An MTA is a software application with the purpose to send e-mail messages from a server to another one. This section of the Carbonio Admin Panel allows to configure how Carbonio manages and interacts with the e-mails and is organised in Inbound Flow & Security, Outbound Flow, and Antivirus & Antispam.
Inbound Flow & Security#
In this page, it is possible to configure options related to incoming e-mail traffic and security checks.
After you have configured and saved any options, it is necessary to reboot the node on which the MTA runs.
The first few options allow to define a custom list of file extensions that will be used to block all attachments. Use the ADD COMMONLY BLOCKED EXTENSIONS button on the right-hand side as a shortcut to add a number of common file extensions that are blocked. You can also manually add any other file extension.
Entries in the list are separated by a space, so type an extension (e.g., exe) and press the space bar to add exe to the list.
Whenever an attachment is blocked, you can enable notifications for both the administrator and the recipient of the e-mail using the respective switch.
The next options allow to reject e-mails: when the e-mail appears to have no sender or recipient, or in case the sender is not authenticated. This last option is useful to prevent remote forged connections to access the MTA and send e-mail without being authenticated.
With the third batch of options, a couple of routine checks of the SMTP protocol used by the MTA can be enabled, including for the IP and domain of a client, the presence of a FQDN in the address, and HELO greetings upon a connection is established.
The Outbound Flow page controls which options are applied to the messages sent from the local domain.
These options allow on the one side, to add the client’s IP and
username to the e-mail header and to require authentication to send
e-mails; while on the other, to define a few parameters used by
MyNetworks section of the MTA’s configuration.
Relay Host allows to route all outgoing e-mail to a server different from Carbonio’s. Fallback Relay Host will be used in case the Relay Host is unreachable.
Setting a Relay Host impacts the whole Carbonio’s infrastructure: all outgoing e-mails from all configured domains will be forwarded to the Relay Host.
The bottom part off the page shows information about the enabled services on the mail servers configured on the Carbonio installation: Antispam and Antivirus, Authentication and DKIM.
Antivirus & Antispam#
Options that appear here concern the Antispam and Antivirus engines.
Whenever an e-mail is marked as spam, its subject can be prefixed with
a given string (
***SPAM*** among the most popular)
and can be either discarded (which means the e-mail is deleted and the
recipient will never receive it) or it will be delivered anyway.
The two options on the left-hand side control when the email should be simply marked as spam or deleted immediately. The values for both options (Low, Medium, and High) are relative to the spam score assigned by SpamAssassin: a score of 20 represents 100%. The Tolerance for Spam Delivery tolerance is by default (i.e., the Medium value) 33%, while the Tolerance for Spam Blocking is 75%. This means that a e-mail with a spam score of ~6.6 will be marked as spam email, while with spam score 15 will be immediately be deleted. Changing the value to Low or High will reduce or raise the threshold to mark or delete spam e-mails.
For further security, you can check also the outbound traffic and verify DKIM: If a domain is configured with DKIM, e-mails originating from that domain which miss a DKIM signature are considered to have been forged and therefore illegitimate.
The procedure to configure DKIM on Carbonio is described in Section Add a DKIM Record to Carbonio Installation.
The default mirror used to download signatures is
db.us.clamav.net; it can be supported by other servers or mirrors
by writing their URL in the left-hand side textfield, then click the
ADD button. Existent mirrors can be deleted by
selecting them and clicking the REMOVE button.
Similarly, you can manually add or remove a file containing custom virus signatures using the textfield on the right-hand side and then click the ADD or REMOVE button.
The syntax of the file must comply with the syntax of any ClamAV-supported signature formats. See ClamAV official signature documentation for more information.
Frequency of signatures update from the mirror can be defined next, and tuned from a few seconds to several weeks.
This page lists statistics about the messages managed by the MTA system, according to their status. The timestamp of the last update appears, as well as two button that allow to RESTART SCAN or to manually FLUSH QUEUES.
When clicking a server, a dialog opens, containing the content of the queue, that is, all the messages grouped by their status (Queued, Corrupted, Deferred, Incoming, and On Hold). Also here you can FLUSH QUEUES.
Clicking either of the status, a detailed vision of the queued messages appears. Selecting a messages allows to carry out some actions: put it on HOLD; RELEASE, REQUEUE, or DELETE it.