test

[hcoop/zz_old/ikiwiki] / UsingEmail.mdwn

= Incoming mail =
You have 2 basic options for handling e-mail to {{{you@hcoop.net}}}, {{{you@hcoop.org}}}, etc..

 * You can set a {{{.public/.forward}}} file in your home directory (a file consisting of just the e-mail address to which mail should be forwarded) to have it sent somewhere else.  If you want to do anything more complicated than this, the page at http://www.doc.ic.ac.uk/csg/faqs/email/filter/eximforward.html is a good reference.  Or you can use a {{{.procmail.d/procmailrc}}} file, if you're used to procmail filtering.
 * You can store it locally and retrieve it via IMAP/POP3 from {{{mail.hcoop.net}}} over SSL (see below).  Using IMAP lets you have a permanent place to categorize and file your old mail and access it from anywhere.
= SpamAssassin =
You probably want to set up Spam{{{}}}Assassin to avoid dealing with junk e-mail.  [http://spamassassin.org/ SpamAssassin] is a program for categorizing e-mail as spam based on a wide range of criteria. It indicates its decisions by adding special headers to messages.

To enable Spam{{{}}}Assassin for mail to your UNIX account, run {{{setsa on}}}.  To later disable it, run {{{setsa off}}}.  To check whether you've enabled it or not, run {{{setsa}}}.  You can similarly enable or disable Spam{{{}}}Assassin for a virtual mailbox address by adding it as the first argument to {{{setsa}}}; for example, {{{setsa user@domain.com on}}} enables Spam{{{}}}Assassin for {{{user@domain.com}}} if you have DomainTool permissions for {{{domain.com}}}.

The above procedure only asks Spam{{{}}}Assassin to examine your mail and add extra headers indicating its verdict, spam or legit.  To use these headers to move junk mail to a folder called Spam in your IMAP mailbox, copy the template {{{/etc/.forward}}} to {{{~/.public/.forward}}}.  This is an Exim filter that looks for Spam{{{}}}Assassin headers that indicate spamhood.  You need to create a Spam folder manually to use this.  You can modify this template to save spam to other places, if you don't use IMAP or prefer another scheme.  (If you already have a {{{~/.public/.forward}}} file because you forward all of your mail to another account elsewhere, then you can ignore this section.  You should use that e-mail provider's spam filtering services.)

Spam{{{}}}Assassin flags spam with a spamminess level of 5.0 or higher.  You can use the X-Spam-Level: header to customize your own filter to your own liking, however.  As an example, you can see NathanKennedy's .forward file at SpamAssassinFilter.

== Training ==
One way that Spam{{{}}}Assassin spots spam is by using statistical (Bayesian) analysis.  This requires lots of training data to work properly.

Sometimes this analysis will make mistakes, and you'll want to perform the electronic equivalent of slapping it with a newspaper.  The way to do that is to deposit misclassified mail in special system-wide IMAP folders, one called {{{SiteSpam}}} for spam that Spam{{{}}}Assassin missed and one called {{{SiteHam}}} for good messages that were erroneously marked as spam.

If you ever run into this situation, here's how you can feed our system-wide trainer:

 1. First, this is only going to work if you are using IMAP.  If you're not, or if you have other sources of spam or ham that you'd like handled specially, place a support request on [https://members.hcoop.net/portal/ the portal].
 1. Use your IMAP client's "subscribe" feature to subscribe to {{{SiteSpam}}} and/or {{{SiteHam}}}, which should appear in the {{{SpamAssassin}}} mailbox inside the {{{shared}}} tree.
 1. When you want a message to be used as an example of spam or ham, place a copy of it in the appropriate folder.
 1. Every five minutes, our faithful spamhound will sniff these folders, update its data, and clear their contents.
If you would like to automate this process somewhat, check out FeedingSpamAssassin.  For the curious and the sysadmins out there, SpamAssassinAdmin gives more details on how we set this up.

= Customized filters =
If you are interested in making customized rules to filter your incoming email into different IMAP folders, you might want to make a {{{.procmail.d/procmailrc}}} file.  {{{.procmail.d/procmailrc}}} files are meant to be used instead of {{{.public/.forward}}} files and can handle the same sorts of things.  Some people (like MichaelOlson) like the format of the {{{.procmail.d/procmailrc}}} files better than that of {{{.public/.forward}}}.  A sample {{{.procmail.d/procmailrc}}} file with comments may be found on ProcmailExample.

= Reading your mail =
The mail server is {{{mail.hcoop.net}}} or any other hostname that points to our server. As far as actual filesystem storage, your user account's mail is stored in {{{~/Maildir}}} in Maildir format. E-mail clients that read files directly may not support this or require configuration tweaking to support it. We recommend using clients that go over IMAP or POP3.

Non-SSL POP3 and IMAP '''have been disabled''', except for local connections, because they make it easy for people to sniff your password as it is sent in cleartext each time you connect to the server. These means you will probably need to fiddle with the configuration of your mail client as necessary to make it use SSL (Secure Socket Layer), and you will experience possibly mysterious and misleading errors without doing this.  SSL POP3 is running on port 995. SSL IMAP is running on port 993.

You can also access your mail through the [http://mail.hcoop.net/ web mail interface].

== MacOS X ==
When using webmail, MacOS X always warns you about the root certificate not found. Mail.app does this as well. The solution for this problem is to do the following:

openssl s_client -showcerts -connect mail.hcoop.net:443

In that output look for "BEGIN CERTIFICATE" and "END CERTIFICATE". Between those lines there is the certificate. Copy that to a pem file. Then do:

certtool i hcoopmail.pem k=/System/Library/Keychains/X509Anchors v

It will import this into the X509Anchors keychain, the 'v' is for verbose. It should also say it imported successfully. Now Safari should not warn you about this.

MacOS X Mail seems to ignore this solution. I do not know why yet.

== Symbian ==

Hcoop email can be easily configured on your symbian mobile. This example is N91 specific, but other Symbian 9.1 phones should be very similar. IMAP4 configuration will be good if you like your mails to remain on the server.

Go to Menu | Messaging. From there choose Options | Settings | E-mail. From there choose Mailboxes | Options | New mailbox and hit Start.

Choose "IMAP4" for the mailbox type and hit Next.
Enter your email address in "My email address" and hit Next.
Enter "mail.hcoop.net" as your "Incoming mailserv." and hit Next.
Enter "mail.hcoop.net" as your "Outgoing mailserv." and hit Next.
Choose an access point that you will mostly use.
Give your mailbox a name eg:user_mydomain and hit OK to create the mailbox.

Your mailbox name will appear in the list of mailboxes.
Go on and select the mailbox name | "Connection Settings" | "Incoming Email".
Enter your username and password and change "Security(ports)" setting to "SSL/TLS" and change "Port" to "993".
Go on to configure "Outgoing mail" using the same settings with "Port" as "465".

Go back to Menu | Messaging and you will see your mailbox appear in the list. Open it and hit Options | Connect to read your mail

== Easier Option in Latest Apple Cat Release ==
In mail.app when it comes up about the certificate, drag this to a folder. Then drag this into keychain access into the system keychain, or open it with keychain access and specify system. YMMV

''We're getting close to the number of members where it would be reasonable to buy a certificate from a recognized authority. That would remove the need to do things like this.'' -- AdamChlipala

= Sending Mail =
We use [http://www.exim.org/ exim] as our MTA (SMTP server).

If you have a convincing reason for wanting to use our SMTP server to send messages to e-mail addresses for mailboxes that we don't host, then you can configure {{{mail.hcoop.net}}} as the outgoing SMTP server in your mail client. You must enable TLS SMTP auth, and you will need to authenticate with the same username and password that you use to get mail from POP3 or IMAP. Virtual mailbox names and passwords may be used here. '''The server will not query you for a username and password by default.''' Thus, you ''will'' get confusing error messages if you don't configure your client to attempt to authenticate with plaintext SMTP auth using TLS.

The SMTP server requires a TLS aware mail client.  MacOS X Mail, Outlook and Opera do not seem to support this at the moment.  Mozilla supports TLS and runs on MacOS X, Windows and Linux.

'''However, hardly anyone has a good reason to use our SMTP server in this way.''' If your computer never moves and your ISP provides an SMTP server (which most ISP's do), then you should definitely use that server instead of ours. SMTP servers are like public postal mailboxes in this way. There is rarely a reason to prefer one over another, so it generally makes sense to use the one physically closest to you.

Note from NathanKennedy: It seems that some ISPs and possibly other networks discriminate against the SMTP protocol.  Some block or filter in or outgoing SMTP altogether.  If you need to send mail using HCOOP's mail server and experience long delays, this is likely due to your network.  You can test out the mail server's responsiveness by doing "telnet localhost 25" on fyodor.  If you immediately get a "220" banner, the server is working fine and you can type "QUIT".

Note from AndreKuehne: A lot of ISPs SMTP servers today rewrite the sender address, so that it is not possible for example to send mail as user@hcoop.net via those ISPs. This is the reason why i send mail via hcoop. But it's not necessary to send all mail to mail.hcoop.net. Mozilla for example can use different SMTP servers, depending on the sender address. I am currently looking for/writing a wrapper for mutt.

You can also set up a SSH tunnel to port 25 on mail.hcoop.net, if your MUA can't/won't use TLS.

== Emacs Configuration ==

To send mail through HCoop using Emacs's `smtpmail` you can use the following configuration. Put your authentication information into `~/.authinfo` which is in the netrc(5) format (make sure to supply `port 25` or else `smtpmail` won't read the entry), and ensure that it is readable only by your user.

 {{{
(setq message-send-mail-function 'smtpmail-send-it
      smtpmail-default-smtp-server "mail.hcoop.net"
      smtpmail-smtp-service 25
      smtpmail-starttls-credentials '(("mail.hcoop.net" 25 nil nil))
      smtpmail-debug-info t ; optional, but handy in case something goes wrong
      smtpmail-auth-supported '(plain))
}}}

This will work for any mail client that uses `message-mode` for editing and sending mail (e.g. Gnus).