer.
- #Time# - The system's local time.
- #TimeUTC# - The time in UTC.
- #UnixTime#- The number of seconds since January 1, 1970.
- Allow Relay - If you are concerned about spammers using the relay function to send mail through your server, or do not want any other mail server to use your SMTP server as a gateway, set this to Nobody. (This is STRONGLY recommended.) However, you can set the type of relays you will allow, should you so desire.
- Nobody - Restricts sent mail to only work via SMTP authentication and with accounts on the local SmarterMail Server (except for IPs on the White List).
- Only Local Users - Limits relay access to users (email accounts) for a valid domain on your SmarterMail Server.
- Only Local Domains - Limits relay access only to mail hosts (domains) on your SmarterMail Server.
- Anyone - Allows any other mail server to pass messages through your mail server, increasing the chances of your mail server being used for sending large volumes of messages with domains not associated with your local mail server. Selecting this option turns off statistics for all domains, due to the high amount of messages that are passed through the mail server with an open relay.
- Session Timeout (Minutes) - After a connection fails to respond or issue new commands for this number of minutes, the connection will be closed. By default, the session times out after 15 minutes.
- Enabled - Select this checkbox to enable the session timeout setting.
- Command Timeout (Seconds) - If the server receives a command that sends large amounts of data but the data stops coming in for this number of seconds, the command will be aborted. By default, the command times out after 120 seconds.
- Max Bad Commands - After this many unrecognized or improper commands, a connection will be automatically terminated. By default, the maximum number of bad commands is 8.
- Max Connections (0 = Unlimited) - Some protocols in SmarterMail allow you to specify the maximum number of connections. Increasing this value allows SmarterMail to handle more connections of that type at once, but results in higher CPU and memory utilization. By default, the maximum number of connections is 1000.
- Max Hop Count - After a message gets delivered through this many mail servers, it is aborted by the software. This prevents looping due to DNS problems or misconfigurations. By default, the max hop count is 20.
- Max Message Size (KB) - This controls incoming messages, and outbound messages sent via email clients configured with IMAP or POP. As such, this setting should match, if not exceed, the Max Message Size set for domains. This will help prevent email client users from having their outbound messages rejected due to the message size. By default, the max message size is 512000 KB and this number includes text, HTML, images and attachments. (Note: Base64 encoding of attachments increases their size by approximately 35%. Knowing this, and in order to provide a better user experience, SmarterMail allows messages to be sent that are technically over the limit set for Max Message Size. For example, a 10MB message with a 490MB attachment will still be sent even though the actual message size, after base64 encoding, would far exceed the 500MB max limit.)
- Max Bad Recipients (0 = Unlimited) - At times, spammers will hammer a domain with a dictionary harvesting attack. This means that software is used to send messages to many of the most common mailbox addresses (e.g., admin, user, contact, etc.) or username variations (e.g., alan@, alana@, alanb@, etc.) in order to find valid email addresses. Setting the max bad recipients means that after this many bad recipients (those that don't exist for the domain), the SMTP session will be terminated. This setting allows you to better protect yourself against email harvesting attacks. A value of 20 is recommended in most cases.
- Append Received Line - Select the option for appending the received line for All Inbound Messages, Non-authenticated messages or for no messages at all. NOTE: If a message has no Received headers, SmarterMail will add one to prevent issues with some mail clients.
- Require Auth Match - Select this to force a user's From: address to match their SMTP authenticated address, either by matching the entire email address or by matching just the domain - or not requiring it at all. This setting helps keep senders from spoofing email addresses through email clients.
- Max Messages Per Session (0 = Unlimited) - The maximum number of messages that can be sent in one session. This is useful in handling cases where spammers will make one connection and then send a large amount of messages with that connection.
- Enable VRFY command - Enable this setting to allow others (including other mail servers) to verify an email address on the server. Note: Some people believe enabling VRFY commands is a security risk, so be sure to research the possible ramifications before enabling this feature.
- Enable EXPN command - Enable this setting to allow others to list all users associated with an alias or list. Note: Some people believe enabling EXPN commands is a security risk, so be sure to research the possible ramifications before enabling this feature.
- Enable Delivery Status Notifications (DSN) - Delivery status notifications are automated messages notifying a sender about the delivery status of a message: if it bounces, if it was delayed or if delivery was successful.
- Allow relay for authenticated users - This setting enables the "Allow Relay" setting when users are required to use SMTP Authentication for sending messages.
- Enable Domain's SMTP auth setting for local deliveries - Enable this setting to enforce SMTP authentication for all local deliveries. For example, mail from user1@example.com to user2@example.com must be authenticated even though the message is bound for local delivery.
- Disable AUTH LOGIN method for non-SSL SMTP authentication - This setting disables plain text authentication.
- Disable CAUTH CRAM-MD5 methods for non-SSL SMTP authentication - Enabling this will block any insecure authentication types over non-SSL connections.
- Continue delivery if session is disconnected by client - When enabled, this setting allows your mail server to receive deliveries from legacy mailers, such as PHP Mailer, which do not wait for any feedback from the receiving server before disconnecting a session. This setting is disabled, by default. NOTE: If this setting is enabled, it is very possible the mail server will receive duplicate emails from legitimate servers that may have disconnected early as the sending server sees that as a failure, so it will continue to retry delivering its messages.
SMTP Out
Use this card to specify the following outgoing SMTP settings:
- Outbound IPv4 - The IPv4 address used to connect to external SMTP servers when a message is sent by the domain. If multiple IPv4 IPs are on the server, they will be listed in the dropdown along with the following:
- Use Primary IP on NIC - This will use the IP address that's assigned to the Network Interface Card (NIC) on the SmarterMail server.
- Use the Domain's IP - When a domain is set up by a system administrator, they can assign a specific IP address from the server as the "Outbound IPv4" address for that domain.
- Rotate IP List - Allows system administrators to select a number of different IP addresses that will be used, and the order in which they'll be used, to send email should connection failures or time-outs occur.
- Order - The numerical position for the specified IP address.
- IP Address - The IP address associated to the specified position.
- Rotate List Fail Ratio - The percentage of successes to failures before the IP is rotated. (In decimal format, so .5 would be 50%)
- Rotate List Fail Threshold - The total number of successes and failures before the IP is rotated.
- NOTE: Both conditions have to be true for the IPs to be rotated. So if you have a Fail List Ratio of .5 AND a List Fail Threshold of 50 successes and failures, and BOTH of those conditions are met, the IP is rotated. Otherwise, mail will continue to flow.
- Outbound IPv6 - The IPv6 address used to connect to external SMTP servers when a message is sent by the domain. If multiple IPv6 IPs are on the server, they will be listed in the dropdown along with the following:
- Use Primary IP on NIC - This will use the IP address that's assigned to the Network Interface Card (NIC) on the SmarterMail server.
- Use the Domain's IP - When a domain is set up by a system administrator, they can assign a specific IP address from the server as the "Outbound IPv6" address for that domain.
- Rotate IP List - Allows system administrators to select a number of different IP addresses that will be used, and the order in which they'll be used, to send email should connection failures or time-outs occur.
- Order - The numerical position for the specified IP address.
- IP Address - The IP address associated to the specified position.
- Rotate List Fail Ratio - The percentage of successes to failures before the IP is rotated. (In decimal format, so .5 would be 50%)
- Rotate List Fail Threshold - The total number of successes and failures before the IP is rotated.
- NOTE: Both conditions have to be true for the IPs to be rotated. So if you have a Fail List Ratio of .5 AND a List Fail Threshold of 50 successes and failures, and BOTH of those conditions are met, the IP is rotated. Otherwise, mail will continue to flow.
- Disable - This disables the use of IPv6 on the server.
- Use Primary IP if selections are unavailable - Enable this setting to have SmarterMail automatically fall back to the primary IP when a failure has occurred. SmarterMail will only attempt to connect once if this option is enabled.
- Command Timeout (Seconds) - If the server receives a command that sends large amounts of data but the data stops coming in for this number of seconds, the command will be aborted. By default, the command times out after 60 seconds.
- Max Delivery Threads - The maximum number of messages that can be sent at one time to email addresses that are not on the local server. If a message cannot be sent, the SmarterMail server's multi-threading capabilities will move on to the next message and eventually get back to the one it skipped. This action can save tremendous amounts of time when compared to some other mail servers that stall the spool if a message cannot be sent right away. By default, the max delivery threads is 50.
- Max Recipients Per SMTP Session - The maximum number of recipients that can be included in one SMTP session. For example, with the limit set to the default of 500, an email containing 600 recipients would utilize two SMTP sessions for delivery - one with 500 recipients and the other with 100. This setting can useful if a receiving server rejects sessions that exceed their allotted recipient limit. Note: Setting this limit to Unlimited is not recommended unless there is a specific case for doing so.
- Enable DNS Caching - Enable this setting to cache the results of DNS calls in SmarterMail. When enabled, all DNS query results are stored for a period of time determined in the configuration (time-to-live) of domain name records. This decreases the query load placed on the authoritative servers and ensures that answers to these queries are stored locally for rapid querying, thereby speeding up the delivery of messages.
- Append X-Smartermail-Authenticated-As Header - Toggling the slider to the right means that outgoing messages will have a new line item in the message header called "x-smartermail-authenticated-as" that demonstrates that the message sender was verified using SMTP authentication. This header can then be used by antispam services for validation.
- Disable Remote Bounces - This setting disables bounce messages for messages that fail to reach remote recipients. That means that when a SmarterMail user emails an external recipient (any user not on their domain) and their email fails to deliver, they will NOT receive a bounce message from the recipient's server. Note: This setting disables bounce messages for remote/external deliveries only. A SmarterMail user who sends an email to a user on the same domain will still receive a bounce message if that local delivery fails.
- Enforce strict certificate validation - This setting prevents the server from connecting to servers over SSL/TLS that have an invalid certificate For example, this prevents SSL/TLS connections to servers with out-of-date certs or domain name mismatches on their certificate. Disabling this is not recommended because it may allow a third party to setup a rogue certificate and intercept communications.
- Relaxed certificate name validation - Dependent on the enforcement of strict certificate validation, when this setting is enabled, communciation with domains that have expired certificates, self-signed certificates, or other certificates with certifying authority issues will continue to be rejected. However, issues with certificate naming will be ignored as long as the root top level domain is on the certificate. For example, when using a wildcard certificate issued for "*.domain.com", communication with domains such as "mail.domain.com", "www.mail.domain.com", "www.mail17.email.domain.com", etc. would all be allowed as long as the root certificate was NOT expired and was issued for "domain.com".
EWS
Use this card to specify the following EWS settings:
- Max EWS Retrieval Threads - The total number of threads used to process EWS requests.
- EWS Retrieval Interval (Minutes) - How often EWS requests are processed by SmarterMail.
LDAP (Enterprise Only)
This feature is only available to administrators using SmarterMail Enterprise. |
Use this card to specify the following LDAP settings:
- Session Timeout (Seconds) - After a connection fails to respond or issue new commands for this number of seconds, the connection will be closed. By default, the session times out after 300 seconds.
- Command Timeout (Seconds) - If the server receives a command that sends large amounts of data and the data stops coming in for this number of seconds, the command will be aborted. By default, the command times out after 120 seconds.
XMPP (Enterprise Only)
This feature is only available to administrators using SmarterMail Enterprise. |
Use this card to specify the following XMPP settings:
- Max Connections (0 = Unlimited) - Some protocols in SmarterMail allow you to specify the maximum number of connections. Increasing this value allows SmarterMail to handle more connections of that type at once, but results in higher CPU and memory utilization. By default, the maximum number of connections is 1000.
Security Protocols
SSL and TLS are security protocols that encrypt the transmission of data, allowing users to access their email without the fear that someone has intercepted their data during transit. Use this card to modify the security protocols that are allowed to connect to your mail server.
Note: Prior to modifying these settings, SmarterMail must be configured for SSL or TLS connections which requires the installation of a security certificate on the server where SmarterMail is installed and the SmarterMail port(s) to be bound to the corresponding protocol(s). Please review the article, Configure SSL/TLS to Secure SmarterMail, in the SmarterTools Knowledge Base for more information.
- System Defaults - Use System Defaults to allow the operating system to choose the best protocol to use, and to block protocols that are not secure.
- SSL 3.0 - Enable this setting to allow inbound and outbound connections to your mail server over SSL 3.0. Note: Allowing connections over SSL 3.0 is NOT recommended. This protocol has been deprecated by the IETF and is considered to be highly insecure.
- TLS 1.0 - Enable this setting to allow inbound and outbound connections to your mail server over TLS 1.0. Note: Allowing connections over TLS 1.0 is NOT recommended. This protocol has been deprecated by the IETF and is considered to be highly insecure.
- TLS 1.1 - Enable this setting to allow inbound and outbound connections to your mail server over TLS 1.1.
- TLS 1.2 - Enable this setting to allow inbound and outbound connections to your mail server over TLS 1.2. It is recommended that TLS 1.2, at the very least, is enabled.
- TLS 1.3 - Enable this setting to allow inbound and outbound connections to your mail server over TLS 1.3. Allowing connections via TLS 1.3 ONLY is strongly encouraged.
Mailbox Migration
The ability to set the number of threads used when migrating a mailbox can help speed up that migration (more threads = faster processing), but it can also impact the performance of the mail server if too many threads are dedicated to migrations. This setting allows the system administrator to manage the number of threads used for migrating accounts over to SmarterMail.