The Email module is split into three main parts:
RSPAMD: antispam filter, antivirus and attachments blocker
complete autonomy in electronic mail management
avoid problems due to the Internet Service Provider
ability to track the route of messages in order to detect errors
optimized antivirus and antispam scan
See also the following related topics:
How electronic mail works
MX DNS record
You can install only one mail server per node from the Software center.
The mail module requires at least one user domain already configured.
The first configuration wizard will require the following information:
Mail server hostname: insert the mail server name, this should be the same name configured inside your MX DNS record
Primary mail domain: insert the mail domain, like
nethserver.org; you will be able to add more domains later
Then, select the user domain to be connected to the mail server. An email address will be created for every user in the selected domain.
NethServer can handle an unlimited number of mail domains, configurable
If a domain is deleted, email will not be deleted; any message already received is preserved.
You can add a new domain by clicking on the Create domain button and fill
Name field with the mail domain, like
Add user addresses from user domain option is disabled, you can enable the
Accept unknown recipients switch and select
a mailbox that will catch all messages sent to non-existing addresses.
NethServer allows storing a hidden copy of all messages directed to a particular domain: they will be delivered to the final recipient and also to a custom email address. The hidden copy is enabled by the Copy inbound messages switch.
On some countries, enabling the Copy inbound messages switch can be against privacy laws.
If the final recipient cannot be reached (i.e. the recipient address does
not exist), the message is normally rejected. Sometimes (i.e. when a mail domain
is migrated) it could be useful to accept it and silently deliver the message to
a catch-all mailbox. This behavior can be achieved by enabling the
Accept unknown recipients option.
This configuration is available only if
Add user address from user domain option is disabled.
DKIM is not currently configurable from the web user interface.
DomainKeys Identified Mail (DKIM) provides a way to validate the sending MTA, which adds a cryptographic signature to the outbound message MIME headers.
The DKIM signature headers are added only to messages sent through TCP ports 587 (submission) and 465 (smtps).
To work effectively, the public DNS must be configured properly. Refer to the instructions of your DNS provider to run the following steps:
Add a TXT record to your public DNS service provider with key “default._domainKey”
Copy and paste the given key text in the DNS record data (RDATA) section
Each user has a personal mailbox and any user name in the form <username>@<domain> is also a valid email address to deliver messages into it.
The list of mailboxes is shown on the
Mailboxes page. There
are two types of mailboxes: users and public mailboxes.
You can disable each mailbox by selecting the
Disable item from the three-dots menu on the mailbox line.
By clicking the
Edit item from the three-dots menu it’s possible to setup the following options:
Public mailboxes can be shared among groups of users. The Create public mailbox button allows creating a new public mailbox and defining one or more owning groups and users. Public mailboxes can also be created by any IMAP client supporting IMAP ACL protocol extension (RFC 4314).
When a new public mailbox is created, the mail server will automatically add a new address for all existing mail domains.
In addition to the users, groups and public mailboxes addresses, described in the
previous section, the system enables the creation of an unlimited number of email
addresses, from the
Addresses page. Each
mail address is associated with one or more destinations. A
destination can be of the following types:
external email address
A mail address can be bound to any mail domain or be specific to one mail domain. For example:
Email address info bound to any domain:
Email address goofy specific to one domain:
Sometimes a company forbids communications from outside the organization
using personal email addresses. The
Internal check box
blocks the possibility of an address to receive messages from the outside.
Still an internal address can be used to
exchange messages with other accounts of the system.
All transiting email messages are subjected to a list of checks:
The antivirus component finds email messages containing viruses. Infected messages are discarded. The virus signature database is updated periodically.
The antispam component RSPAMD analyzes emails by detecting and classifying SPAM messages using heuristic criteria, predetermined rules and statistical evaluations of the content of messages.
The filter can also check if the sending server is listed in one or more block lists (DNSBL). A score is associated with each rule.
Total spam score collected at the end of the analysis allows the server to decide what to do with a message.
Statistical filters, called Bayesian, are special rules that evolve and quickly adapt analyzing messages marked as spam or ham.
Module settings are split up and accessible under the cards described by the following sections.
The following values are set at module first configuration time. They should not be changed in production:
Mail server hostnameconfigures how the MTA identifies itself with other MTAs. To successfully receive email messages, use this host name to configure the following DNS records:
A record, resolving the Mail server hostname to the public and static IP address of the server
PTR record, resolving back the IP address to the Mail server hostaname
MX records, one for each mail domain handled by the Mail module instance
TXT records, as specified by DKIM, SPF and DMARC
User domainselects a LDAP database with user, groups and passwords. If the DB is changed existing mailboxes are not removed! A mailbox is still accessible if the same user name is present in both the old and the new database.
Mailboxes card you can configure the
Default mail quota.
If the general mailbox quota is enabled, the
Mailboxes page summarizes the quota usage for
each user. This summary is updated when a user logs in or a message is
Shared mailboxes section,
Shared seen selects if the
IMAP seen flag is shared or not with other users. In general, the seen
flag is used to mark if a message has been read or not. In a shared
mailbox, each user can access the same message.
If users accessing the shared mailbox prefer to know if a mail has already been read by someone else, set
If users accessing the shared mailbox are not interested if a message has been already read by someone else, set
Messages marked as spam (see Filter) can be automatically
moved into the
Junk folder by enabling the option
Move spam to junk folder.
Spam messages can be expunged automatically after a period of time.
You can configure it from the
Default spam retention option.
Master users card, you can setup a user that can impersonate another user, gaining full rights
to any mailbox contents and folder permissions.
Credentials are accepted by the IMAP server:
user name of the master user, eg.
master user password
For instance, to access as
john with root password
use the following credentials:
The server supports standard-compliant email clients using the following IANA ports:
Authentication requires the STARTTLS command and supports the following variants:
Also the following SSL-enabled ports are available for legacy software that still does not support STARTTLS:
The standard SMTP port 25 is reserved for mail transfers between MTA servers. Mail user agents (MUA) must use the submission port.
If you’re looking for web email clients, take a look to: